From albright at scf.usc.edu Sun May 1 01:20:44 1994 From: albright at scf.usc.edu (Julietta) Date: Sun, 1 May 94 01:20:44 PDT Subject: Cypherpunks as lobbying/propagandizing group In-Reply-To: <9405010348.AA21105@mason1.gmu.edu> Message-ID: <199405010819.BAA06503@nunki.usc.edu> > > Eric Hughes says: "It's a fine idea, except there's no way such a group can > claim to represent cypherpunks at large." > > True enough -- my idea would be to say that our group is composed of folks who > happen to be Cypherpunks subscribers. I agree that claiming to represent an > anarchy is illogical and, well, an outright untruth. > > Curt > You know- I know you all are more individualistic in nature, more anarchistic than to think of yourselves as belonging to an organized "group", but I am getting concerned about a certain disassociation with the political aspects of cryptography which I am seeing by some members of this list- especially the post awhile back which was of the tone of "leave it to the other guys to lobby and be political, etc" - meaning throwing the responsibility over to the EFF people, etc. While I am sure that they are organized to lobby in this sort of way, my original thoughts on rallying some of us together was not to try to form yet another lobbying organization, but rather, to perhaps "fight fire with fire" with some of the media bad press that we are getting as subscribers to this list, and as Clipper-opposers. Secondly, there has been grumblings by certain new members regarding the political talk, with requests for more 'tech talk' - It seems to me that these threads are in a sense mutually exclusive in a certain sense, and could very easily be carried on at the same time. If you want to talk tech- just jump in and do so- but people are probably not going to call on you to start the thread..I just am not sure why someone would object to *both* tech and politics- and anyway- if you don't like the political talk, you could always write yourself a filter. Lastly, there has been talk about the old-timers on this list "sitting back and waiting while the 'newbies' talk over things which have been said before (politically, I take it)- the thing is, the cryptography/ Clipper policy is being designed and debated *now*- I can't see how whateve you all talked about 3 years ago can really be relevent to what's going on in the media today regarding this important issue. It seems to me this isn't a static, circular discusion, but rather a continuous, ongoing thread which is informed by the media on a day to day basis..And unless you all are amazingly clairvoyant, it would have been hard to know all the events which are going on now three years ago. I don't know about you all, but if my privacy is threatned, I am going to do what I can to object to it. I am not of the mindset to "leave it to someone else" to do. Well, as this is getting long, I will close. Julie "I am not an Internet Cult member" ___________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at usc.edu . . . . . . . . . . . . . . . . . . . . .. . . .. . . . . . . . . . . . . From blancw at microsoft.com Sun May 1 02:23:48 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sun, 1 May 94 02:23:48 PDT Subject: Constitution and Contract [Was: CIA & FBI] Message-ID: <9405010825.AA17980@netmail2.microsoft.com> From: Black Unicorn This seems to me like the Jeffersonian notion that the Constitution should be amended in every generation. Letter to Samuel Kercheval, July 12 1816, The Portable Thomas Jefferson 557-558 (M. Peterson ed. 1975). I think this is perhaps excessive, and if you consider the effect of short term politics, one could well find his or her own generation is the one which does away with the 4th and 5th amendments because of a "Crime Crisis." If your suggestion is more along the lines of a more reasoned and enduring amendment process with some respect for the concepts of old and more importantly an attempt to adapt the spirit of the document [the Constitution] to the reality of the day, I concur wholeheartedly. ................................................... No, it has nothing to do with the amendment process; it has to do with original thought. As long as the people of today or tomorrow remain attached to a document, becoming dependent upon it for their thinking, then they are still not free, because - especially in the case of the Constitution - they have still not understood the message. The principle of individuality and freedom from government coercion means that an individual can make up their own mind, can use their own judgement, and can decide for themselves whether or not they will become a member of an institution - even if that institution is already in existence surrounding them and it seems that it is no longer required of them to think about making a choice regarding their relationship to it, that the choice was already made for them a long time ago and the situation no longer requires their input - almost as if their opinion were irrelevant, almost as if that which was created in the past had nothing to do with them in the present. If no one from an institution inquires whether you want to join, but takes it for granted that you are a member and then proceeds to treat you like citizen, then they have not been respectful of your independent ability to make up your own mind, apart from their ability to make that decision for you. This is not in the spirit of the Constitution. The age of the concept is not what is important; it is the principle elucidated. Any document which presents important concepts is valuable. It isn't requisite, however, that one remain attached to it in order to reap the benefit of its wisdom; it is more important to recognize that to which the wisdom therein refers, and once the ideas have been digested & comprehended, to advance using the perspicacity which you should have developed from their study. My point in this discussion is only to say that in terms of a contract, no one is really provided the opportunity to "sign the deal", so to speak. Too much is taken for granted, and therefore too many mistakes are made from the absence of a foundation based upon actual agreements made (rather than assumed agreement). Blanc From blancw at microsoft.com Sun May 1 02:26:44 1994 From: blancw at microsoft.com (Blanc Weber) Date: Sun, 1 May 94 02:26:44 PDT Subject: CIA & FBI, a marriage made in ___? Message-ID: <9405010827.AA17983@netmail2.microsoft.com> From: Black Unicorn Uni: "I tend to find these sorts of incentives acceptable provided the grant of funds is not craftily calculated to make functioning competitively impossible, which today they often are. Clipper is a prime example. It's not intended merely to incentivize makers to accept Clipper, but to drive other systems out of the market. To me this is offensive regulation." To me this offensive interferance intended to prevent other makers from creating the means which would prevent them from continuing to interfere. Regulation sets as a constant the terms, the conditions, the degrees of what an entity within its jurisdiction may do. Interferance describes an action which the government takes against a business which is not theirs to become involved with. Neither of them is very sporting. But anyway, providing incentives is also not a defensible business of government. It is still an attempt to determine in substitution of the individual, what that individual shall find it agreeable to do. See _Blanc Weber vs Black Unicorn_Constitution & Contract (4/30/94) Uni: "In the words of Judge Stone, "...threat of loss and not hope of gain is the essence of economic coercion." _United States v. Butler_, 297 U.S. 1 (1936). Unfortunately this is often taken to mean that as long as you frame the regulation as a conditional grant, it is constitutional. " Do you mean that this means, "as long as you're looking for a hand-out it's okay"? This would depend upon just how dependent the citizens are who would be involved or affected by the "threat" of that loss. To the government threat of a withdrawal of its largess.......my attitude would say, go ahead - make my day! As to what coercion is: it is not what someone tries to influence you to do after you are already in the klinker, but that which persuaded you to allow them to put you into it in the first place. Blanc From ruf at osiris.cs.uow.edu.au Sun May 1 04:39:17 1994 From: ruf at osiris.cs.uow.edu.au (Justin Lister) Date: Sun, 1 May 94 04:39:17 PDT Subject: Internet Relay Cha In-Reply-To: <9404261632.AA10453@toad.com> Message-ID: <199405011136.AA10765@osiris.cs.uow.edu.au> > > > > If you did hack your own IRC server, would it be possible to eavesdrop > > on channels like #warez, without anyone knowing, and without fear of being > > kicked off? It seems to me that this would be the true hacker's approach > > if it were possible. > > > > Hal > Yes. > But, there is a catch...you only get traffic for #warez if your server is > meant to see it...ie someone on your server is on that channel or your > server forms part of the spanning tree for that channel. It's not > difficult, but if you get caught..*ouch* You wouldn't know anything about this though ? B) > av -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf at cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-835-114 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | LiNuX - the only justification for using iNTeL | +---------------------+--------------------------------------------------+ From unicorn at access.digex.net Sun May 1 05:16:42 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 05:16:42 PDT Subject: CIA & FBI, a marriage made in ___? In-Reply-To: <9405010827.AA17983@netmail2.microsoft.com> Message-ID: <199405011216.AA08256@access3.digex.net> > > From: Black Unicorn > > Uni: "I tend to find these sorts of incentives acceptable provided the grant > of funds is not craftily calculated to make functioning competitively > impossible, which today they often are. Clipper is a prime example. > It's not intended merely to incentivize makers to accept Clipper, but to > drive other systems out of the market. To me this is offensive > regulation." > > To me this offensive interferance intended to prevent other makers from > creating the means which would prevent them from continuing to > interfere. Regulation sets as a constant the terms, the conditions, > the degrees of what an entity within its jurisdiction may do. > Interferance describes an action which the government takes against a > business which is not theirs to become involved with. Neither of them > is very sporting. > > But anyway, providing incentives is also not a defensible business of > government. It is still an attempt to determine in substitution of the > individual, what that individual shall find it agreeable to do. See > _Blanc Weber vs Black Unicorn_Constitution & Contract (4/30/94) > > Uni: "In the words of Judge Stone, "...threat of loss and not hope of gain is > the essence of economic coercion." _United States v. Butler_, 297 U.S. > 1 (1936). Unfortunately this is often taken to mean that as long as you > frame the regulation as a conditional grant, it is constitutional. " > > Do you mean that this means, "as long as you're looking for a hand-out > it's okay"? > This would depend upon just how dependent the citizens are who would be > involved or affected by the "threat" of that loss. > > To the government threat of a withdrawal of its largess.......my > attitude would say, go ahead - make my day! > > As to what coercion is: it is not what someone tries to influence you > to do after you are already in the klinker, but that which persuaded > you to allow them to put you into it in the first place. > > Blanc > > > > From unicorn at access.digex.net Sun May 1 05:48:27 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 05:48:27 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <9405010825.AA17980@netmail2.microsoft.com> Message-ID: <199405011248.AA09087@access3.digex.net> > > From: Black Unicorn > > This seems to me like the Jeffersonian notion that the Constitution > should be amended in every generation. Letter to Samuel Kercheval, July > 12 1816, The Portable Thomas Jefferson 557-558 (M. Peterson ed. 1975). > I think this is perhaps excessive, and if you consider the effect of short > term politics, one could well find his or her own generation is the one which > does away with the 4th and 5th amendments because of a "Crime Crisis." > > If your suggestion is more along the lines of a more reasoned and > enduring amendment process with some respect for the concepts of old and > more importantly an attempt to adapt the spirit of the document [the > Constitution] to the reality of the day, I concur wholeheartedly. > ................................................... > > No, it has nothing to do with the amendment process; it has to do with > original thought. > > As long as the people of today or tomorrow remain attached to a > document, becoming dependent upon it for their thinking, then they are > still not free, because - especially in the case of the Constitution - > they have still not understood the message. The principle of > individuality and freedom from government coercion means that an > individual can make up their own mind, can use their own judgement, and > can decide for themselves whether or not they will become a member of > an institution - even if that institution is already in existence > surrounding them and it seems that it is no longer required of them to > think about making a choice regarding their relationship to it, that > the choice was already made for them a long time ago and the situation > no longer requires their input - almost as if their opinion were > irrelevant, almost as if that which was created in the past had nothing > to do with them in the present. > > If no one from an institution inquires whether you want to join, but > takes it for granted that you are a member and then proceeds to treat > you like citizen, then they have not been respectful of your > independent ability to make up your own mind, apart from their ability > to make that decision for you. This is not in the spirit of the > Constitution. > > The age of the concept is not what is important; it is the principle > elucidated. Any document which presents important concepts is > valuable. It isn't requisite, however, that one remain attached to it > in order to reap the benefit of its wisdom; it is more important to > recognize that to which the wisdom therein refers, and once the ideas > have been digested & comprehended, to advance using the perspicacity > which you should have developed from their study. > > My point in this discussion is only to say that in terms of a contract, > no one is really provided the opportunity to "sign the deal", so to > speak. Too much is taken for granted, and therefore too many mistakes > are made from the absence of a foundation based upon actual agreements > made (rather than assumed agreement). > > Blanc > > > > > > > > > From unicorn at access.digex.net Sun May 1 05:50:53 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 05:50:53 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <9405010825.AA17980@netmail2.microsoft.com> Message-ID: <199405011250.AA09175@access3.digex.net> > > From: Black Unicorn > > This [concept of generational input to the constitution] seems to me like > the Jeffersonian notion that the Constitution should be amended in every > generation. [Comments on the danger of short term politics in this context.] > > If your suggestion is more along the lines of a more reasoned and > enduring amendment process with some respect for the concepts of old and > more importantly an attempt to adapt the spirit of the document [the > Constitution] to the reality of the day, I concur wholeheartedly. > ................................................... Mr. Weber replies: > > No, it has nothing to do with the amendment process; it has to do with > original thought. > > As long as the people of today or tomorrow remain attached to a > document, becoming dependent upon it for their thinking, then they are > still not free, because - especially in the case of the Constitution - > they have still not understood the message. This almost sounds like you are calling for liberation from the Constitution of the United States. In this regard your position closely resembles the anti-federalist doctrines. Although it is a position with which I cannot agree, I do respect it as one with much scholarly support. > The principle of > individuality and freedom from government coercion means that an > individual can make up their own mind, can use their own judgement, and > can decide for themselves whether or not they will become a member of > an institution - even if that institution is already in existence > surrounding them and it seems that it is no longer required of them to > think about making a choice regarding their relationship to it, that > the choice was already made for them a long time ago and the situation > no longer requires their input - almost as if their opinion were > irrelevant, almost as if that which was created in the past had nothing > to do with them in the present. I think it's difficult to accomplish what you propose. This seems to me to amount to calling for the status of sovereignty to apply to every individual. A system of individual sovereignty strikes me as unworkable, and again a slippery slope to complete lawlessness. I'd like to head that way, just not ALL the way there. > If no one from an institution inquires whether you want to join, but > takes it for granted that you are a member and then proceeds to treat > you like citizen, then they have not been respectful of your > independent ability to make up your own mind, apart from their ability > to make that decision for you. This is not in the spirit of the > Constitution. I guess I'm not sure what the solution here is other than to grant citizenship on the basis that it is granted today. Jus Soli or Jus Sangre. How a legal infant can decide the state of citizenship for him or herself is a difficult proposition. At the age of majority there exist a great number of options and several nations which grant citizenship on basic requirements. In addition one can always become stateless. Any social organization will be coercive by the standards you have set down as I understand them. Protections for the collective always intrude on the individual. I am not prepared to defend the position of absolute individuality as a natural right. > The age of the concept is not what is important; it is the principle > elucidated. Any document which presents important concepts is > valuable. It isn't requisite, however, that one remain attached to it > in order to reap the benefit of its wisdom; it is more important to > recognize that to which the wisdom therein refers, and once the ideas > have been digested & comprehended, to advance using the perspicacity > which you should have developed from their study. I agree. However, the problem with the rather nebulous and elusive "spirit" of the ideas in the Constitution is that committing them to the social memory almost insures their erasure in a number of generations less than the number of fingers on the hand of an expert woodshop vet. In addition, the short term politics I mentioned before cause a problem. There are certain concepts that are expressed in the language of the Constitution that I think are timeless. These include but are not limited to: The right to bear arms. The right against self incrimination. Applying these to the current era is the task, not modifying their basic content. > My point in this discussion is only to say that in terms of a contract, > no one is really provided the opportunity to "sign the deal", so to > speak. Too much is taken for granted, and therefore too many mistakes > are made from the absence of a foundation based upon actual agreements > made (rather than assumed agreement). I agree in theory. In practice I must dissent. I still maintain that social organizations demand some degree of sacrifice. Provided the borders are not closed to those who wish to leave, and there is a "market" of sovereigns to choose from, I don't find the power of a sovereign in itself offensive. What I feel is the obligation of the sovereign is to limit the level of corruption of the individual by forebearing from unneeded exertions of authority. > Blanc -uni- (Dark) From unicorn at access.digex.net Sun May 1 05:51:35 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 05:51:35 PDT Subject: CIA & FBI, a marriage made in ___? In-Reply-To: <9405010827.AA17983@netmail2.microsoft.com> Message-ID: <199405011251.AA09182@access3.digex.net> > > From: Black Unicorn > > Uni: "I tend to find these sorts of incentives acceptable provided the grant > of funds is not craftily calculated to make functioning competitively > impossible, which today they often are. Clipper is a prime example. > It's not intended merely to incentivize makers to accept Clipper, but to > drive other systems out of the market. To me this is offensive > regulation." > [Mr. Weber draws the distinction between regulation and interference.] > > But anyway, providing incentives is also not a defensible business of > government. It is still an attempt to determine in substitution of the > individual, what that individual shall find it agreeable to do. See > _Blanc Weber vs Black Unicorn_Constitution & Contract (4/30/94) I agree with your assessment of the basic effect of incentives and regulation. I would still hold by the position that such regulation and incentives are at times required. Even the basic individual right to private property is really no more than an entitlement to the use of civil and criminal processes. Where the line of "sporting" (a descriptive I particularly enjoy) lies beyond this point could, and has, filled volumes. In my view, government responsibility is to provide criminal and civil process to protect the freedom to contract and the freedom from tortious or criminal conduct, and to correct (occasional) market failures by the lease intrusive method available. See Stewart & Krier. In addition there are basic infrastructure and defensive needs which government should provide. Some government is necessary, too much is lethal to the free will and functionality of the marketplace. This is largely, however, off the topic. What is important, and a point on which I think we agree, is that the regulation of strong crypto, or in your definition, the interference in the marketplace, is unacceptable, unneeded and nothing more than a calculated attempt to maintain the status quo of usurpation of individual rights in favor of federal power and influence. Even the national security externality falls when one considers the uselessness of export regulation in the age of digital communication. > Uni: "In the words of Judge Stone, "...threat of loss and not hope of gain is > the essence of economic coercion." _United States v. Butler_, 297 U.S. > 1 (1936). Unfortunately this is often taken to mean that as long as you > frame the regulation as a conditional grant, it is constitutional. " > > Do you mean that this means, "as long as you're looking for a hand-out > it's okay"? > This would depend upon just how dependent the citizens are who would be > involved or affected by the "threat" of that loss. Yes, key is the baseline at which you start. What are citizens entitled to without interference or regulation? Your hand-out analogy is accurate provided it takes into account the size and scope of largess. See below. > To the government threat of a withdrawal of its largess.......my > attitude would say, go ahead - make my day! Consider, however, the size and scope of government largess today. The New York City Taxi Medallion is worth several tens of thousands of times its weight in gold. Driver's licenses are revocable for reasons not remotely connected with driving or owning a car. Professional licenses. Your passport. The spending power remains the most influential tool in the federal toolbox. In the battle of wills between the state and the individual when government largess are the stakes, the individual almost always loses. > As to what coercion is: it is not what someone tries to influence you > to do after you are already in the klinker, but that which persuaded > you to allow them to put you into it in the first place. The prison setting is academic to the basic point, coercion is tricky to put a finger on. > Blanc From anon at desert.hacktic.nl Sun May 1 08:29:59 1994 From: anon at desert.hacktic.nl (anon at desert.hacktic.nl) Date: Sun, 1 May 94 08:29:59 PDT Subject: WSJ article on PGP Message-ID: <199405011528.AA13386@xs4all.hacktic.nl> Reply to: (Anon Account an3) Remailed by: anon at desert.hacktic.nl X-Remailer-Software: Remail for Waffle 1.3 >From The Wall Street Journal Vol. LXXV No. 138 Thursday April 28, 1994 CIPHER PROBE: Popularity Overseas Of Encryption Code Has the U.S. Worried ---------- Grand Jury Ponders if Creator 'Exported' the Program Through the Internet ---------- `Genie Is Out of the Bottle' By William M. Bulkeley Staff Reporter of The Wall Street Journal BOULDER, Colo. - During the battle between Boris Yeltsin and the Russian Parliment last October, with Russian freedom hanging in the balance, software author Philip Zimmermann received an electronic-mail message from Latvia. "If dictatorship takes over Russia," it read, "your PGP is widespread from Baltic to Far East now and will help democratic people if necessary. Thanks." PGP - for Pretty Good Privacy - is a program written by Mr. Zimmermann for scrambling computer messages. Dissidents around the world use it to protect their electronic communications from the prying eyes of secret police. But PGP has a darker side. In Sacramento, Calif., police lament that last year, PGP encryption blocked them from reading the computer diary of a convicted pedophile and finding critical links in a suspected child-pornography ring. Admired by freedom lovers and criminals alike, PGP is one thing: uncrackable, or as close to it as a secret code has ever been. Even U.S. government snoopers can't break it. And that places Mr. Zimmermann - a paunchy, bearded, 40-year-old computer consultant who is fast becoming a folk hero on the information highway - in peril. A federal grand jury in San Jose, Calif., is examining weather he broke laws against exporting encryption codes. The Federal Bureau of Investigation suspects that Mr. Zimmermann had a role in putting PGP on the Internet, the world-wide web of computer networks, making it easy for foreign governments and terrrorists to use it and render their computer traffic impervious to U.S. spying. Mr. Zimmermann's lawyer says his client could face charges carrying a prison term of up to 51 months. The world-wide use of Mr. Zimmermann's software has altered forever notions of government surveillance, electronic privacy and export bans on cryptography. Until recently, difficult codes could always be deciphered by stealing the key that unraveled the encryption puzzle. During World War II, for example, the Allies captured a German encrypting Enigma machine, allowing them to crack Nazi communications. U.S. convoys taking munitions to Britain used it to help them elude German U-boats. Keys Are the Key But PGP, like a growing number of encryption programs, takes advantage of a new, mathematically sophisticated encrypting technology that requires two different keys, both of which are necessary to unlock the puzzle. The sender needs only one to send a message. The receiver decodes the message with the second key - which never needs to leave his computer, where it can be protected by passwords from easy pilfering. Although the mathematics are daunting, the program makes the process quick and straightforward. In an age when computers can whip up codes of devilish complexity and zip them around the globe for anyone with a personal computer, the lot of the encryption policeman is not a happy one. The internet alone reaches 20 million people. "The genie is out of the bottle," says Leonard Mikus, president of ViaCrypt, a Phoenix company that sells a $100 version of PGP in the U.S. "There's no way anybody can stop the technology." The Personal Touch The availability world-wide of encryption programs makes export controls "a farce," says Stephen Walker, a former top National Security Agency cryptographer who is now president of Trusted Information Systems Inc., a research firm in Glenwood, Md. He says he knows European government officials who use PGP for their personal e-mail. "We have to recognize what's out there." Mr. Zimmermann, a twice-arrested anti-nuclear-war activist, became an electronic freedom-fighter in 1990. At that time, the FBI and the NSA were pushing for a law that would ban certain forms of encryption, and force computer makers to build into their machines hardware that would allow law-enforcement agencies to decipher any code that was used. The proposal outraged confidentiality-minded corporations and computer users alike. Eventually, it was dropped. But while the issue was still open, Mr. Zimmermann took it upon himself to thwart the government's purpose by working on what came to be PGP - an impenetrable code that could be used by virtually anyone. "I did it to inoculate the body politic" from the danger of government prying, he says. Mr. Zimmermann stopped consulting and holed up in the computer-filled workroom in the back of a bungalow in Boulder, where he lives with his wife and two children. He said he spent six months of 12-hour days writing the program, drained his family's savings and missed five months of mortgage payments. He finished the program in June 1991, and named it Pretty Good Privacy - in deference to Ralph's Pretty Good Grocery in humorist Garrison Keillor's Prairie Home Companion radio show. When Mr. Zimmermann was through, he gave the encryption program to friends. One of them, whom he won't identify, placed it on the Internet, sometime around June or July 1991, he says. Once there, any computer user in the world with access to the Internet could download it. Almost immediately, many did. But federal laws covering munitions prohibit exporting encryption software without a license. A year ago, U.S. Customs Service agents asked Mr. Zimmermann how his software went overseas. In September the U.S. Attorney's office in San Jose, which has expertise on computer crimes because of its proximity to Silicon Valley, told Mr. Zimmermann that he was a target of an investigation. Mr. Zimmermann says he neither sent PGP overseas, nor posted it on computer systems. RSA Data Security Inc. is also angry at Mr. Zimmermann. The computer-security firm says that in creating PGP, Mr. Zimmermann used one of its patented cryptographic algorithms without permission, after RSA had denied him a free license. "We sometimes joke that PGP stands for `Pretty Good Piracy,' " says James Bidzos, president of the Redwood City, Calif., firm. "What he did was simple. In this business, you simply don't rip off people's intellectual property." RSA, which sells its technology to most of the major sofware makers and makes an encryption program called MailSafe, hasn't sued Mr. Zimmermann. But it has asserted its legal rights in letters to anyone it catches using PGP. As a result, few companies use PGP and many universities and commercial on-line services keep it off their computers. Mr. Zimmermann says that technically he hasn't violated RSA patents because he didn't sell the software until he signed the deal with ViaCrypt, which does have a license to use the algorithm. He notes that the on-line documentation for PGP suggests that people who use the program should contact RSA about a license. For many individuals, PGP has become something of a standard for encrypted e-mail on the Internet. A Glendale, Calif., college student who goes by the name Monk on the Internet says, "It's free; it's solid; it promotes privacy. How can you argue with it?" While the NSA wants to keep control of encryption, "This teeny little company with a wonderful hero has changed that," says Thomas Lipscomb, president of InfoSafe Corp., a New York developer of security devices for CD-ROM publishers. Fear that hackers may intercept e-mail has spawned a grass-roots cult of PGP users in the Internet community. Craig McKie, a sociology professor at Carleton University in Ottawa, encrypts chapters of a new book with PGP as he sends them to his publisher, fearing that otherwise, "a gazillion copies would go flying off into the night." Lance Cottrell, an astronomer at the University of California, San Diego, says he uses PGP to share unpublished observations with collaborators to keep others from claim-jumping a discovery. PGP also helps make the otherwise leaky internet safe for commerce. Members of the Electronic Frontier Foundation, a group that advocates electronic free speech, can pay dues by sending PGP-encrypted credit-card numbers over computer networks. S. Soloway Inc., a Palo Alto, Calif., accounting firm, scrambles backup tapes with PGP, so that clients needn't worry about lost confidentiality if the tapes are lost or stolen. Kenneth Bass, a Washington lawyer, communicates with some clients and other attorneys in PGP code. For human-rights advocates, the consequences of compromised sources can be devastating. Daniel Salcedo, who works for the Human Rights Project of the American Association for the Advancement of Science in Washington, teaches activists in El Salvador and Guatemala to use PGP. "In this business, lots of people have been killed," Mr. Salcedo says. Alan Dawson, a writer living in Thailand, says rebels opposing the regime in neighboring Burma are using PGP to encrypt information sent among rebel groups. Before use of PGP became widespread, Mr. Dawson wrote Mr. Zimmermann, "captured documents have resulted directly in arrests, including whole families and their torture and death." But investigators say PGP and other encryption systems aid crime. William Spernow, a computer-crime specialist with Search Group, a federally funded police-training firm in Sacramento, Calif., predicts criminals will routinely encrypt information within two years. "This could signal the end of computer forensics before it even gets off the ground," he says. Mr. Bidzos of RSA says that he has had several calls from police in the Miami area asking for help in decrypting information on computers seized in drug raids. He says the encryption is unbreakable. Mr. Spernow studied one case where a criminal conducted a fraud by keeping a double set of books - the real set encrypted in PGP. Mr. Zimmermann says he is disturbed by criminal use of encryption, but thinks the benefit of providing electronic privacy to everyone outweighs the costs. "It is impossible to obtain real privacy in the information age without good cryptography," he says. Encryption also raises some eyebrows inside corporations. Mr. Bass, the Washington lawyer, notes that most companies assert the right to read employees' e-mail, since it is composed on their computers and travels their networks. "What will they do when people start encrypting messages to each other?" he asks. Without e-mail encryption, widespread surveillance would be easier. In theory, CIA, FBI and police computers could tap telephone cables and look for key words such as "missile" or "bomb" to find people who needed closer watching. Mr. Zimmermann says: "This is analogous to drift-net fishing." Computerized encryption "is a technology that for a change benefits our civil liberties," he adds. "The government law-enforcement agencies have benefited from many technologies," such as telephones that made wire- tapping undetectable. In fact, Mr. Zimmermann is currently seeking funding for a project to create a phone that uses a personal computer equipped with a microphone and a speaker, to encrypt voice conversations just as PGP encrypts data exchanges. Mr. Zimmermann has been suspicious of the government for a long time. After growing up in Boca Raton, Fla., where a children's book on secret writing first interested him in codes, he moved to Boulder in 1978 and worked as a computer engineer. After he was laid off by Storage Technology Corp. in 1985, along with 3,000 others, he became a consultant specializing in telecommunications and data security. In the 1980s he became worried about the nuclear-arms race. He and his wife investigated moving to New Zealand. But they stayed in Boulder, an antiwar hotbed, where he lectured on arms policy. Mr. Zimmermann says that he has not been active on the internet and adds, "I'm not a cipherpunk - I wear a suit when I visit clients." But he says he agrees with the electronic free-speech ideals of the cipherpunks, the Internet habitues who fill cyberspace with blistering criticisms about the U.S. government's proposal to promote use of the so-called "Clipper chip." The chip would let companies and individuals encrypt sensitive communications, but the government would hold a key making it possible - with court permission - to decipher them for law-enforcement or national-security purposes. Mr. Zimmermann thinks the Clipper project confirms the need for PGP by showing the government's desire to read electronic mail. "They're treating us like an enemy foreign population," he says.  ----------------------------------------------------------------------------- This message was mailed through the remailer anon at desert.hacktic.nl Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to kafka at desert.hacktic.nl -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi2+t1EAAAECALUS6KI7WLBB47y5dDIN+vHAW2XLxu+ELJCNkHLKYxhAr6vY Ku1e9oMry+bHizW8wCt0JPWMlnzZOkhZplIGsqkABRG0O0Rlc2VydCBBbm9ueW1v dXMgUmVtYWlsaW5nIFNlcnZpY2UgPGFub25AZGVzZXJ0LmhhY2t0aWMubmw+iQBV AgUQLb63vZRymF15lPcFAQF88AH/TdqfNlZ2uNH/CpQiy6BneDa0+FJTmBFgy5W+ wcpbsljOFFheH3zz5zA2rkpxIBoy/nd4vQ9kaa6fc1TkVMeBfokAlQIFEC2+t6C+ ZjYIMi0DBQEBT4YD/0NK9fCG8JjE0fS/0SlFshWAGSZxUYREKoQiwo8/ZPEbORHa +a6E8mXOjy7XHVH00S8/1aOO+ji89FFY2aVNqVVDfZI53er9pZAeNSQ1mvD7isor B3IOQ+WeKgXL/IvOEaZro0ZA/FWtry0Ty7RZbPwX4j1TkBTxlRI08e2dG7YI =MfIT -----END PGP PUBLIC KEY BLOCK-----  From jims at Central.KeyWest.MPGN.COM Sun May 1 08:48:26 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Sun, 1 May 94 08:48:26 PDT Subject: Cypherpunks as lobbying/propagandizing group In-Reply-To: <9405010348.AA21105@mason1.gmu.edu> Message-ID: <9405011547.AA04467@Central.KeyWest.MPGN.COM> ... > I agree that claiming to represent an > anarchy is illogical and, well, an outright untruth. As do I, for what it's worth. My plan was never to speak as a unified voice representing all Cypherpunks but to rather give evidence that we are not all the college-computer-nerd-woodstock-missing-hippie-wannabe- Cipherpunks. Only that if someone talks to the press and they say, "just what is Cypherpunks?" they can say "Well, I have a document that explains who we are (demographics), what we do, and why." But there are SOME ideas 99% of us agree on... such as we don't want to see the government self-fullfill George Orwell's prophesy. Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From stc at panix.com Sun May 1 09:24:56 1994 From: stc at panix.com (steven cherry) Date: Sun, 1 May 94 09:24:56 PDT Subject: Leahy Clipper hearings - May 3rd Message-ID: Voters Telecomm Watch (VTW) Legislative Action Alert vtw-list-request at panix.com Are you concerned about the Clipper Chip? Do you think your privacy is too important to be trusted to corruptible bureaucrats and secret algorithms? You can do something about this! On May 3rd, Senator Patrick Leahy (D-VT) will hold a hearing in Washington D.C. on the Clipper chip. The opportunity to add your voice is here! Best of all, we've looked up all the phone numbers for you! The hearings will be with the Technology and the Law subcommittee of the Judiciary committee. Listed below are the members' names. Be brief and polite, as Senator Leahy has a good reputation for being sensitive to civil liberties issues in the electronic world. [If you live in any of the states below, please make a special effort to call your Senator.] Senate Judiciary subcommittee on Technology and the Law (Senator Patrick Leahy, Chairman) P ST Name and Address Phone Fax = == ======================== ============== ============== D VT Leahy, Patrick J. 1-202-224-4242 1-202-224-3595 433 RSOB Washington, D.C. 20510 D WI Kohl, Herbert H. 1-202-224-5653 1-202-224-9787 330 HSOB Washington, D.C. 20510 D CA Feinstein, Diane 1-202-224-3841 1-202-228-3954 367 DSOB Washington, D.C. 20510 R PA Specter, Arlen 1-202-224-4254 1-202-224-1893 303 HSOB Washington, D.C. 20510 R SD Pressler, Larry 1-202-224-5842 1-202-224-1630 133 HSOB Washington, D.C. 20510 HSOB = Hart Senate Office Building RSOB = Russell Senate Office Building DSOB = Dirksen Senate Office Building Call now, call from work, from home, whereever you are. It only takes a minute. If you have a fax modem, break it in! Here is a sample you might want to read before calling or faxing in your comments: SAMPLE LETTER OR PHONE CALL The Honorable Senator ____________ I understand you will be attending the hearings on the Clipper chip. I wanted to express my concern about the use of the Clipper chip in personal communications. The Clipper chip would mandate a privacy standard that is prone to significant abuse. Unlike most recent work in cryptography, the academic work surrounding the chip has been kept from the public, developed in secret. Decent cryptography exists today to protect my communications. The Clipper chip threatens my ability to use that technology. Please oppose the Clipper chip. Sincerely, __________________ For more information about the VTW (Voters Telecomm Watch), write to vtw-list-request at panix.com. We are in no way affiliated with Panix Public Access. From hfinney at shell.portal.com Sun May 1 09:37:17 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 1 May 94 09:37:17 PDT Subject: waffle remailer header blocks Message-ID: <199405011638.JAA14039@jobe.shell.portal.com> This was posted here: > From owner-cypherpunks at toad.com Sun May 1 08:33:34 1994 > From: (Anon Account an3) > To: cypherpunks at toad.com > Subject: WSJ article on PGP > Date: Sun, 30 Apr 1994 10:04:20 MET > Sender: owner-cypherpunks at toad.com > Precedence: bulk > Status: R > > Reply to: (Anon Account an3) > Remailed by: anon at desert.hacktic.nl > X-Remailer-Software: Remail for Waffle 1.3 > > >From The Wall Street Journal > Vol. LXXV No. 138 > Thursday April 28, 1994 Note the three lines at Reply to:. These prevent chaining from working from this remailer to my remailer. To implement chaining, my remailer expects to see "::" as the first non-blank line. Instead, it sees the "Reply to": as the first non-blank line. Those three lines should be part of the header. If they can't be put into the header, they should not be sent out at all. (Several weeks ago, I got a great many messages from the rebma remailer that looked the same way. I haven't seen those in a while, so either Bill fixed the problem or else people have given up on trying to chain from rebma to my remailer.) Hal From hfinney at shell.portal.com Sun May 1 10:07:14 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 1 May 94 10:07:14 PDT Subject: The American money capture Message-ID: <199405011708.KAA16423@jobe.shell.portal.com> There are a couple of things I disagree with in Gary Jeffers' post. (Mild spelling flame - it's "fiat" money, not "fait" money.) I am interested not from the conspiracy aspects, but from the private- versus public-money angle. > PAPER MONEY BACKED BY PAPER > There is only one cause of inflation; it is officially - but not > constitutionally - authorized counterfeiting of money, the official > issue of paper money substitutes that are not fully backed by & > redeemable in the real lawful money they purport to represent. Until 1850, there was no official paper money in the United States. The US government controlled coinage, but they had a lot of problems getting enough money into circulation, especially in the fast-growing frontier area. Between 1800 and 1850 a great number of private banks were started whose main function was to issue paper money. Although this money was not a legal tender (meaning simply that people could refuse to accept it) it did circulate widely as cash, often displacing coins. Although ostensibly backed by lawful money (e.g. US coins), this did not stop the bankers from engaging in fractional-reserve banking. Indeed, if they had not done so, their banks would have been of no value, as they would not have helped remedy the shortage of circulating money. (Today, with our experiences of inflation in the 1970's and 1980's, it is hard for us to appreciate the problems with deflation. But I think deflation was much worse. The effects are similar to what we see today when the Fed tightens the reins on the money supply - a halt to economic growth, business bankruptcies, growth of unemployment, debtors unable to pay off their debts, mortgage foreclosures, etc.) (Also, note that a constant money supply in a growing economy is effectively deflationary. The money supply must increase at least as fast as economic growth or it will serve as an active brake on the economy, IMO. I don't know what economic school this view comes from, but I first heard it from Milton Friedman.) Even though the cash was not "official", inflation was a problem. In fact, it was a chronic, overwhelming problem. Once a bank realizes that it can buy things simply by printing money, it takes more self-restraint than most institutions (private _or_ public) have to keep from doing so. Things were made worse by the fact that our understanding of the inevitable bad results of such inflation was simply absent back then. The bankers did not under- stand that printing more money would inevitably devalue the currency. They thought that the inflation they saw was due to psychological factors, people not trusting the bank, or greedy merchants trying to take advantage of the public. (These arguments were echoed in the 1970's and 1980's, but they have of course been widely discredited now. The issue was far less clear in 1850.) Throughout the private-banking era, runs on banks, booms, busts, and panics, all the traditional extreme manifestations of the business cycle, were seen. And all this occured at a time when the only lawful, legal tender money was hard currency: gold, silver and copper coins. Clearly having such a money is no proof against the pernicious effects of inflation. Despite this historical record, I think that private currencies today would have the potential to succeed. The increased economic sophistication about the effects of different monetary policies would help bankers steer clear of the most egregious errors of the 1800's. Digital cash signatures avoid the widespread counterfeiting and discounting which also plagued that era. Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Sun May 1 10:32:09 1994 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Sun, 1 May 94 10:32:09 PDT Subject: Another remailer Message-ID: <199405011733.KAA17415@jobe.shell.portal.com> Found this on the nets: >Xref: portal alt.cyberpunk:31472 alt.anonymous:125 alt.privacy.anon-server:683 alt.security.pgp:11417 >Path: portal!portal.com!decwrl!hookup!europa.eng.gtefsd.com!emory!swrinde!news.uh.edu!jpunix!perry >From: perry at jpunix.com (John A. Perry) >Newsgroups: alt.cyberpunk,alt.anonymous,alt.privacy.anon-server,alt.security.pgp >Subject: New Anonymous Server! >Message-ID: <043094125146Rnf0.78 at jpunix.com> >Date: Sat, 30 Apr 1994 12:51:00 GMT-6 >Organization: J. P. and Associates >Lines: 76 X-PGP-Key-Fingerprint 67 91 9D E9 97 E1 0F D9 F7 A5 B2 58 EA AB 3A F9 X-Newsreader: Rnf 0.78 -----BEGIN PGP SIGNED MESSAGE----- Hello Everyone! Thanks to Patrick Oonk (kafka at desert.hacktic.nl), I would like to announce the creation of a new anonymous mail/usenet server. This server is based on the PGP-compatible Cypherpunk mail servers and operates with the same set of commands. The address to this new server is remailer at jpunix.com. Here is a brief description of how to use the server: How to use the Cypherpunks Remailers ------------------------------------ by Hal Finney, <74076.1041 at compuserve.com> There are two general ways of specifying the remailing instructions. The simplest is to add an extra field to the header of the message. All of the Cypherpunks remailers will accept the field name "Request-Remailing-To:". (Several of the remailers also accept shorter versions of this name, but there is no standard for the short versions accepted.) Simply put the address that you want the mail to be forwarded to after "Request-Remailing-To:" in the message header, and the forwarding will be done. (Case is important in this header field, so be sure to put in the capital letters as shown.) This remailer software also supports "X-Anon-To:". Many people have mailers which will not allow them to add fields to the headers of the messages they send. Instead, they can only put material into the bodies of the mail. In order to accomodate such systems, the Cypherpunks remailers provide a mechanism for "pasting" the first few lines of the message body into the header. These lines can then contain "Request-Remailing-To:" / "X-Anon-To:" commands. This is done by having the first non-blank line of your message be the special token "::" (two colons). If the Cypherpunks remailers see this as the first non-blank line, all following lines up to a blank one will be pasted into your mail header. Then the message will be processed as usual. Here is how the message above would be prepared if Sue were not able to add lines to her outgoing message header. This new server will also support posting to USEnet in the form: Request-Remailing-To: news.group where news.group is the newsgroup the user wishes to post to. If you have any problems or questions, feel free to contect me at perry at jpunix.com. Please find the public key of the new server listed below for those of you wishing to encrypt to the server. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi3CjRsAAAEEAMYPWIxjbDCBgUVi4sEkuv3EP59wBcRFEkDTojZqsf61tk3Q a701snXLfDITk3wzVjOj4LMYgEfZpwVNr3B1xdttQj44F/h1p2kmRW9NbDkm+OgP Ts7lZ0ac5PHkpb1q/qD2Y5yfiNNN+rZBaT1QLc3il3VIYy21BecyzSVK9nCVAAUR tDFQR1AtYmFzZWQgUmVtYWlsaW5nIFNlcnZpY2UgPHJlbWFpbGVyQGpwdW5peC5j b20+ =osYc - -----END PGP PUBLIC KEY BLOCK----- John A. Perry - perry at jpunix.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcKctVOTpEThrthvAQGwFwP+OYwVry77liwHnpOxWZ5oZhdxUo9LA2BG VUK4sLUZ+phcJJAWvkA0KqV2D6WM0hc7beZqPspZ5ejCN2q/V9qrFiQjCN8MuOdk k+EREPHqqkOQDSzYOX9sZuD/17cg7nusxkpmPN2a4b9oouB8uq28nNC2VUz0yBte jgwh0f+voUY= =jF/y -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Sun May 1 11:04:35 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sun, 1 May 94 11:04:35 PDT Subject: MAIL: remailer list Message-ID: <9405011804.AA26118@arcadien.owlnet.rice.edu> Changes: 1) two new remailers! anon at desert.hacktic.com and remailer at jpunix.com I put the public keys up at the gopher site (chaos.bsu.edu) and once the semester is over I will get organized and upload to soda.berkeley.edu. 2) Matt Ghio's update list of email-to-usenet gateways, gained from trolling misc.test. Thanks! -----BEGIN PGP SIGNED MESSAGE----- Cypherpunk anonymous remailers, 5/1/94 Q1: What are the anonymous remailers? 1: nowhere at bsu-cs.bsu.edu 2: remailer at chaos.bsu.edu 3: rperkins at nyx.cs.du.edu 4: remailer at soda.berkeley.edu 5: hal at alumni.caltech.edu 6: ebrandt at jarthur.claremont.edu 7: remailer at utter.dis.org 8: anon at desert.hacktic.nl 9: remailer at jpunix.com 10: remailer at rebma.mn.org 11: catalyst at netcom.com 12: hfinney at shell.portal.com 13: remail at extropia.wimsey.com NOTES: 1-3 no encryption of remailing requests 4-11 support encrypted remailing requests 11 special - header and message must be encrypted together 7,10,13 introduce larger than average delay (not direct connect) 1,2,7,10,13 running on privately owned machines 4,8,9 features USENET posting 11 features anonymous pools 8,13 located outside of the U.S. ====================================================================== Q2. Other Services: 1. Miron Cuperman's anonymous pool. To subscribe, send mail to pool0-request at extropia.wimsey.com. Mail sent to pool0 at extropia.wimsey.com will be sent to all subscribers of the anonymous pool. 2. Matt Ghio's pseudo-account remailer. Send mail to mg5n+getid at andrew.cmu.edu You will receive an encrypted mail address of the form mg5n+eaxxxxx at andrew.cmu.edu Mail sent to this address will be forwarded to you. Mail sent to mg5n+remailers at andrew.cmu.edu will return a list of remailers to you. Mail sent to mg5n+anz3ajg8o1yxicqzt6v6qgpg3tkhddpqw3jl at andrew.cmu.edu will be forwarded on to cypherpunks at toad.com 3. Jay Prime Positive's mail pool Send mail to jpp=0x123456 at markv.com, and the mail will be encrypted with the key matching 0x123456, and sent to alt.test with a subject line of "Ignore 0x123456" To add a key, send to jpp=poolnew at markv.com. The body of the message should contain the public key in pgp format. If there is a key clash, a message with the subject "Ignore jpp=poolnew key already in use" 4. Finger remailer at soda.berkeley.edu for instructions and a ping report. 5. Usenet posting: anon at desert.hacktic.nl and remailer at jpunix.com allow posting to usenet with the following syntax: Request-Remailing-To: news.group remailer at soda.berkeley.edu uses the following syntax: Post-To: news.group OR Anon-Post-To: news.group ====================================================================== Q3: What help is available? 1. Look in ftp://soda.berkeley.edu/pub/cypherpunks/remailer (soda.berkeley.edu = 128.32.149.19) chain.zip - program that helps with using remailers dosbat.zip - MSDOS batch files that help with using remailers hal's.instructions.gz - in depth instruction on how to use hal's.remailer.gz - remailer code pubkeys.tar.gz - public keys of remailers which support encryption pubkeys.zip - MSDOS zip file of public keys scripts.tar.gz - scripts that help with using remailers 2. Or try to gopher to chaos.bsu.edu and look in "Anonymous Mail"/Remailer Instructions" 3. Cypherpunks WWW home page is ftp://soda.berkeley.edu/pub/cypherpunks/Home.html ====================================================================== Q4. Email-to-Usenet gateways? 1: group-name at cs.utexas.edu 2: group.name.usenet at decwrl.dec.com 3: group.name at news.demon.co.uk 4: group.name at news.cs.indiana.edu 5: group-name at pws.bull.com 6: group-name at ucbvax.berkeley.edu 7: group.name at undergrad.math.uwaterloo.ca 8: group.name at magnus.acs.ohio-state.edu 9: group.name at ccs.uwo.ca 10: group.name at julian.uwo.ca 11: group.name at paris.ics.uci.edu 12: group.name at cs.dal.ca NOTES: * This does not include ones that work for single groups, like twwells.com. * Remember to include a Subject: with your post, may cause failures if missing #6 blocks from non-berkeley sites (so use the berkeley remailers :-) ====================================================================== This is the remailer.data file I use with pingmail, a script for pinging anonymous remailers: 01:n:nowhere at bsu-cs.bsu.edu 02:n:remailer at chaos.bsu.edu 03:n:rperkins at nyx.cs.du.edu 04:n:remailer at soda.berkeley.edu 05:y:hal at alumni.caltech.edu 06:y:ebrandt at jarthur.claremont.edu 07:y:remailer at utter.dis.org 08:y:anon at desert.hacktic.nl 09:y:remailer at jpunix.com 10:y:remailer at rebma.mn.org 11:y:catalyst at netcom.com 12:y:hfinney at shell.portal.com 13:s:remail at extropia.wimsey.com -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcPtioOA7OpLWtYzAQHXCgP/RWK7gAGZZ7bH/x6qKa9U+D3xPdpSOJT8 CqzFi/prqPSiJB1B+d5to+omiidSu4HK1DbOUUSlM//wvlNsYGExrTbaxDw8pUC3 ZWKfvHVklfJjbcmvLZQbal4Gjf8HHAlrnZG7fNFkLnZ6gGBh4qPqS4QxxadnT/I6 jiBcBMp7Gq8= =N7g/ -----END PGP SIGNATURE----- -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From nobody at shell.portal.com Sun May 1 11:16:25 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sun, 1 May 94 11:16:25 PDT Subject: Another remailer Message-ID: <199405011817.LAA23901@jobe.shell.portal.com> Hal Finney wrote, quoting John Perry: > Thanks to Patrick Oonk (kafka at desert.hacktic.nl), I would like > to announce the creation of a new anonymous mail/usenet server. This > server is based on the PGP-compatible Cypherpunk mail servers and > operates with the same set of commands. The address to this new server > is remailer at jpunix.com. Here is a brief description of how to use the > server... It's gone now and the PGP key has been revoked. I think Mr. Perry deserves the Guiness world record for having the shortest-lived remailer! :-| From mg5n+ at andrew.cmu.edu Sun May 1 11:43:15 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 1 May 94 11:43:15 PDT Subject: MAIL: remailer list In-Reply-To: <9405011804.AA26118@arcadien.owlnet.rice.edu> Message-ID: > Q4. Email-to-Usenet gateways? > > 1: group-name at cs.utexas.edu > 2: group.name.usenet at decwrl.dec.com > 3: group.name at news.demon.co.uk > 4: group.name at news.cs.indiana.edu > 5: group-name at pws.bull.com > 6: group-name at ucbvax.berkeley.edu > 7: group.name at undergrad.math.uwaterloo.ca > 8: group.name at magnus.acs.ohio-state.edu > 9: group.name at ccs.uwo.ca > 10: group.name at julian.uwo.ca > 11: group.name at paris.ics.uci.edu > 12: group.name at cs.dal.ca Are you sure about #5 and #6? I haven't gotten the berkeley one to work. I was able to post through pws.bull.com, however, it seems to be on a UUCP feed and messages get delayed 2-3 days. Using group.name at bull.com is much faster, and also doesn't require dashes, so you can post to groups like alt.privacy.anon-server, alt.ascii-art, etc. This is my current list: group.name at demon.co.uk group.name at news.demon.co.uk group.name at news.cs.indiana.edu group.name at bull.com group.name at cass.ma02.bull.com group.name at undergrad.math.uwaterloo.ca group.name at magnus.acs.ohio-state.edu group.name at ccs.uwo.ca (Kills headers, generates new Message-ID) group.name at julian.uwo.ca (Kills headers, generates new Message-ID) group.name at uunet.ca (Limited newsgroups) group.name at cs.dal.ca (Limited newsgroups) group.name at ug.cs.dal.ca (Limited newsgroups) group.name at paris.ics.uci.edu (Limited newsgroups) group.name.usenet at decwrl.dec.com (Preserves ALL headers) uunet.ca and cs.dal.ca will bounce the message if it doesn't support the newsgroup. paris.ics.uci.edu will just eat it and you'll never see it again. uunet.ca doesn't seem to support any alt.groups. Also, demon and uwaterloo will preserve most headers (ie comments, etc) dec.com will preserve all the headers, including all Received: headers. The rest usually remove the non-essential ones. Uwaterloo, ohio-state, and Dalhousie insert Orginization: headers advertising their university, but uci (University of California, Irvine) and uwo.ca (University of Western Ontario) don't. (-; From mg5n+ at andrew.cmu.edu Sun May 1 11:47:28 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 1 May 94 11:47:28 PDT Subject: Another remailer In-Reply-To: <199405011817.LAA23901@jobe.shell.portal.com> Message-ID: "Nobody" wrote: > It's gone now and the PGP key has been revoked. I think Mr. Perry > deserves the Guiness world record for having the shortest-lived > remailer! :-| Actually, it's been changed to anon at jpunix.com. It's running the same software as Patrick Oonk's, so the headers come out messed up and you can't chain remailers... :( Maybe if we ask him nicely, he'll put it back. He did revoke the public key, I have no idea why the hell he did that. From rhoff at blue.weeg.uiowa.edu Sun May 1 12:41:14 1994 From: rhoff at blue.weeg.uiowa.edu (Robert Michael Hoff) Date: Sun, 1 May 94 12:41:14 PDT Subject: Dominating public debate (Was: Cypherpunks as lobbying/propaga Message-ID: <199405011940.OAA18933@blue.weeg.uiowa.edu> While I agree that the cypherpunk list is too fragmented and informal to pass off as a coherent lobbying group, there remains a very deep need to get information out to the "general public" (read as, "people who might have heard about something the NSA is doing, but don't quite remember what....") Lets face it. For all the successful lobbying EFF and CSPR and individuals have done, upwards of 75% of the population won't recognize the word Clipper. This needs to change, since the NSA depends on the masses to be uninformed for Clipper to become reality. Press kits and making the cypherpunk label known are steps in the right direction, but we need to go more directly to the people. And sadly, probably the most successful way to stimulate debate and educate in the United States is best demonstrated by... "Harry and Louise" You know, that annoying commercial the insurance industry ran? That Bill was concerned enough about to parody? It's time the Clipper debate got one too. Mind you, we'd keep ours factual and non-sensational, but interesting enough to catch the eye of Joe and Mary Blow at the dinner table. An interesting concept: it would be (to my knowledge) the first time a grass roots campaign went prime-time. Problem is, getting airtime over the hours our target audience is likely to be watching isn't cheap. But hey, the software industry hates this as much as cypherpunks do. Pass the hat. And for that matter, if you think you're concerned enough to read this list, chip in $20 bucks to the currently non-existant (EFF? CSPR? Cypherpunk Nonproft Foundation for Truth?) Fund for Commercials. You want to get attention? THAT'S the way you do it in the US. It's unfortunate, but if you want to stop Big Brother, you're going to have to play with the big boys by their rules: who dominates public debate wins, not who's right. And the anti-Clipper movement needs to quit the discussion-group mode and move into action. Very, very soon. Comments encouraged. Robert Hoff. -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi1cCbwAAAEEAM3mH6Wm+DjLAZHHaKAPEE6BpQpE6cCsI46HJzEekyQca18Z nnNJpVbFfs21P+nkzT02ZQ7HJ5lnQz8TGWN0LSJ8f45DSR5VElTO3MkOCrYSoZ3c WO3IxW4oxm4fWx+3ipN+KKrB/0oooT7n4u0LV0aaImIn2Uzm7I8jOOi7F8jFAAUR tCpSb2JlcnQgTS4gSG9mZiA8cmhvZmZAYmx1ZS53ZWVnLnVpb3dhLmVkdT4= =JUO8 -----END PGP PUBLIC KEY BLOCK----- From PMARKS at VAX1.UMKC.EDU Sun May 1 13:00:50 1994 From: PMARKS at VAX1.UMKC.EDU (PMARKS at VAX1.UMKC.EDU) Date: Sun, 1 May 94 13:00:50 PDT Subject: So, what are we going to do? Message-ID: <01HBTU38KG6G8WYU0U@VAX1.UMKC.EDU> Very interesting threads going along in here. I'm a fairly new reader to the list. In fact, until I started reading WiReD, Cud, EFF, and this list, I didn't even know that I had to worry about privacy in cyberspace. RE: the folowing *************************************************************************** This is largely, however, off the topic. What is important, and a point on which I think we agree, is that the regulation of strong crypto, or in your definition, the interference in the marketplace, is unacceptable, unneeded and nothing more than a calculated attempt to maintain the status quo of usurpation of individual rights in favor of federal power and influence. Even the national security externality falls when one considers the uselessness of export regulation in the age of digital communication. *************************************************************************** It may be too late for the federal gov't to regulate cryptography. The genie is already out of the bottle. They might legislate it, even criminalize it, but private non-clipper crypto is here. I believe it is here to stay. At least, I'm not giving up _MY_ copy of PGP. As long as I've got a copy, my friends can get copies. Their friends can get copies from them. Just _HOW_ heavy-handed does the Justice Dept. plan to get? Will they come in at midnight, knocking down doors, shouting "we have a search warrant to locate illegal cryptography in your possession!" and run off with my equipment? _That_ could be quite embarrassing for crypto users like me, who are _not_ pornographers, drug dealers, or terrorrists to show up in court. What is the prosecuter going to tell the judge? "So far, we've decyphered his secret bar-b-que sauce recipie and his grandmothers instructions for making chocolate-chip cookies, but we expect to have the plaintext of his letter to his sister anytime now." What could I possibly tell the judge? "I just felt that my own data files were my own, and nobody else's, business. I just thought I was entitled to a little privacy." How would that read in the press? Could the government really afford to look that stupid? (Unless, of course, they really _are_.) From pls at crl.com Sun May 1 13:17:55 1994 From: pls at crl.com (Paul Schauble) Date: Sun, 1 May 94 13:17:55 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <199404300832.AA25324@access1.digex.net> Message-ID: I've often felt that the solution to this problem is that citizenship should not be given by birth. Everyone, whether born in the US or abroad, should have to go through roughly the present process to be granted citizenship. I'm explicitly including required study of US history and taking an oath to support the Constitution. ++PLS From unicorn at access.digex.net Sun May 1 13:31:20 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 13:31:20 PDT Subject: Constitution and Contract [Was: CIA & FBI] Message-ID: <199405012030.AA27999@access3.digex.net> I've often felt that the solution to this problem is that citizenship should not be given by birth. Everyone, whether born in the US or abroad, should have to go through roughly the present process to be granted citizenship. I'm explicitly including required study of US history and taking an oath to support the Constitution. ++PLS <- So what protections does a minor have before he or she passes the "test"? Will a passport be issued to a non-citizen? From rarachel at prism.poly.edu Sun May 1 13:35:19 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 1 May 94 13:35:19 PDT Subject: Secure Drive is now obslete In-Reply-To: <01HBRTDS3EQ0935JW0@delphi.com> Message-ID: <9405012023.AA19489@prism.poly.edu> Can SecureDevice be used to mount from a network volume? This would be a very very useful feature, although I'd imagine a total headache to actually implement... The one thing I dislike about SecureDevice (even before using it) is that it can be zapped by a frustrated would-be-codeanalyst... Of course now that we can back it up to tape, it's not that big an issue. :-) Also, the old SecureDrive program had a protection feature in the TSR, but in any case, it wouldn't help if the TSR was killed off, or if our bad-guy booted from a floppy. He could still kill the drive... But that's not too huge an issue as anyone can zap your hard drive if they wanted to in any case... :-I From pls at crl.com Sun May 1 13:44:04 1994 From: pls at crl.com (Paul Schauble) Date: Sun, 1 May 94 13:44:04 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <199405012030.AA27999@access3.digex.net> Message-ID: On Sun, 1 May 1994, Black Unicorn wrote: > I've often felt that the solution to this problem is that citizenship > should not be given by birth. Everyone, whether born in the US or abroad, > should have to go through roughly the present process to be granted > citizenship. I'm explicitly including required study of US history and > taking an oath to support the Constitution. > > ++PLS > <- > > So what protections does a minor have before he or she passes the "test"? Same as minors who are resident aliens have now. That's quite a lot. > > Will a passport be issued to a non-citizen? > No. They would be treated as minors and could travel abroad only when accompanied by a citizen who is taking responsibility for them. Much like minors at present. Yes, it's inconvenient for these new non-citizens. It's supposed to be. I agree with Heinlein that citizenship should be earned. ++PLS From rarachel at prism.poly.edu Sun May 1 14:21:42 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 1 May 94 14:21:42 PDT Subject: PC-Expo In-Reply-To: <9404281820.AA14996@snark.imsi.com> Message-ID: <9405012109.AA20245@prism.poly.edu> This is my reply to Perry about the PCExpo Cypherpunks attack. I'd originalkly meant this as a private message, but there's enough good info/requests that I'd like >ALL< of us to read it. I hope you won't mind Perry. For those of you just tuning in, this is an idea I've had: I want some cypher punks to join in together and simply hand out disks and flyers at PC Expo which contain crypto files and articles. This will be in NYC June 28-30. My gut reaction is to try and make it for the 1st day since that's when it's busiest, and perhaps we can catch some press-attention if possible. However, this will depend on who is free and when. We don't have to register for PCExpo nor go in. In fact, it would be a bad idea to hand out these disks on Javitz's property because we haven't rented a booth there (I'd rather we spend the money on duplicating disks.) If all of us chip in $20 worth of disks, it will make a very big difference. You can get disks very cheap from MEI microcenter at 800-634-3478 or whereever. Just make sure you get 3.5" 1.44M disks... If you can't attend because you're not in NYC or not available and are a good writer, PLEASE PLEASE PLEASE write some anti-clipper anti-digital telephony articles. We need this because I don't want a copyright infringement on our hands (ie: information liberation front and newspaper articles.) As usual we can take quotes out of articles say "New York Times said Clipper is a brain dead idea" and such, but we need stuff that we can't be thrown in jail or sued for. We also need folks to contribute ideas/software to add to the disks and more importantly to review the disks... Re: Disks & $$$ Not really. Disks are pretty damn cheap these days. If you buy'em from MEI MicroCenter you can get 3.5"HD's for $0.41 cents a piece, or cheaper if you get'em in over 300. 10 disks=$4. IF every PC-Expo-punk chips in 20 disks, we should have plenty to make a neat dent in the Clipper-ignorant-crowd. The software: PGP, SecureDevice/Drive, a file viewer (sor of like list) which I've written that does some minimal mouse support, a menu system I guess, and lots of articles. I'd need someone to look at articles and kill off the ones that may cause copyright problems for this disk. I'm not putting my name on the disks, but if someone were to sniff hard, they'd catch my smell, so that's one thing I want to avoid. Basically, if you have any articles, or better yet if you'd be able to write some or get other c'punks to write some which we can distribute, it would be very cool. If you can attend PC Expo, please send email to rarachel at photon.poly.edu for faster processing. Oh, one more thing: I'll be making the disk duplications myself. This is so that our "spook" friends don't install viruses in our software. There is of course the question of trusting me, but I know I trust myself. :-) Perhaps the simplest thing is to include a virus scanner on the disk. Whatever... We also need someone to mass produce labels for the diskettes with a logo. NO CYPHERPUNK CRIMINAL LOGO! It's a cool logo, I have the T-shirt, but PCExpo attending yuppies will fear us more than the spooks if they see "Criminal" on the disk. I suggest "Free Security Articles And Software Demo" as the title of the disk. MAke it look like some corporation is giving out freebies. Oh,I really hate this one, but we should all be dressed professionally (ie: suits, ties, yuck!) This would hurt our credibility if we didn't.... Anyhow, nothing is organized yet, except that a few volunteers have signed up. So please, if you can contribute anything join in. After this is over, we'll have a cypherpunk diskette whch other cpunks in other citities can use to mail to the media, give out to other expos, etc. From bruce at phantom.com Sun May 1 14:47:47 1994 From: bruce at phantom.com (Bruce Fancher) Date: Sun, 1 May 94 14:47:47 PDT Subject: PC-Expo In-Reply-To: <9405012109.AA20245@prism.poly.edu> Message-ID: <9405012145.AA14833@mindvox.phantom.com> [Arsen Ray Arachelian] has written: | | This is my reply to Perry about the PCExpo Cypherpunks attack. I'd originalkly | meant this as a private message, but there's enough good info/requests that | I'd like >ALL< of us to read it. I hope you won't mind Perry. | | For those of you just tuning in, this is an idea I've had: I want some cypher | punks to join in together and simply hand out disks and flyers at PC Expo | which contain crypto files and articles. This will be in NYC June 28-30. | My gut reaction is to try and make it for the 1st day since that's when it's | busiest, and perhaps we can catch some press-attention if possible. However, | this will depend on who is free and when. We don't have to register for PCExpo | nor go in. | | In fact, it would be a bad idea to hand out these disks on Javitz's property | because we haven't rented a booth there (I'd rather we spend the money on | duplicating disks.) If all of us chip in $20 worth of disks, it will make a | very big difference. You can get disks very cheap from MEI microcenter at | 800-634-3478 or whereever. Just make sure you get 3.5" 1.44M disks... | | If you can't attend because you're not in NYC or not available and are a good | writer, PLEASE PLEASE PLEASE write some anti-clipper anti-digital telephony | articles. We need this because I don't want a copyright infringement on | our hands (ie: information liberation front and newspaper articles.) As usual | we can take quotes out of articles say "New York Times said Clipper is a brain | dead idea" and such, but we need stuff that we can't be thrown in jail or | sued for. We also need folks to contribute ideas/software to add to the disks | and more importantly to review the disks... | | | | Re: Disks & $$$ | Not really. Disks are pretty damn cheap these days. If you buy'em from | MEI MicroCenter you can get 3.5"HD's for $0.41 cents a piece, or cheaper if you | get'em in over 300. 10 disks=$4. IF every PC-Expo-punk chips in 20 disks, | we should have plenty to make a neat dent in the Clipper-ignorant-crowd. | | The software: PGP, SecureDevice/Drive, a file viewer (sor of like list) which | I've written that does some minimal mouse support, a menu system I guess, and | lots of articles. | | I'd need someone to look at articles and kill off the ones that may cause | copyright problems for this disk. I'm not putting my name on the disks, but | if someone were to sniff hard, they'd catch my smell, so that's one thing I | want to avoid. Basically, if you have any articles, or better yet if you'd | be able to write some or get other c'punks to write some which we can | distribute, it would be very cool. | | If you can attend PC Expo, please send email to rarachel at photon.poly.edu for | faster processing. | | Oh, one more thing: I'll be making the disk duplications myself. This is so | that our "spook" friends don't install viruses in our software. There is | of course the question of trusting me, but I know I trust myself. :-) Perhaps | the simplest thing is to include a virus scanner on the disk. Whatever... | | We also need someone to mass produce labels for the diskettes with a logo. | NO CYPHERPUNK CRIMINAL LOGO! It's a cool logo, I have the T-shirt, but | PCExpo attending yuppies will fear us more than the spooks if they see | "Criminal" on the disk. I suggest "Free Security Articles And Software Demo" | as the title of the disk. MAke it look like some corporation is giving out | freebies. Oh,I really hate this one, but we should all be dressed professionally | (ie: suits, ties, yuck!) This would hurt our credibility if we didn't.... | | Anyhow, nothing is organized yet, except that a few volunteers have signed | up. So please, if you can contribute anything join in. | | | After this is over, we'll have a cypherpunk diskette whch other cpunks in | other citities can use to mail to the media, give out to other expos, etc. | Getting into PC Expo is easy, I just received 30 passes from a vendor who's going to be there. Just ask and exhibtor and they'll send you passes. I think handing out floppy disks is NOT a very cost efficient scheme. It makes more sense to spend the money on xeroxing flyers explaining to people what encryption is, why it's important and how they can get the tools for themselves. Very people are going to load up a program from a disk that some stranger gave them. You'll also likely get thrown out of Javitts. From lassie!jim%lassie at netcom.com Sun May 1 15:16:00 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Sun, 1 May 94 15:16:00 PDT Subject: Leahy Clipper hearings - May 3rd (fwd) Message-ID: <133@lassie.lassie.uucp> FORWARDED MAIL ------- From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: 01 May 94 Originally To: netcomsv.netcom.com!panix.com!stc Good letter, But...... I keep a current list of fax numbers for both house and senate in Arizona on my fax program, I think, don't you that most cypherpunks should (or do). I ran your letter thru my word processor and added or colleagues to the attended meatings line and then faxed to all AZ senate and house members. Maybe it would be a good Idea to make up a letter that went into deapth on this clipper proposition and send it out. I myself would post in arizona and I think others in other states would post too this way we could reach all of the house and senate. I know from common sense that real long letters would not work ( < 1 page) and also that the prime point like "please oppose the clipper legeslation) should be in very visible print. I sent mine in 20 pica bold underline. Let me know what you think and glad to be of help even though I am new to this list and probly would be deemed clueless, but I due wear nomex underwear..... :{) -- * Spelling errors are intentional and international * Jim Nalbandian lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- -- * Spelling errors are intentional and international * Jim Nalbandian lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From unicorn at access.digex.net Sun May 1 16:25:09 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 16:25:09 PDT Subject: PC-Expo Message-ID: <199405012324.AA10319@access1.digex.net> -> | The software: PGP, SecureDevice/Drive, a file viewer (sor of like list) which | I've written that does some minimal mouse support, a menu system I guess, and | lots of articles. <- Please, please try to include Macintosh software. I think often, through no fault of vigilant authors, the macintosh users get the short end of the stick in code. Consider including versions of Curve Encrypt, and MacPGP2.3. I don't want to speak for the authors as for distrubution questions. Contact Curve Software at : kinney at bogart.colorado.edu Curve's key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAiz+bEEAAAEEAMUbtdwYC1vY+s5559ERIvC1MT+Yaw3ozheaHcUciJe7cSAk k9TpAQd7iKukKnQe5kK1YtvYm0JP6fmNrcO8AmG5ukvcOlyuri618sjpXncpQ1cL 5xeV80f3JtmheGMnqAzTK8OyfJ7zRh1PhAZcT/vVzf+JGuCuVcJkEfxTVMrJABEB AAG0K0N1cnZlIFNvZnR3YXJlIDxraW5uZXlAYm9nYXJ0LmNvbG9yYWRvLmVkdT6J AJUCBRAs/wK89+/hOkiDY/EBAeN5A/0fFX5On4Zxc/guNdDb+nHZcd6TwJxUb9ST TlsJX4BAKAcf0xG4DY0L+9DN0N6w6FOR3RuZIAUx25xS9yRBSMLe1gOw6qI9C/lt Ovh7ycoKCkOBqoe6oisRzREhIr3U+FQXRIu7Qhn5ETEljRjWvQ6fheohrLhSGVsf pBaKtb2fVw== =LCyY -----END PGP PUBLIC KEY BLOCK----- Speaking of macintosh software: Any word on... 1> StealthPGP for the mac? 2> More secure stego for the mac? 3> SecureDevice for the mac? 4> The source code for MacPGP2.3 v1.1? 5> PGPtools for the mac? 6> Cryptographer's Workbench for the mac? -uni- (Dark) From xstablu!brewmeister.xstablu.com!brewmeister!drzaphod at netcom.com Sun May 1 16:34:45 1994 From: xstablu!brewmeister.xstablu.com!brewmeister!drzaphod at netcom.com (xstablu!brewmeister.xstablu.com!brewmeister!drzaphod at netcom.com) Date: Sun, 1 May 94 16:34:45 PDT Subject: Secure Device - Plain/Cypher size diff? In-Reply-To: Message-ID: > However when I 'log in' to it, a dir shows only about ten megs of > space. I tried creating an additional secure device volume, and this one > was 25 megs on the outside and a bout 8 megs on the inside. > ____________________________________________________________________________ > Christian Douglas Odhner > cdodhner at indirect.com I think it's a bug and I've written Arthur Helwig about it.. I'll post the jist of his response when I get it. I had made a 50MB partition and got only 18MB out of it.. but a 1MB partition gave me a full MB. I assume it's another problem with MKVOLUME. The one released with 1.1 had a limit of 8MB.. maybe this release has some ratio limit problem.. BTW: Has anybody inspected the code for SecureDevice? I'm going to look at it right now but I'd easily miss weaknesses in the implementation of IDEA. TTFN P.S. are Tacky Tokens still being processed? I never got any response to my GIF FOR SALE post a while back. It's only 5 tt. so get two today. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From unicorn at access.digex.net Sun May 1 16:38:27 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 16:38:27 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: Message-ID: <199405012338.AA10990@access1.digex.net> [Mr. Schauble argues that citizenship should not be assigned at birth.] To which I ask: > > So what protections does a minor have before he or she passes the "test"? > > Same as minors who are resident aliens have now. That's quite a lot. I'm not sure I agree with you. Many resident aliens have problems not directly associated with protections of citizens, but the stigma of being "merely" a "Resident alien." This aside, there are significant shortfalls in protections to aliens in general. > > > > Will a passport be issued to a non-citizen? > > > No. They would be treated as minors and could travel abroad only when > accompanied by a citizen who is taking responsibility for them. Much like > minors at present. Except that in your example, one could be a "probationary citizen" until he or she passed the test. Perhaps for the illiterate this means mandatory accompanied travel for life. Other examples spring quickly to mind. Consider how the green card stigma affects an individual. How many shots at the test does one get? What happens if the limit is reached? Deportment? > Yes, it's inconvenient for these new non-citizens. It's supposed to be. I > agree with Heinlein that citizenship should be earned. I can't help but feel that this only grants the state a new tool to deny substantive rights to whoever it feels like it wants to burden. Basing citizenship on any form of subjective test (which any history test will be) is problematic at best. > ++PLS It's not that I disagree with the concept that citizenship should be earned per se, only that it should be earned by exam. In deference to Perry, followups to e-mail. -uni- (Dark) From lassie!jim%lassie at netcom.com Sun May 1 17:29:52 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Sun, 1 May 94 17:29:52 PDT Subject: PC-Expo (fwd) Message-ID: <137@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!phantom.com!bruce (Bruce Fancher) Date: 01 May 94 Originally To: prism.poly.edu!rarachel (Arsen Ray Arachelian) passes. I think handing out floppy disks is NOT a very cost efficient scheme. It makes more sense to spend the money on xeroxing flyers explaining to people what encryption is, why it's important and how they can get the tools for themselves. Very people are going to load up a program from a disk that some stranger gave them. You'll also likely get thrown out of Javitts. I think that uploading to a local BBS is a bueno idea. I downloaded all PGP and shell programs from Internet and then uploaded them to a local BBS. I then put a classified add in the local Mensa paper (monthly) and gave phone number, description and asked that if anyone downloaded the files to upload a copy to their favorite BBS. In Haydukes book "Get Even" they called this the multiplier effect. Although the add costs me nothing and they circulation is only around 900 or so issues there is a good chance the software will travel to another 25 or so boards. I am also condidering taking out an add in the Arizona Republic (circulation aloat) and offering PGP !!!!FREE!!!! to anyone that calls my friends BBS. That should make him happy and should also spread the program to thousands of non Internet users. The cost to me is about $25 but the satisfaction is imense. Hayduke is right about the multiplier effect, just like I said about faxes earlier. If all members of this group fax to their non-long-distance government representatives then we can get the word out effectivly stronger than any other group. The ol' multiplier effect on the good ol' cypherpunks group. several hundred times 6 is 1200 messages from one letter. I think this is good. -- * Spelling errors are intentional and international * Jim Nalbandian lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From tcmay at netcom.com Sun May 1 17:37:44 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 1 May 94 17:37:44 PDT Subject: Cypherpunks as lobbying/propagandizing group In-Reply-To: <199405010819.BAA06503@nunki.usc.edu> Message-ID: <199405020038.RAA23252@netcom.com> Julie Albright writes: > You know- I know you all are more individualistic in nature, more > anarchistic than to think of yourselves as belonging to an organized "group", > but I am getting concerned about a certain disassociation with the > political aspects of cryptography which I am seeing by some members of this > list- especially the post awhile back which was of the tone of "leave it to > the other guys to lobby and be political, etc" - meaning throwing the > responsibility over to the EFF people, etc. While I am sure that they are I think you're conflating several different opinions. Some want to lobby, some want to talk algortithms. Some say they are leaving the list because too much political discussion is happening, others that not enough is happening. Such is the nature of a group like our. Anyone is obviously free to go out an lobby. But just as I am not in a position to represent _you_, so, too, no group or indidual out there is in a position to represent _me_. Like, I said, anyone can represent themselves, can lobby, can promote petitions, can phone Congresscritters, and all that. Some of us do this, as a matter of fact. And some of us talk on radio shows, are interviewed for magazines and newspapers, and so on. What more can be wanted? Let anyone lobbying that we--as a group--start to *do more* themselves do more. > organized to lobby in this sort of way, my original thoughts on rallying > some of us together was not to try to form yet another lobbying > organization, but rather, to perhaps "fight fire with fire" with some of > the media bad press that we are getting as subscribers to this list, and as > Clipper-opposers. Deservedly or not, our press has been much more positive than negative. Cf. the pieces in "Wired," "Whole Earth Review," "The Village Voice," and "The New York Times" (only a brief mention there). I can't think of much bad press, frankly. (The NSA guy's comment about Woodstock and trig homework, maybe, but that was more than countered by Bruce Sterling's closing talk at CFP and other talks. No big deal.) > Lastly, there has been talk about the old-timers on this list > "sitting back and waiting while the 'newbies' talk over things which have > been said before (politically, I take it)- the thing is, the cryptography/ > Clipper policy is being designed and debated *now*- I can't see how > whateve you all talked about 3 years ago can really be relevent to what's > going on in the media today regarding this important issue. It seems to me > this isn't a static, circular discusion, but rather a continuous, ongoing > thread which is informed by the media on a day to day basis..And unless > you all are amazingly clairvoyant, it would have been hard to know all the > events which are going on now three years ago. As one of the old timers, some comments: * I haven't said I won't participate....in fact, I still write a lot. So do other old-timers. * The "Clipper debate" started in earnest exactly a year ago, not "3 years ago." My Clipper folder has 4 MB of mail and articles in it, refecting only the small fraction of mail I kept on the topic. It continues to be debated, here and in the Usenet discussion groups. Several of us have written at length about it, and others are always free to. So, I don't follow the point about how the old timers are letting the newbies do all the debating.... It is true that certain comments, along the lines of "What are some arguments against Clipper?," are not conducive to debate (to put it as politely as I can). Interesting comments, or new perspectives, or even articles that indicate the author has at least read some of the FAQ materials distributed frequently in the Usenet groups, are likelier to generate responses. (And this was equally true a year ago, by the way; to participate in a debate one needs to have a certain common vocabulary and an awareness of the main issues.) Having said this, there are many who are tired of the same old Clipper debates. There's no argument that will make most of us accept the concept of "key escrow," so what's to debate? And like I said, there are plenty of grassroots political opportunities for those interested. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From koontzd at lrcs.loral.com Sun May 1 18:30:46 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Sun, 1 May 94 18:30:46 PDT Subject: Random #'s via serial port dongle? Message-ID: <9405020129.AA18351@io.lrcs.loral.com> >From: smb at research.att.com >To: hughes at ah.com (Eric Hughes) > >This has probably been discussed before, but has anyone built a little > >device that amplifies the white noise from a transistor junction, and > >converts it into serial data? > As Tim mentions, lots of people have talked about doing this, but few > actually have. Nevertheless, the device is still needed and no one > has done it. > I estimate you could sell 500 at $50 each within four months if there > were PGP support for it. And I'll give you advertising space on the > archive site. > Real random numbers should be a standard part of every computer. >Absolutely. Given a choice between a hardware encryptor -- even a >public key hardware encryptor -- and a true random number generator, >I'd unhesitatingly choose the latter. Having seen random noise sources in real digital crypto use I would give a couple of hints. A noise source is used to generate noise at a deterministic rate, either a rate at which it is consumed or the rate at which it is stored (in the case of one time pad generation). This implies two characteristics 1) that frequency distribution of noise is suitable for that rate, and 2) That the noise source is sampled or gated. The very act of converting noise to digital date is fraught with pitfalls. The noise source needs to be extremely well isolated from the rest of a system, to prevent unwanted coupling between digital transitions and the noise source (it just about always implies amplification for thresold sampling). Otherwise your noise source is not as random as could be hoped. It should also be suggested that a random noise source be tested (statistically) periodically, and should not present a single point failure that can endanger the security of communications (redundancy). All noise sources should be isolated from each other as well as from the system in which they are utilized. Intel got a COMSEC noise source module certified in the mid 80s, it would not be available to us nor be affordable. Previously the smallest available encapsulated module was the size of a Zippo lighter. I believe HP used to sell zener noise diodes, although you can reverse bias an EB junction on a transistor. Any and all parts should be screened for noise spectrum, especially disturbing would be any spectrum holes. You would be able to extrapolate a bell curve distribution, with your sampling rate(s) falling well toward the middle. Were you to use a noise source toward the outsides of the curve it would behoove you to consume more noise data over a longer period of time. NSA used to have an unclassified document on criteria for random noise sources, which got deleted in the early Reagan presidency when the U.S. started losing Perestroka. Note that as seen from CCEP chip specs and the clipper chip spec, block ciphers can be used with special data sets (including the seed) to generate a "random" initial vector (IV). The clipper chip spec shows a maximum of 650 clocks to generate and IV, including LEAF generation, while the clipper chip takes 64 clocks to execute 32 rounds of Skipjack. The LEAF should account 2 rounds (128 clocks). One could guess that statistical testing determines how many skipjack iterations to generate the IV in view of the maximum of 650 clocks. It is even possible that failing statistical tests causes a master alarm condition. Further speculation is entertaining. Were you to use noise sources for one time pads you have the problem of secure distribution. From koontzd at lrcs.loral.com Sun May 1 18:32:26 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Sun, 1 May 94 18:32:26 PDT Subject: Crypto books Message-ID: <9405020131.AA18357@io.lrcs.loral.com> >From: Karl Lui Barrus >I have this book - "Cryptography and Secure Communications" by Man >Young Rhee. It covers basic cryptography (number theory, DES, block >ciphers, stream ciphers, public key systems) and also communications >(BCH codes, Reed-Solomon Codes, Error control for cryptosystems). If you like the Meyer/Matras book 'Crptography', you'll like this one. From tcmay at netcom.com Sun May 1 18:44:28 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 1 May 94 18:44:28 PDT Subject: Crypto books In-Reply-To: <9405020131.AA18357@io.lrcs.loral.com> Message-ID: <199405020145.SAA01427@netcom.com> David Koontz writes: > >From: Karl Lui Barrus > > >I have this book - "Cryptography and Secure Communications" by Man > >Young Rhee. It covers basic cryptography (number theory, DES, block > >ciphers, stream ciphers, public key systems) and also communications > >(BCH codes, Reed-Solomon Codes, Error control for cryptosystems). > > If you like the Meyer/Matras book 'Crptography', you'll like this one. > Hoo boy, I _hate_ the Meyer & Matras "Cryptography" (1982) book! (I shelled out $60 in 1987 for this one, and that was a lot of money for a book back then.) Intensely dry and detailed on DES, with few if any "big picture" analyses, and no mention of modern protocols of the sort that usually interest us. Given the publication date, and the authors' employment at IBM (in the Lucifer/DES group), this is not all that surprising. I've only skimmed the Rhee book. In fact, I almost skimmed it again this afternoon at Barnes and Noble, due to the mention by Karl. My VERY STRONG OPINION (sorry for raising my voice) is that Schneier's book is all ye know and all ye need to know! That is, you folks out there asking about crypto books should immediately acquire Schneier's book...others have said this and it is manifestly so. If you finish Schneier, you'll be well-prepared to evaluate the other books, based on your own special interests and abilities. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From unicorn at access.digex.net Sun May 1 18:54:56 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 18:54:56 PDT Subject: ID List, Tacky Tokens Fail. Message-ID: <199405020154.AA18146@access3.digex.net> -----BEGIN PGP SIGNED MESSAGE----- Below is the very preliminary list of state driver's license high tech methods information I have collected so far. Thanks to all who contributed. Note that "credit card" type driver's licenses are hard plastic cards without clear lamination. This typically indicates a higher tech process. Notes, suggestion, updates, and corrections are very welcome. I'll note that no one seemed interested in paying tacky tokens for the list. Alberta, Canada: As of:..? Magnetic Strip? N? Digitized Photo? N? Bar Code? N? Issued: ? Other: Two sheets, data and photo. Signature on license. British Columbia: As of: ? Magnetic Strip? N Digitized Photo? N Bar Code? N? Issued: ? Other: Normal lamination embossed with seal. California: As of: 92, 94? Magnetic Strip? Y 150% usual width. Digitized Photo? Y Bar Code? N Issued: Mail Other: Hologram of state seal Credit card type. Valid 4 years. Digitized thumbprint? Signature on license. Connecticut: As of: ? Magnetic Strip? N Digitized Photo? N (But copy exists at DMV?) Bar Code? N Issued: ? Other: ? Florida: As of: Summer 93 Magnetic Strip? No Digitized Photo? No Bar Code? No Issued: On the spot. Other: Expires in year 2000. (7 years?) Normal lamination. Georgia: As of: Fall 93 Magnetic Strip? N Digitized Photo? Maybe Bar Code? N Issued: By mail Other: Hawaii: As of: ? Magnetic Strip? N Digitized Photo? Y? Bar Code? N Issued: ? Other: Printed with, "what looks like a 180 dpi printer." Illinois: As of: 1992 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: On the spot. Other: Signature on license. No SSN #. SSN required. Indiana: As of: Winter 91 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: ? Other: Valid 5 years? Laminated with state name. Kentucky As of: Spring 89 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: On the spot. Other: Normal lamination. Massachusetts As of: Early 93 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: On the spot (1992) Other: SSN default, but optional. Normal lamination with state seal. Signature on license. Michigan: As of: 92 Magnetic Strip? N (Proposed) Digitized Photo? N Bar Code? N Issued: ? Other: Normal lamination embossed with state seal. Minnesota: As of: Spring 93 Magnetic Strip? N Digitized Photo? N But copy kept. Bar Code? N Issued: Mailed Other: Normal laminate. Color change on contact with air? Poor security at the office. Missouri: As of: Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: Other: Credit card type. SSN not on license. Montana: As of: Winter 93 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: ? Other: Mailed. New Hampshire: As of: ? Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: ? Other: "Basically a sick joke." New Jersey: As of: Old. Magnetic Strip? ? Digitized Photo? N Bar Code? ? Issued: By mail or on the spot? Other: SSN required, but not on license. Renewable by mail. Ugly hologram. New York: As of: ? Magnetic Strip? Y Digitized Photo? Y Bar Code? Y Issued: ? Other: ? Ohio: As of: Winter 91 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: On the spot Oklahoma As of: 92 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: On the spot. Other: Oregon: As of: Fall 91 Magnetic Strip? No Digitized Photo? No? Bar Code? No? Issued: On the spot. Other: Valid 4 years. Normal laminate. No SSN. Pennsylvania: As of: ? Magnetic Strip? N? Digitized Photo? Y? Bar Code? N? Issued: ? Other: Credit card type. Hologram. Tennessee: As of: Spring 89 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: On the spot. Other: Texas: As of: 91 Magnetic Strip? No Digitized Photo? No Bar Code? No Issued: Mail (1988) On the spot (?) Other: Normal lamination embossed with state seal. No SSN. Valid 4 years. Signature on license. Vermont: As of: 93 Magnetic Strip? N Digitized Photo? N Bar Code? N Issued: By mail Other: Credit card type. Photo is optional? Virginia: As of: ? Magnetic Strip? No? Digitized Photo? No Bar Code? No Issued: ? Other: SSN is DL #. Normal lamination with seal. - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLcRqehibHbaiMfO5AQGnlgQAlGxP8fiCrDZvSRXBw93fdJwP71O5IR2y gJdPHmpgU5YSmcWIY2mP+b1iTGO/QEpbV1keGsbrYtsyXO++eRCM8od9/TKKpVj3 QspU7VmAwi1Zx3uiOXX2WPb1ftoikejfmr3dsd/bg0mzZLZdZQin5zUzFwEiQePi Fizr0f8/jvE= =cLcH -----END PGP SIGNATURE----- Later editions should be less sloppy. :) From bugs at netsys.com Sun May 1 20:15:23 1994 From: bugs at netsys.com (Mark Hittinger) Date: Sun, 1 May 94 20:15:23 PDT Subject: So what are we going to do Message-ID: <199405020318.AA12054@netsys.com> > It may be too late for the federal gov't to regulate cryptography. >The genie is already out of the bottle. They might legislate it, even >criminalize it, but private non-clipper crypto is here. I believe it is >here to stay. At least, I'm not giving up _MY_ copy of PGP. As long as They could tax it. :-) -------- His system was just roadkill along the information superhighway. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From cdodhner at indirect.com Sun May 1 20:38:03 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Sun, 1 May 94 20:38:03 PDT Subject: Expectation of Privacy Message-ID: I remember a while back (on this list I think) there was some discussion of a case in which it was ruled that the cops in some instance didn't need a warrent to intercept (or weren't in violation of ECPA?) a cordless phone phone call because the user didn't have the same "expectation of privacy" as they would with a normal phone... it seems to me the end judgement was that if the equipment you're using is easy enough to listen in on, then you can't complain if they do so. Fast-forward a few years to when the Digital Telephony Act and clippper chips have been mass deployed... does someone talking on a clipper phone over a DTA-compliant network have enough of an 'expectation of privacy' to require a warrent for intercepts? Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From johnsonc at chem.udallas.edu Sun May 1 20:38:36 1994 From: johnsonc at chem.udallas.edu (Carrie A. Johnson) Date: Sun, 1 May 94 20:38:36 PDT Subject: AHHHH!! NO!!! In-Reply-To: <199405020318.AA12054@netsys.com> Message-ID: <9405020336.AA08861@chem.udallas.edu> > > > > It may be too late for the federal gov't to regulate cryptography. > >The genie is already out of the bottle. They might legislate it, even > >criminalize it, but private non-clipper crypto is here. I believe it is > >here to stay. At least, I'm not giving up _MY_ copy of PGP. As long as > > They could tax it. :-) AHHH!! Don't _say_ that!!! Sheesh, are you _trying_ to give them ideas?!! > From bugs at netsys.com Sun May 1 21:03:31 1994 From: bugs at netsys.com (Mark Hittinger) Date: Sun, 1 May 94 21:03:31 PDT Subject: AH NO!!! Message-ID: <199405020406.AA12833@netsys.com> I think it is a natural option they always fall back on when they can't actually control something. They want to tax tobacco and booze to pay for health care reform. They want to tax gambling to pay for welfare reform. They will clearly want to tax crypto for privacy reform. Its intuitively obvious to the most casual surviellance! Bet they thought of it before I did. -------- His system was just roadkill along the information superhighway. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz4FWMAAAEEALBCb7HZS7V4gbsp9yJ7Yty49jQ9wcgRhkLjNNgdyJbrJZCq 5/sv4Ljy/4AhVhjlJyZS8L3owS8l0ClZVzWw4/kO3KN7MPz4YPPR7+qIlPQVM0yv gWpJ43EZZ8b8cvAkE9HATCKWktY2ReRSX5DLnScDH/n5jivw+MD/UO8fURCVAAUR tCBNYXJrIEhpdHRpbmdlciA8YnVnc0BuZXRzeXMuY29tPg== =VbKi -----END PGP PUBLIC KEY BLOCK----- From tcmay at netcom.com Sun May 1 21:30:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 1 May 94 21:30:09 PDT Subject: No time for "politics as usual"--comments *against* a lobbying focus In-Reply-To: <199405011940.OAA18933@blue.weeg.uiowa.edu> Message-ID: <199405020431.VAA19949@netcom.com> Robert Michael Hoff writes: > While I agree that the cypherpunk list is too fragmented and informal to > pass off as a coherent lobbying group, there remains a very deep need to get > information out to the "general public" (read as, "people who might have > heard about something the NSA is doing, but don't quite remember what....") > > Lets face it. For all the successful lobbying EFF and CSPR and individuals > have done, upwards of 75% of the population won't recognize the word Clipper. > This needs to change, since the NSA depends on the masses to be uninformed > for Clipper to become reality. Press kits and making the cypherpunk label > known are steps in the right direction, but we need to go more directly to > the people. And sadly, probably the most successful way to stimulate debate > and educate in the United States is best demonstrated by... I wish you luck on your creation of this public relations campaign, the financing and production of a "Harry and Louise" (??...I never saw it) television campaign, etc. Just don't call your campaign "Cypherpunks," as you don't speak for me. I'm not trying to sound snippy and testy here. If you and the others who are advocating an aggressive media and public education campaign can raise the money, get the stuff produced, and so forth, then more power to you. But it ain't a Cypherpunks thing. So don't call it that. Cypherpunks write code, as Eric Hughes says. Or as Phil Karn has expanded on wonderfully: "Don't get mad, get even--write code." As we've discussed, this doesn't mean that writing C or Perl is the only valid thing to do, or that all Cypherpunks activity revolves around this. Rather, it recogizes that fact that the coming changes that center around strong crypto will be most influenced by actual tools, capabilities, digital banks, message pools, reputation servers, data havens, and the like, more so than by "public opinion." And several groups _already_ exist to lobby, located in Washington and staffed by lawyers, media relations people, fund-raisers, etc. (A new one, "EPIC," just got launched with much hoopla this past week.) They have what we don't have: a centralized band of "public policy" types, a budget, offices, etc. And we have what they _don't_ have: hackers and crypto experts, subversive folks willing to violate export laws, guerilla activists, etc. But you knew that. > "Harry and Louise" > > You know, that annoying commercial the insurance industry ran? That Bill > was concerned enough about to parody? It's time the Clipper debate got > one too. Mind you, we'd keep ours factual and non-sensational, but interesting > enough to catch the eye of Joe and Mary Blow at the dinner table. This comes up every few months. Pray tell, just where will the multi-million dollar budget to finance this series of ads come from? (The last such "proposal" was that the Cyherpunks buy a series of 30-minute "infomercials" to educate the public. Several minor flaws: a. such infomercials would be tuned-out by 97% of the population ("Look, Marge, it's a commercial about the dangers of Capstone and the benefits of free use of RSA and Diffie-Hellman key exchange!") (the subject is mostly too complicated for public debate, except at the level of public opinion about the overall concept, where the Time/CNN already has us way out ahead at 80% opposed to Clipper.) b. call up a few t.v. shows and find out the ad rates, locally and nationally. Then you'll see why the insurance business can run ads like this, but a band of Cypherpunks can't. (Unless you and your friends plan to pay for it yourselves. And don't make vague noises about "fund-raisers.") c. Clipper is primarily and Executive Branch issue. Doesn't mean it won't be derailed, and our views are helping in some small way. But it's not something that has to pass through Congress. (Digital Telephony is another matter.) d. whatever we spend, proponents can also spend. And both NSA and AT&T have deep pockets (I've never seen an NSA ad, but they can funnel the money into other places). e. finally, it *still* wouldn't be a Cypherpunks thing....we have no voting system, no rulers, no bylaws, no nothing. > their rules: who dominates public debate wins, not who's right. And the > anti-Clipper movement needs to quit the discussion-group mode and move into > action. Very, very soon. Yeah, work on code! A better use of some raised cash--which you are berating us for not raising--would be to finance Phil Zimmermann's "Pretty Good Voice Privacy," or the similar efforts of others (described here in several recent posts). The technological leverage obtainable this way is what has made the current strong crypto issue arise. This is the stunning power of hackers and Samizdat publishers and offshore financial markets...it changes the equation. It ain't politics as usual. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jkreznar at ininx.com Sun May 1 21:42:05 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sun, 1 May 94 21:42:05 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <199405012030.AA27999@access3.digex.net> Message-ID: <9405020441.AA16709@ininx> -----BEGIN PGP SIGNED MESSAGE----- Unicorn writes: > Will a passport be issued to a non-citizen? Do you anticipate an enduring role for passports? What would be the point of strong cryptography if it leaves intact institutions able to enforce a demand for passports? Are they not as much an invasion of privacy as eavesdropping? If passports continue to be of significance in the future, wouldn't that indicate that strong cryptography has failed to achieve its promise? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcSD2cDhz44ugybJAQEU8gQAluPq6cGV82iLx5dHmmSyAUedq3VGv8aO p05PnjUmbIbQMeMG4Q6wMfAVpmJ4OqZjO2wmhmb7oKRFZDojDYym+MqqrWx06shf +Esb+WQ2Q7a/U5n1TEWamG+OA4URcBe/mb+TGOHurielkSjH3G3f0o6FVWB4Zep3 b5XCFqqjw8s= =onZ0 -----END PGP SIGNATURE----- From stc at panix.com Sun May 1 22:23:22 1994 From: stc at panix.com (steven cherry) Date: Sun, 1 May 94 22:23:22 PDT Subject: 05/03/94 Digital Telephony / Clipper House hearings Message-ID: Voters Telecomm Watch (VTW) Legislative Action Alert vtw-list-request at panix.com 5/3/94 House Clipper/Digital Telephony hearings being held HERE'S WHERE TO CALL TO VOICE YOUR OPINION ---------------------------------------------------------------------------- ============================================================================ On May 3rd there will be hearings on Digital Telephony. This is the bill proposed by the FBI which would mandate wiretapping equipment be built into all communications devices. The FBI has done little to assure the public that the scheme will not be: -prone to abuse because of a lack of safeguards, and -secure from malicious eavesdroppers And yet, without this proof, they are asking us to allow them to pass a law which would mandate building these wiretaps into every piece of communication equipment. Our privacy is too precious to be entrusted to bureaucrats who don't feel the need to answer to us. The House Science, Space, and Technology subcommittee on Technology, Environment, and Aviation will hold a hearing to address both the Clipper and Digital Telephony issues. If you see your representative below in the list, call them and tell them you oppose the Clipper chip and Digital Telephony as being a danger to your privacy. If you don't know who your representative is, or if you don't see them on the list, call in your comments to the House subcommittee at: (202) 225-8115 (voice) (202) 225-7815 (fax) [If you live in any of the states below, please try to call your Representative. Otherwise, the number above will be fine.] House Science, Space, & Technology subcommittee on Technology, Environment, and Aviation (Rep. Tim Valentine, Chairman) Dist ST Name, Address, and Party Phone Fax ==== == ======================== ============== ============== 2 NC Valentine, Tim (D) 1-202-225-4531 1-202-225-1539 2229 RHOB 4 KS Glickman, Daniel (D) 1-202-225-6216 na 2371 RHOB 12 TX Geren, Peter (D) 1-202-225-5071 1-202-225-2786 1730 LHOB 3 IN Roemer, Timothy (D) 1-202-225-3915 1-202-225-6798 415 Cannon 2 NH Swett, Richard N. (D) 1-202-225-5206 na 230 Cannon 8 NJ Klein, Herbert C. (D) 1-202-225-5751 na 1728 LHOB 15 PA McHale, Paul (D) 1-202-225-6411 1-202-225-5320 511 Cannon 36 CA Harman, Jane (D) 1-202-225-8220 na 325 Cannon 10 GA Johnson, Don (D) 1-202-225-4101 1-202-226-1466 226 Cannon 1 AZ Coppersmith, Sam* (D) 1-202-225-2635 1-202-225-2607 1607 LHOB 14 CA Eshoo, Anna G. (D) 1-202-225-8104 na 1505 LHOB 4 WA Inslee, Jay (D) 1-202-225-5816 1-202-226-1137 1431 LHOB 30 TX Johnson, Eddie Bernice (D) 1-202-225-8885 na 1721 LHOB 2 MN Minge, David (D) 1-202-225-2331 na 1508 LHOB 9 GA Deal, Nathan (D) 1-202-225-5211 1-202-225-8272 1406 LHOB 30 CA Becerra, Xavier (D) 1-202-225-6235 1-202-225-2202 1710 LHOB 9 NJ Torricelli, Robert (D) 1-202-224-5061 1-202-225-0843 2159 RHOB 15 FL Bacchus, James (D) 1-202-225-3671 1-202-225-9039 432 Cannon 5 MI Barcia, James A. (D) 1-202-225-8171 1-202-225-2168 1717 LHOB 40 CA Lewis, Jerry (R) 1-202-225-5861 1-202-225-6498 2312 RHOB 8 MD Morella, Constance (R) 1-202-225-5341 1-202-225-1389 223 Cannon 43 CA Calvert, Ken (R) 1-202-225-1986 na 1523 LHOB 7 MI Smith, Nick (R) 1-202-225-6276 na 1708 LHOB 6 MN Grams, Rod (R) 1-202-225-2271 1-202-225-9802 1713 LHOB 4 GA Linder, John (R) 1-202-225-4272 na 1605 LHOB 3 MA Blute, Peter I. (R) 1-202-225-6101 1-202-225-2217 1029 LHOB 6 MD Bartlett, Roscoe G. (R) 1-202-225-2721 na 312 Cannon 45 CA Rohrabacher, Dana (R) 1-202-225-2415 1-202-225-7067 1027 LHOB 12 NJ Zimmer, Richard A. (R) 1-202-225-5801 1-202-225-9181 228 Cannon 10 OH Hoke, Martin R. (R) 1-202-225-5871 1-202-226-0994 212 Cannon 39 CA Royce, Ed (R) 1-202-225-4111 na 1404 LHOB Faxes and phone calls tend to be brief chances at communication. Here is a sample, concise one that may give you ideas for your own. SAMPLE LETTER OR PHONE CALL The Honorable Representative ____________ I understand you will be attending the hearings on the Clipper chip and the FBI's Digital Telephony bill. I wanted to express my concern about the use of the Clipper chip in personal communications. The Clipper chip would mandate a privacy standard that is prone to significant abuse. Unlike most recent work in cryptography, the academic work surrounding the chip has been kept from the public, developed in secret. Decent cryptography exists today to protect my communications. The Clipper chip threatens my ability to use that technology. The Digital Telephony bill would mandate wiretaps be built into almost all communications equipment. Furthermore, it would arrange for "call setup" information (about who I call, and for how long) to be sent to the FBI over their networks. The potential for abuse of such a tool is great, while the ability to have it abused is even greater. Please oppose the Digital Telephony bill, as it does little to protect citizens from abuse of this technology once in the hands of computer intruders and corrupt law enforcement officials. Please oppose the Clipper chip and the Digital Telephony bill, Sincerely, __________________ ============================================================================ For more information about the VTW (Voters Telecomm Watch), write to vtw at panix.com. We are in no way affiliated with Panix Public Access. From david at infopro.netcom.com Sun May 1 22:33:57 1994 From: david at infopro.netcom.com (Dragon (David Fiedler)) Date: Sun, 1 May 94 22:33:57 PDT Subject: So, what are we going to do? In-Reply-To: <01HBTU38KG6G8WYU0U@VAX1.UMKC.EDU> Message-ID: <9405012103.aa02390@infopro.infopro.com> PMARKS at vax1.umkc.edu writes: > > It may be too late for the federal gov't to regulate cryptography. > The genie is already out of the bottle. They might legislate it, even > criminalize it, but private non-clipper crypto is here. I believe it is > here to stay. At least, I'm not giving up _MY_ copy of PGP. As long as > I've got a copy, my friends can get copies. Their friends can get copies > from them. Just _HOW_ heavy-handed does the Justice Dept. plan to get? > > Will they come in at midnight, knocking down doors, shouting > "we have a search warrant to locate illegal cryptography in your > possession!" and run off with my equipment? _That_ could be quite > embarrassing for crypto users like me, who are _not_ pornographers, > drug dealers, or terrorrists to show up in court. What is the prosecuter > going to tell the judge? "So far, we've decyphered his secret bar-b-que > sauce recipie and his grandmothers instructions for making chocolate-chip > cookies, but we expect to have the plaintext of his letter to his sister > anytime now." Well, not to stray from the topic either, but that's precisely what they're planning to do to gun owners. Once they start attacking citizens on any particular political correctness issue, all others are fair game. -- Dragon From unicorn at access.digex.net Sun May 1 23:52:34 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 1 May 94 23:52:34 PDT Subject: Constitution and Contract [Was: CIA & FBI] In-Reply-To: <9405020441.AA16709@ininx> Message-ID: <199405020651.AA00642@access1.digex.net> -----BEGIN PGP SIGNED MESSAGE----- > > -----BEGIN PGP SIGNED MESSAGE----- > > Unicorn writes: > > > Will a passport be issued to a non-citizen? > > Do you anticipate an enduring role for passports? Yes. Assuming that strong cryptography is going to destroy all world borders in either of our lifetimes is a stretch. Strong crypto is a powerful tool to entitle the individual to resist state will, not a force that will cause by itself the dissolution of the nation-state system. Even assuming that there are no tariffs, no transaction costs, the human elements of religion, race and belief, among other factors will always enforce borders by themselves. Strong crypto does nothing to stop this, it merely evens the odds in the Individual v. State game of intelligence collection. > What would be the > point of strong cryptography if it leaves intact institutions able to > enforce a demand for passports? Your question hinges on the erroneous assumptions that: 1> Passports are per se a requirement to travel. 2> Cryptography can destroy the institutions to which you refer. 1> Passports as a per se requirement for travel: They are not today, and were less so in the past. A passport at the core is merely a request to treat the bearer as a citizen of the issuing country. Such is even reflected in the anachronistic language on most passports today. The United States example is below: The Secretary of State of the United States of America hereby requests all who it may concern to permit the citizen of the United States named herein to pass without delay or hindrance and in case of need to give all lawful aid and protection. It was in the McCarthy period that the passport began to be used as a weapon. The upshot was that as a requirement to travel it was a discretionary limitation on the right to travel. The passport was finally afforded procedural due process protection in 1958, after 7 years of use as a blow to political dissenters. _Kent v. Dulles_, 357 U.S. 116 (1958). By this time, however, airline requirements and discretionary issuance were so ingrained as to make passports a prime candidate to regulate a person or keep track of travel. These issues are discussed in detail in Comment, Passport Refusal for Political Reasons: Constitutional Issues and Judicial Review, 61 Yale L.J. 171 (1952), and were partly the inspiration for Reich's New Property Note in YLJ on which I have written extensively before. Reich, The New Property 73 Yale L.J. 773 (1964). What affects this change is the increasingly widening category of government largess where the individual finds that liberty is threatened by the control of organized society. I liken the change to the social security number. It was not (on the surface) intended for identification, it just became a primary identification tool because it was so fitted for that role. (Each person only had one, almost everyone has one). It is the oppressive uses of passports, and not passports that are the source of the evil you seek to eliminate. Cryptography helps dissenters remain anonymous, and helps you if you want to fund projects without being watched or tracked. It does not destroy state regulation, eliminate oppression or present some cure-all. > Are they [passports] not as much an invasion of > privacy as eavesdropping? If passports continue to be of significance > in the future, wouldn't that indicate that strong cryptography has > failed to achieve its promise? 2> Cryptography will eliminate the institutions that you seem offended by: I find it hard to envision how cryptography will eliminate passports. In fact I think public key cryptography strengthens the ability of the state to regulate in some ways, especially in terms of citizenship and immigration. It's pretty hard to forge a smart card passport that uses a signature from the State Department as an authenticator. This is especially true if it contains a digitized photo that is also signed. The promise of strong cryptography was never that it would topple governments and destroy borders, only that it would even the playing field in issues of privacy where the individual is at a distinct disadvantage. Cryptography is not used merely by the "good guys" any more than atomic power is. The source of the problem is in how states will seek to regulate and influence the citizens. This will continue to be a problem with or without strong cryptography, and incidentally, with or without passports. Additionally, I'm not sure citizenship is necessarily "bad." What is disadvantageous about citizenship is merely which legal sphere of influence it places you in, and how oppressive said sphere is. It's not in itself evil for a state to keep track of immigration or who is given government benefits, only the systematic logging, sorting, and utilization of this information that is disturbing. Were citizenship authentication checked blindly at the border via zero knowledge proofs (that is the correct term yes?) would the potential for privacy concerns be somewhat reduced? Sure. Will it end oppression? Of course not. And if cryptography really will topple nations? The right to exclude would merely fall to private hands and corporate type interests in the place of governmental influence were the borders destroyed. Largess can take on ominous dimensions be it under private or pubic monopoly. Look at DeBeers. The diamond "markets" under DeBeers and the Oppenheimer family are great evidence that a system of private exclusion to territory and largess would be in many ways much more vicious and discriminatory than a public one. What's the difference if your passport is enforced by a state or a private conglomerate empowered with cryptography? Focus on cause, not tools or effect. > John E. Kreznar | Relations among people to be by > jkreznar at ininx.com | mutual consent, or not at all. - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLcSwMBibHbaiMfO5AQEanwP/Z/iAcBkPZYUxrGj5lMtRiqkV1BuAooae Br0pIWc8E4jrZnpqPYAUucEvUzXKaBmUr346zOAji4kzvTl8yF4WX0INKtv6rNUK Ep0FCAnnBPGXtSs+3HJ5FMcMC1JFUFfTqxyxKUu6tKLy6atlu8/XUkY1sqslJTzR L970leQwF60= =mqKp -----END PGP SIGNATURE----- From perry at snark.imsi.com Mon May 2 04:01:09 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 2 May 94 04:01:09 PDT Subject: Random #'s via serial port dongle? In-Reply-To: <199404292128.OAA28043@netcom.com> Message-ID: <9405021100.AA25344@snark.imsi.com> Timothy C. May says: > I don't think generating random numbers is all that much of a > priority. The Blum-Blum-Shub C code is available, and I defy anyone to > break _that_ PRNG! Its partially a question of speed. Many applications, like one time pads, are just too slow to generate random strings for given normal techniques. Its partially a question of automation -- I'd like to be able to generate public/private key pairs on a regular basis and its hard to do given all the goddamn typing. Its partially a question of abstract hacker satisfaction -- one would like to know that one's numbers are RANDOM. Myself, I'd want one. Perry From werner at mc.ab.com Mon May 2 04:41:12 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Mon, 2 May 94 04:41:12 PDT Subject: Cypherpunks as lobbying/propagandizing group Message-ID: <9405021141.AA14469@werner.mc.ab.com> >From: tcmay at netcom.com (Timothy C. May) >Date: Sun, 1 May 1994 17:38:54 -0700 (PDT) > >I can't think of much bad press, frankly. (The NSA guy's comment about >Woodstock and trig homework, maybe, but that was more than countered >by Bruce Sterling's closing talk at CFP and other talks. No big deal.) When I thought back to where I was during Woodstock, I remembered that it took place in the summer. The only ones doing homework would have been those in summer school, not the nerds. Personally, I had just graduated from high school. A guy I was working with invited me to go with him to Woodstock, on the Thursday before the big weekend, but I didn't know what he was talking about. He was going with a bunch of people in a semi trailer. He never came back to work. At least, not that summer. I've often wondered what would have happened if I had accepted his offer. But you didn't have to go to Woodstock to do LSD. There was plenty of it in Cleveland in 1969. (Still is, from what I hear). However, I wasn't doing trig homework. I was assembling vacuum cleaners. tw From kafka at hacktic.nl Mon May 2 05:42:45 1994 From: kafka at hacktic.nl (Kafka) Date: Mon, 2 May 94 05:42:45 PDT Subject: Anonymous remailer for Waffle 1.4 Message-ID: <199405021242.AA19555@xs4all.hacktic.nl> ======= Unpack this message with pgp -p ====== Remailer for Waffle 1.4 - Cyph3rpunx wr1t3 k0d3! Version 1.4 - Cleaned up code (a bit) - Added anonymous id database ('penet') functions - Newsgroups that are not in the usenet file are added to it - Wiping of plaintext PGP output files works now (file was open for reading only) - Do not write EOF (FF) anymore when appending files - Added "Organization:" field - Added "Reply-To:" field - Added "X-Remailer-Software:" field - Added "Remailed by: " header field - Added -v (verbose) argument - Added some error handling :) - Added -penet argument. If given, remail allocates anymous ID's. If not, remail works as a standard cypherpunx remailer. In the next version I will add acknowledgement of allocation of anon ID, ping, help, passwd. Please let me know if you have any suggestions. Please test my remailers: anon at desert.hacktic.nl Penet style remail at desert.hacktic.nl Cypherpunx style Another experimental remailer is anon at vox.hacktic.nl ------ Patrick ------ Public key is the same for both anon at desert and remail at desert: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi2+t1EAAAECALUS6KI7WLBB47y5dDIN+vHAW2XLxu+ELJCNkHLKYxhAr6vY Ku1e9oMry+bHizW8wCt0JPWMlnzZOkhZplIGsqkABRG0O0Rlc2VydCBBbm9ueW1v dXMgUmVtYWlsaW5nIFNlcnZpY2UgPGFub25AZGVzZXJ0LmhhY2t0aWMubmw+iQBV AgUQLb63vZRymF15lPcFAQF88AH/TdqfNlZ2uNH/CpQiy6BneDa0+FJTmBFgy5W+ wcpbsljOFFheH3zz5zA2rkpxIBoy/nd4vQ9kaa6fc1TkVMeBfokAlQIFEC2+t6C+ ZjYIMi0DBQEBT4YD/0NK9fCG8JjE0fS/0SlFshWAGSZxUYREKoQiwo8/ZPEbORHa +a6E8mXOjy7XHVH00S8/1aOO+ji89FFY2aVNqVVDfZI53er9pZAeNSQ1mvD7isor B3IOQ+WeKgXL/IvOEaZro0ZA/FWtry0Ty7RZbPwX4j1TkBTxlRI08e2dG7YI =MfIT -----END PGP PUBLIC KEY BLOCK----- My Public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz8ExIAAAEEAMCOBYWuMLd+bWGzyLIO2Nr+jQOydZ3azOVkRtsz0sgaRmep UoMcAdpfAdDp3QzyQ5yzYfw5xqcFqiTJDaSNd0vncAHpsA2gQl727B1blg4qVlDY 5mNlJUG6CVrAq11eqI0pYIfw/uNlysvt/qKIEh4lK4ShLhBaab5mNggyLQMFAAUR tB9LYWZrYSA8a2Fma2FAZGVzZXJ0LmhhY2t0aWMubmw+iQCVAgUQLacfvwetuen1 9+T9AQGZCAP9GaIbfC+fU3oAhCAZm9aaFtK1DpLlqTrAE4MwzFy+2iIDClDp8xnx I0VG17fciCULngYIDpGvV4X53MswnmM9RWmHkORb9tY/9O5jsvxpkUzszT103TV6 oUJHGE1IpYjzKIXq8OKAT8+j8g2UkHkkpOPH1NS7KI395fyLEnR5ML4= =O2hR -----END PGP PUBLIC KEY BLOCK----- The source, 'doc' and exe: -----BEGIN PGP MESSAGE----- Version: 2.3a iQCVAgUALcNHO75mNggyLQMFAQHS6AP+OHytlR7iecYzl3zQrd0pS/M7HYjx1wGD OQp6jJLxIci2HPvcHNwKh2kGgmOHB6G4Ij+kYwFqa4ebSYnfa4sFQNAlTtl8A5fr dwb7Mo6hn3/X1/SkiWXaio/bqiP25NE8p4OPeigITN4AYAl8K6m1YGM/e6ZwB6lc knfjeiy+5OitXB5iCnJlbWFpbC56aXAAAAAAUEsDBBQAAoAIAN1woRwdZuJGRRQA AOY0AAAKAAAAUkVNQUlMLkRPQ+1bW3PbuJJ+ZxX/A0oPm0xZ0d2y5Jo5G0rWzdb9 amlzHiASEmmRBE2QkujaH79ogKRkJ5nd2jOndnZ3kqlJTBKNRl8+fN1AVAV+o9/5 NUUtNEAa6qH+jz7VXIRd6kYODRnyiYMtm/hoR320wrudTVAxV72Vs6jKqqvNUW/G pU1bA63Xb03Rv6qKdhlnYoaoSxD/0UW70NUDi7r3yArQybJthMOAOjiwdGzbEUxy wr6BsKo4hDG8JyigXJuIy3sNCQuIgQz+h+ViEJOFaejRcveID0eWq1MHfjAJNoiv KjuL2AZD5KwTL0CZWbh9IXpwn8mB5j20xYzLc0LdRHSHApOk+mHbCiKutnioR55J fC90DxdzZBFmqsJV0X1ry4VY8lOD6qFD3OA+sWuXnmAFISPiffNK1DQWxeSXX/4L v+SX2wh1sY3aluuSKIt+vasU7qq5YqFS/MrX7/G5/CPJ8b/+DbRY05BrxwJhoAAG Y8MQFnMR19SPQL+Ihj7Kn4R78yzidnby3AbcPgztuJLcYL0dfIVY6HnUD/hQ3Y88 sJV4bOKjcJXuExwQhNG4M0YHIjwqpKtKYrocApWwzWg6ygsDYR4PM3ai3P90J1Vi hAsMhCBpYVUh7tHyqQtWRkfsW3hrE5RJgm+szWaZHPps7RCjDtlSIxIRiNGWBAHE BKN2KGPH5pIdgg4uPf2SSxw2a83RtbDfBtGVFiJuAu57xt3MuEJYKv5jpVZau91v ZZDFkOcTBi+xa6iKRy03YLBwGBsn1WyuzXtNYW30meT2OVBFVaSM35r33+Tfvs3W s3lr8E1+LvWecynY34vI40v1yXVWS7Ojf/ty/Dv/n0dcEvwd/Zo44wtEi4sdImKl J7MgeZa6IU1mvpIMYEMm+87rsf9UZUdtm54gumzLJeCzHwfV/bWGIBD9O/omv/y2 tdxvcsIcORPxNtYNpkwy6ZNcyqd04dlkpUkOc0uA32F8TnzLfR9E3LqXQOyBU4kH nxk4wIAH6GQFphj0xTI+Mb4EVUnWYBk5Y5tDYG6XnLkzj1yOcLVlgGkYN4dxvWg+ QGCkSVzkh64LhuGvUxQ4I4caJIuGI9QfdWZIm7bQU2s8T7366cvxE9pbR8Jk8lEH jLqjCG8pt/kJ4i9eNp/foHyCrFBZh6Vw93k+5fo5LJ0+tmyCDDp2ZSomietK+RCG WRnfAqa3/FUQYN3kC+QOJ0fiR2lKGygGa5nakFdXDoT8ivUFx6Xi0ZZLSLBIxkuC RCyAHUF8df99LBMfZNwj/T4JGRlc31LH8vfXC4TwxOhTAv+f5GR4FxBfqCS3C0Cf AJQJ6IH76/P9PWTX3OSG5f8R5hHdEpuUiV0j4rYnEvoYcQ2pdrJlxdgoTSXyItHs XsyXbm1gXp0CkghvgqFFSmGX8u+4HaTGMIj79P1QPruORThkAVX4E66lY+3NADn4 wL/wuW24EbGL7YjBOwrAYFjwNLSDNAS+Q2KMBECBcWJ/hAzyB7A8dKTvEjT+kN7/ meOkoB+4Tr6QlGIx0zotEf8+4BrX60TRnr/3sY1OOGIQ2MIdu0j4y0xyWuYXC/xQ IkBOZhGzHM8mLAA/Ap0wDLH5nbmJkKAICRTHgRCTgSSopZAUAyVt0QWlEJxBSAC8 ZCgzlTTlyzTR58uc3mck7Geev2iAK/Akh2agVJRufVwpn88nYwLC6oRd+UZkN1dw K/BV8CMZWTKAfzYl5a+uJkw9lkSQXGsSOyShXmDCJOMN6pIcQp+bACaQBg5s/Vwv VRHS+KPYYsIGWcRAS8RCP42lmBfp2LMC7j1bbMJMkCdm0pOb+wU83gVPc2nCKxic JaLnt3/wl6o84IDco3lIsqiIHoiO6iVUKt0Xy/e3d+hLoVYoqMpAGuRLz7hHv9bL hWKxUKgWyzlNK9yWS+WvjBo4tyX+gdgkyhEj/JuqtH3q3AOhJOiRG4ll0K8sJF8d ose8i5scmTvB0L4yk9h2TpjOhteqkiAR0lKeDb5TlR/6Er1Q8jXAnhyrKo+UoC8o ASaxJ+B3ctCOq4cciNx/3ITcQMC/PUK5WyROxLwVnUxLN2W0uDQACg5s1yROkmUx /w6oBC8ZLOxDfkHMk0jAaA71XBbwr7LyGYA3dWWWqIrDnelbGHh+nK9baljkIg92 HC4BUd+Q4IV1bjLuvgCCUjdVRaINy15hBgC/T4+WQYAGcA+a2LWYI4hrJt4SMnGi +yxAO3JSFdhAPq4DCbKZ6iYXm0NAFxhBcgQsSIK5Tt0AKqKfpW/+ffbydTjYNVjM DKTrIT+B0HOnJDgodYRhWxu7B7nTJTQuVZRIKIi3tHjDy9zzeT4D1urUpi77hese E8LUUowId1mCW0nG94MJs6Iae88FGQo94RIkvwPVY5xRFTCzYE7JhiOi+NqC7jtL JwDFHafzR3woAErIQmzzzxM0MWU0pqPwlh75WBrahhxMPOzDtDsEiXwisD+KQAZK F4ew1J3/APsxDYM9cCz0HkRz/z/BSlXu7/+kkNWKq1PuqpZrYlcnojZSlZ8W1pcx 1M0bJC1uAQbepUCSdyED6WPTsm3LU5WN5TjEd7DrfmIoE7oG8fc+5X9mkBdubUv/ AkXsVdXs+XTvYycLlTJftWYHJg33JvzIJdhkL3sQMD/UPPFGusjNckIFsoWCBWpF 2MDpLgBQEU+J8UsWKn3+1ckyiB1d1Sk4QPRIfEYwQ7vAQ8wKAPa4BP4G3MJlAB8F Eife5RBa8Nkz2NdNiwhWgYFPcXmABv7R0kWq7KyYRthcARaoCszCl5lWMlcrJxeP JMQrse4F1vh6Mdphy+f6S/6mKicccX1aWDev2JjYg+KuRIxN1xPI4h+6EdINqgJ+ kKOAFGODxG9ySHOjNLNje0vM4E5wcCDheyt6EAnBF9UifJj0O+iOT3fVJeJmYelC 02pNYMacIiYxij+XDpOaxjpkL/QvpllOyIKYqptyS1GVTCtR5h4GZwC1JD+0JMdf eNzmPtGJ5QVSvQuMBqbYGPmzeAYJ3+9dAmirKjgIiOOJhcTpEZdzcc8tESrzgr+y fLGYS/MkJdIstINk87xKNYvJsiatemRsMKhyYqTnoqGKh5L90nsTPsr9mEcm04Qs /ivAjyABOYRWBCpNP0i9yGUTnXKXJaOlaIR6cst5Afuzj/uK2PflfihYDHSZoBFH oXtmBX8Qlf3TYm0yU0zIoo+0SOYa7D6gDrePaFKkKtlRVhBErjYYWmYsjBd8BPLn ZxRJbM3ZmGcQQ7Q2VUXQi6yMJBATQKcmkIVJnIgwFWgudn1BB8TXcVbLIBFVbozx nXH2kuiZLziDGP+RL2pHuas1plsWUAMvDLKX8I9RJQGF65QSlAbgWcwdAUmGvqRD +MyCLh3+qPpHbG6NVqc3FLk4aM2gto63vKWE6HtUypVgOrN1anaqflef1/rBg97Q dhW/4zd0a5B3Hs2H6eHl2DNH9gIveqXBflXtDI/R+TBe6oX2oFyZTlVlsJovbuaG 2dGmgxXdm9HaqlfzXuFmzMWQ/tHC5sB4yde9vaZp3VbeeV50DSdcvegTQhrhWFWG bItfHmgx2p8P+cJqUNJaz5u3t85sPh/Xd6vb09K6LU3Oy2OZHu5mZWNoP98cFg/W onluvMyMnaosdi7t0tu8uy+8LI3JfqiV6wHF3ZHXGrQW+s1jc/IcPp/mjzejXbhk rNl2F6v1c+mwNoz90G+pSuX16JRPYL7fzmxpxFZsDR9+YMM/MoEwCiIPDkLEPDKg ZPcdoSE9ZWVgxpkm4lPsHLMQtkYRSqIV9WFL5YMbQo4vsAtal0TUZMjB/kGewyTo 991ecrUrCCaQxLbIzaRfRj3i44D6WRCfqEIMK86kq4Vkk7MHqeBraAH/TjoR0DLw qRHq5A+EzPcrArl/5cT/opwQHW6I2vcB/rNqRWRKIBMDeg4JkBuUMNGj8MmRQMUL G4MfkuvDREDpWUg+sUs3G41cO1KVU7KXpKwzZi1XqSj4gRVAhQwKnkwquiBC4ZiI aUymGoUuG/ajq6ZlUt5nkU580RdwLBbgAxHHOaJ1K74RhBpIlEOhFSEORd2kr7mj /p5IVvZ7iZyVO7KqCDa5JYhYotlsva+x4xFWwIi9ywLxh5pZdit9cg0a11ggWwmY JdI+Eikt7mzLxSSr5Avg3nq/ApAKkySCUsqdMvSLZulQ2We6an1cmvw/ZBGSRFzN c83tgTkIxzVN7hFZSybv4jr85xVlUlWmY79bgIjvLWbx0TdGDlBs0X32iUdwEANl qhL8LLgvt2Obrzq2bVZWP4zILgZ244MHHWaG3vnl+AHYktgHZBcjMH1RchKbkDvz 9qvPhWxDI0dILjSheZDSKPGdqvxO2s2g5YVlHIopEjZlBWkNLcn1RZ20OwyaZj+S sKRSEFtMvIfEgsQM1yfKaC5OqnCUlecyLKbi7Dqks4i8Lx1FXZMUM1B0ZmwcET/z gcFmY9RINi7TMgw+RxKHggQGyZlgXLumyxIB9HluWtDzkmIzrrzIQNwjsalHMuIU EDpXV22LS5VmMcEIVYVbQLyCUtEV1yJSEZIJiFYpTiEkXahoo3oEdEnD8V3FDfK5 veQSYQWpXMtllpEeSIGhKRRJ0DCIm/lpFEHn8CrQxBmGAO2YegDuCtVBorRYOk1s mbj6upTPsh6UiI0T4wqNkrsA78bLmdKwEGcLvfikIs2WK9Yvzsn4uDi8RHknkCp7 6RC8OzRJAvBnifCh8ocGYgrycGhyOZqCRAGsE1vGD/oD//Sq8ecNv7+I0/8B4hQj /Lu6V4BPDPKZq1BlVABmDL2yiQadfTvd5q8C8xO7qmxlcz5p6aStdYEnIOV/pIzt nZq77WgYsZV/czdoaPnC7OaW3fSXzqi9e92NzvUyNo7lwogOx9FLr5Yf3dS0Jn49 vqwLx8JIVcrGefJ6smedw37RfmCr0ynwZ0Zw7uO7ZmGudUvT8alcebJHBdud9+fe +TAc0FrncbF81fpRZacqjWF10myt15tepxoGb2RTOI6j2WD+1l6+PO7WT+Rw9tvd KD/cv7F2aT4uTIf13mPgls6FuxNea6qiae26RuvP44fnw+twXCqdW8VR7VgwCkNv PR1uh0/etjixK2ym9fNGodevvmzbg8M5vzwEURFzCWxZ9Opr/ya/vhk/Lq2jf7Dv WvnXTnnaKOHCvN40t4X2fHNw1kHHapiac/TeqsuZ8XIc3G53/bOqHLVp+/Ecjmqj 17tb+2wWF9VJlTar0frG2OnlRm2Jjy+V+kGvDNvhrKPXn6q0PyyvmtVzo3F4bajK cNTC9c7dUX/0D+GgUqm4NDqWK0fTcbe0uqm9nB5WT812I2pu7szX1sasN0K7UHw1 G6egXT9NVMWoLls7D/d1ozKcW73a6jjVu/Pb02tU227u+lHUful23m57RuPx7ZkG RtUfz8/5zaTQb02KnqarysaplRfzm+L4abGZ3JXc6npVDjr1zdvKXpSf1+N+/vzm mpX97dloncaao+n7c75cea7uln3LL3VVJbQetvPK8+h5aUTr89ifNDetfbFUfzwt XW3ctbtld/a0ORVqRsfb5vGczO6e6v072j7l77RHp6oq5YdKWO2tKpWboG82J9zJ +adDSPHu9m48ed36x/ZTQ7ed2uPzZmL3li81jeVrbbf4MJw3m91pU1V+87fe8Z+O HqLNIMotcahLJJMUjQJ5v+S6c/yjQkNVZN3wJ6rg/4KDv+DgLzj475OJqzpEdGPk Lo/1IBR164VfqMpPC0lx1VIOTOotK0gOx4z4IMmFg5Pv63y4hf3zjk/C1N8JVxUr gBaEuM3mQgXiCl2T5oJuE+yLg4HfO6QQLYnkrED2PkVJJ0q39NRKp65OsB23grC4 rSe7siAK+hyha+mimlcVgZtwQCOOYOCWhMcVsXTLw3B193N8U50P/iWmVu9LGnEB Q1UuxaGQMwsvBUuQ9qayaBsKM0Pzy/0UyIuYJ5MmFze4TeBc0PIs2UOKZ/xQhCV3 PuKbzpdoUJWUY/IVZeNWS3KeJ+rUn6tAfWsvnSLKSfhI9O5kicfk8a9HmSVsDJ1h bPlwhURUb7EVZXPGv7RKGEk9dN1kCYhhweGXtbu6MgO3jZC4Y6gq4kh1S6DWhOOy hWudkQg0BGeMQIm5KhCT8b8IuL7Gb1ssSDpqfIiX/IsGWVnG55bpNSDo5l2O4+HE Kj2ag/N4cKcsjb+bAo7jgap/uN8hJUfyzie39GvIv0MEs0iEr0ivD1F7ZZ2cvHE5 fndUJT3/1eD6+kHOxPohsPSca6N/Edp+/+IHe/J40ej3muiptUaN/qj59P3mXMYw zJk0hppVugmKLU3TWk2tv5hVn3p3q36jUbmLbo2H3vDm2NVWpef+Obxp9R+bw0O3 /7Q+m5pfPa5V5Skskjod+NHNtmu9rWqnZlB4HK8Gtvu2GR3MjWf3Ouz1oDWmncKo MLX10jIymo3G1qmHZFU8qorxPNgvnGWwXtkMr27dXnto6+7GW5cW+3GnHW5Lt9qm s3zbPD8W+o5prktBAa8G4dY53ViTxlJVtP1i0t9Wy8fNNHLaxVt7rLe1SbtW07r5 ufG6G9qbUjjs5pvexIqqDZc84MJN+3HuNNr76HZ1oyon3dsy+2XUbpukW357u33T Sv7BO/caNMq7RuU4qR8wru704vywHJDGjh40e9Jrt5rcdtUml7B5WfcGVuGhMWk1 5pX1Q74wfKrvmp3a40ursJvlCzO7zcyV1pltzov1tPVEJ9aJ1vKbcWs7mna5N25w tVVznkcv0d1zd9ktFGa1fBGPRjcvVq3ebq9LeDl8XS4fdpvebZn4dW+jkeFsUnSO D3cWgy5Yo9wbTW5W5Gn/3M/3jqMW3vi0sNHy7VXgR4V5dDfdbMen58oLX0Zjfran vUKNlIzO3bqnKr8Ndr35hz3tJ3GkKv8BUEsDBBQAAoAIAGZwoRxPUeYCkDgAAJ5r AAAKAAAAUkVNQUlMLkVYRe29e3xTVbY4vnNy8mj6SOmLPrCmQMsjULHVIrRggfZU BGp4mBIQmAKFgNAy6UnBmRLCjQLpoYwjXsXv6Fwf3JmR4csw3joWZgZrq60yFwfw BTgCAzieeFAZ0LaUNOe71j4naYro3O9f38/v8/OUnOzH2muvvfbaa6+19o7OWfRL TRHREAsxE1l+Xu8lyjMVPhpyw7bWRb7n0ZAfnv9vP4cvsfn+tGamZcKxHCGfIUL2 OLLrzEtPkJ36x4k/eyfx5/+GiFs1b05tIkKXcOqQvCV49cDF6hl59+jc3d5j3p7T /oQmckhD3rvo6zD6Lvb6s3eRnWesnwtTm4ZulQlTb3idMH7MdLVkuUZrpz6f5hr+ e/a9ryqKv3Jl+KCC8AYflBJ3wusksfirjQahX9IG/qYRzmnP+LOfBzL2khceJ9ZT u9pa7q86lrPsvc/6dp0UPrtR2Ja/S9/MvP6jrEMtWda/Bq/t8011paU0VHinPkG0 rtKNBu/U3STbNbFVs/CPDDmW4xrbslrIdqVBytJy3x81WDS09KXfkPsA9UzImBCS QHG9NrBY00KOZfrTniL+hD3E1MbHtZaSXW1/3EDyOg2awi9o30cqs6B78TiRi3bA Zxt8HiXiJI1N3JxCAexVR35EQf43Wba0w15FCwvbhCuH7iB5DOt9n3AXesY/FM/H HMogh+8g4t8QTrjcMruJY47lHEogh+8jgQ9Idiu5+1iOP5uHmWkgrSzNbILMT0ir jmYaIeMhrXqa8ULm30gryd15dNeZw89rjuXc3gEoct9K42F0t2e3spDcpCR1kGxU knpIejHZsTVUmcWzBZckpkUWPhLOFp/jR+R575X5dFqjz5u8WiOxefes1mzU5zWt 1gjv+Tr00unij/gs4QwAIpNkPW/Ik5cxBun3eXIVfO3raCmlE9FxKJsctpP8XdnN jPi53KolNnFxMiqUB4XLWy/bzfaqtGbuiC3buZ8cyiTik6mQPQDZTnIokYiPpXZy /SStedvjN6DsQ3KIsOKPUzHfg3kW89U0fw3zRszPxfwCmo87VELEaZh//yrkk+IP eYl4J63H/BM0n5PaxfUuNUPhi/9EoAQsjIPCC4R0cefxdRZfpwhx1pjFY3f63mR8 HpbZnOZsMotHMOt81Sy+iollS9/pEJayJy5ql+rljaHmbfuu2MTfTfS9yWILzwNd 3BkNkUoF7syJ88JSvfaUPNF5wiyOugcgYtt47EVDBtWeMosxaq2+S78PGCdzZwCi mGMbW31T9xHCm32eU4SPcX5sFidQarzEedUsPjUe0rbmbcP/aRP/F5CgX1tAh+iU zeKfYwAl1l21iR6sCyRqnGwi5bP4DNLb/NTjN4rb3VOdMWqpb6JCxTjaSimrU8vS nYRt3vbkDRudGHEcYgTWaYgzQ21dHoUzGQhs3vYMQsO0iKEigHaOUAGHRQFC0VMI BZMprgUo1jlWheouikaHnf8i3PnvKLoiFfDYtwB/FQbcRgHnqIB7owB1MPcaopT/ bhxyUbwXqhkYaWyP/q5UC3FrA38NKWhy1Rpt4ATxeS4QSLxNAnuJ8yEV8/1FlEnQ pJlI8yJDKPzuIVy+O3oIpu8eQgcCKlAGhc6n71aoMSp08o9HBoiwgwco5Sg1/22l TR+6++YhFss4IEhYGefqROeyRPGF0YDEz4WkPGFpSDZsToIvYaNJrjA1cX/bwbYQ KV5uCEHaJv4pH0DlhILUxgQhuyRV1pekNhkAIMZZkCrePRb68nN/myLL7lehhTgr FwqorDrXAsFHYNl8VEgHh8lKuuaosFuc7kQxdYRC6hDni4miHjpi1sriNwnwLWU7 X0sUvxkeVf+P8Ur9B1jvvJQoErpIYDTL0yNoY5xfJIpXEdIZO8T5y0TxtVHKSGHi aP55FcvPEEvgysD0PnxXhK8w9b8m0k8jU2y76zunOOau6Ckeddd3TvF55EJkGYUK v3MZvYaAwEraHGE/HwkFNvExKGemaAgfD3PVU8HQmV0sK42cWHlf81PvX9W2C6c6 DUTpdK5a/HiPWiyNjcb8uILZeivM/1CXRUIhnQJ3vNM8RHxmnKobfZ7zhH9I0SkA dEehooZAe4v+AhzatueuqQN/BPNU9UqZWCIsPas95b13jDsukgPC4FvmzmIJVhL3 B1QXmqnOaOa+tInbDag3RgxRkB4pUFUpbisSC29NM3cJVk88ih8nAklxVBBRT5YN Ef+dRQKbuM9aCLwv0fen8JYbPm/iAi3kxPlm+5+QR/LEJk6k1ZeV0gNKqTN3SDP3 OCxikLkUr6cf1UMCIzf0iu+OpkugD1aW3NAnVsACYIVepWfnEDGL9oxt6SbinDOk SpwOMCY6wEwcm6qIsfbHUDsSa6WUqNInoDQBSo108M4XICuPpIsK5t75MmSv0Cx0 4vwD5C5gjuJPvwl/G9S+CbWmqLJPoewglBmd1yH1q5F0k6Pq4mdEypZ1m83CEpNc TjUDLvzYKqoX9o7FgYL2MDeaB7QHqo4YVARZeQOa4Y+AJEFBctBEccRUrTWJyxFD eNnmJYnFqEywbS2rJvotuJBh1XpTUCeUfw85qWO/R03tyh0g5s+UMYYq8WHspUp8 xkIFBRk7KUl8bQyiaeijBZQ/CpNmJVFbQzTd4XszTkkuzKZU9okXk1GV5DMgFhoQ i1wqFq/lDRKLCSNUsUDp3WSIyCZIyHWNsniwm5okmH8ANX6ndOhH3CwdLmhzZTiV jrA4/H14tDi8R3PY4NsLQJF25xbAsR/AEhRG7IXsc0orJPJSkriAEulsgYpHI+gG 5GfD8LD8rBr+P5SflaO/V34+HvEv5Wf46MHyc2OUKjb5jJr4c7YqP6VJ/0p+Phj1 PfJTOeIW8mNlqPw4siPy83mSuHGUIj/OPlVgTo+j3MLkqGGqwLwyRFWj1Hb+kNir 1pJmbp9N/P09lCd6UIjKuNKck5PFf8feQVWxTl2ymDYK9xEo3aLQFHrh3Uw/F5Qb gms1MGSKJuUelCCK4DZh6b6eCv02widjo/spKue0ZPFdkE828Auy1gTbj9wA0nLS Jv5hMjSEjiAvLoaNki3m9O5Nhd2SCYhqIjv+bazMQcp7z2Q+kX5beCP9Ju6znVBJ BA9sXSwdNKMFaR8rg1kyTiVfbMfUouLj7gxJU+GdYuF13imT3XFNuj09p7LaSkGf B6qwaw7gWCk9Qjpb2CZpBW4ftc7myHSMM4sie/4IbLNqnLJPUY6tGB7mmCNZvASL Xy9weliMaxnatgttU4HrwylQp8F32WgXGti1zFqyltjFCaAUjHaxGXWD3x4CBmM5 1qRhTRfXh55EL+xpQ+xrifg7VPo+rlfjs/eB2d8n2HuLuVDjJbeu2B50fRKe6W0w 04KHBQ/lJzK6LdRDWWukWefWZPGrfsVWQdF9yqqMRxvwE+euZCy6nE2rg8CG9bde EYlIx2Ah74sIeZ+NbhMgX0FlzQUHr7mguNqi6CxlzUHB5ixcNnQ9OkcOklkNjKSB pXxw/jIZRhCyOZ9OFsf3UzXxcyjpC9nEv41BtbBLzY3LpjoQyF8ilcOcVa0FDTIW KozDqB0SGKts6mOchkSlYqIVN/1wbgzmbHZx1FhqUfRpSE85Giuw1fUR/kCV+G4m khur9PbaCOrf9eFO/Sxx7h0gckcwQiQwXpwYIRJz228L24t8ajMXtDl/TXn/n7eh VcYFJTC5gwQWTNC5L9ku3hitGGvifOwadL2CZPoAEjOCKjhm3aYC52VSRaC3i/EE WdIZJYhbLxONnbKUyJTaMzfC1HJem9g0Gon9nZL5eBi2vgK9JAE2FPdXgKZLUGqU TBTiFVwIdvHVDPgK458XnruQOnchhS0/jnS0zQNjsIyOKJF0WuI8lCzuQe1ud/53 srgLU5RrCDx3WHhqa6Q5djqxB2AO7sikE5s4RpnYQjqVWLF0jDKxsHbmj1FmdS5q c7v4SzSn7gNjFRdYKGqKQ4T/VZUopatTjL2+nxPRAVkUIM7u/DJZvJaDqyDGKSeL IkIIXGgQgxmdvYqOvrAbOUnHn5Qi/rgPCRG3ZalDgaX3DHHmpKDmqhytjCALNSGL mjDUB5qQ9d4zzv1lJ2SIlIj6FwzfEKyza6ikpXFV1LJHSvMy6C4AdUo+NIra/x5Z ceLC4+SP4TDcmYoaqhJfzlL0sXNESpUYBxl9lRgYqnIAyBZPWr41Pt/U0SkWt64V /MJkIXt0yomLAsf6t/8oS9aPTilsW4IwOKSLiQ6atle9DqGKBqPQCePLLpSlBOGs r5ORJ4rJoxyl2l5fCex2wjA0yv9R4fPogcuob7vzHDot0fZCxNDi0ga8EGzUmTEo NMQhHAdMG4A7/qG+drPvwpUw9rGIK1dKVTuYJz5mdgC0cAb2u+lYZ1b6OSfplTK1 BjvNFM50GTTE144LZ544K6ql0G7tkiBEt2zpknY9xqNaZhS0CXYWwoMxsDv5zbB9 wMRWauh4W2Yc1EClUKmHelapKlSqcAdoGXssZ0cZuyNlB6/xz2aWDlSMg4pxO2Zr dvDMjgVaqFBrjLHd7mwpQU4YnaLwW376R1k4C8Qtib+V5LRxqeJdl8UWCcfhTgZo o5yWnyqnTUjFeXhTcoTpLmyz0X3yVzLtFabQBkVY8iSUQFItER+TOzBJ04/I0aT7 4/wLbiI6XNRKJh7LaWpvIQruiU3IoQhkbHdjqi+00KM9UkX8RS+mNT26N22PcEWK 7znrC43YEujSv5gmy/6iJ0mrLAPBDFEb2sU/yUJnuKSVlMHEH8t5ItdLligb63B7 lV7wmLINwlKj78bIjQu9NxjXfIGLEyoTYt/ZPMSL0xvbqRtf0XO655TvNGluOHvR /HPryZ5rP++5tiOFuxgj/RNzkIRV+U1z5dme09p3g5VN7DhTPctOlrQMx+678NVB ss8gcKZlS4VPl7THqQxVFGOridgOwr9qCEDJS9pZrKTxva2/5tPk/pbpTRwubKHS KNhRLhhJZxMvhZ4JsweLYeK0R57PAmyxJ2F9hdIkRmgHxdUW53CALy23MkMhN3wE CGZneEZ9lxlUtjB+1g7E+KbI0JIhkhamT6MToJNfysKVZi4ELcv7HQ5YJB/hdoAj YFUELxiHwlYCi/gl41BY6lDVoWKm08bD/kHxwWSxcppxqF38KN6hRDwgTG8cStwB aLZUbWevyn6rgX3TYwyeCFz7z+R3ru29HdeNMcKRnu18GkN4fauO2KSklnsHswUW y7F+lYCxqEaDqKfBCpAyBE9cNydbeMObU3xcHNshTMk2QILp0AeFBtN+iMcvLcnl l+x5Wub65AajbGdhuI15e2LlTQXeP5uGatzW3aaPN6V7X8f0kGioLf8IVGohN1+2 6x0OubJPOljcxe+HElu4JDBNG5iq7eK6ZbmTk8n+Pf4G09OxcmNG03OmoQWy70Zq gzYQoz1xMV/+9VfDng5slANmrbdS1kjv+76asN3TDbBHQUx6PtNw3VIb1Bilw/Bm pRZ4M9IB7yr5nPQbSFukF8HEs56EwWp4m/TvR4xEijtiIpLhSCIBPdTd0wU7VoxP XsiziKCZ6wX/v88mcN258habHUdFhVLcpAWPy+fpJZ50ROY2g4Ehvhb6LWRYnnni t4HOUKM24GQCcxmRkMAqJnrAW1d1y1uw2M3MK5nMp8a2eeKi6xft/FjKwvoHmcVQ lzhvfnTt4kW0x0TxvhB0+sRv6cwxu38bmB8KXNSESW6Vt4zgum0DFI+B+Eocpfie Jk7e87KGuMeIOkRBada1shA5hKQRkkZkRputSuyNQ1ejr1+8Fhf4ul/8Iq7x2cBu DZL2pIZSoRfb+wEFHRE/hhZp9sH861UBMAD9Saa2TTG7qWzs9ujkyu4tH+kjAzLA iGgzLeiAwOP9Slpc1y80dMd2b9YegeBW5mCEjWlqP5Vb/qGAAwWBB/sDnxJrWzDN 0Oz5EA4urv12P8z7VyVL3TqYysT9LaTpuND7e+17Xx0yaIYfPfmp8eEP98PGlVey hM8tGe/+++SUjZ94IXNq/9h2/lPm+PG3fB8RAAq97f5a+gAMURBLOk6gTKWyM1jZ aLuJuAeeEs5CL19iL385+emjaz98ajdvhAaJvFEy0+8Y2vzNfdIbg/nAFTd0b1Yq 0WBFhmwJ0sI4pRBKZHQYjaDIlWY+T1DjWxokoD2DAbA7o1aeJzmK7/ynDt8bWvnv fK9Det168hBLYB4ay+fNHWjhWARt7g6903hnk+j9YoJrrLff5Brq/WKIy+Lt17tM 3i8srjRI1Q/xvmU6cUH5Yz6Q/mBt815neb3SgSOwTKZKsOOhYfjHZczJmJ+Rm/V0 xtMZL2TUZK7OqM9Yn/FExjuZK7Iey3g2oyfjkYwtGfO90gTXcO+NmIYk742xG3Ve ySBpvdIoLImdfLreUFbW+xoI5eLriv7S26tQVYR1GJ7IBAcUk3PP7u4Or9v4ujWl W6NxX9wtV8Y1Liqx8gaY57QQJ2P+/kFN7rZ2CyGh0nRxju/6yI353uuMa0zJBPfD 3uuJ7pUIXjAAXrKJn1uykJ8j1UPXsox+RR/6FZElGrS2PQNh6MCTpGRCF2cyEfcI RPHVAAooNRLAw5YsdI+HDGifodD7bvGb0G7Xwack01M9q0zaK8l97nHYcvZASwr1 19Du+k+ksU/1/P3p7Ud7Lmh7kt94OulDdwXCWm6CfQlgP4wmTvjoKa9HBsuw5wzs 2WfA8U8Ah1Jzm+CBwECf/zYpDaTrsLyF4WQ4MfWdRAbDvndKmdXDOlKc5kqrtwpn Tlzsgg2HEOEMHDFf7NxelCoL7e+d1xWkCmfeu+jfXpo6HUFdHzxflLrHJv6iBxjt 1m/NuytV7m8ljA0POQjDU3sX1Q1aSQWpNvHH4HoYn+ewzepwm7JImzKlDTPQZjq0 mYJtoiwvanq93wOFiuU4TTEqVaPxre4lHU2dIkOa2t9P3HYeEtvOs4+PSikdtU/x M54iuEF+icJ12Qavz2GX5KoOyXJB29UDPSdmLuso2qGrCFVedt8xf+48cA/WytZe fNuqKO9NQDWIxecaBYHG82XzkbWyYZFjMWypmPR7ggL8a9Dj5poEm+sQFeGWL8X9 shQIfKD1N1zZDxWfAWjhO/7Kq/7K0I7KbyB0Ict0r5Q0+wsugSF9yitZvDd+VJ/c 9B+7h/puDIXNcoeyWY4cGfBovf1kY6+vMqSRjmPyC0gy0luYvOD1fGPltTvs30iv +laFzkks1Fle1Um/xto5PVyIgT0CyoyvaqTdgUItmEJFgs7HsYy3n6lPim17RA8S BPj8XO+r2kCd7O1n3R/5ue7QW4HlmKk/+iorc92BB+Unxk3YA402ZrzKbOfAQ2s8 Aeerx0+cP3Fe267hegOFtO0vtnPdYEe9Gl3XHRgqQx+JgRp5a2WIaIDSrwIO+TXw k18zwSfxvwLMmU7uG7LDfqPw5A57n0KllPiaqRM0A5QqBc9UVPgb9DCoRMLrioRU yHrYZs8f8YAErMIYn6ebuA0BZwg6Y+fZqpq69tgw8jJfvPZ1mkGwd8ee3KwNXCWB fuwJUDV7DoOBVSRPnDHDv5QFxOAEJhYJQ2k2zSA+139w8r40wyLxyf6iTh0BYgjQ fqO58rD1+va/AsLiE1sY4UTgP2Bj0UfIRO7iFvbHgktFfh3c9Qi0D9TTTtzxRcIU BMs2xMpSbBHabCy7sy22y63LNry+c6j4YH9xZXeDVqjsDjw20BiyYLNrD+lJ1dzm pX+cPw+WyggwX8HCfJlo+BjY9QGRSQLLjzW26sEhvMpSSqBXI0QSIDIWe9IzROwJ 5nmnjHdrZlpPeLR++1XM8bFN3DcgySkP5O3Q+TxXicekdidXXhXfCgo9KO1Le8Ey hS6n6MCZalp1wxusc8cj9BZYK1dBC2R5g5sgshhc6B4Cs1A6a5av9iqzGSsJ0VZe VSQyTtIftIie4Kzi01u6oagUXJCDE8T1wSbuhrg6KNivApmjrEetZ/Ka2JLxvLHE AnrW6jbk7RfvC86ctf3oRQPATwleuA7JJOvpvP3htacVJwQvXIn92BMj/AX6yASQ wKKgnzoBCu9jI7yXDCrnW21kLHdZy32Z59cp4mWoqMjr0oGRlAUr/AqM/GCu+O4N WOnuXq/nsm2zVnznhsHn+RwEEVQtxke/VPwGI9lpabC8Ydlq+coStEzOmZbD5eyz 1OXMyZmb82DOOzkNwzOGTxreOuJr+ves5UULdQuAOvTrs4c6hCul6DZVie/HY+S0 SwsOCVWA4IMI72/9nDDF7fWGl54loAdjuvRPEiP6hBEIu16rfxZVvvA2LInErW8Q xmUq/u96/XYovrkBati9siPc+Jl5ELiTHZA//PVQSXv4+tBDOqJeQTk0ihwODW0p PZYT+PEnCG43tpQ1cXrqoJhAL8dRB5sV2iU96ufcfy6B6zvC18JDep/EuhKKs0en 8zpxOnhfohbv7EzKzkvnRwgbmW5Ww+v9RaPTJUtxEZTFC2fFBUSoYF6CIsgUtr2U lw7pl8amzxe7Q4s7ZHMxtk2HtgL7GzDctQY/K9yrveF3M8JZwF9AMCfofqPhNR0a g9CjveJ/iBHOCVv0cC8nwT91LLRl/W7W36jv6NKPTSekQygamw7uXKLQqPc/pPcv Yf1b9P6NbIc/e2y6fxnrX6ZXhlOmB+02T6cjrqLckDzFSOq1uOqm5qUT/nYBgGM/ hhG8N8lQnyks0xefcX8jroI7AmITkYaJw8BGgGlLFq74Oo2TJtYHxIdl2SB06Fjk CN30xKLQ4sW5YDHHFJ6E6RgNuYW2wo/n28TbIAmxYT5FOOWH8fuBoQtL/QZfByt0 dCwubOtQwLr7FbA04dQLo9P9FcxgwIUAOMYgXNNOFELa3lI/C5wBvvk6wZGFe1Tz bXPhNE9eLJyCYd6ebQgKvUJDSIiDersvoEOvFZxbcWRoMZwagXx2CO2+dmPxiY13 Cydwit1mv0E2aDuAkFlAiJQt3ND2+pcw1uNjhsI8XPU3MtP9qcJfhHPixJBwGmgC tlLn1wjBA+hzIvBvPEiMYJ4pHPe163wXQr4+Y732sJEUH3XFbdRBE8koboc1Jz4g Cx1SvE2sCUn6+eLj/YVti5cAH+U8LkvOuw8+98NndhYhP9NPSP+ZvgA+d6Xn78x+ dZS/qCjdP/We9OAuuLd3xEsKLuXtL9351vYPdwtFTYTjQGkrl+KG7NLvJELo91vQ arhY6/3nFpvwhrajFOZeCFp7XQ8Jn+lvTzPMnXltb0Hbvl2fbL+6/bTQIRyfIWaQ jQZXqZhENl4H7WUsiQcNFuMWC9qkSzBMw/R9oEs0M7adL2i7fjF1/8xxw3kzO7zk IbfBWzLczeyfGdvdETCccWiPwq0vIDh7XPoM7ccggJetkusfwqf+/Pz0iwn+BuJ7 iykCvXS+j79S2ObnCAUXYHwCjE8uugs+BekvjEt/6VHyQn76S+Bg5E1IB1GGa4hz RWu/g8aNh2dnG3bB9cXC7iCEJIRevVy0i4jx/SAHhpcmp9Nw7E9OF7aB+eSdAjFI /72+DubqAbzV+LXfsGzpC5PTX9pBOvCKJDXu8+3ZVXrYcjnjzjN4UQCsS1Hb7ueu grnkb/h659LuVs2YZs9Jv6d3J9fHQWSMBSbFlsSAfR/PaznpK1p/AQynnVzoWI4e 5wkCLq97yaEtJLj/0TZet+9CL8acHsxuXnp1V/bj5LAXLvDNKpKL8gm8JpD8nWk5 Y/L9ebePOZbTl78LMwJkbhSBNBB45ZPbl9RDfPynlyW2Zc6xHMOy25dGwjtGqpJj ZfdtrSXpEF8yoBEbi9qTAcULFwxh5w38lbSWQWW9AQI+fVAfo9QHtkPweMEQBygJ WCtbPSEv8RixKoVI6/EE4tUbDjw3cBsVbSwthLizzh3TyZLOMk28NLaJC7GhHSwn viPBu3V2OsSnTl2HyNaVKpv4V5roZOM5a0NILpqcjuflcFQiHgzQuHmigtQuevsc uDVZMQRaZceTzxW4YsHQw8Ol5X0Ou7ikD7zPXoyKASCN4aoMUAOfuQTjvL4+mc/s 4fQYl+pph6ADG956dANbT6WxZQZuB9RG1/4ct4DhklJlZ6kPEUMNknhJMg/4HfNg L1C2n5apNHLpigtXKWb+2c/VCYETQ7ZYD2j0iEZaHImWhd2P2eHgp2tqd7vXfXer ZnrhO8IJyOfPs7UyagYO8OBEcZHDldFKpkNdUrE95IrZqCvmghBfe03pdM3nkXAd CMERWZ60OcG9zLcZIqXDfFPI5pgq0U5QIGbBuQELxoLsNopDrju8m1nSGNtUzoLb o5NhlrrKGfA/yvXwAluis5yVfZvjCJ9CvRt3nHi7ZBNHXHN0lceBCxbe58OSpxPf JdIq6FoxMZZCz41joEMjcZsg3K8jk8pNbg4RR3L3COVGf7lJmiDlC+V6ra5UuDLm bptSaFPoyksEGSju5OMBE2HgaGcOkyj9Bw3fK50XnoTuJe2O1Apfn4nPkyv1nhzQ znBoGRd1YmkAH0l8VQvSgceVJ0FE3DHFHpaKRgqYytAC7jIlRk6PWRU/DcnS4x8B 7h4fKUiVknrKGC3h4byXkR0yF/J1JgpdDwBzP6MnK1EBVwjlGpWmZ7kmc9MbJS63 8bCGwAEKeE/XN7p1hxmtZPRer3bHH2ZiANJLXgcfEylY0xTHea9bebMXrMjbvdd5 MFGvL3enQpmbaYrzXQj6juKZnFfzupZANfirR0mpdBsCYdIrmV94Ni2XtMUeF9pf Jl5e6/traZc+P9U6Fc84hqIVxIX8BqFLsQLV8DMLQWITPd4P2egavUv2l+GVOou3 kSWbR8FChGaxHItBPvFzuBKjh9MPU9vm+M4yVu4qY+gymNZUhjOXLWKAWrd1Nswb 9aOherDrbRevm8Bdxu3FLt7b75Dau8qoZKmWqR34jR03Jr/gSgOVTP38D4Hhxe0b P6MVyCsG4JHl4l9lPEuiUxo/T7mXgEceI9XzkcYim1LYzBnhaPQKLcW0GvR/scTW +uEEuL8XgDszYcluYOGkabNJWKDXpkwX+qRYgX2msN3aDk5wLwyolLjHCbNNCHOb FDNTOO291+TWVAjt9wMhV6RE4fS0QSXI7/BpCCKHkw67eDhIGYWLpsKHYVZA54m1 i43yM2M4fYbduHUlsyzUxQJnyoz+MlOVEmFVuLziMzx4BXE2oWAPKMawGsKwvwK5 4CuHcjkBoXVoct2GdMfbxWT5GQ0XHGIPSdCrHnsNZthDAvzjglSg4dQvhaDwJwtl TC7RTiFat84uaoKOiPT/Y9nS8OGQMtFa8W3oQq+QbFNIuNeICh2ORj1G30rmHExU NpDgTkCsW0LxFgLSJhlxpL7ZTOJNR0cyHB6xxLE06hDKrQeYwNMEGRYvxwkPmeQy U5Mh4MOSxgVASKLGPQe+wD7lQBC9xNeIR5J2cb4MLD8mtUnvhKnNlDGO03ogS6V1 N1y7AtvZPULJjulz4KVHPRIm+aMJDvxE9k49kBXvNlCB4A/g0J4/kNVC8BgNo0uV smNAJ3hYdKL5zIOkKRfMkyAN7vCxwlQwWyBGE3LHAlvG+sDvFDwhYQqAftWkAz83 MPk8HM2c9k6a4r4Ag7/2q+1/cZ+uUBdwRA8LPaAKU7hbXE0yUlJeCSkqkNeBtoR7 kyAKxuIeumaGwH6O8TFVCTJUVtVDIAOiBp+00ngiELz2n/WavdEq0kS7rhITY+ju q4egxS8IWs++zr5WG1oD9UZ6WqWFmeksY/JBc00jkgvshh2gxYKQXtLEBXeUaSDu B5kKvIhSBsczvZC5s4nrBSUD8SfIZDVx3TvKdPSgwNDrcKDMs0KXdAeEfCCasshz TuZ6wURY5HkHosxwn2OR578gOAkh60We51BZe0KLPDuiDAehkm0piTquyr44cN5n fcd6Eh1IVQZxMSmnc8aeTgLWkKphr6jGx296HHiQBnUaftOIqb9ME7pe9mrcBhQr sfMCdC27R/imvpjG8CYZzkzFVy4EviA9XV510wE4vGMdBwhYfiK4+Dbpbz2dVwif AdhRkYH7AAYTMPdVsNd+2uOQkqg+C4lFSsU6ODCwIyXPoRmEEa9FlFHkn0hY8GXo KHvru8QCHXj57FyZgPzSQ+Iq8ZMreAXBBDUMDxMZCvXgLQOwonAwKZSKBHqGjOhf 78aVITfeAbVa0FskEVWO8OHWC3Jv7PF5SlNlSESzCHagcycu+p8GB68renuEc/VK fc8bEF0xHWR63mCJmzlIwPb6/ZXhlXrTGy1TYEoy6VGmPldujSdecOAAD1hQsAXh VNX/XUX2wpOkWP9i+uZk39QnCYFtP/tJAvcYnl6YDjGBZzNxK2jdl2lrnQfy/831 cHwW9wOM4+I1DA7M6kc+DysWvRxnb+KoUQSMHDBy9FD44sEsOJbdPFnWKVemdhgU C0cb+AY8sINZJt6EX+ATBC7BLJ3rdlBf5BQanoGP0AQH+Mch6gdfDFHNmYtb5zAQ ZUR7rRysJh7stV/RhkfBKuo55Vf7ev5g1kB329TuDLQ796YqsR6b8HXSv0sPo+kE Ac1T1N408skQuqbOumJSTfg78IC2dt8O6GAPS6eq75VMFeAPqPpA26nlB7PU8l+q 5bxJMca0gXtlIKqFqJpAZaf4bsjhWBKt8eh9uhAlnR8jZVahfcYZmwyA88WQsoph TQce1AAgGHAw8r8FyjUKbdrAOYKsgcQeAvyAS4b1D6hc8n6DXHrr+4c77Ty9FoPn XkrBR3o0KTk9XEQ5T6TtgY+JoNNy+kaYWRBGmChrud6vk+KqRMs3itZaLivtYZcV v+jDMBc2gHnh9JpyU+B/ke+n4PVzN1HwoEpBfXXAIEsP0ZmfAkpMtzlFmWqwHJFB LL2OZ47wC36u0a+wSxt4NxRhVpeUEY39Gqti1wZeDoWN0qgbBjhFhVpQCfjzJLgQ GdmSmnIPTrnllpSMTc5fpv5ZQ/TWNJJuTdm32poQBK4S6aQZsHCt2ZPTwQMvhh8P ukbBDwnni9VfgIqi3b60PWEXmSuAZ3ht73b9ZHBQGy7DPaXF2D1g2D4t5NdEaWxF DavOlYn6aGs+gaMv8N1LpzDEFT/I0wKp2kkGTqQrzlGPMnQzZKlbh1pluVAZgvUP 211IOBvcX5LJjwf3Hjz3r6VhF67o5+NyaOb6qZAHzwKqxQYIAffvK77hZqRnJAsF 6Dmd1WabiyBdn8C8KxdHfobkLLbeeFoZR+BuOcoEnMQnuCEcaWS26LfK8pYGatXs hSDdHzLBONoamp6KrvcfMvGSlm9qCxTGbQ0VpLrhp2EtUEjvQoUPoezii99Ar2CK UEePN4qjJQdYJNe6yvRoWqOTT00y7I+fGis3TO7Sj0udO5WGQ9OrxLclkAw91Vob ZbB2wLcK1Mq4gstM2LIRbtcZNW4WqoxRbhioRxgMNU3vEt+BUzC9pkQYhr/V6Irc tAJWQEFrzWRgIroQiiVO1J345kp0MS5dUtEHqZAKHxVgSOfqgWa3DB3SZM8JONvo 6ekEtcTsnYkBP7BOnojQtRN+VhqE3ekUEtijNu85AROMgtpUJjctka0dUZZO8CZA D3tt703+IL3HNII4SkGS4MdXnysxKWBlyA4XXrppGDwir5QCwFLYFqQof95z/L5l 0cSp/WFE8S9XD1hh4bDb/wJ9/uXavoF+oVO4U23Yg4d8UCrdRwllhXOFYUK3H0VE X6n5aUD5N/u339h+9OoB4ZybLT5ar4MfxErxcP4QI7wx89qvhLfdnwgd94XxK5fc Yk/yI/xpr2RJtwn/lGKbWCH7lazJBl7PecFMvwIvPl7Wv5KFxXj17kw4gbt9gYAN c6BhSrghxIgMBBtIyRTDZ9GNPxTao/pu0GPY5i70SKgTMw6taJkVWNhv4KrKbBMY 903tOwwQYVdkGHNlOlCPTBjP1ss7lCvTgKx4akQ7zDoNO4iqHepRIZwgaJGoqtoc VtVVYvoZXK7nIiohASTQXiX+huAvJZ+ljZQLYP6GPsCHxtocGRTG0j6wNZsMO7j+ EpObxUgX6AQIhDVv2yQLH1qPb+3zksZR1it26GMxIhOOQ0AjibphONQpgMwKyO5s /sMmmV7pfBmbWq/gNciGHDtmoKkl0jQBWfUWtNK2WzsxWmEcsGfDKk0TvpR1e0tp 9KUss21AISUuRDvKegr00eshiKTI4OIh4+rTlBgHuHgvf4EuXgVl5+f0F86vs9QT TIyA3PjC8QDAQATosuIDhteIrzENRthVlgnuXGOmIiRzC2VfI4SUjEJZnLXMhIYj LJ1MvFxiF4bJVXGqNaBGCYReOBgQ11xGw7qrDK4UUmxCVywXUp2Uzmj/h/qECa0j YdZjTtOYJb/GLubHOrrY1ky1PRyeUCRdZdn4Gkbg19bwO8jTp3AVy/wkVKQQoIKy Krt4MA5FAnJKGQH1OlU55hooArAvKVhUQAzVOlwB5O/sYo9n+hrhrAUiHBdDDiku eqQ0BCLGOhw9XRrKyp+/7xikZzysb3MmnDUK5em5WoIWGd0a4IoERO7AeESzaCwo brQH/kQgnLmDk5U9Cu7quNPEUSHVkNMGniPSmzSYZxTK46zllPPAoG5+CECaELiv n0ba3M9B/A0sIDgq8tAbWqpjIrj1SoXwofb4PKFTC7qvSpwQh9ygGeUNC+Z8LP1J kl7mx4DMQXfF5QkuM94ltVUJt9GRS3HCkji5PA5XdAuRy5Ogj5tjZ8BCoyI3sYp5 eBmcJYjpWhVuKaQxhN6fi4snmp4ucL618YTt6QIXNimeMHAdFUHfpMIk/Zm6Wjrw JCSAKu3pMlJwMA1MuN2IWVfp+sK19YR/QRoICYy7Mb0HwhGDLn/Y5olffgAj9C/I 9pcN8zVmQyjR1zgM58Ahw3EcCFEqRD2sZYNZiM2RjV2UV/RtF/9pUs5MI0UgTC+Y VGH6FjsgWk05wptoGAMXwEPQWxocPoM2MQ6aLilG6e54oQw0A/J2xH0+hspzNAm1 tyAh+1skGBUSONQigNZvD968jOnqybTJ4NzCkv3fN1CYuvjZh2UZRfYM/ErapHFP EcpSisuSGnTWsiS1URs/Wg049ZSle+E6u7AgCQJnZ6Zj4Mzoq8XLZiEyaUGKG65E mxQtkkCRUSWBIgCnGTCD8EOYIHY99/2oyYFlwlFmld5iSuBoAeYLR91rU952cVmM yo5wEbDDjFyjE51AJ9qoDArunS/IFsqGDWggqvS+pd3SbtZuTmxccxMrAJA64zcV 95yCU24c1k/eiwxLhl9w4L9Eu8gb0bWgebv4EobXKJ16pJPfU9gW1iZ6VSNTbVJG tQmjapNRmm9TArttEkaNAiYN8hBcoN/R0BnI+K/ILWd+SHjm/+s6nXn33lsyPAgH 0jBdSp0VQsxwOVYLX9gy8DWyvtdH3ZuVslKj7YqANPTZxUcNKJlKgfplF39LQ3Uy P0+lGsWfo7zs1A0nFHfzAO5YiD7JuChsUkZT2XAKDoAjwuDK2y5mYFeoeih8dHAf 5xmgQPeL5uvoIZowBHSXeNogxaA5AcmnjFGRA3U3gJ3pfmhSd1LZmSYC7iGAZjTx s/QLfvxmcEAQ/R+ZwrAug5ipdjHiukNJAVqNEe+L4x4h/K3IV8GcChAyeMeZBAg+ pwguZyItKpLV13GXAe2ZgNpA6e0xw8DOM/RdRzTWfXJ4mHZjD0TiIVx4FNSp0J5r poKj9R1NBEFTFWM2qFCIsujVvor7lKC+EgJSCD+ivyU/IMglLjuh8IMDfmQAinyF H/BVNpp+28QWvQOn0y4egGiBOrE4gmcgPgPj/RL29rFX6KCvZkaz52TARL6LURw0 /BobdtOGvZkDjDFr1L35pdBgriEtD+gHuPb3/3ZEd/acHO5st3zzSBGv+7gy0lx1 5vXKSNFIPanDgfRRUoJAFRs+YFMw9gV+Gk2+Uj/Mt0XdBRZjGpZpASyCXGEZI1Sk CMPgu7giqcFMU/RlraDru7hrcwxoo42seFjjAFIShGE9FUYI9MGIFhOHgjdign3b qBkLlIYopSQrmjs4jjt1A9zp+IsjegSHIjyRxis0VSSpVKa4EpEgBgtvl6v0DslI a+SKJLmM/ZfAcQrEMrr4hd6mx6wpe+BKCvhKT9MFj//9GZBBBmiLOhhRB6QI1gsh hxKpgzvXnhC95CuV/E/6jhAKvwnZA6ey/DSMZOvgXqzRU/R/RzloR9wd/BCtlt2p xRB30QHlVHEi+TPgvjSeVHYO1kNRCJPo7hKrLrlkVvltSRiylYCxf/UY/uDqpOJ4 JPsX6IV2HWHBr+/CQxLoadDxSkJrGszpkWOK2BZ1sUwWPeSj8kcDCl1lJnzF4SsB X0n4SsFXIr6M9DgvahMC76w8pbgcd5vyJMUmwvA88YwBOxR/mCju/Iz+AjeooT/C 1QBUAvq+cFZgkDm8pA51xZxxs1UoTyouT3ENoUal3hE5/zIJS5LApFR3Aix+HZrc FEBCOhKs5XF+eihAPNk05ABn3PFK9yHafVBTHifBXX8Mo2GfhUAJEAGOOBwA/mvD FvtuH7RzDKyiYV1sepavkaFRGr341NuRdSO87Ri4Qhd1Vy6cVPQynm0K7VqIoMyz i3CjCw22wUuVIk9STrwmNeqVfvLfdvipjZoIYRywJCd5jC6IKBjxvAfEIHbA9/KX sWhw8TEAPFDGLBuQEGAG7A9wnQ7CBka4BwX3tdAb95cl+hckQVlc7Du8EW5BscIb SnnK0ugBoE8KhXHgy98KOCHCA8XcijSF3YYeuWBQj5pVCXBgG4X5ZmvGnf5to8yt bE54wnhTuxjViJBioMBfljQYBg8jCJwGb73gJbFAJJ5v5hI5FqyaMujAFE6bblpH YFGIDUeVdRTTxeZnUffz5hlTxKIsi26tMF3Z4pbOiFjwnY4o3neVWfCwnQbl9LjO NOoCjNPQ4iSYBViIFmWt0vAdM5j77TCSmDL6HYwB4uG7P4YSPvi/ITe9zrWuunal ZYbVahlvmVG34RHXmtVO3nLnpEl3WsKVM2v5dfmk0r1unWVD3ZpavsZlqa6vX7O6 dn1NLR9vKlvTsGZljaXG5apzxZumLa+tc62vBlBX3WpX9XoLgK9fU1vNr6mrjTf9 z/7Ldi1ZLVmDS5LMaeZMc7Z5uDnPPNacby4wF5knm6eaYQRmzny/udI8z2w3LzL/ 8F8F/OH54fnh+eH54fnh+eH54fnh+eH54fnh+eH518/91bWEq1lO5lS7yLQNLvh+ hNzvroXPOjLNvZrMr9lAHljBk8q6BlJWs4LMqaslC9w1pKpmJVngdBPOtYbMr+bJ fGizkD5kXs366jXrLHfm3zXZMuORDc4a1wZ37cP1lo2uNXyNZUXdypocE3mwvnp1 zWSLS4EtUb5rXOPd9TWu2ur1NVMtJZaS9fWrp5pI+abq9RvWDQBX19bVQi1Umsj4 DTW1NTwZ30BM89y1tWtqV1vW1Fps5ZXlCyzroScyr3zOtJmzy+fZps2fT2qxZEHd ZAuZhjimrVhR567lASGQv3xtzQoeajhX3Xr4WjgeQcZT4Hk1P3bX1PPjlYFBH0px ee0K1yMb+JqVky22ChuZPJkASfkbVm8gG3kCJdjllNx6AiUWa0ONa3ldfc2UAot1 VZ1rRY3FuryaX+FEGi1qM/wmpnKMKVhqNtWscPM4HEQ9CMOEf4Eh3DN5AHijYgDW 1bvX8ZZVwGPLKIAaRVxWnpgq66BmxZoNayCqYVkFzFhJSklu/ThL7kpLbj19TyhY OTnygkLCr1lf85O62hrKKQpVjzNTB3O7SimBU033ig04iyo3S3LrS3Prp1pGD2J7 bv0Y02AAE50cRBCZD8yUVfM1SmpezYZ1j1j4uu9FqUxTzUrL8kewVSk2XKhOHkjY /LpV/MZqF2BUBRW4aamqXrUKWAMyazIRUxVwBBgXxS1TZO5p78AGF207fhUOf7xb 5UMJ1tiqeSeC5GDHyvhUKubU1KPYj59ZBgNAMc5fDUPLz12p/CksqKzZWL/aVefe UK+M+QHX6uraNT+h0aTJtDcLjvmR9XXuessAWfNrXA1rVtSYSB3CE5Otrp6PJrcW 0Cr0wVh415qaBmWINetWWkbl1o9SJk/lQz0P3a2gDJhMa0nVNI6bXU5MD9bWbNoA MwPsLX+Aw8VGq00z6tyAqLYOZQziZ1F4AURhJMKF1/ma2lV1xMWDrN0BFG2kvZI1 K/NXLoc3yV1JqmvxZSUmylhiCgvzACrT7Lq6h7HIvcFSvXIlSHg9ncqZZfQLG01T i9fUq03CBZROKu5hgkDvoCIZhx1SxWgJPzn4WL71aEoHP0zkUQtS6MPe4lHq0+lj vMWDtZb/5zuDkIp/hMQwA2UFkDcxA/8flemQhxFH8vMgPwPuUYWf5ZCfDjc3w48r 9f9v+2sK0fyIgT/2eeb5fwFaKsv0O5lhWJ0e5CAlVZcsp+mGMHL0o9PJNz1meQQD L3iSZZlhdGZGSSrPCOWVLJMFc2wkf+TIkbSXsLRq8GG+9dAiLb5YmtdFngEYgynV FBfDMLFMSgItMDJMEsMkwh8+eoPJROvjmSEJMCizWk8fkji6FqLrY4BDKZqUVFwq DEnRsikxkY5SBh7zULMRvgwpaZGi+IHaRJPZbDaaUlL0KUmxCSkpQ1LiBurJBlA2 vKV+RXXtKstky6p1ddVUL9KwPmqK9dW8ohBAjT5cs/I7A/YzHpgz31Y+I/K9Apao avGQven7099MP5v+RbomIzljRMY9GfdnrM74aUZTxi8zCPltxuGM8xlXMkIZ5kxL ZkHmrbCXZc7LXJHZlJlLFANgAplZ21C9bg2oUnftCtT9llr3+uU1LrDELPXuFU5F EwLkyjWwhfN1rkfoxhOl2hbU1VnWV9c+YqkD3UnBYW/Ckwk4yAB0K0GhghE3vXql gkpFPwe2ctcjFtgga6stvKu63glAlYC0prbOvdppWU/rI9QpWcvydXUrHg6r4Uhl TW3DGlcdPTMZGA7leCRbvWIFKmS0CiNlK6v56sgwV9bgtkam8XzNejS2YEOj5kYD mJJulwsNlwEOIJ31YHeEWwESIK9GHXykT9dqN6Vpmms1zHo9DzjrLMvXrAZTs2aF SqFyuENmuOrq68cr6KiEgIUMXI6gmKcYVohgHRSCxYO8rF7nqqle+QiYcYC9/hZF BLbn+jXL1yGl1SuReeTB2odr6zbWqv3mqrt/vKI3731jmv9+tqxr1pBZf7i3bPq7 sx+eobvfq7l1+aXyM+WXyidw8RXaiuvw3lCxqqLivnb4PHpf86yTs/z3587BFn+a 1Tb73dlfzNbdf+vSvXM2QN8JSADcMk1UJXXvHHHkF/SPMG/BoR9JfG0Uvt8e/X8A UEsDBBQAAoAIAFpwoRxg2b0IAw4AAPk5AAAKAAAAUkVNQUlMLkNQUO07+3PbNtI/ OzP5H2De2KZq2pHdXqfnR6aeWr5xz3EycTLJjO3xUCQooZYAHgH6UUf/+2EBkARJ UJKTa3vfzOe0EonHArvYN1Z/IzSa5DFGB1zEhG2PX798UbXFjDdaBJniRlNrFn/k V+IxxdzRzkUoGs1JRMWkBZOLDIfT5lBnq2wkdNRqjCdk2GgMJxMWqTbZGuOEUIze HJ2eoX71fj74dIF26iM+n52eD84G52inv/sDdEXjMEPfjbC4kPiQyEe6ISF4Egfm ZZgnCc56+y9f3DESo2lIqE+oQGE2ioox8vnu8rocc09S7J+cng0kqLLxKI5PacJO yKTom/IR9GoQR5TR09gv1yxBx3Fmw/jAjodmFImbg2Bfp8e7cliGOTfDQgn5hsRF fzTG0W3Csnxq+tUz9L58wRUZEAy7w9mQcXzYVx0LUX/54unlCyT/DNr79ls6Smvv RNJBgYWmiFEuDLA3jIoxv7w+fPJ+DakXIO8ED+HrTZjB11Ga6bdH+Po1l0M0EPef HDHxAu8oH8nPC5zKz7eRkJ/n7E5+HuNIgjn/eHY2c+7mOHzUe5HbksM/5Fh+fsIx PI9z+XmSEQAcAsgL2EwDFkD5SMnDcSjw5ff9632rHSQLHaK+3RZdVjx6LTu9q75n 90vChVNcg8IugZddgx/m9CUZm17+2Hd18Xz42+XO7k+uvmgad3VRFuPLv9dR/C5p bvc7gafpBKZ/Vn81EFrQuhZIQ87TcRZyrEbYXZjeSUzra7NJ7GomEoF6y/TxBnZ5 uauadQcXWR4JFDMey5O7kU+ya8W0gupEohwL8oBplD2mAsfWgUK7YDcgfI1Wemi/ RWPr5cF6TjHFwogftKWZbE187z2ehmSCdrZ/2EO/PKZjnKU5veXoPiMCo0iew+oV 9XoFpAT5IK7oAO32dNNTJTIFzI88HOE9lGnQB/obZ1s5xxlQ57WcfjDlo9cWZHv+ 4CGU51pBUFgfIDmjMSHDIs+oaZgBaiXFo/TRN4cRKKUC297aue7ty/5XrxB0IJYg MSYcFTssT6FA83WJJvwlLPMfDnf2Hw6gc/9hc7NX1xdP9VcAI7ci//O9LXUAnt7L w3UPrR4qXWGjU5BBHdXO/hxgdw5ALTiFzm1CmtlomkFofV2v2ytP4Yq+zykldIQI Re8G54MPaMpi7PVsxqZA50qYghEWmN753vsBWNDB+3dHFxdeL+Dkd8wSa2CvDQVk PkCV9fSgwQuMwQyQgQGt1mx5lCJ7RILJQwxjpGwtVxoJjWUDnCkMux/L81UEnGDq y0W4H/UU7fqA+ipKADZ4O1Q2PxXQCyqVpI8C5H1ge8jrIXR4iKIezLY7wfCioyhi OVg26lXn0xip8Fg9hC7UQ/MZqSCRYMF6dPnDdUkMwXpNBjJaovvUG8wEm77Ih7/h SCi0FFbu5UGZB0ju4B/VDqDNOg4H8BN5FnMgA2A4LsDsx+u5kD5vAXW3DP3nbFTT aWenRahO0O/xv3PMxZZWh4SOll5ld3f5VQaFZt9D7/75zg3d1v7lGc4sdpcwKUMW LViGnNsvZ4Q0hilmdcKoWh6FGUY8xRFJCI7LwfcYjRiaMHYLop9I4GKMjSyB2RTQ LNgtpsjf2+tVmsTIlqQBoGXEqsTGwtJi7meJ5bK6Fii9t+fN0YzNyd+4lTlQv4aL v5Kj5yz5HO5+Fqe7Js2W3NQywjBPMFojZ+25wwyHt21F6LSE1gJuZk1HqVw6YSmm vjflo23ZAIHDvfDqJ2FYyY/GcvwIi6g0LKuHaPD2pIFkmssR0TiABeqAkmjCOPZb 7dzYaEzvAk8SD6zs4Rr3AsvA2n5Vroyy/L+tnYz9X0K4HrnAU98DKmwWrsUu2kxY FmG0OQxFNAb/ABnKwLeWwf5yApjiLGMZ+B0DeED4AUe50jaKPRzchh+I8Ld2XF2z zjPHE46/Dtn+/x1kW2dfckkNdk4nhN5WzNzNHqVX+DbF1GwTZZjnE4ES4PYNCWPD AcBvSg1ITLYpvJ4SeId+blCroJSicAP5DprMHMJo9HqiFXtgpW+03KnD27E0vWp8 tsnpUmLdBmfJnWn30d7b/xuh56y+wMX9Bnd3oe1z2KVXryDmZHdYOVeTBKnTRxMc 3mEO8ZbOXrYnqnyK4Ri1l60dSG9sXPU3HIpBsMvKK7NGoqUtZYetLKEi7ex1GMwy kjyH8CwiKcFUoITlNO6O4xuxPCxnYhr3KiaGeBAsQObA5WM7ELMXNHOApVRi6/tG 4FEkWRpqRE64pJub1yCRQMjF+gEmXAOJNnobPecB0Y7zm3VSQ8fpVbfJ9ZI4gDiq QsSSAKCN97MdjGom/PKlPmTVGmKtYLKLENKbXdatqOmHJHlFtBEWkNzy10VB+ZuY 8RvZDGkwfz22UgCGU4rsptzJGg/QWozWuPrs78Z75QcCTwepdGq8HYePLLnH+PY6 QFd1CqrOAJkscLw9hYct0F7x9iMOs0BsC3IzZnkWIPU4JdQ8cRzVUhGAyO+MYrmu yUfUyawJoCnk5lKVvJQ0mt5C0tJXmcuGs1eaSTXW5Vgmhk6JCasVeVT6igmskx5r /Aoy3UXqC1UktdDJ8yiF7jo6Nt82ecy1+h46WOM/r/HXyK8J2xrv1fcAqQ4U6DuD bjesE3wbWDdVwKQYEghmr2cPKm2BGakUacdYoF05sCBm281ZRK/3OJ1AlmoBzWpY BojE3ZhqM4pjNHyE/f3cPPiCTq65n40RxtnWBUvEfZhJHE0mGCL+T2GSTDAkha9o I+XaHSk5NGA7ECodmsHbE+RQiGUslLSNrOrbuKIbzl6nt3pFP5FU5TG6fFS1Tbhg awVZ8wKwhvPs9fa/Pt5YFC0uJlOnzYbcjxChhFxkuBFclilqLOZf+4oxcQamjVYr c1z4eIrllb7W4tiOYaNpDBGB4r2tBNTZVm702oGeWbJ0+QC2SinJBkgdtUmI9XZz Uo0ZM3U0NfUNBuwPVN/WXWmTGrZ0vgvFGIi22hTphRr8f1CHd2gm1I3+f0U7uwa/ wRwuprZOjyXW4E9uj+To7bVY/ytMjXYbFvgG87TrOb7no4zlKV/CFr3NRiElv4c6 LQvcr/y5xynLOarE6AJndyTCCpjFBgxmu634X2gr/jRr8dSpGZFDNXbEYvPNyjea lvnmZZGJ+TPNzF9hZb7BwrxjxU3EcvaF4vvSoHyD6SiRnz2z4KesaCGmXAnpObVi iaIW4eWLFVO+0Leiw9albc9tekVG8J3mTLkPtLHGN3RsYETVlOXA8eypXiCJ3nJx ffvp6OTkbOBZRkXvdlsZuO5RjRvlVTPNudGPFD+kOAK9AOJNaLGXbvCGhw1U1LM4 UHcpQBxRJuA6OBrDvdbKSu061yAiF5Eni31N5wBJyqvSAAVMdiLo1WTTfAyAZJey 4YCn6o8YFSGhHIWags6bv2IJNULlS3QLaLQVszv5DVUaRFVoyBedbiiKWIjOOOxt AFHrbcjRpjMTKxo2fHHoOaxG6TVWyOameZqpLzOsZDfZpHk4LSc39ECKNg9RkcBU 6BUTVY0Fu4frxFv4BlPB8wwjIja4ynplZDQ2ZJZnDy3pWFEadlblmLiiWG2NOnKa VH6qZEVT5MsXVL7ubfQ0K5YtFXlWUpsCmgY6M1ScmVHKdayLXFlBuFlDSLTq6pQK g4tRDM38WSUgv7B8EiteTgiNbWmW9NJWZ0nh1fk15FfFhyal1K4vLPXUhNERkvvc t15pCTHhGN+Cf9A/C9DFYPCvm8H5caEg5SxwhgWeTPzSdLRnXAw+VFsE/vChlgkq fWBZWquuSYyV7ldWelYiYJsRVBVDlqi0q91qhYOLS8ZUZZVVo6VjAcsPKwwfQKzc Matoqjh0Nbd1UfTUuDNR5rMIJ9SUwMvUlcnqUlcmpUdjakKdfkDhBsBii72AADlg GSOtIDzHNTF3OqRth2clay5Rx9qoEiVx7XTjYa2ikMStSj8aD1ttFg/YRXbWs0pf HzYqLX+y6/2MCEvwgbfGX4HPYfHKvbLCVWGTR+LteOjVSpoSknEBuhPqMIAnQD2G ug4XDFw4gWqnR5ThEeECZ0X9Bkl85MfDknfUFmqcg+YWYqyq66V4aFSmQnXpS7Di BstclUS9QAIK1LbRM4sxJDjBbiUsDzkvQystHVRjEQx2jVZooFZF1Px7You/JRr1 u4k2VxuOpnqoJfeGiOCrqEsffV7mLN33GQX7kHhJ9mkFXb5P4ooHAM4ztEfCo5Am cJ2AvLXYC9Zpk6YUKbO5tLi3b1MKHOEAvZDCMtTp/zczoC7c7ufgVkSyipYLVrGi ElUWD5srSuFbgY8xqXJMw5rOLapvaKy6ilJBxgKFVNcwOtP0NToG6GjpCQMo3HRT 8qmdGgDFckVVns4LJJYOQnVKSSP+qkmZIeXcnx7MpeLySv0PV+TuUM15QVqUVdhu Ha3rnWrwmSnOy9PSJoD7dHqsvlSIa/1Kw3GB+41GAv0RVkJvGDn3sIylQPNNhYFf mgtYottimNHF7XlBzbmX7X+llSmii26f0nVIFUcdVa6FYT4HAzn8uBYAFa207veb WlONqAt763dEKoPa9UMgI6zPkPPmj2NG+tcsrR9SVOqxSug7HP2c63L+UvaXUJ2W ECjkAi/wlrTJRvLUNKgYgCg/2FhOQka6xKCY62BP2jLnHanS0TLVCm02KQpqRoHe RVlNYw7ZWT2pXdFkQQ1WWTVVqZOuy8GqGGikgu716LJ/3SZhwS3tEtNWBX3p2y3w p+aEyq6MO5hVz5BqTljlzpDO0xtVWNoljf8BUEsBAhQAFAACAAgA3XChHB1m4kZF FAAA5jQAAAoAAAAAAAAAAQAgAAAAAAAAAFJFTUFJTC5ET0NQSwECFAAUAAIACABm cKEcT1HmApA4AACeawAACgAAAAAAAAAAACAAAABtFAAAUkVNQUlMLkVYRVBLAQIU ABQAAgAIAFpwoRxg2b0IAw4AAPk5AAAKAAAAAAAAAAEAIAAAACVNAABSRU1BSUwu Q1BQUEsFBgAAAAADAAMAqAAAAFBbAAAAAA== =Qx3k -----END PGP MESSAGE----- From perry at snark.imsi.com Mon May 2 05:48:20 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 2 May 94 05:48:20 PDT Subject: Detweiler In-Reply-To: <9404301725.AA03894@pilot.njin.net> Message-ID: <9405021248.AA25509@snark.imsi.com> Frederic Halper says: > If Detweiler is a big nut. Why was he involved in the > implementation of MacPGP along with people like Atkins and Finney? He wasn't. He did do some testing. Perry From d7urban at dtek.chalmers.se Mon May 2 06:19:58 1994 From: d7urban at dtek.chalmers.se (Urban Nilsson) Date: Mon, 2 May 94 06:19:58 PDT Subject: Blum-Blum-Shub source? Message-ID: <199405021319.PAA12535@hacke18.dtek.chalmers.se> Timothy C. May says: > I don't think generating random numbers is all that much of a > priority. The Blum-Blum-Shub C code is available, and I defy anyone to > break _that_ PRNG! Where is this code available? Pointers anyone? Urban Nilsson | Use 'finger' for PGP2.3a public key. d7urban at dtek.chalmers.se |------------------------------------- Chalmers University of Technology |A person is just as big as the things Gothenburg, Sweden |that makes him angry. From dct at newt.cs.byu.edu Mon May 2 06:45:09 1994 From: dct at newt.cs.byu.edu (David C. Taylor) Date: Mon, 2 May 94 06:45:09 PDT Subject: ticket switching Message-ID: <9405021345.AA25454@toad.com> According to the Elliot Wave Theorist (reprinted in "The Reaper", 6 Apr 1994) Hillary Clinton's commodities broker was sacked for, among other things, reassigning winning tickets to certain accounts. Sounds like a laundered gift to me. dct at newt.cs.byu.edu Soaring, the Ultimate Three Dimensional Art Form From frissell at panix.com Mon May 2 06:56:36 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 2 May 94 06:56:36 PDT Subject: Security Consult. Needed Message-ID: <199405021356.AA14925@panix.com> Two recent incidents in NYC show massive market failure in the information security industry. One of the city's largest bookies was busted when the Feds intercepted the daily fax transmissions summarizing business results sent from his NY office to his Florida home. A major cocaine dealer is facing prosecution based on written transaction records seized at his office. His simple code was broken by a "known plaintext attack" when investigators were able to match his written notations with transaction information derived from wiretaps. Can't anyone help these people? Maybe 178th Street needs PGP and Secure Drive more than the PC Expo. DCF 1001 Flaky Anti-Tax Arguments (#286): I suffer from a recognized social-affective disorder. I'm an anarchist. Due to a mental disease or defect, I am congenitally incapable of conforming my behavior to the requirements of society. Under the Americans with Disabilities Act, the Internal Revenue Service is required to make reasonable accommodations to meet my needs. The only way to satisfy the needs of one with my disability is to not impose any social obligations on him. --- WinQwk 2.0b#1165 From dct at newt.cs.byu.edu Mon May 2 07:10:02 1994 From: dct at newt.cs.byu.edu (David C. Taylor) Date: Mon, 2 May 94 07:10:02 PDT Subject: Fenced DES Message-ID: <9405021409.AA25562@toad.com> Sorry about the off topic post - I have had trouble getting to the list and needed to test with a short message of interest to at least three people on the list. Here is my real question: Is source code to Fenced DES (re the article posted by Terry Ritter about 2 weeks ago) available anywhere? If not, is there other printed work that would shed more light on how it works (i.e., things like the best way to fill the 32K of substitution blocks at the beginning and end, any attacks and their success, etc. I will be acquiring my copy of Applied Cryptography this week, so if all neccessary answers are in there, I will find them on my own. Thanks for the help. dct at newt.cs.byu.edu From jims at Central.KeyWest.MPGN.COM Mon May 2 07:14:13 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Mon, 2 May 94 07:14:13 PDT Subject: WSJ article on PGP In-Reply-To: <199405011528.AA13386@xs4all.hacktic.nl> Message-ID: <9405021414.AA09520@Central.KeyWest.MPGN.COM> Some comments regarding the WSJ article as reported by an anonymous poster. > >From The Wall Street Journal > Vol. LXXV No. 138 > Thursday April 28, 1994 > ... > computer makers to build into their machines hardware that would allow > law-enforcement agencies to decipher any code that was used. The proposal > outraged confidentiality-minded corporations and computer users alike. > Eventually, it was dropped. Can you say Clipper boys and girls? I thought you could. (Dropped, sheesh) > But investigators say PGP and other encryption systems aid crime. Yeah, and so do guns, and police scanners, and cars, and hatchets, and every other tool we use! Legislating tools won't work. You can only somewhat-successfully legislate the improper use of them. > Encryption also raises some eyebrows inside corporations. Mr. Bass, the > Washington lawyer, notes that most companies assert the right to read > employees' e-mail, since it is composed on their computers and travels their > networks. "What will they do when people start encrypting messages to each > other?" he asks. Respect privacy? > Without e-mail encryption, widespread surveillance would be easier. In > theory, CIA, FBI and police computers could tap telephone cables and look > for key words such as "missile" or "bomb" to find people who needed closer > watching. Mr. Zimmermann says: "This is analogous to drift-net fishing." If they did that people would use words like messenger or devastator instead of missile and bomb. "Like Duh!" -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From jims at Central.KeyWest.MPGN.COM Mon May 2 08:07:42 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Mon, 2 May 94 08:07:42 PDT Subject: So, what are we going to do? In-Reply-To: <01HBTU38KG6G8WYU0U@VAX1.UMKC.EDU> Message-ID: <9405021507.AA09835@Central.KeyWest.MPGN.COM> > > Will they come in at midnight, knocking down doors, shouting > "we have a search warrant to locate illegal cryptography in your > possession!" and run off with my equipment? A friend of mine that repaired computers said he ran across an old disk drive that was used in WWII. The thing had a lever on the top that was to be pulled should anyone "burst in" unannounced. As a failsafe to protect our secrets the lever was the trigger of a mounted .38. Are we "good" American citizens going to have to write failsafe boot files that require a special combination of keypresses or it erases the hard disk? It would be a shame to have to protect our computers from the "thought police" of not Orwell's future, but our present! At least opressed countries have governments that break in and take your computer and family because they are lowlife dictators and admit it. Here the same lowlife dictator wannabes do it in the name of democracy and justice! (Not that I'd like living elsewhere.) Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From perry at snark.imsi.com Mon May 2 08:15:55 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 2 May 94 08:15:55 PDT Subject: So, what are we going to do? In-Reply-To: <9405021507.AA09835@Central.KeyWest.MPGN.COM> Message-ID: <9405021513.AA25885@snark.imsi.com> "Jim Sewell" says: > A friend of mine that repaired computers said he ran across an > old disk drive that was used in WWII. There were no disk drives in WWII. There were barely computers. Hell, there was barely magnetic audio storage -- on steel wire! Perry From m5 at vail.tivoli.com Mon May 2 08:16:55 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 2 May 94 08:16:55 PDT Subject: So, what are we going to do? In-Reply-To: <01HBTU38KG6G8WYU0U@VAX1.UMKC.EDU> Message-ID: <9405021516.AA06928@vail.tivoli.com> "Jim Sewell" writes: > A friend of mine that repaired computers said he ran across an > old disk drive that was used in WWII. The thing had a lever on > the top that was to be pulled should anyone "burst in" unannounced. > As a failsafe to protect our secrets the lever was the trigger of > a mounted .38. Uhh... uhh... I think you may want to go back and ask this friend whether he was *sure* it was a disk drive from WWII. If so, we need to go back and re-work some history of computing details. Then again, there was the Philadelphia Experiment... -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From lefty at apple.com Mon May 2 08:53:44 1994 From: lefty at apple.com (Lefty) Date: Mon, 2 May 94 08:53:44 PDT Subject: Detweiler Message-ID: <9405021551.AA22317@internal.apple.com> >If Detweiler is a big nut. Why was he involved in the implementation of MacPGP >along with people like Atkins and Finney? If William Shockley was a racist twit, why was he involved in the invention of the transistor? What exactly are they teaching you at Montclair High School? Evidently, it doesn't particularly involve thinking... -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jims at Central.KeyWest.MPGN.COM Mon May 2 09:00:14 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Mon, 2 May 94 09:00:14 PDT Subject: Lobbying/Politics/etc. In-Reply-To: <199405020431.VAA19949@netcom.com> Message-ID: <9405021600.AA10139@Central.KeyWest.MPGN.COM> > > Just don't call your campaign "Cypherpunks," as you don't speak for > me. The US Government doesn't speak for me on the "Bosnia thing", but they say "America's stance is". I am a member of America, just as we are members of cypherpunks. You didn't vote for a "lobbyist" to represent you, but then again, I didn't vote for Bill Clinton to represent me. (Yes, I did vote against him). > I'm not trying to sound snippy and testy here. If you and the others > who are advocating an aggressive media and public education campaign > can raise the money, get the stuff produced, and so forth, then more > power to you. Ditto regarding this reply. No ill intentions, just expressing another point of view. > But it ain't a Cypherpunks thing. So don't call it that. Cypherpunks > write code, as Eric Hughes says. Or as Phil Karn has expanded on > wonderfully: "Don't get mad, get even--write code." How did Eric Hughes and Phil Karn get to speak the immortal words that DO represent the entire group? Even if they run machines that run the mail list, it doesn't make them Cypherpunk Spokespeople, only the guy with a spare computer. [No offense meant to those who work hard to give us what we have. Your efforts ARE appreciated.] [Some very good comments about why infomercials won't work deleted...] > e. finally, it *still* wouldn't be a Cypherpunks thing....we have no > voting system, no rulers, no bylaws, no nothing. The term Cypherpunks is amorphous, thus subject to use and abuse by the masses. When people like Jeff Davis and Phill Zimmermann say "The cypherpunks are generally opposed to Clipper" it makes us an "organization" which, like it or not, does have representatives and agendas. Unfortunately, perception defines reality. If we had a "What Cypherpunks Are" document people would realize that whatever is said of the group is a generalization. > A better use of some raised cash--which you are berating us for not > raising--would be to finance Phil Zimmermann's "Pretty Good Voice > Privacy," or the similar efforts of others (described here in several > recent posts). Agreed. Money can be better used elsewhere, IMO, but if folks do end up in the public eye it would be nice to have some concrete definitions the public can use to judge the comments made by those high-visibility people. Take care, Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From jims at Central.KeyWest.MPGN.COM Mon May 2 09:04:58 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Mon, 2 May 94 09:04:58 PDT Subject: So, what are we going to do? In-Reply-To: <9405021513.AA25885@snark.imsi.com> Message-ID: <9405021604.AA10149@Central.KeyWest.MPGN.COM> > > "Jim Sewell" says: > > A friend of mine that repaired computers said he ran across an > > old disk drive that was used in WWII. > > There were no disk drives in WWII. There were barely computers. Hell, > there was barely magnetic audio storage -- on steel wire! He said "the war", perhaps it was Korean? To paraphrase McCoy, "Dammit Jim, I'm a programmer, not a historian!" Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From ecarp at netcom.com Mon May 2 09:05:22 1994 From: ecarp at netcom.com (Ed Carp) Date: Mon, 2 May 94 09:05:22 PDT Subject: Security Consult. Needed In-Reply-To: <199405021356.AA14925@panix.com> Message-ID: On Mon, 2 May 1994, Duncan Frissell wrote: > Two recent incidents in NYC show massive market failure in the > information security industry. You mean, marketing PGP to criminals? > One of the city's largest bookies was busted when the Feds intercepted the > daily fax transmissions summarizing business results sent from his NY > office to his Florida home. > > A major cocaine dealer is facing prosecution based on written transaction > records seized at his office. His simple code was broken by a "known > plaintext attack" when investigators were able to match his written > notations with transaction information derived from wiretaps. > > Can't anyone help these people? Maybe 178th Street needs PGP and Secure > Drive more than the PC Expo. Be careful with this line of reasoning. If you market PGP to a crook for the explicit purpose of keeping his illegal activities hidden from the cops, you violate at least two different laws. It's like selling lock picks to a known burglar. You could be prosecuted for conspiracy, aiding and abetting, and whatever they call interference with a police investigation nowadays. From blancw at microsoft.com Mon May 2 09:05:28 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 2 May 94 09:05:28 PDT Subject: Constitution and Contract Message-ID: <9405021506.AA01675@netmail2.microsoft.com> From: Black Unicorn Uni (who is not a centralist): "[It] almost sounds like you are calling for liberation from the Constitution of the United States." .... "I think it's difficult to accomplish what you propose. This seems to me to amount to calling for the status of sovereignty to apply to every individual. A system of individual sovereignty strikes me as unworkable, and again a slippery slope to complete lawlessness. " Say, is the Cypherpunks list? where they intend to use PGP in defiance of government decrees to the contrary? Uni: " What I feel is the obligation of the sovereign is to limit the level of corruption of the individual by forebearing from unneeded exertions of authority." Maybe they would do this if you said "Pretty Please". Blanc From blancw at microsoft.com Mon May 2 09:05:30 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 2 May 94 09:05:30 PDT Subject: CIA & FBI, a marriage made in ___? Message-ID: <9405021506.AA01678@netmail2.microsoft.com> From: Black Unicorn " What is important, and a point on which I think we agree, is that the regulation of strong crypto, or in your definition, the interference in the marketplace, is unacceptable, unneeded and nothing more than a calculated attempt to maintain the status quo of usurpation of individual rights in favor of federal power and influence. Even the national security externality falls when one considers the uselessness of export regulation in the age of digital communication." ..................................................... Okay, last word from me on any of this, and only because it relates to the above; the quote below is from a newsletter I just recently received (Imprimis, from Hillsdale College, by Richard Duesenberg of the Monsanto Company): "While there are indications that the [Supreme] Court might be resuming some sensitivity to property (e.g., under the takings clause) the deference it gives to legislative action is still near-absolute. If a law or regulation simply stresses "urgent need" or "the public interest", the Court is sure to let it stand. The judicial review process is so biased that only the most absurd edicts are found unconstitutional. Legal scholar Bernard Siegan has noted that this bias has led to the impeding of the democratic process. If the Court refuses to review the legitimacy of economic regulation, then the government is essentially free to dominate the entire American business community and, indeed, the life of every American citizen. . . . . Even more alarming is the loss of freedom that has accompanied growing involvement in our affairs. But freedom is valueless to the government planner. He requires coercive force in order to have his way, and he regards centralized planning as far superior to the untidy, unpredictable actions and decisions of free men and women." Blanc From smb at research.att.com Mon May 2 09:07:49 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 2 May 94 09:07:49 PDT Subject: So, what are we going to do? Message-ID: <9405021607.AA26531@toad.com> "Jim Sewell" says: > A friend of mine that repaired computers said he ran across an > old disk drive that was used in WWII. There were no disk drives in WWII. There were barely computers. Hell, there was barely magnetic audio storage -- on steel wire! I sent the same reply privately. But disks were used in a WWII voice security system -- phonograph disks... I just learned about this system a few weeks ago. As anyone who has read Kahn knows, the early secure voice systems weren't secure; trained listeners could even understand the scrambled system. Some folks at Bell Labs were asked to design one that would work. The eventual system -- known as SIGSALY, or as Project X (and the end units were called X terminals, which is probably the only time that phrase was ever used for something that is secure...) -- utilized a vocoder and a one-time pad. The one-time pad was recorded on two high-quality phonograph records, each of which held 15 minutes of keying information. SIGSALY terminals were quite large -- they took up 30 seven-foot bays. And they needed a *lot* of air conditioning. But the system did work, even over transoceanic radio links. Churchill had one in his underground office in London, in fact. References are ``Secret Telephony as a Historical Example of Spread- Spectrum Communication'', William R. Bennett, IEEE Trans. on Communications, Vol 31, No. 1, Jan '83, and ``A History of Engineering and Science in the Bell System: National Service in War and Peace (1925-1975)''. From lefty at apple.com Mon May 2 09:21:21 1994 From: lefty at apple.com (Lefty) Date: Mon, 2 May 94 09:21:21 PDT Subject: Lobbying/Politics/etc. Message-ID: <9405021620.AA02316@internal.apple.com> Jim Sewell writes: > > The term Cypherpunks is amorphous, thus subject to use and abuse > by the masses. When people like Jeff Davis and Phill Zimmermann > say "The cypherpunks are generally opposed to Clipper" it makes us > an "organization" which, like it or not, does have representatives > and agendas. No, it makes Messrs. Davis and Zimmerman guilty of overstepping their bounds by acting as though they speak on behalf of the amorphous group which makes up this mailing list. My saying that midget Lithuanian plumbers are generally opposed to the free sale of chocalate cherry cordials doesn't make it so. Mr. Zimmerman doesn't represent _me_. I question whether Mr. Davis represents even _himself_. If you want to play lobbyist, go ahead. Leave me out of it. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From pcw at access.digex.net Mon May 2 09:49:59 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 2 May 94 09:49:59 PDT Subject: Randomness... Message-ID: <199405021649.AA28953@access3.digex.net> >Timothy C. May says: >> I don't think generating random numbers is all that much of a >> priority. The Blum-Blum-Shub C code is available, and I defy anyone to >> break _that_ PRNG! Going in the other direction, does anyone know what sort of random number generator is included with the Borland libraries? What about the Microsoft ones? I'm kind of curious these days for a number of reasons. From tcmay at netcom.com Mon May 2 10:00:42 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 2 May 94 10:00:42 PDT Subject: Blum-Blum-Shub source? In-Reply-To: <199405021319.PAA12535@hacke18.dtek.chalmers.se> Message-ID: <199405021700.KAA22320@netcom.com> > > Timothy C. May says: > > I don't think generating random numbers is all that much of a > > priority. The Blum-Blum-Shub C code is available, and I defy anyone to > > break _that_ PRNG! > > Where is this code available? Pointers anyone? > > Urban Nilsson | Use 'finger' for PGP2.3a public key. > Gothenburg, Sweden |that makes him angry. Look for blum-blum-shub-strong-randgen.shar and related files in pub/crypt/other at ripem.msu.edu. (This site is chock-full of good stuff.) Of course, only Americans are allowed to use these random number generators, and even they face fines of $500,000 and imprisonment for up to 5 years for inappopriate use of random numbers. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Mon May 2 10:09:36 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 2 May 94 10:09:36 PDT Subject: Blum-Blum-Shub source? Message-ID: <199405021710.KAA04820@jobe.shell.portal.com> The Blum-Blum-Shub PRNG is really very simple. There is source floating around on the crypto ftp sites, but it is a set of scripts for the Unix bignum calculator "bc", plus some shell scripts, so it is not very port- able. To create a BBS RNG, choose two random primes p and q which are congruent to 3 mod 4. Then the RNG is based on the iteration x = x*x mod n. x is initialized as a random seed. (x should be a quadratic residue, meaning that it is the square of some number mod n, but that can be arranged by iterating the RNG once before using its output.) The only questionable part about the RNG is how many bits of x to use per iteration. The original BBS paper proved that the RNG was secure if you used just the LSB of x each time. Later there was a proof that you could use log-base-two of the number of bits of n bits each time; if n were 512 bits then you could use 9 bits per iteration. Some time back I saw a claim on sci.crypt that you could use up to 1/3 of the bits each time safely, but I don't think that was proven. Hal From nobody at shell.portal.com Mon May 2 10:19:35 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 2 May 94 10:19:35 PDT Subject: 'Independent' Article : Spooks all set to hack it on the superhighway Message-ID: <199405021720.KAA05696@jobe.shell.portal.com> Thought the following might be of interest to give some of the European political perspective on encryption, reproduced without permission from the UK 'Independent' newspaper 2/5/94 (anything between {} are my own comments) : Title : Spooks all set to hack it on the superhighway [ On the right of the article, a pretty picture titled 'How E-mail helps criminals avoid detection' - with boxes saying : 'Today when a user transmits messages in code on the Internet, the international computer network, government intelligence services cannot listen in.' 'The US has introduced the Clipper chip, a way of encrypting messages while allowing government intelligence services access to transmissions. This is possible through a "key" used to encrypt the message. The government holds a duplicate key that allows it to decode transmissions.' 'Modern encryption cannot be cracked but if users are forced to use the Clipper chip, intelligence services could then eavesdrop.' 'Europe is opposed to the Clipper chip because it fears that the FBI or CIA could target European businesses. A suggested alternative is that the "keys" to the coded messages could be deposited with a non-government trusted third party' {Gee, yeah, that's a real improvement - me} At the bottom of the picture, a set of small images titled 'Dangerous traffic on the information superhighway', individually 'Terrorism', 'Drug trafficking', 'Neo-Nazi organisations', 'Pornography', 'Industrial espionage', and 'Money laundering'. {Oddly enough, there's not the slightest mention of 'Government privacy abuse', 'Governemnt oppression' and the like... and I wish *I* knew how to send drugs by email : uuencode -heinous_chemicals, maybe ?... As an aside, a British computer magazine reported a couple of weeks ago that a government minister had refused to ban the import of pornography over telephone lines (and hence the Internet) as it would be unenforcable, even in plaintext ! - me} ] >>> BEGIN ARTICLE A ROW is brewing between Europe and America over US plans to allow intelligence agencies to monitor information on computer channels. Washington believes E-mail - electronic messages travelling at the speed of light on the information superhighway - is a conduit for criminals and terrorists to transmit messages without fear of detection. The US plan for a Clipper chip, which lets intelligence agencies crack encrypted computer messages, has raised fears amongst European businesses that sensitive information would no longer be secret if it was vetted by the CIA, the FBI, or GCHQ, the British Government's eavesdropping facility {I would have thought it was *obvious* that it would no longer be secret if it was being decoded by this lot... - me}. E-mail is rapidly taking over from "snail-mail", as postal services are dismissively known. There are 20 million users on the worldwide web of computer networks known as Internet. But in 10 years it is predicted that 80 per cent of trade information will be sent by this method. The Clinton administration, concerned that terrorists, money-launderers and drug dealers will use E-mail to send encrypted information to assosciates, wants to outlaw the use of private encryption on international computer networks. The global censorship plan has run up against opposition from European and American businesses that use encryption to send sensitive information. In a position paper to a consulate of European Union intelligence experts, which has been obtained by the 'Independent', the European organisation representing users of computer security has rejected the Clinton initiative as "totally unacceptable". The statement by the Information Security Business Advisory Group (Ibag), warns European governments to ignore overtures from the US government aimed at restricting access to the information superhighway to users who use encryptions that the government agencies can decode. The European position is that "industry needs to know when its sensitive data has been compromised [by the security services or others]" and that the US eavesdropping initiative will greatly reduce the benefits of the information superhighway. Companies "will be restricted to a very restricted list of 'approved' algorithms [encryption methods]" greatly adding to business costs and making international cooperation difficult. Ibag recently informed the senior officials group on information security that the planned US-style restrictions, or the even stricter French system under which those using cyphers must disclose the keys to the authorities, are "totally unacceptable" to industry. The European group has proposed that companies deposit the keys to their encryption cyphers with "trusted third parties" rather than with governments. With this system, when intelligence agencies want to tap messages, the company will have to be notified. {Unless, of course, they just bribe the 'trusted third party', break in, require the key for 'national security' reasons, or whatever... - me} Chriss Sund, a computer-security expert, said companies faced real dangers of economic espionage by governments. "There was a general instinct among companies to distrust the French", {8-)} he said, who use government controls on encryption "to their advantage". {like the others won't, I'm sure... - me} Stephen Dorrill, an expert on the intelligence services, claims that the US proposal is designed to facilitate industrial espionage. "GCHQ, which has been co-operating hand-in-glove with the US for the past fifty years, {UK-USA agreements, etc - me} finds itself caught in the middle of this US-EU dispute. Britain will eventually have to square co-operation on intelligence and encryption across the Atlantic with the demands of its European partners." Under the US initiative, use of computer or voice encryption that cannot readily be hacked into by the security services of cooperating governments will be deemed suspicious and worthy of surveillance. {Well, they can surveil all they like if they can't break it... - me} These users will be denied access to the information superhighway. {Quite how this would be implemented is unexplained, but presumably would require mandatory use of Tessera chips. Still, of course, completely useless against superencipherment... - me} The US has decided to replace private encryption with the Clipper chip. {Now, I don't know whether they've heard this from US government sources, or whether they're interpreting it that way, or whether they just don't know what they're talking about, but if it's the former, then the general tone of the article with it's "decision" to "replace" private encryption might indicate the US government is taking a more candid stand with its opposite numbers in Europe than it's giving to the people back home -me} This enables government agencies to listen in on conversations and decode data flows at will {wot, no warrants ? - me}. How European governments intend to tackle the problem of terrorists and other criminals using encryption to stay ahead of the law is not known, but there has traditionally been a close working relationship National Security Agency in the US and the GCHQ in Britain. {i.e. 'Buy the new secure British Telecom ClipperPhone, available now from all good high-street consumer electronics stores...' - me} The clash over encryption could have serious implications for the development of the information superhighway, which has been hailed in Brussels and Washington as a way of increasing competitiveness and delivering a boost to the economies of the industrialised world {that they've been working hard to trash for the last fifty years - me}. If European businesses are blocked from using the US information superhighway because they will not bow to US pressure, the EU may be forced to develop its own independent system, adding to the cost and hastening the division into three rival trading blocs, {Oceania, Eurasia and Eastasia, whoops, wrong book - me} the US, the EU and Asia. >>> END ARTICLE So, I'm not really sure how to take this article (other than my first though : 'Thank "Bob" I'm out of here in nine months'). On the one hand, it appears that the US and EU may well be at each other's throats (IMHO, the best place for them) over the actual implementation of the 'escrow', but on the other the European organisations seem quite happy with the idea of giving their keys away as long as they go to a 'trusted third party'. But.... there are certain advantages from this point of view.. aside from the fact that it's just as useless as Clipper, since you can just superencipher with a secret key, if you generate the keys yourself rather than having them generated for you, you could always give them an invalid key ('Whoops, silly me, wrong floppy disk'), then if they did want to crack your encryption they'd have to come round for a visit to get the real key and demonstrate that they'd attempted to tap you. I have no intention of giving my keys to anyone, but if they're going to attempt to implement some kind of pseudo-escrow system, I'd rather this than the Clipper approach. The best news, I guess, is that European businessses want to use encryption, so it looks like a ban would be difficult to enforce. The worst news is the general tone of the article, attempting to link the use of secure encryption to terrorists and drug dealers, and like I said, it would be interesting to know where they got their comments on the US government's plans from, 'cause they sure don't match what's been put out for domestic consumption... From smb at research.att.com Mon May 2 10:34:51 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 2 May 94 10:34:51 PDT Subject: Random #'s via serial port dongle? Message-ID: <9405021734.AA27060@toad.com> Timothy C. May says: > I don't think generating random numbers is all that much of a > priority. The Blum-Blum-Shub C code is available, and I defy anyone to > break _that_ PRNG! Its partially a question of speed. Many applications, like one time pads, are just too slow to generate random strings for given normal techniques. Its partially a question of automation -- I'd like to be able to generate public/private key pairs on a regular basis and its hard to do given all the goddamn typing. Its partially a question of abstract hacker satisfaction -- one would like to know that one's numbers are RANDOM. That isn't a matter of ``abstract hacker satisfaction''. That's a very strong security requirement: how do you *know* that your keys are random? Tim May suggested using Blum-Blum-Shub. Fine -- but how are you going to seed it? That's why I want real random numbers -- as a seed to Blum-Blum-Shub or quintuple IDEA or MD5 composed with SHS' or whatever. I probably wouldn't use the random numbers in raw form, though -- and no one else does, either; the real random number generators I've seen all incorporate some sort of scrambling function. From xstablu!brewmeister.xstablu.com!brewmeister!drzaphod at netcom.com Mon May 2 10:50:10 1994 From: xstablu!brewmeister.xstablu.com!brewmeister!drzaphod at netcom.com (xstablu!brewmeister.xstablu.com!brewmeister!drzaphod at netcom.com) Date: Mon, 2 May 94 10:50:10 PDT Subject: ID List, Tacky Tokens Fail. In-Reply-To: <199405020154.AA18146@access3.digex.net> Message-ID: > Below is the very preliminary list of state driver's license high tech > methods information I have collected so far. Ok.. now how about JPGs of every license in the civilized world? Personal information can be airbrushed out. Holograms may be tricky.. maybe it'll look ok.. just for reference of course. > I'll note that no one seemed interested in paying tacky tokens for the > list. Ok.. I'll pay 50 Tacky Tokens for the list.. we'll work something out. TTFN.. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From sandfort at crl.com Mon May 2 10:59:59 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 2 May 94 10:59:59 PDT Subject: Security Consult. Needed In-Reply-To: Message-ID: C'punks, On Mon, 2 May 1994, Ed Carp wrote: > . . . > You mean, marketing PGP to criminals? > . . . > Be careful with this line of reasoning. If you market PGP to a crook for > the explicit purpose of keeping his illegal activities hidden from the > cops, you violate at least two different laws. It's like selling lock > picks to a known burglar. You could be prosecuted for conspiracy, aiding > and abetting, and whatever they call interference with a police > investigation nowadays. Those of you who do not know Duncan Frissell personally, cannot imagine the elfin smile he surely displayed as he penned his original post. Humor, too, has its place in our struggle. Try to keep up, Ed. S a n d y From hughes at ah.com Mon May 2 11:01:49 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 2 May 94 11:01:49 PDT Subject: The American money capture In-Reply-To: <199405011708.KAA16423@jobe.shell.portal.com> Message-ID: <9405021735.AA26849@ah.com> >(Today, with our experiences of inflation in the 1970's and 1980's, it is hard >for us to appreciate the problems with deflation. But I think deflation was >much worse. The Great Depression was pretty clearly caused by deflation in the money supply. To quote Milton Friedman: "All told, from July 1929 to March 1933, the money stock in the United States fell by one-third [...]" Capitalism and Freedom, p. 50 Eric From tcmay at netcom.com Mon May 2 11:06:19 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 2 May 94 11:06:19 PDT Subject: Random #'s via serial port dongle? In-Reply-To: <199405021736.KAA24919@mail2.netcom.com> Message-ID: <199405021807.LAA02125@netcom.com> Steve Bellovin writes: (quoting me and Perry) > Timothy C. May says: > > I don't think generating random numbers is all that much of a > > priority. The Blum-Blum-Shub C code is available, and I defy anyone > to > > break _that_ PRNG! > > Its partially a question of speed. Many applications, like one time > pads, are just too slow to generate random strings for given normal > techniques. Its partially a question of automation -- I'd like to be > able to generate public/private key pairs on a regular basis and its > hard to do given all the goddamn typing. Its partially a question of > abstract hacker satisfaction -- one would like to know that one's > numbers are RANDOM. > > That isn't a matter of ``abstract hacker satisfaction''. That's a very > strong security requirement: how do you *know* that your keys are > random? > > Tim May suggested using Blum-Blum-Shub. Fine -- but how are you going > to seed it? That's why I want real random numbers -- as a seed to > Blum-Blum-Shub or quintuple IDEA or MD5 composed with SHS' or whatever. > I probably wouldn't use the random numbers in raw form, though -- and > no one else does, either; the real random number generators I've seen > all incorporate some sort of scrambling function. My point, not shown above, was not that a good RNG based on physical sources isn't needed. I would in fact buy one, if only for playing with it, if it was cheap enough (the $25 numbers sounded reasonable). Rather, my main point was that we've seen this proposal for a RNG dongle at least 4 or 5 times before. Sort of like the t-shirt proposals, except with t-shirts the problems are simpler, the pathway clearer, and eventually someone goes ahead and starts the process and t-shirts come out the other end. With crypto dongles discussed here over the past year and a half, there is typically a flurry of "wouldn't it be nice" and "it ought to be easy to reverse bias a diode" and "what about alpha particles?" posts and "why doesn't someone do it?" messages, and, then.....silence. Until the next flurry, of course. I have not called for a cheap RNG, so I am not obligated to put up or shut up. For those who have claimed it ought to be easy, here's your chance! (I worry less about random numbers because I believe an attack on one's PGP messages is much, much likelier to come from inadvertent revealing of one's key and passphrase, through the usual means, than through an attack based on the nonmaximal entropy of the random numbers generated. But if better random numbers are essentially free... Of course, there's then the possibility that one's RNG dongle is actually generating nonrandom bits--maybe NIST and NSA can license RNGs and sell "Ripper" chips?) I'll commit right now to paying $25 for a serial port dongle that "looks like" a standard serial port device (a modem, for example, looking like a modem hooked up at 19,200 or better to the Cosmic Random Number). It won't even have to have drivers to talk to it...I'll buy the dongle first and worry about that later. (The dongle must meet certain basic requirements, such as outputting bits of the right amplitude. No RS-232 connectors with 1K resistors soldered across the pins, please.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Mon May 2 11:25:25 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 2 May 94 11:25:25 PDT Subject: Lobbying/Politics/etc. In-Reply-To: <9405021600.AA10139@Central.KeyWest.MPGN.COM> Message-ID: <9405021724.AA26839@ah.com> > How did Eric Hughes and Phil Karn get to speak the immortal words > that DO represent the entire group? When did this happen? You should tell me, I'd like to know. I represent myself as cypherpunks founder, or cypherpunks list maintainer. > Agreed. Money can be better used elsewhere, IMO, but if folks > do end up in the public eye it would be nice to have some > concrete definitions the public can use to judge the comments > made by those high-visibility people. cypherpunks: (n) an Internet mailing list about implementations of cryptography. Cypherpunks is a venue for those who believe in the free and widespread use of cryptography; it focuses especially on the social effects of such deployment. Eric From root at lorax.mv.com Mon May 2 04:28:56 1994 From: root at lorax.mv.com (Cal Page) Date: Mon, 2 May 1994 11:28:56 GMT Subject: Timestamp Server Available Message-ID: ------------------------------------------------------------------------ This is the help file for the Time Stamp Server at timestamp at lorax.mv.com. (192.80.84.247) ------------------------------------------------------------------------ This text was taken from the public-key-server at martingy.ai.mit.edu and modified with lorax specific information. Time Stamp server software written by Cal Page For questions or comments regarding this time stamp server site, contact root at lorax.mv.com. Current version: $Revision:$ $Date:$ NOTE! This service is provided to facilitate public-key cryptography for demonstration and educational purposes. It is the responsibility of users of public-key cryptography to ensure that their activities conform to legal requirements. ------------------------------------------------------------------------------ Question: What is a Time Stamp Server? A time stamp server just echoes back what you send it, except that the date and time are added to the message. Further, pgp is used to 'sign' the message before it is sent back. Question: How do I use the Time Stamp Server? Just send mail to 'timestamp at lorax.mv.com' and you will get back a time stamped message. Question: Who signs the returned message? It is signed by "Time S. Tamp ". Mr. Tamp has also registered his public key with the public key server at public-key-server at martingy.ai.mit.edu. Question: What commands does the server accept? If you put 'help' in the subject, you get back this signed message along with whatever else you sent. Question: Is Mr. Tamp's private key available? No. Question: Does this author believe that the PGP/IDEA/RSA method of timestamping has been broken by someone? Yes. The server is experimental, and as the introduction says, it's for research, demonstraton, and educational purposes. Question: What privacy is there for any message I send Mr. Tamp? None! If you want something sensative stamped, just encrypt it before you send it here. I reserve the right to republish none, any, or all of it, to anyone, for any purpose, at any time, anything that is sent. Further, I can do anything with the mailing list, short of selling it to someone. Don't send any government stuff either. I don't want any classified information showing up on this system, as I want nothing to do with it. Question: How do I verify a message received from Mr. Tamp? Just extract the message to a file, and do: "pgp message" Make sure you have loaded an update into your public key ring first, that contains Mr. Tamp's public key, ie: the key for: "Time S. Tamp ". Question: How can I be sure no one spoofed an entry from Mr. Tamp? You can't. I would be open to suggestions here. Question: I send a 'help' message, but I don't get a reply? Right now, the server wants a valid Reply-To: or From: field in the message header that contains either a '<' '>' pair or a '@' character. If your fields don't have either, it will just dump the message. Further, this is a Linux node, running 0.99.14, and it sometimes can't reply to some addresses, for various reasons. Sorry. Question: Why don't you run PGP 2.4 from Viacrypt? I tried, but they did not have a Linux version. They wanted me to convert their code under NDA, AND pay them $300, something I was unwilling to do. Anyway, I don't charge for any of this. Question: What is the 'Sequence Number:' after the signature? This is the incrementing sequence number of your mail message. Question: What is the 'emd5 =' string? This is an encrypted md5 signature of the signed message. The 'Sequence Number' is used to index into a one-time-pad that is xor'ed with the md5 for the message. Quesiton: Is the one-time-pad data available? No. -- Cal Page | Pri: root at lorax.MV.COM compuPage, Inc. | Other: cpage at mv.mv.com Brookline, NH. 03033 | 76535.1373 at Compuserve.COM finger -l cpage at mv.MV.COM = C4 80 8E 06 1F 4E 69 2F 2C 2C 65 72 72 EA 5D AC ----- END INCLUDED FILE ----- -- Michael Brandt Handler Philadelphia, PA PGP v2.6 public key on request From werner at mc.ab.com Mon May 2 11:37:42 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Mon, 2 May 94 11:37:42 PDT Subject: The American money capture Message-ID: <9405021837.AA14710@werner.mc.ab.com> >Date: Mon, 2 May 94 10:35:54 -0700 >From: hughes at ah.com (Eric Hughes) >The Great Depression was pretty clearly caused by deflation in the >money supply. To quote Milton Friedman: > > "All told, from July 1929 to March 1933, the money stock in > the United States fell by one-third [...]" > Capitalism and Freedom, p. 50 On this subject (really from the original post about money), I have several times tried to convince people that the Federal Reserve Bank is a private deal. I don't know where I got this impression, but no one will believe me. Are there some conspicuous facts that I could quote in support of this position? Or, perhaps, an easily obtained and authoritative document which explains just what the heck the Fed really is? I know the head is apppointed by the US gov, but my impression was that the rest of it was just a consortium of bankers to whom the national debt is owed. thanks, tw From perry at snark.imsi.com Mon May 2 12:04:23 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 2 May 94 12:04:23 PDT Subject: The American money capture In-Reply-To: <9405021837.AA14710@werner.mc.ab.com> Message-ID: <9405021903.AA26802@snark.imsi.com> None of this is a cypherpunk topic and I don't intend to post after this on the topic. werner at mc.ab.com says: > On this subject (really from the original post about money), I have several > times tried to convince people that the Federal Reserve Bank is a private > deal. I don't know where I got this impression, but no one will believe > me. Thats because it isn't true. > Are there some conspicuous facts that I could quote in support of this > position? No. > Or, perhaps, an easily obtained and authoritative document which > explains just what the heck the Fed really is? The Fed is pretty easy to understand. Although its set up to be quasi-independant, it more or less the government body that regulates the banking industry and controls the money supply. It does this by setting the discount rate (fairly small importance), by open-market purchases of treasury securities, by making deposits in member banks, and by altering the reserve requirements of U.S. banks. The Fed also is supposed to act as "lender of last resort" in order to stop banking panics by loaning money in extreme situtations to member banks. Technically, its not part of the government the way Amtrak, the Resolution Trust Company, and other quasi-independant bodies aren't part of the government. However, this is largely just an illusion. Its as much a part of the government as the post office. Its just a central bank, like every other central bank in most respects. Central banks are very bad things in my opinion, however, they aren't some evil conspiracy of the Illuminati, conspiring in the back room to take over the world. The Fed earns no "profits". It has no "shareholders". Its not a "bank" in the conventional sense. > I know the head is apppointed by the US gov, but my impression was that the > rest of it was just a consortium of bankers to whom the national debt is > owed. The national debt isn't owed to "bankers". Its owed to the holders of U.S. government bonds. This includes everyone who's ever bought a savings bond, lots of individuals, pension plans, money market funds, insurance companies, corporations, banks, and lots of others. Besides, if the debt was owed to "bankers", that would just be shorthand for saying that the beneficial owner of the debt securities would be the depositors of the bank, meaning the public at large. Perry From blancw at microsoft.com Mon May 2 12:26:34 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 2 May 94 12:26:34 PDT Subject: The American money capture Message-ID: <9405021827.AA14132@netmail2.microsoft.com> From: Hal Finney & Eric Hughes >(Today, with our experiences of inflation in the 1970's and 1980's, it is hard >for us to appreciate the problems with deflation. But I think deflation was >much worse. The Great Depression was pretty clearly caused by deflation in the money supply. To quote Milton Friedman: "All told, from July 1929 to March 1933, the money stock in the United States fell by one-third [...]" Capitalism and Freedom, p. 50 .................................................... Would it be too complex and lengthy an explanation to provide to say how the money supply is decided in the first place; that is, how an appropriate amount of it is calculated initially? Is this in reference to the gold or other backing which gives each dollar its monetary value? Blanc From unicorn at access.digex.net Mon May 2 12:45:48 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 2 May 94 12:45:48 PDT Subject: Detweiler Message-ID: <199405021945.AA10671@access3.digex.net> -> Frederic Halper says: > If Detweiler is a big nut. Why was he involved in the > implementation of MacPGP along with people like Atkins and Finney? He wasn't. He did do some testing. Perry <- Interesting, but not about politics. From unicorn at access.digex.net Mon May 2 12:47:33 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 2 May 94 12:47:33 PDT Subject: So, what are we going to do? Message-ID: <199405021947.AA10790@access3.digex.net> -> "Jim Sewell" says: > A friend of mine that repaired computers said he ran across an > old disk drive that was used in WWII. There were no disk drives in WWII. There were barely computers. Hell, there was barely magnetic audio storage -- on steel wire! <- Stunning, but not about politics or cryptography. From perry at snark.imsi.com Mon May 2 13:07:25 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 2 May 94 13:07:25 PDT Subject: The American money capture In-Reply-To: <9405021827.AA14132@netmail2.microsoft.com> Message-ID: <9405022007.AA26923@snark.imsi.com> Blanc Weber says: > Would it be too complex and lengthy an explanation to provide to say > how the money supply is decided in the first place; that is, how an > appropriate amount of it is calculated initially? Is this in reference > to the gold or other backing which gives each dollar its monetary value? The explanation would certainly be of interest to some, but I would suggest asking on sci.econ, rather than here on cypherpunks. I don't want to sound like a wet blanket, but there ARE forums for discussing this sort of thing. Hell, I'll happily answer the question, too, if asked -- in PRIVATE email. Perry From hughes at ah.com Mon May 2 13:52:18 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 2 May 94 13:52:18 PDT Subject: The American money capture In-Reply-To: <9405021903.AA26802@snark.imsi.com> Message-ID: <9405022049.AA27273@ah.com> >The Fed is pretty easy to understand. Although its set up to be >quasi-independant, it more or less the government body that regulates >the banking industry and controls the money supply. I have the opportunity of a group meeting with some of the SF Fed operations staff a couple of weeks ago. Their words: "The Fed is in the government but not of the government" Other tidbits: -- The new Fed funds transfer system will continue to use DES, and will not be using Clipper. -- The Fed wants to get rid of paper checks. The check subsidy from the float is enormous. The purpose of the Expedited Funds Transfer Act (mandated two day clearing of checks over $2500, among other things) was to start squeezing the float out of the checking system. Eric From hfinney at shell.portal.com Mon May 2 13:54:31 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 2 May 94 13:54:31 PDT Subject: the value of money Message-ID: <199405022055.NAA29272@jobe.shell.portal.com> Blanc Weber asks about the size of the money supply. Uni points out that nobody paid him any Tacky Tokens for his list of state policies re ID's. Somebody else also mentioned that nobody paid him any Tacky Tokens for some .gif. It appears that the Magic Money/Tacky Token experiment is not succeeding in producing an informal digital currency. People have offered services in exchange for this money but have had no takers. It may be that there is not much demand for their services, and the lack of offers simply re- flects that. OTOH it could be a money-supply problem: there may not be enough Tacky Tokens "in circulation" to allow them to be used as money. (There may also be some problems in advertising these services. I recall Uni's post offering his list in exchange for Tokens. He didn't explain what the list was, just mentioned that it was about ID's. I didn't remember what he was talking about until he posted the complete list here. Similarly, the recent complaint about nobody paying for a .gif didn't include any information about what the .gif was! Folks, if you want to sell something, make sure people know what you're selling.) I think it would be interesting and helpful to our cause if reports about Cypherpunks were able to say something like, "An informal form of 'digital cash', based on cryptography and providing complete anonymity, has been used experimentally within the group to buy and sell information and other services. Based on the success of these experiments, plans are being developed for more widespread deployment of this 'crypto cash'." Why don't we brainstorm a bit to see if we could come up with a way to take this digital cash software and do something useful and interesting with it. It seems like too good an opportunity to just let it sit there and do nothing. I know there has been some abstract discussion about cash systems in the past, but now we have something concrete and we should be to discuss it more specifically. Hal From mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu Mon May 2 14:02:58 1994 From: mg5n+ea2uj7war2ufizqiqrdidkaii9mfkcwjze6q910g3a6 at andrew.cmu.edu (Anonymous) Date: Mon, 2 May 94 14:02:58 PDT Subject: WSJ article on PGP In-Reply-To: <9405021414.AA09520@Central.KeyWest.MPGN.COM> Message-ID: Phil Karn Wrote: > Anybody know if the WSJ accepts letters to the editor by fax or email? > I've drafted the following letter to the editor, but I couldn't find > anything but a snail mail address in today's paper. > > I *did* send a copy to Mr. Bulkeley's MCI mail address, so please > do NOT forward it to him again...Phil What's his MCImail address? Perhaps some cypherpunks could share with him their comments on the article, which have been posted to the list. (Don't tell him where you got the article tho!) From lassie!jim%lassie at netcom.com Mon May 2 14:23:30 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Mon, 2 May 94 14:23:30 PDT Subject: PC-Expo Message-ID: <148@lassie.lassie.uucp> passes. I think handing out floppy disks is NOT a very cost efficient scheme. It makes more sense to spend the money on xeroxing flyers explaining to people what encryption is, why it's important and how they can get the tools for themselves. Very people are going to load up a program from a disk that some stranger gave them. You'll also likely get thrown out of Javitts. I think that uploading to a local BBS is a bueno idea. I downloaded all PGP and shell programs from Internet and then uploaded them to a local BBS. I then put a classified add in the local Mensa paper (monthly) and gave phone number, description and asked that if anyone downloaded the files to upload a copy to their favorite BBS. In Haydukes book "Get Even" they called this the multiplier effect. Although the add costs me nothing and they circulation is only around 900 or so issues there is a good chance the software will travel to another 25 or so boards. I am also condidering taking out an add in the Arizona Republic (circulation aloat) and offering PGP !!!!FREE!!!! to anyone that calls my friends BBS. That should make him happy and should also spread the program to thousands of non Internet users. The cost to me is about $25 but the satisfaction is imense. Hayduke is right about the multiplier effect, just like I said about faxes earlier. If all members of this group fax to their non-long-distance government representatives then we can get the word out effectivly stronger than any other group. The ol' multiplier effect on the good ol' cypherpunks group. several hundred times 6 is 1200 messages from one letter. I think this is good. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From PMARKS at VAX1.UMKC.EDU Mon May 2 14:38:38 1994 From: PMARKS at VAX1.UMKC.EDU (PMARKS at VAX1.UMKC.EDU) Date: Mon, 2 May 94 14:38:38 PDT Subject: Security Consult. Needed Message-ID: <01HBVBIMU3XU8WZHFU@VAX1.UMKC.EDU> Concerning the following, Duncan Frissell makes an excellent point we should all consider seriously: **************************************************************************** One of the city's largest bookies was busted when the Feds intercepted the daily fax transmissions summarizing business results sent from his NY office to his Florida home. A major cocaine dealer is facing prosecution based on written transaction records seized at his office. His simple code was broken by a "known plaintext attack" when investigators were able to match his written notations with transaction information derived from wiretaps. Can't anyone help these people? Maybe 178th Street needs PGP and Secure Drive more than the PC Expo. **************************************************************************** You are absolutely correct! For too long, licensed Attourneys and Certified Public Accountants have been making comfortable careers representing clients from the, shall we say, "underworld." It is time for cryptographic experts to be recognized as the true professionals they are and proudly join the ranks of other professionals who represent thieves, extortionists, junkies, drug dealers, embezzelers, etc. Oh yes, I almost forgot. Once Clipper is the law of the land, Congressmen will no doubt want to keep their private files safe from the snooping eyes of their political enemies. So they will need crypto-consultants to find "creative ways" to work around the very regulations they stood by and permitted to go into effect. I can hear them rationalizing now, "that is an Executive Branch rule that the Legislative Branch is not bound by." Who will be laughing then? From PMARKS at VAX1.UMKC.EDU Mon May 2 14:38:49 1994 From: PMARKS at VAX1.UMKC.EDU (PMARKS at VAX1.UMKC.EDU) Date: Mon, 2 May 94 14:38:49 PDT Subject: Useful Ways to Fight Crime Message-ID: <01HBVC6RWS948WZHFU@VAX1.UMKC.EDU> This gave me another warped idea: *********************************************************************** > Without e-mail encryption, widespread surveillance would be easier. In > theory, CIA, FBI and police computers could tap telephone cables and look > for key words such as "missile" or "bomb" to find people who needed closer > watching. Mr. Zimmermann says: "This is analogous to drift-net fishing." *********************************************************************** Why don't we just outlaw curtains and window blinds? That way, law enforcement officials could just drive down the street looking into windows! It would make it *much* easier for them to tell if crime was being committed. Of course, some people might not like the loss of privacy but the civil libertarians are making too much of this anyway. Besides, law abiding citizens should have nothing to hide, right? So why should they object? Oh, e-mail is differnt altogether? So. When did you start mailing all your letters in clear envelopes? From mg5n+ at andrew.cmu.edu Mon May 2 14:39:36 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 2 May 94 14:39:36 PDT Subject: WSJ article on PGP In-Reply-To: Message-ID: <8hlL_Tu00awT8=QEYc@andrew.cmu.edu> Anonymous at andrew.cmu.edu writes: > What's his MCImail address? Perhaps some cypherpunks could share > with him their comments on the article, which have been posted to > the list. (Don't tell him where you got the article tho!) I think it's: 6095475 at mcimail.com (William Bulkeley) From pcw at access.digex.net Mon May 2 14:42:38 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 2 May 94 14:42:38 PDT Subject: WSJ article on PGP Message-ID: <199405022142.AA18911@access3.digex.net> >Phil Karn Wrote: > >> Anybody know if the WSJ accepts letters to the editor by fax or email? >> I've drafted the following letter to the editor, but I couldn't find >> anything but a snail mail address in today's paper. >> >> I *did* send a copy to Mr. Bulkeley's MCI mail address, so please >> do NOT forward it to him again...Phil > >What's his MCImail address? Perhaps some cypherpunks could share with >him their comments on the article, which have been posted to the list. >(Don't tell him where you got the article tho!) Editorial Page Fax number is: 212 416 2658 This is probably not Bulkely's number. I believe he works out of the Washington office. From mech at eff.org Mon May 2 14:51:59 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 2 May 94 14:51:59 PDT Subject: Update - Congressional Hearings on Clipper and Digital Telephony Message-ID: <199405022150.RAA05370@eff.org> Subject: Update - Congressional Hearings on Clipper and Digital Telephony ------------------------------------------------------------------------- Congressional hearings on the Administration's Clipper/Skipjack initiative, and the FBI's draft Digital Telephony surveillance bill, and their implications for privacy and First Amendment rights, are to be held May 3, 1994. Sen. Patrick Leahy (D-VT), of the Senate Judiciary's Technology and the Law Subcommittee, has expressed skepticism of the Clipper encryption scheme, and has called for hearings to examine the problems of this proposal and its implementation. This effort is due in part to all of you who responded to EFF's grassroots campaign to raise fundamental questions about security and free speech issues in relation to the White House proposal. The Senate hearing will be held on May 3, 1994, 9:30am EDT, Hart Building Rm. 216, and should feature testimony from Trusted Information Systems' Steve Walker, Whitfield Diffie of Sun Microsystems, Asst. Atty. Gen. Jo Ann Harris (Justice Dept., Criminal Div.), NSA Director Adm. Mike McConnell, and Raymond G. Kammer, NIST Dep. Dir. For more information, contact Senate staffers at the Senate Judiciary Committee: +1 202 224 3406 (voice), +1 202 224 9516 (fax) Note: this is the full Committee's fax, so address faxes to "Technology and the Law Subcommittee" or delivery may be delayed. Following the Senate Hearings, the House Science, Space and Technology Subcommittee on Technology, Evironment and Aviation will be holding a hearing to address related civil liberties issues of both the Clipper scheme and the FBI "Digital Telephony" proposal, which so far remains unsponsored. The hearing will be chaired by Rep. Tim Valentine (D-NC), and is scheduled for May 3, 1994, 1pm EDT, Rayburn Building Rm. 2318. Witnesses will include Dep. Dir. Raymond G. Kammer of NIST, NSA's Dr. Clinton Brooks, representatives from industry in a panel that will include USTA and TIA, expert witnesses Dr. Dorothy Denning and Dr. David Farber, EFF's Jerry Berman on behalf of DPSWG, Chmn. Willis Ware of the Congress/NIST System Security and Privacy Advisory Board, and in a last moment change, the FBI will be represented after all, by James Kallstrom. The House hearing is being held "to review the Administration's policies and legislative proposals dealing with electronic survellance, privacy and security, ...the adequacy of the Computer Security Act in protecting goverment computer systems", and "the Administration's proposed Digital Telephony legislation and decision to promulgate a voluntary federal encryption standard". Futher information can be provided by the staff of the Subcommittee at +1 202 225 9662 (voice), +1 202 225 7815 (fax) Senate Technology and the Law Subcommittee Members ================================================== (Subcommittee of Judiciary Committee) Subcommittee phone: +1 202 224 9516 Subcommittee fax: +1 202 224 3406 NOTE: this is actually the Committee fax, so be sure to address it to the Subcommittee, or delivery may be delayed. p st name phone fax ___________________________________________________________________________ D VT Leahy, Patrick J. 1-202-224-4242 na Subcmte Chair R SD Pressler, Larry 1-202-224-5842 1-202-224-1630 D WI Kohl, Herbert H. 1-202-224-5653 1-202-224-9787 D CA Feinstein, Diane 1-202-224-3841 1-202-228-3954 R PA Specter, Arlen 1-202-224-4254 na House Technology, Environment & Aviation Subcommittee Members ============================================================= (Subcommittee of Science, Space and Technology Committee) Subcommittee phone: +1 202 225 9662 Subcommittee fax: +1 202 225 7815 p st name phone fax ___________________________________________________________________________ D NC Valentine, Tim 1-202-225-4531 1-202-225-1539 Subcmte Chair D KS Glickman, Daniel 1-202-225-6216 pvt D TX Geren, Peter 1-202-225-5071 1-202-225-2786 D IN Roemer, Timothy 1-202-225-3915 1-202-225-6798 D NH Swett, Richard N. 1-202-225-5206 1-202-225-0046 D NJ Klein, Herbert C. 1-202-225-5751 1-202-226-2273 D PA McHale, Paul 1-202-225-6411 1-202-225-5320 D CA Harman, Jane 1-202-225-8220 1-202-226-0684 D GA Johnson, Don 1-202-225-4101 1-202-226-1466 D AZ Coppersmith, Sam 1-202-225-2635 1-202-225-2607 D CA Eshoo, Anna G. 1-202-225-8104 pvt D WA Inslee, Jay 1-202-225-5816 1-202-226-1137 D TX Johnson, Eddie Bernice 1-202-225-8885 1-202-226-1477 D MN Minge, David 1-202-225-2331 pvt D GA Deal, Nathan 1-202-225-5211 1-202-225-8272 D CA Becerra, Xavier 1-202-225-6235 1-202-225-2202 D NJ Torricelli, Robert 1-202-224-5061 1-202-225-0843 D FL Bacchus, James 1-202-225-3671 1-202-225-9039 D WI Barca, Peter W. 1-202-225-3031 pvt D CA Brown Jr., George E. 1-202-225-6161 1-202-225-8671 ex officio R FL Lewis, Thomas 1-202-225-5792 1-202-225-1860 R MD Morella, Constance 1-202-225-5341 1-202-225-1389 R CA Calvert, Ken 1-202-225-1986 pvt R MI Smith, Nick 1-202-225-6276 pvt R MN Grams, Rod 1-202-225-2271 1-202-225-9802 R GA Linder, John 1-202-225-4272 1-202-226-4696 R MA Blute, Peter I. 1-202-225-6101 1-202-225-2217 R MD Bartlett, Roscoe G. 1-202-225-2721 1-202-225-2193 R CA Rohrabacher, Dana 1-202-225-2415 1-202-225-7067 R NJ Zimmer, Richard A. 1-202-225-5801 1-202-225-9181 R OH Hoke, Martin R. 1-202-225-5871 1-202-226-0994 R CA Royce, Ed 1-202-225-4111 1-202-226-0335 R PA Walker, Robert S. 1-202-225-2411 pvt -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From jamiel at sybase.com Mon May 2 15:16:03 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 2 May 94 15:16:03 PDT Subject: the value of money Message-ID: <9405022119.AA06293@ralph.sybgate.sybase.com> At 1:55 PM 05/02/94 -0700, Hal wrote: >It appears that the Magic Money/Tacky Token experiment is not succeeding >in producing an informal digital currency. People have offered services >in exchange for this money but have had no takers. It may be that there >is not much demand for their services, and the lack of offers simply re- >flects that. OTOH it could be a money-supply problem: there may not be >enough Tacky Tokens "in circulation" to allow them to be used as money. For us relative newcomers- whatsa Tacky Token? >Hal From epic at cpsr.org Mon May 2 15:21:08 1994 From: epic at cpsr.org (Dave Banisar) Date: Mon, 2 May 94 15:21:08 PDT Subject: The Great Clipper Debate 5/9/94 Message-ID: <9405021817.AA02259@Hacker2.cpsr.digex.net> The Great Clipper Debate: National Security or National Surveillance? Sponsored by: The Georgetown University Law Center Space Law Group and Communications Law Forum In Coordination with: The George Washington University Institute for Computer and Telecommunications Systems Policy, the Association for Computing Machinery Special Interest Group for Computers and Society, and the American Bar Association Criminal Justice Section. Date and Time: May 9, 1994, at 7:30 p.m. Place: The Georgetown University Law Center(Moot Court Room) 600 New Jersey Avenue, N.W., Washington, D.C. The Administration, through the Department of Justice and the National Security Agency, has proposed a standard encryption algorithm for both the public and commercial marketplace, with the goal of making this algorithm the method of choice for persons wishing to encode their telephone and other voice and data communications. The FBI and the NSA are concerned that the increasing availability, and affordability, of encryption mechanisms will make it difficult and in some cases impossible for law enforcement and intelligence agencies to tap into and to understand the communications of criminals and other pertinent groups. This proposal has become known as the "Clipper Chip," in that it would be implemented by the voluntary insertion of a computer chip into telephone, fax machine, and other communications systems. The Clipper Chip has generated considerable controversy. Opposing it are various civil libertarian groups, as well as telecommunications companies, software and hardware manufacturers, and trade associations. The debate has raged behind closed doors, and openly in the press. On Monday, May 9, at the Georgetown University Law School, a round table debate will take place on this controversy. The participants represent both sides of the issue, and are illustrative of the various groups which have taken a stand. The participants are: Dorothy Denning, Chairperson of the Computer Science Department of Georgetown University Michael Godwin, Legal Counsel of the Electronic Frontier Foundation; Geoffrey Greiveldinger, Special Counsel to the Narcotic and Dangerous Drug Section of the U.S. Department of Justice; Michael Nelson, of the Office of Science and Technology Policy of the White House; Marc Rotenberg, Director of the Electronic Privacy Information Center; and Stephen Walker, President of Trusted Information Systems, Inc., and a former cryptographer with the National Security Agency In addition, there will be two moderators: Dr. Lance Hoffman, Professor of Electrical Engineering and Computer Science at The George Washington University, and Andrew Grosso, a former federal prosecutor who is now an attorney in private practice in the District of Columbia. The program will last approximately two and one half hours, and will be divided into two parts. The first half will offer the panel the opportunity to respond to questions which have been submitted to the participants beforehand; the second will present the panel with questions from the audience. There is no charge for this program, and members of the public are encouraged to attend. Reservations are requested in advance, and should be directed to one of the following individuals: - C. Dianne Martin, Associate Professor, Department of Electrical Engineering and Computer Science, The George Washington University, Phillips Hall, Room 624-C, Washington, D.C. 20052; telephone: (202) 994-8238; E mail: diannem at seas.gwu.edu - Sherrill Klein, Staff Director, ABA Criminal Justice Section,1800 M Street, N.W., Washington, D.C. 20036; telephone: (202) 331-2624; fax: (202) 331-2220 - Francis L. Young, Young & Jatlow, 2300 N Street, N.W., Suite 600, Washington, D.C. 20037; telephone: (202) 663-9080; fax: (202) 331-8001 Questions for the panelists should be submitted, in writing, to one of the moderators: - Lance Hoffman, Professor, Department of Electrical Engineering and Computer Science, The George Washington University, Washington, D.C. 20052; fax: (202) 994-0227; E mail: ictsp at seas.gwu.edu - Andrew Grosso, 2300 N Street, N.W., Suite 600, Washington, D.C., 20037; fax: (202) 663-9042; E mail: agrosso at acm.org PLEASE POST From adam at bwh.harvard.edu Mon May 2 15:38:55 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 2 May 94 15:38:55 PDT Subject: the value of money In-Reply-To: <199405022055.NAA29272@jobe.shell.portal.com> Message-ID: <199405022238.SAA07896@miles.bwh.harvard.edu> You wrote: | Blanc Weber asks about the size of the money supply. Uni points out that | nobody paid him any Tacky Tokens for his list of state policies re ID's. | Somebody else also mentioned that nobody paid him any Tacky Tokens for | some .gif. | | It appears that the Magic Money/Tacky Token experiment is not succeeding | in producing an informal digital currency. People have offered services | in exchange for this money but have had no takers. It may be that there | is not much demand for their services, and the lack of offers simply re- | flects that. OTOH it could be a money-supply problem: there may not be | enough Tacky Tokens "in circulation" to allow them to be used as money. I think that this problem might well go back to the ease of use problem. I spend a lot of my time reading bad documentation. I really don't enjoy reading bad documentation. I want a money supply/remail service/mail privacy system that is as easy to use as those things I use every day. Or I want a strong incentive to use the system. For example, I do go through the hassle of using PGP to discuss things from time to time, but not often. If I could buy real things with tacky tokens, I might use them. (Maybe someone could sell copies of Applied Crypto, or the associated source disks, or even neat freebies (like Cray mouse pads) as a way of generating a demand for the tokens.) To make it worthwhile, there need to be enough tokens in circulation that someone saving up for something doesn't prevent other people from saving up tokens, but at the same time, there shouldn't be so many that they are valueless. Perhaps the next person selling t-shirts could offer a discount in exchange for tokens? Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From anon1df3 at nyx10.cs.du.edu Mon May 2 16:08:45 1994 From: anon1df3 at nyx10.cs.du.edu (anon1df3 at nyx10.cs.du.edu) Date: Mon, 2 May 94 16:08:45 PDT Subject: RJR and the supression of research Message-ID: <9405022306.AA02347@nyx10.cs.du.edu> This may be a little bit off topic for the list, but because it deals with secrecy and information generated through research, I thought that maybe you might be interested. Late last night on CSPAN they rebroadcast a House sub-committee hearing from last Thursday on cigarettes. Two former RJR scientists testified about the work they had done, which strongly suggested that nicotine was highly addictive. As many of you might know, RJR management has always denied that anything in cigarette smoke is addictive. The two researchers testified that top RJR management had been informed about their work, and the picture they painted of the interactions between the science people and management makes it pretty clear that RJR management not only knew about the work, they understood and accepted it as well. The company's claims that nicotine is not addictive is sort of hard to swallow given the fact that they were conducting research which was intended to develop other analogue substances which would look like nicotine to the neural receptors in the brain, but which wouldn't put so much stress on the heart. Apparently, such substances were discovered, but the company elected not to pursue further research. This decision was made in the face of over 150,000 deaths each year due to smoking induced heart-attacks in the US alone. The reason I'm writing about this here, on the CP list, is that RJR suppressed the information. The research itself was conducted in a secretive manner (animals were moved into the buildings under the cover of darkness, visitors were not allowed in the facility, etc.). What's more, the scientists involved signed contracts which prevented them from disclosing their work to anyone outside of the company. Those contracts are not unusual in the corporate world, but the researchers claimed that it was highly unusual, unheard of even, for the company to bury the information permanently. According to the researchers, it is considered legitimate to withhold information temporarily, in order to establish a market ahead of competitors, or for other market based reasons. It is not considered to be legitimate to use the contracts to suppress research because the company doesn't like the results of it. After the lab was closed by RJR, the scientists made attempts to publish their work despite the contracts they had signed. In each instance, the journals and the scientists were threatened with law suits, and the journals pulled the plug on the articles. According to the testimony, the work done at RJR during this period (ending in the early 80's) was cutting edge stuff that didn't exist anywhere else. Because RJR suppressed it, other scientists didn't have the opportunity to follow up on it, and millions of people had less information at their disposal when they decided whether or not they ought to smoke. Apparently much of their work still has not been duplicated elsewhere. All of this underscores, I think, the importance of the work that's being done here, on the CP list. It's important for scientists, whistle blowers, or whoever, to be able to distribute information widely and anonymously. Who knows what might have happened if these researchers had had a copy of PGP and a network of remailers at their disposal? From mpj at netcom.com Mon May 2 16:14:39 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Mon, 2 May 94 16:14:39 PDT Subject: FAQ: Where to find PGP (minor update) Message-ID: <199405022315.QAA13310@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 2 May 1994 by Mike Johnson) The latest commercial versions are 2.4 (both Viacrypt and BSAFE versions). The latest freeware Mac version is 2.3 or 2.3a, depending on the variant. The latest Amiga version is 2.3a2 The latest freeware version for all other platforms is 2.3a If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest information I have from them on compiled versions are: MS-DOS 2.4 Unix 2.4 (several different platforms) WinCIM CSNAV 2.4 Mac version expected late this summer. ViaCrypt David A. Barnhart, Product Manager 2104 West Peoria Avenue Phoenix, Arizona 85029 Tel: (602) 944-0773 Fax: (602) 943-2601 E-Mail: 70304.41 at compuserve.com E-Mail: wk01965 at worldlink.com Credit card orders only. (800)536-2664 (8-5 MST M-F) The freeware version of PGP is intended for noncommercial, experimental, and scholarly use. It is available on thousands of BBSes, commercial information services, and Internet anonymous-ftp archive sites on the planet called Earth. This list cannot be comprehensive, but it should give you plenty of pointers to places to find PGP. Although the latest freeware version of PGP was released from outside the USA (New Zealand), it is not supposed to be exported from the USA under a strange law called the International Traffic in Arms Regulations (ITAR). Because of this, please get PGP from a site outside the USA if you are outside of the USA. This data is subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Thanks to Gary Edstrom and Hugh Miller for providing part of this data. FTP sites: soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) Verified: 21-Dec-93 ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ghost.dsi.unimi.it /pub/crypt Verified: 21-Dec-93 ftp.tu-clausthal.de (139.174.2.10) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) black.ox.ac.uk (129.67.1.165) /src/security/pgp23A.zip (MS-DOS executables & docs) /src/security/pgp23srcA.zip (Unix, MS-DOS, VMS, Amiga sources, docs, info on building PGP into mailers, editors, etc.) /src/security/pgp23A.tar.Z (Same as PGP22SRC.ZIP, in Unix tar format) /src/security/macpgp2.3.cpt.hqx (Macintosh version) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) csn.org /mpj/README.MPJ contains variable directory name -- read this first. /mpj/help explains how to get to hidden directory containing PGP /mpj/I_will_not_export/crypto_???????/pgp/ contains current PGP /mpj/I_will_not_export/crypto_???????/pgptools/ contains related tools /mpj/I_will_not_export/crypto_???????/ contains other crypto info. /mpj/public/pgp/ contains PGP shells, faq documentation, etc. ftp.netcom.com /pub/dcosenza -- PGP for several platforms + some shells and steganography utilities. /pub/gbe/pgpfaq.asc -- frequently asked questions answered. /pub/mpj (see README.MPJ -- similar layout to csn.org//mpj) nic.funet.fi (128.214.6.100) /pub/crypt/pgp23A.zip /pub/crypt/pgp23srcA.zip /pub/crypt/pgp23A.tar.Z van-bc.wimsey.bc.ca (192.48.234.1) /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip ftp.uni-kl.de (131.246.9.95) qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) StealthPGP: The Amiga version can be FTP'ed from the Aminet in /pub/aminet/util/crypt/ as StealthPGP1_0.lha. Also, try an archie search for PGP using the command: archie -s pgp23 (DOS Versions) archie -s pgp2.3 (MAC Versions) ftpmail: For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. BBS sites: Colorado Catacombs BBS (Longmont, CO) Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, etc. v.32bis/v.42bis, speeds up to 14,400 baud 8 data bits, 1 stop, no parity Free access, but only one line. If busy or no answer, try again later. Downloads of crypto software are limited to the USA and Canada, but you can download on the first call if you are qualified and you answer the questions truthfully. Log in with your own name, or if someone else already used that, try a variation on your name or pseudonym. (303) 938-9654 (Boulder, Colorado number forwarded to Longmont number) (303) 678-9939 (Longmont, Colorado number) Verified: 5-2-94 Hieroglyphics Voodoo Machine (Colorado) DOS, OS2, and Mac versions. (303) 443-2457 Verified: 5-2-94 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Carrying RIME, Throbnet, Smartnet, and Usenet Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel PGP 2.3A has been posted to the FidoNet Software Distribution Network and should on most if not all Canadian and U.S. nodes carrying SDN software. It has also been posted on almost all of the major private North American BBS systems, thence to countless smaller boards. Consult a list of your local BBSes; most with a sizeable file inventory should carry the program. If you find a version of the PGP package on a BBS or FTP site and it does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. Here is the result of an archie search for "pgp" on 4/27/94. More sites would show up if you performed a case-insensitive search for file names containing "pgp", but such a search takes a long time, and is probably not necessary. Note that archie will not find some sites, like the one at csn.org//mpj properly, due to the export control nonsense, but it does find the directory where the PGP documentation is kept. Host gatekeeper.dec.com Location: /.0/BSD/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 16 23:10 pgp Host hpcsos.col.hp.com Location: /mirrors/.hpib1/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 00:10 pgp Host netcom.com Location: /pub/halliday FILE -rwx------ 212992 Nov 27 20:21 pgp Location: /pub/kevitech FILE -rwxr-xr-x 89643 Dec 3 05:46 pgp Location: /pub/torin DIRECTORY drwx--x--x 4096 Jan 11 18:59 pgp Host quepasa.cs.tu-berlin.de Location: /.4/pub/bsd/386bsd-0.1/unofficial/doc/software FILE -rw-rw-r-- 12121 Feb 2 1993 pgp Host files1zrz.zrz.tu-berlin.de Location: /pub/mail DIRECTORY drwxr-xr-x 1024 Jan 11 1993 pgp Host sun.rz.tu-clausthal.de Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 18:56 pgp Host ftp.uni-kl.de Location: /pub1/unix/security DIRECTORY drwxrwxr-x 512 Feb 24 1993 pgp Host minnie.zdv.uni-mainz.de Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 17:56 pgp Host info1.rus.uni-stuttgart.de Location: /afs/.rus.uni-stuttgart.de/sw/rs_aix32/pgp-2.3/bin FILE -rwxr-xr-x 211318 Aug 23 1993 pgp Host info2.rus.uni-stuttgart.de Location: /afs/rus.uni-stuttgart.de/sw/rs_aix32/pgp-2.3/bin FILE -rwxr-xr-x 211318 Aug 23 1993 pgp Host jhunix.hcf.jhu.edu Location: /pub/public_domain_software/NetBSD/usr/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Jun 9 1993 pgp Host bloom-picayune.mit.edu Location: /pub/usenet-by-hierarchy/alt/security DIRECTORY drwxrwxr-x 512 Mar 14 00:17 pgp Host mintaka.lcs.mit.edu Location: /pub DIRECTORY drwxr-xr-x 512 Jun 18 1993 pgp Host cecelia.media.mit.edu Location: /pub FILE -rw-r--r-- 321424 Nov 30 20:27 pgp Host josquin.media.mit.edu Location: /pub FILE -rw-r--r-- 321424 Nov 30 20:27 pgp Host archive.egr.msu.edu Location: /pub DIRECTORY drwxr-xr-x 512 Mar 9 18:58 pgp Host xanth.cs.odu.edu Location: /pub DIRECTORY drwxrwxr-x 512 Oct 18 00:00 pgp Host arthur.cs.purdue.edu Location: /pub/pcert/tools/unix DIRECTORY drwxr-xr-x 512 Jul 31 1993 pgp Host f.ms.uky.edu Location: /pub2/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Dec 17 02:10 pgp Host dime.cs.umass.edu Location: /pub/rcf/exp/build/pgp-2.3 FILE -rwxr-xr-x 241916 Mar 15 15:42 pgp Location: /pub/rcf/exp/build/pgp-2.3/src FILE -rwxr-xr-x 241916 Mar 15 15:41 pgp Host granuaile.ieunet.ie Location: /ftpmail-cache/ie/tcd/maths/ftp/src/misc DIRECTORY drwxr-xr-x 512 Dec 2 11:43 pgp Host walton.maths.tcd.ie Location: /src/misc DIRECTORY drwxr-xr-x 512 May 30 1993 pgp Location: /src/misc/pgp-2.0/src FILE -rwxr-xr-x 316640 Oct 18 1992 pgp Host cs.huji.ac.il Location: /pub/security DIRECTORY drwxrwxr-x 512 Oct 26 19:26 pgp Host ftp.germany.eu.net Location: /pub/comp/msdos/local/utils DIRECTORY drwxr-xr-x 512 Jul 12 1993 pgp Host csn.org Location: /mpj/public DIRECTORY drwxr-xr-x 512 Mar 14 20:30 pgp Host isy.liu.se Location: /pub/misc DIRECTORY drwxr-xr-x 512 Sep 19 00:00 pgp - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8 39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3 1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o 3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD /3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB 9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd 6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+ =BLg5 - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLcU3XD9nBjyFM+vFAQGgAAQAsTK+7QX/t3YIOhBqGMnyQX4+s6FHVb1K Yr8bnbYOaDDSpM29oJXW5dD+bPe79b27uOAlGIj18Fa1DAiSJN+5W9N22Zi5CfSL fIlpQKWJcEZ8dVFq5kUK/cj1JLkssnim/kxGb7lUthX2WLmC1UHki9ZDVrnNtr7+ MCO8COzlblM= =Mg6j -----END PGP SIGNATURE----- From cdodhner at indirect.com Mon May 2 16:31:19 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Mon, 2 May 94 16:31:19 PDT Subject: the value of money In-Reply-To: <199405022055.NAA29272@jobe.shell.portal.com> Message-ID: Sorry to sound stupid here, but I was off the list for a while and it looks like I missed the whole tackytokens thing... could somebody post a summary? Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From kafka at desert.hacktic.nl Mon May 2 16:50:51 1994 From: kafka at desert.hacktic.nl (-=[ Patrick Oonk ]=-) Date: Mon, 2 May 94 16:50:51 PDT Subject: Another remailer (long) Message-ID: <199405022350.AA00865@xs4all.hacktic.nl> mg5n+ at andrew.cmu.edu (Matthew J Ghio) once said: MG> "Nobody" wrote: MG> MG> > It's gone now and the PGP key has been revoked. I think Mr. Perry MG> > deserves the Guiness world record for having the shortest-lived MG> > remailer! :-| MG> MG> Actually, it's been changed to anon at jpunix.com. It's running the same MG> software as Patrick Oonk's, so the headers come out messed up and you MG> can't chain remailers... :( Maybe if we ask him nicely, he'll put it MG> back. He did revoke the public key, I have no idea why the hell he did MG> that. Could you please tell me what you mean exactly with "the headers come out messed up" ? In the meantime, here's a version that should "really" work :) ======= Unpack this message with pgp -p ====== Remailer for Waffle 1.5 - Cyph3rpunx wr1t3 k0d3! Version 1.5: - "Encrypted: PGP" works now when pasted :) Remail now also works from inside Waffle when you send the recipient encrypted. - -v now gives even more jolly interesting messages Version 1.4 - Cleaned up code (a bit) - Added anonymous id database ('penet') functions - Newsgroups that are not in the usenet file are added to it - Wiping of plaintext PGP output files works now (file was open for reading only) - Do not write EOF (FF) anymore when appending files - Added "Organization:" field - Added "Reply-To:" field - Added "X-Remailer-Software:" field - Added "Remailed by: " header field - Added -v (verbose) argument - Added some error handling :) - Added -penet argument. If given, remail allocates anymous ID's. If not, remail works as a standard cypherpunx remailer. In the next version I will add acknowledgement of allocation of anon ID, ping, help, passwd. Please let me know if you have any suggestions. Please test my remailers: anon at desert.hacktic.nl Penet style remail at desert.hacktic.nl Cypherpunx style Another experimental remailer is anon at vox.hacktic.nl ------ Patrick ------ Public key is the same for both anon at desert and remail at desert: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi2+t1EAAAECALUS6KI7WLBB47y5dDIN+vHAW2XLxu+ELJCNkHLKYxhAr6vY Ku1e9oMry+bHizW8wCt0JPWMlnzZOkhZplIGsqkABRG0O0Rlc2VydCBBbm9ueW1v dXMgUmVtYWlsaW5nIFNlcnZpY2UgPGFub25AZGVzZXJ0LmhhY2t0aWMubmw+iQBV AgUQLb63vZRymF15lPcFAQF88AH/TdqfNlZ2uNH/CpQiy6BneDa0+FJTmBFgy5W+ wcpbsljOFFheH3zz5zA2rkpxIBoy/nd4vQ9kaa6fc1TkVMeBfokAlQIFEC2+t6C+ ZjYIMi0DBQEBT4YD/0NK9fCG8JjE0fS/0SlFshWAGSZxUYREKoQiwo8/ZPEbORHa +a6E8mXOjy7XHVH00S8/1aOO+ji89FFY2aVNqVVDfZI53er9pZAeNSQ1mvD7isor B3IOQ+WeKgXL/IvOEaZro0ZA/FWtry0Ty7RZbPwX4j1TkBTxlRI08e2dG7YI =MfIT -----END PGP PUBLIC KEY BLOCK----- My Public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz8ExIAAAEEAMCOBYWuMLd+bWGzyLIO2Nr+jQOydZ3azOVkRtsz0sgaRmep UoMcAdpfAdDp3QzyQ5yzYfw5xqcFqiTJDaSNd0vncAHpsA2gQl727B1blg4qVlDY 5mNlJUG6CVrAq11eqI0pYIfw/uNlysvt/qKIEh4lK4ShLhBaab5mNggyLQMFAAUR tB9LYWZrYSA8a2Fma2FAZGVzZXJ0LmhhY2t0aWMubmw+iQCVAgUQLacfvwetuen1 9+T9AQGZCAP9GaIbfC+fU3oAhCAZm9aaFtK1DpLlqTrAE4MwzFy+2iIDClDp8xnx I0VG17fciCULngYIDpGvV4X53MswnmM9RWmHkORb9tY/9O5jsvxpkUzszT103TV6 oUJHGE1IpYjzKIXq8OKAT8+j8g2UkHkkpOPH1NS7KI395fyLEnR5ML4= =O2hR -----END PGP PUBLIC KEY BLOCK----- The source, 'doc' and exe (remail.zip): -----BEGIN PGP MESSAGE----- Version: 2.3a rV34YgpyZW1haWwuemlwAAAAAFBLAwQUAAIACADdcKEcHWbiRkUUAADmNAAACgAA AFJFTUFJTC5ET0PtW1tz27iSfmcV/wNKD5tMWdHdsuSaORtK1s3W/Wppcx4gEhJp kQRNkJLo2h+/aICkZCeZ3dozp3Z2d5KpSUwSjUZfPnzdQFQFfqPf+TVFLTRAGuqh /o8+1VyEXepGDg0Z8omDLZv4aEd9tMK7nU1QMVe9lbOoyqqrzVFvxqVNWwOt129N 0b+qinYZZ2KGqEsQ/9FFu9DVA4u698gK0MmybYTDgDo4sHRs2xFMcsK+gbCqOIQx vCcooFybiMt7DQkLiIEM/oflYhCThWno0XL3iA9HlqtTB34wCTaIryo7i9gGQ+Ss Ey9AmVm4fSF6cJ/JgeY9tMWMy3NC3UR0hwKTpPph2woirrZ4qEeeSXwvdA8Xc2QR ZqrCVdF9a8uFWPJTg+qhQ9zgPrFrl55gBSEj4n3zStQ0FsXkl1/+C7/kl9sIdbGN 2pbrkiiLfr2rFO6quWKhUvzK1+/xufwjyfG//g20WNOQa8cCYaAABmPDEBZzEdfU j0C/iIY+yp+Ee/Ms4nZ28twG3D4M7biS3GC9HXyFWOh51A/4UN2PPLCVeGzio3CV 7hMcEITRuDNGByI8KqSrSmK6HAKVsM1oOsoLA2EeDzN2otz/dCdVYoQLDIQgaWFV Ie7R8qkLVkZH7Ft4axOUSYJvrM1mmRz6bO0Qow7ZUiMSEYjRlgQBxASjdihjx+aS HYIOLj39kkscNmvN0bWw3wbRlRYibgLue8bdzLhCWCr+Y6VWWrvdb2WQxZDnEwYv sWuoikctN2CwcBgbJ9Vsrs17TWFt9Jnk9jlQRVWkjN+a99/k377N1rN5a/BNfi71 nnMp2N+LyONL9cl1Vkuzo3/7cvw7/59HXBL8Hf2aOOMLRIuLHSJipSezIHmWuiFN Zr6SDGBDJvvO67H/VGVHbZueILpsyyXgsx8H1f21hiAQ/Tv6Jr/8trXcb3LCHDkT 8TbWDaZMMumTXMqndOHZZKVJDnNLgN9hfE58y30fRNy6l0DsgVOJB58ZOMCAB+hk BaYY9MUyPjG+BFVJ1mAZOWObQ2Bul5y5M49cjnC1ZYBpGDeHcb1oPkBgpElc5Ieu C4bhr1MUOCOHGiSLhiPUH3VmSJu20FNrPE+9+unL8RPaW0fCZPJRB4y6owhvKbf5 CeIvXjaf36B8gqxQWYelcPd5PuX6OSydPrZsggw6dmUqJonrSvkQhlkZ3wKmt/xV EGDd5AvkDidH4kdpShsoBmuZ2pBXVw6E/Ir1Bcel4tGWS0iwSMZLgkQsgB1BfHX/ fSwTH2TcI/0+CRkZXN9Sx/L31wuE8MToUwL/n+RkeBcQX6gktwtAnwCUCeiB++vz /T1k19zkhuX/EeYR3RKblIldI+K2JxL6GHENqXayZcXYKE0l8iLR7F7Ml25tYF6d ApIIb4KhRUphl/LvuB2kxjCI+/T9UD67jkU4ZAFV+BOupWPtzQA5+MC/8LltuBGx i+2IwTsKwGBY8DS0gzQEvkNijARAgXFif4QM8gewPHSk7xI0/pDe/5njpKAfuE6+ kJRiMdM6LRH/PuAa1+tE0Z6/97GNTjhiENjCHbtI+MtMclrmFwv8UCJATmYRsxzP JiwAPwKdMAyx+Z25iZCgCAkUx4EQk4EkqKWQFAMlbdEFpRCcQUgAvGQoM5U05cs0 0efLnN5nJOxnnr9ogCvwJIdmoFSUbn1cKZ/PJ2MCwuqEXflGZDdXcCvwVfAjGVky gH82JeWvriZMPZZEkFxrEjskoV5gwiTjDeqSHEKfmwAmkAYObP1cL1UR0vij2GLC BlnEQEvEQj+NpZgX6dizAu49W2zCTJAnZtKTm/sFPN4FT3NpwisYnCWi57d/8Jeq POCA3KN5SLKoiB6IjuolVCrdF8v3t3foS6FWKKjKQBrkS8+4R7/Wy4VisVCoFss5 TSvclkvlr4waOLcl/oHYJMoRI/ybqrR96twDoSTokRuJZdCvLCRfHaLHvIubHJk7 wdC+MpPYdk6YzobXqpIgEdJSng2+U5Uf+hK9UPI1wJ4cqyqPlKAvKAEmsSfgd3LQ jquHHIjcf9yE3EDAvz1CuVskTsS8FZ1MSzdltLg0AAoObNckTpJlMf8OqAQvGSzs Q35BzJNIwGgO9VwW8K+y8hmAN3VllqiKw53pWxh4fpyvW2pY5CIPdhwuAVHfkOCF dW4y7r4AglI3VUWiDcteYQYAv0+PlkGABnAPmti1mCOIaybeEjJxovssQDtyUhXY QD6uAwmymeomF5tDQBcYQXIELEiCuU7dACqin6Vv/n328nU42DVYzAyk6yE/gdBz pyQ4KHWEYVsbuwe50yU0LlWUSCiIt7R4w8vc83k+A9bq1KYu+4XrHhPC1FKMCHdZ gltJxveDCbOiGnvPBRkKPeESJL8D1WOcURUws2BOyYYjovjagu47SycAxR2n80d8 KABKyEJs888TNDFlNKaj8JYe+Vga2oYcTDzsw7Q7BIl8IrA/ikAGSheHsNSd/wD7 MQ2DPXAs9B5Ec/8/wUpV7u//pJDViqtT7qqWa2JXJ6I2UpWfFtaXMdTNGyQtbgEG 3qVAknchA+lj07Jty1OVjeU4xHew635iKBO6BvH3PuV/ZpAXbm1L/wJF7FXV7Pl0 72MnC5UyX7VmByYN9yb8yCXYZC97EDA/1DzxRrrIzXJCBbKFggVqRdjA6S4AUBFP ifFLFip9/tXJMogdXdUpOED0SHxGMEO7wEPMCgD2uAT+BtzCZQAfBRIn3uUQWvDZ M9jXTYsIVoGBT3F5gAb+0dJFquysmEbYXAEWqArMwpeZVjJXKycXjyTEK7HuBdb4 ejHaYcvn+kv+pionHHF9Wlg3r9iY2IPirkSMTdcTyOIfuhHSDaoCfpCjgBRjg8Rv ckhzozSzY3tLzOBOcHAg4XsrehAJwRfVInyY9Dvojk931SXiZmHpQtNqTWDGnCIm MYo/lw6TmsY6ZC/0L6ZZTsiCmKqbcktRlUwrUeYeBmcAtSQ/tCTHX3jc5j7RieUF Ur0LjAam2Bj5s3gGCd/vXQJoqyo4CIjjiYXE6RGXc3HPLREq84K/snyxmEvzJCXS LLSDZPO8SjWLybImrXpkbDCocmKk56KhioeS/dJ7Ez7K/ZhHJtOELP4rwI8gATmE VgQqTT9IvchlE51ylyWjpWiEenLLeQH7s4/7itj35X4oWAx0maARR6F7ZgV/EJX9 02JtMlNMyKKPtEjmGuw+oA63j2hSpCrZUVYQRK42GFpmLIwXfATy52cUSWzN2Zhn EEO0NlVF0IusjCQQE0CnJpCFSZyIMBVoLnZ9QQfE13FWyyARVW6M8Z1x9pLomS84 gxj/kS9qR7mrNaZbFlADLwyyl/CPUSUBheuUEpQG4FnMHQFJhr6kQ/jMgi4d/qj6 R2xujVanNxS5OGjNoLaOt7ylhOh7VMqVYDqzdWp2qn5Xn9f6wYPe0HYVv+M3dGuQ dx7Nh+nh5dgzR/YCL3qlwX5V7QyP0fkwXuqF9qBcmU5VZbCaL27mhtnRpoMV3ZvR 2qpX817hZszFkP7RwubAeMnXvb2mad1W3nledA0nXL3oE0Ia4VhVhmyLXx5oMdqf D/nCalDSWs+bt7fObD4f13er29PSui1NzstjmR7uZmVjaD/fHBYP1qJ5brzMjJ2q LHYu7dLbvLsvvCyNyX6olesBxd2R1xq0FvrNY3PyHD6f5o83o124ZKzZdher9XPp sDaM/dBvqUrl9eiUT2C+385sacRWbA0ffmDDPzKBMAoiDw5CxDwyoGT3HaEhPWVl YMaZJuJT7ByzELZGEUqiFfVhS+WDG0KOL7ALWpdE1GTIwf5BnsMk6PfdXnK1Kwgm kMS2yM2kX0Y94uOA+lkQn6hCDCvOpKuFZJOzB6nga2gB/046EdAy8KkR6uQPhMz3 KwK5f+XE/6KcEB1uiNr3Af6zakVkSiATA3oOCZAblDDRo/DJkUDFCxuDH5Lrw0RA 6VlIPrFLNxuNXDtSlVOyl6SsM2YtV6ko+IEVQIUMCp5MKrogQuGYiGlMphqFLhv2 o6umZVLeZ5FOfNEXcCwW4AMRxzmidSu+EYQaSJRDoRUhDkXdpK+5o/6eSFb2e4mc lTuyqgg2uSWIWKLZbL2vseMRVsCIvcsC8YeaWXYrfXINGtdYIFsJmCXSPhIpLe5s y8Ukq+QL4N56vwKQCpMkglLKnTL0i2bpUNlnump9XJr8P2QRkkRczXPN7YE5CMc1 Te4RWUsm7+I6/OcVZVJVpmO/W4CI7y1m8dE3Rg5QbNF99olHcBADZaoS/Cy4L7dj m686tm1WVj+MyC4GduODBx1mht755fgB2JLYB2QXIzB9UXISm5A78/arz4VsQyNH SC40oXmQ0ijxnar8TtrNoOWFZRyKKRI2ZQVpDS3J9UWdtDsMmmY/krCkUhBbTLyH xILEDNcnymguTqpwlJXnMiym4uw6pLOIvC8dRV2TFDNQdGZsHBE/84HBZmPUSDYu 0zIMPkcSh4IEBsmZYFy7pssSAfR5blrQ85JiM668yEDcI7GpRzLiFBA6V1dti0uV ZjHBCFWFW0C8glLRFdciUhGSCYhWKU4hJF2oaKN6BHRJw/FdxQ3yub3kEmEFqVzL ZZaRHkiBoSkUSdAwiJv5aRRB5/Aq0MQZhgDtmHoA7grVQaK0WDpNbJm4+rqUz7Ie lIiNE+MKjZK7AO/Gy5nSsBBnC734pCLNlivWL87J+Lg4vER5J5Aqe+kQvDs0SQLw Z4nwofKHBmIK8nBocjmagkQBrBNbxg/6A//0qvHnDb+/iNP/AeIUI/y7uleATwzy matQZVQAZgy9sokGnX073eavAvMTu6psZXM+aemkrXWBJyDlf6SM7Z2au+1oGLGV f3M3aGj5wuzmlt30l86ovXvdjc71MjaO5cKIDsfRS6+WH93UtCZ+Pb6sC8fCSFXK xnnyerJnncN+0X5gq9Mp8GdGcO7ju2ZhrnVL0/GpXHmyRwXbnffn3vkwHNBa53Gx fNX6UWWnKo1hddJsrdebXqcaBm9kUziOo9lg/tZevjzu1k/kcPbb3Sg/3L+xdmk+ LkyH9d5j4JbOhbsTXmuqomntukbrz+OH58PrcFwqnVvFUe1YMApDbz0dbodP3rY4 sStspvXzRqHXr75s24PDOb88BFERcwlsWfTqa/8mv74ZPy6to3+w71r510552ijh wrzeNLeF9nxzcNZBx2qYmnP03qrLmfFyHNxud/2zqhy1afvxHI5qo9e7W/tsFhfV SZU2q9H6xtjp5UZtiY8vlfpBrwzb4ayj15+qtD8sr5rVc6NxeG2oynDUwvXO3VF/ 9A/hoFKpuDQ6litH03G3tLqpvZweVk/NdiNqbu7M19bGrDdCu1B8NRunoF0/TVTF qC5bOw/3daMynFu92uo41bvz29NrVNtu7vpR1H7pdt5ue0bj8e2ZBkbVH8/P+c2k 0G9Nip6mq8rGqZUX85vi+GmxmdyV3Op6VQ469c3byl6Un9fjfv785pqV/e3ZaJ3G mqPp+3O+XHmu7pZ9yy91VSW0HrbzyvPoeWlE6/PYnzQ3rX2xVH88LV1t3LW7ZXf2 tDkVakbH2+bxnMzunur9O9o+5e+0R6eqKuWHSljtrSqVm6BvNifcyfmnQ0jx7vZu PHnd+sf2U0O3ndrj82Zi95YvNY3la223+DCcN5vdaVNVfvO33vGfjh6izSDKLXGo SySTFI0Ceb/kunP8o0JDVWTd8Ceq4P+Cg7/g4C84+O+Tias6RHRj5C6P9SAUdeuF X6jKTwtJcdVSDkzqLStIDseM+CDJhYOT7+t8uIX9845PwtTfCVcVK4AWhLjN5kIF 4gpdk+aCbhPsi4OB3zukEC2J5KxA9j5FSSdKt/TUSqeuTrAdt4KwuK0nu7IgCvoc oWvpoppXFYGbcEAjjmDgloTHFbF0y8NwdfdzfFOdD/4lplbvSxpxAUNVLsWhkDML LwVLkPamsmgbCjND88v9FMiLmCeTJhc3uE3gXNDyLNlDimf8UIQldz7im86XaFCV lGPyFWXjVktynifq1J+rQH1rL50iykn4SPTuZInH5PGvR5klbAydYWz5cIVEVG+x FWVzxr+0ShhJPXTdZAmIYcHhl7W7ujIDt42QuGOoKuJIdUug1oTjsoVrnZEINARn jECJuSoQk/G/CLi+xm9bLEg6anyIl/yLBllZxueW6TUg6OZdjuPhxCo9moPzeHCn LI2/mwKO44Gqf7jfISVH8s4nt/RryL9DBLNIhK9Irw9Re2WdnLxxOX53VCU9/9Xg +vpBzsT6IbD0nGujfxHafv/iB3vyeNHo95roqbVGjf6o+fT95lzGMMyZNIaaVboJ ii1N01pNrb+YVZ96d6t+o1G5i26Nh97w5tjVVqXn/jm8afUfm8NDt/+0PpuaXz2u VeUpLJI6HfjRzbZrva1qp2ZQeByvBrb7thkdzI1n9zrs9aA1pp3CqDC19dIyMpqN xtaph2RVPKqK8TzYL5xlsF7ZDK9u3V57aOvuxluXFvtxpx1uS7faprN82zw/FvqO aa5LQQGvBuHWOd1Yk8ZSVbT9YtLfVsvHzTRy2sVbe6y3tUm7VtO6+bnxuhvam1I4 7Oab3sSKqg2XPODCTftx7jTa++h2daMqJ93bMvtl1G6bpFt+e7t900r+wTv3GjTK u0blOKkfMK7u9OL8sByQxo4eNHvSa7ea3HbVJpeweVn3BlbhoTFpNeaV9UO+MHyq 75qd2uNLq7Cb5Qszu83MldaZbc6L9bT1RCfWidbym3FrO5p2uTducLVVc55HL9Hd c3fZLRRmtXwRj0Y3L1at3m6vS3g5fF0uH3ab3m2Z+HVvo5HhbFJ0jg93FoMuWKPc G01uVuRp/9zP946jFt74tLDR8u1V4EeFeXQ33WzHp+fKC19GY362p71CjZSMzt26 pyq/DXa9+Yc97SdxpCr/AVBLAwQUAAKACABWraIcfGdL6LM5AAA0bgAACgAAAFJF TUFJTC5FWEXtvXtcU1e2OL5zcnISwiOAiLyKEQUfKLXSYhW1WCHUqdL4aDBasSho tArecAJ2BmO8mVHDEadTe1s7M53bjr1zp47T68ylM2jvVQottM61VetYpa062seJ x1arLSCGnO9a+5yEYJ3O/f71/fw+vx7kZD/WXnvttddee621d3D+0nvJ/URDzCSO yPI7nIcozyz41ZBb1nVO8h2Phnz//H/7OXSLzfMlNzMtk4+NEvIYImROJLu69z5N dnJPEV/mTuLL+y0Rt2renNVEhC7hzEF5S+D6q5cq5+Tcr3P1eI55es/64prIQQ15 /5K3w+C91OfL3EV2dudeFmYdSNkqE6ZOf4QwPsx0dWc4x2lndY5wZv2Bff9qaeFV Z6oXKgiv90IpccUdIfGFVxv0woCk9X+kEc5ru32ZLwIZL5OXniK5Z3a1tfyg/Nio Fe9/3r/rpPD5rfy2vF1cM3NkW8bB7ozc9wI39nln7RmRVF/qmfU00TqLGvSeWbtJ pnNqq2bJ6ww5Nso5oWWNkLlnBKTMLQ+9rsGiEUV7f0seAtRzIWNESALFdVr/Mk0L OZbmS36W+OL2EGMbH9NaRHa1vb6R5HTqNflf0L4P8xnQvXicyAU74Hcb/P6YiNM0 VvHacApgKz+8jYL8nqyo6LCV08L8NuHawbtJDsN6ThHLxd5Jj8XyUQdTyaG7ifgR wglXWuY1WZhjow7GkUMPEf9fSWYrue/YKF8mDzNTT1pZmtkEmR+SVh3NNELGTVo5 mvFA5p9JK8neeXRX96EXNcdGjewAFNlvJfMwupGZrSwkNylJHSQblSQHSQ8mO7YG +QyenfKJxLTIwgfCucLz/OgczwMyn0JruJzpazQSm3P/Gk0Dl9O0RiO87+3gpLOF H/DpQjcAIpNkjtfnyCsYvfSHHLkcPvZ1tBTRieg4mEkO2UjersxmRrwst2qJVXw3 CRXKo8KVrVdsJlt5crPlsDXTsZ8cTCOifgRkX4VsJzkYT8S+5E7LAElu3vbULSg7 TQ4SVvwkGfO9mGcxf4rmb2DegPk3Mb+Y5mMOziBiC+ZPXYd8YuxBDxFfpvWYf5rm n0nusvRVmKDw118hUBwWboHCi4R0WS7g6xy+zhDiqDaJRfneNxmvm2U2JzuaTOI9 mHV0mMRxmFhR8U6HUMGeuKSt4OSGYPO2fdesYtY075sstnA/0mXp1hCpSLB0n7gg VHDaM/JUx3mT+HOEiG7jsRcNGVL7mUlsVGu5Lm4fME62dANEoYVtbPXO2kcIb/K6 zxA+yuE3iXunIDUe4mDixai7IW1t3pb1lVWMBRTcuil0iA5TvCgaASXWXbeKX90P dQqmKEdSvLgCcfhHaZSiOMp7R068WArlrGNCPC0QP4dWbPOzT90qbHfNctytlp64 XyF1IkWtlP23WpbiIGzztmduWensiT/EboG/GuJ4QG29OwLnMBhF87bnERrmTpyH 0I65KuC6CEAoehahYMbF1qlIolWFKh6CDjv/RajzgamI7jEVMP1bgL8JAZ6igHUq 4PWpdCguHQiHhihlmjxks/gzqGJglNG93NJkM3Fp/YeDCooGtUbrH6nxui8SSCRr Qvz+53jx6mTk90VyO78/mIyD+a3adYPatdb/JxJq/Lt48Y+08T9/q/HPJ0dyYvrU v8uJGwWRnEiY+nc5cbQgkhNiwSBgJDduTKTc8Bbczo3lsjRKATmugDz+LZCBILIH ElYmNMJ34sXjKMYOMd5xIV78l/HQq88SBD4kOKR40Y1162RxQzx8SjlCRVDWb06E D6HBKJcamywf7WBbiBQr1wchbRV/AfCsHLckuTFOyFyZLHMrk5v0ABDlWJIsJuUC Ep/lo5my7HoNWogTcqCArh9HDwz7MCzlP90LTFCSk3CZKHSaHZoE8evRyngSHHkJ 4qd5CmGnTEhYpmNOgngqsv4ttb4F6x0bE8Tz92AChjg7NYw2yvFkgngCIR0/T3BM SBCfHRcx/F8liFtULDWIxX+NhIXlB/eFZwek7d+J9KOwKNx9398VBfHeSFHg7vu7 onCEAoZW7cf3/t1V+ywCAitpc4R9JxsKrGIVlDMzNYSPhbnqLWXo9C+TlUalWPlQ 87OnrmvbhTOdeqJ0OlktfqpXLZYmRGKuVTAb74T5M3UlfpFPp8AV6/i3BHHTJFVf e90XCP+YosIAKO5eRTXCjiI68nFo2164oQ58CebpdiClYYlQcU57xvPAeFdMOAeE wadsOYclWElcf6X62URVVLPlS6uYacDFeTBBQfpCvqrecauTWHhrmi2fWMXPYlH8 LCKQRFNUd3cniBN1SGCT5fMWAu9P6PtTeMv1l5ss/hZy4kKz7b+QR/LUJotIq68o pa8qpY7XE5otT1lFP8hcksc9gBppPSPX94m/H0+XQD8sN7m+X8yBBcAKfUrPwQTx jyxlDbSlG5vjUkK5OApgjHSAaTg2Ve9jrT6xXNRirZQUUToOSr+AuTLQwTumQvZc Nl1UMPeOByD7Hs1CJ455kHsDcxR/ym34bVC7F2qNEWU/grKfInbHTyH1k2y68VKd 8lMiZcq6zSZhuVEuoZoBF350OdUL3lwcKGgPU6NpUHug6ohCRdCfM6gZXgckcQqS A0aKI6p8nVGcjRhCy/a/EsU0VCbYVqdTEx+NwoUMq3jFcNQJJd9BztcTvkNNbYgg 5r8pY/TlIoO9lIubRlFBQca+lyg+S9HU99MCyh+FSX9LpPaP6AdtGKPQnHUHsFsq WDuCSebvQPQiQijJLzMjtNz58Yp+etdIedAvViWholrDgNBpQOgqqNDdP3aI0P1h tCp0uDZu6sOSD/I3hVGWJvadMqxc/DcANfxd2ds++nbZy4Y2/zSayl5I2FaOjhS2 xTSHDb69vJS15JgCOCYBWJzC5nLIZiqtkMjnhonNGiTSsQYqdGF0g9L5VVZIOj/P +l9K56fjvlM6HxvzD6Vz77ih0tk4ThXKNYyamDVSlc43Ev+RdNrGfYd0vjf6DtJZ xVDp7M4MS+cLw8S+sWGaUqhsIYd+P0wRozJQzgYpOVz+hlpeMInOHiZ/nBEhaa6x iqRVGVRJ609QtTt1M04TW/k60mzZBxJ1P2UmB3pa6TzZoU8SP0ayQYOyjpPDxIqx uL1BaZcymOBLX6f7LAG5PrBOA7yiaB67H0WPIrhLqNjXW8ptI/wwbPQ0ReWISxKT cYT+X5B1RtgV5XoQs5NWMTgdGkJHkBf3wmjYQgvn2pTfIxmBqCay458nyBZIee6f zsfTTzNvoJ/Eda4TKonghh2VFUfh9qWFZTJBtopJk1TyRSOmlhYed6VKmlLPTDOv 88yc7opp0u3pPZPeVgT88pdj17vACGOllDDpbH6bpBUs+6idOl+mY/xZQdgUGY1t Xp2obJ+UY7/LCnEsJ0mcCDqJEywcrOJ1DG1romy29OMUqNPgvWKwCfXsOmYdWUds 4iYzMMIm/tWMPLYFgcFYjjUVWNNl6Uenqw+22gTbOiL2Ul1u6dN4bf3gIfULtr5C S7DxE5eu0BZwfhya6W0w04KbBWfuhzJ6eNSZ+6OBZh1lSeLVAcWEQpk/l6uMR+v3 EceyJCy6dyStDgAbNtx5KS1BOoaujv7w6ui3ivdnU/kKKIs1MHSxBsT/MCvKTlms UPBWOq43upAPjBkisxoYST1L+eB4AtTYD4NWR1WSOGmA6pcKKOkPWsUxE1CfLFNz fCZVnkh+aLn/U5LYPIauaZjD8nWgiiYAYFEGNZdG5Sq2x3jHpHilohZLwrlKzFlt 4ooJ1PDp15DeErSpYEfuJ/yr5SJHyY9Wer86mrrG/WhQvBn2Uv41SYxBAhyvDQ7C EQgPAiZGXDE+NAjM/cddITOXH95sCVgdrXRujt2FxqQlIMUrYFuxty5LgMDaCjhe T7KJKeMVc1PcmKb4DCr2QXwJCKqgcyA6pBxB7hut6sGCNJrgbGIsQVZ2Rgjw1itE YwuNqi1JLMBGdGqITEf19K3QqCweq9g0Dgf1gZL5MAOxXQMSEgE7LptuIPiTDFRz RgrxR1xQNvE1tP9D/S0MyUBQlYGgwr7x4Y62uYF687iwMkqxOf6WJP4yi9qtUOfQ DRd3YY5yF4EXZIREpFqab6MC8SrM3d1pVCDixysCkU9FACsqxisCAWtw0XhFGhbg DmATf4W7yENgi+NCDUaIRpDwvykXpRRVNLDXU6PCuiSdAsTYHCnDxRujcDVFOcYP F0WEECzBIQxndLZyOvr8HuQkHf+M4eL4fiRE3JauDgWW8PPE8fBw1IBl45QRpKNG ZVGjBvtBo7Ke+ye6vuyEDJHiUY8Df4KwXm+gspcmllPHBSnNSaWbNtQp+eBY6t64 ZcXTDY2TP4bDcKUp6qxcfCVd0evgfJeLMZDhykX/CJUDQLZ40vyt8XlnlQ03u3St EBIaJmSWDT9xSbCwvu3bMmSubHh+23KEwSFdirfTtK38CESH6g1CJ4wvM1+W4oRz 3k5GnioOG2sv0vZ5Z8B2K2Sgz/FZqdfNAZdRb/fk2HVaou2DIK3ZqfV7IL6rM0Ec blmCXTgOmDYCd3wjvO0m78VrIewTEFe2NFztYKH4E5MdoIVu2DcfxDqT0s95iVPK 1BrsNE3o7tJriLcdF9JC8eGIlkJ7bpcEUdEVFcvbOQwBtsyZ0ibYWIjIRsEu5zPB NgQTW6ah422Zc0ADlUIZB/WsUpWvVOFO0jLh2KgdxeyOpB28xjePqRismAgVE3fM 0+zgmR2LtVCh1hiie1yZUpwcVzZc4bf83LYMnAXiksT7L8vJC5PFNy6Lsy/jOFzD ANogJy9OlpNtyTgPCy7bQ3Tnt1npfvsbmfYKU2iFIix5BkogqZaIP5E7MEnTT8qR pPtifItvIzpU1EqmHhvV1N5CFNxTm5BDYcjonsbh3uASt/ZwOfEVvD2i6cdHR+wR rkmxvee8wdFb/F3c2yNk2VfwDGmVZSCYIWpDm/hfstAZKmklxTDxx0Y9ne0hy5UN OstWzgluY6ZeqDB4b41pWOK5xTgXCZYYoSwu+p3NCR6c3uhO3aTS3rO9Z7xnSXP9 uUumn+We7L3xs94bO5Isl6KkrzAHSViV3zSXnes9q303UNbETjTWsex0SctY2H0X rx4g+/SCxbiiQvh0eXuMylBFMbYaifUA/KuEMJ+8vJ3FShpS3frvPx8hD7Q82GTB hS2UGQQbygUj6aziJ8HnQ+zBYpg47eHODMAWfRLW15gUiRHaQXG1xdjtVvEpuXVc CuSyRoNgdoZm1HuFQWUL42dtQIx3pgwtGSJpYfo0OgE6+ZUsXGu2BKFlyYDdDovk A9wecASsiuClvBTYZ2AR781LgaUOVR0qZjptPOwnFB9MFisn56XYxA9i7UpAB05G 8lKIyw/NKtR2tvLMt+rZN92GwAn/jX8b9s6Nl0fiujGEOdK7/ecjGMJzrTpilRJb HhjKFlgsxwZUAiagGg2gngZrQkoV3DE9FtnM69+c6bXEsB3CzEw9JJgOLiDUG/fD EUjFjGx++Z7nZEu/XG+QbSwMtzFnT7S8aYrnvyenaFy5u40fbkrxHMF0QiTUls/8 ZVrILZJtnN0ul/VLBwq7+P1QYg2V+Gdr/bO0XZYeWe60yGT/Hl+98blouTG16YXJ KVNk763h9Vp/lPbEpTz531dmPudvkP0mradM1kinvFcnb3f3AOxREJPezzWWHqkN agzSIXizUgu8GelVz2r5vPRbSJulX4OpmHsSBqvhrdK/HDYQKeawkUj6w/EE9FBP bxfsWFFeeQnPIoJmSx+EN/qtgqUnW95iteGoqFCKm7Tg8nndfcSdgshcJjBExD8H fwcZlmee/p2/M9io9TsY/wJGJMS/mokc8NbVPfIWLHYxC2dM54dHt7ljIuuX7vxQ Ssf6R5llUBe/cFFk7bKltMd48aEgdPr07+jMMbt/518U9F/ShEhulbeMtvRYByke H4vePVJ8f5NF3vOKhrjGizpEQWnWtbIQGIWkAZIGZEabtVzsi0GXpX9AvBHj/3pA /CKm8Zf+3Rok7RkNpYIT2wcABR0RP54WafbB/HOqAOiB/kRj26ao3VQ2drt1clnP lg+48ID0MCLaTAs6wP/UgJIW1w8I9T3RPZu1hyF2lzYUYWOy2k/Zls8UcKDA/+iA /1OS2xZI1je7T8NZ0Y3f7Yd5vzqjwqWDqYzf30Kajgt9f9C+f/WgXpN19OSnhidO 74eNK2fGcj57xiTX36YnNXzsgcyZ/RPa+U+Z48ff8n5AACj4tutr6a/+XxIQSzpO oEylsjNQ1mi9jbhHnhXOQS9fYi9/Ofnpj9edfnY3b4AG8bxBMtHPKNr8zX3SG0P5 YCms79msVKJhiwzZEqCFMUohlMjoeBpAkSvNvO6AxlsRIKA9A36wOyNWnntYBN/5 T+3eN7Ty3/g+u3Qk9+RBlsA8NJYsXDDYwr4U2twXfKfxnibR88Vk5wTPgNE5wvNF gtPsGeCcRs8XZmcypOoSPG8ZT1xUfpi/Sn/KbfPcZHlO6cDuXyFTJdjx3l34czCt La0zbU+GMd2YnpR+Jr077bO0C2m69BkZpzP60kzp69KvpF1PW+SRJjuzPLei6hM9 tyY06DySXtJ6pLFYEj39bJ2+uLjvzyCUy24q+ouzlaOqCOkwPAQLDComx57dPR0e l+HIguE9Go3r0m65LKZx6YxcXg/znBy0yJj/wZAm9+X2CEGhzHhpvvfmmIY8z03G OX7GZNcTnpvxrioEnzIIPmMTv2DGEn6+VAddy7Kko1o0YokGctuehyi7/xkyY3KX xWgkrtGI4uogCig1EMDDzljimgQZ0D4joPfd4jfB3c4Dz0rGZ3tXG7XXhvW7JmLL eYMtKdR7wd11H0sTnu3923Pbj/Ze1PYOe+O5xNOuUoQ13wa7F2BPRxInfPCsxy2D ZdjbDXt2NwQQ4sAx1dwluCHA0O+7S0oG6Tokb2EsMhxSe08ig2HfO6PM6iEdKUze M6IuV+g+cakLNhxChG441b/Uuf2xZFlof/+Cbkmy0P3+Jd/21ckPIqjzry8+lrwH Dlt6gdEubmvO0mR5oJUwVjzoIQxP7V1UN2glLUm2iv8ErofhxfXYZk2ozbpwm3VK G2awjQPazMQ2EZYXNb1O9UKhYjnOVoxK1Wh8q2d5R1OnyJCm9lPx2y5AYtsF9qmx SUVj9yl+xrMEN8gvUbiuWOF1GXZJS/lBWZ7Sdv3V3hNzV3QU7NCVBsuuuO5etGAh uAfr5Nw+fFvLKe+NyqHgZY2CQOP+svnwOlm/1L4MtlRM+twBAf7Vc7i5JsLmmqAi 3PKluF+W/P6/an311/ZDxecAmv+Or+y6ryy4o+wbCIHIMt0rJc3+KZ+AIX3GI5k9 tx6vG9b0rwdTvLdGwGa5Q9ksn8v2u7WeAdLQ5y0LaqTjmPwCkoz0FiYvetzf5PLa HbZvpNe8q4PnJRbqzK/ppH/H2vm9liADewSUGV7TSLv9+VowhQoEndfCMp4Bpi4x uu1JDiQI8Pksfa9p/bWyZ4B1feCz9ATf8q/ETN3R11jZ0uN/VH564uQ90Kgh9TVm uwU8tMYTcKR9/MSFExe07RpLnz+ftv3FdksP2FGvRdb1+EfI0Ee8v1reWhYkGqD0 qt8u/xn85D8b4Tf+P/1Md6flG7LDdiv/5A5bv0KlFP9nYydoBihVCp4vLfXVczCo eMLrCoThkHWzze7X8fwHrMIor7uHuPR+RxA6Yxday5u69lgxgrNIvPF1sl6w9USf 3Kz1Xyf+AewJUDW7D4GBVSBPnTPHV8ECYnAC4wuEETSbrBdfGDgwfV+yfqn4zEBB p44AMQRov9Vcdij35vb3AGHhiS2McML/r7CxcGEykbu4hb0+5ZMCnw6u1/jbB+tp J67YAmEmgmXqo2UpugBtNpbd2Rbd5dJl6o/8MUV8dKCwrKdeK5T1+H8y2BiyYLNr D3KkfEFzxeuLFsJSGQ3mK1iYrxANHwW7PiAySmD5sYZWDhzC6yylBHo1QCQBImzR J90JYm8gxzNzkkszN/eEW+uzXcccH91k+QYkOemRnB06r/s6cRvV7uSy6+JbAaEX pb2iDyxT6HKmDpypptW3PIFaVyxCb4G1ch20QLonsAkilIElrgSYhaKHH/bWXGc2 YyUh2rLrikTGSNwBs+gOPFx4dksPFBWBC3Jgsrgh0GS5Ja4JCLbrQObY3KO53TlN 7IxJvGGGGfRsrkufs198KDD34e1HL+kBfmbg4k1IJuaezdkfWntacXLg4rXoD91R wl+gjzQA8S8N+KgToPA+Osx7Sa9yvtVKJliuaC1f5vh0injpS0tzunRgJKXDCr8G Iz+QLb57C1a6q8/jvmLdrBXfuaX3ui+DIIKqxTjrl4rfYCDyKP+oe7O+HrUyqzbr 91ktWQez7sq6mNWW9WbW21kzRvtH7xy9f3Ru9hr6Y8oankXdAqAO/frMEXbhWhG6 TeXiqViMwHZpwSGhChB8EOHU1suEKWyv0+/9JQE9GNXFPUMM6BOGIWyclvslqnzh bVgS8VvfIIzTWPg/ddx2KL69AWrYl2V7qPHzC63in2U75A+lpUraQyNTD+qIeuvn 4FhyaExqS9GxUf7ghwhuM7QUN1k46qAYQS/HUAebFdolDvVz9lfL4caU8LXwGOeV WGdcYWZZKq8THwTvS9TiNalpmfNS+dFCA9PDanjOV1CWKpkLC6AsVjgnLiZCKbMX iiCT37Z3Xiqk91pTF4k9wWUdsqkQ26ZAW4H9LRjuWr2PFR7Q3vK5GOEc4J9CMCfo fqvhNR0avdCrveZ7jBHOC1s4uAoV55tlTRUaWJ+L9TVyHV2cNZWQDqHAmgruXLzQ yPke43zLWd8WztfAdvgyram+FaxvBacMp5gD7bZQpyPOguygPNNA6rS46mbNSyX8 SAGAoz+EEbw/TV+XJqzgCrtd34iriTRKbCJShpgBNgJM2zDhmrfTMG1qnV98Qpb1 QoeORY7QTU8sCC5blg0Wc1T+SZiOcZBbYs3/cJFVvAuSEGPmk4QzPhi/Dxi6pMin 93awQkfHsvy2DgWsZ0ABSxbOvFSW6itlhgIuAcDxeuGGdqoQ1PYV+VjgDPDN2wmO LFxdW2RdYBWHy8uEMzDMkZn6gNAn1AeFGKi3ef069FrBuRXHBJfBsRXIZ4fQ7m03 FJ5ouE84gVPsMvn0sl7bAYQ8DIRImcItbZ9vOZN7fPwImIfrvkbmQd9w4S/CeXFq UDgLNAFbqfNrgOAB9DkV+DcJJEYwzRWOe9t13otBb7+hTnvIQAqPOmMadNBEMojb Yc2Jj8hChxRrFauDErdIfGogv23ZcuCjnLM+Q86pgd+N8OvMIOSnnC31p9wS+F2a mrczc9x4X8Fjqb5ZFamBXXBV8rCHTPkkZ3/Rzre2n94tFDQRiwWUtnIPMWEXt5MI wT9sQavhUo3nqy1W4Q1tRxHMvRDI7XM+JnzOjUzWL5h74+Upbft2fbz9+vazQodw fI6YShr0ziIxkTTcBO1lmBELGizKJU5pkz6BYeof3Ae6RDNn24UpbTcvDd8/d2IW b2KzZjzm0ntmZLmY/XOjezr8z5yxa4/CRTsgOHNh6hzthyCAV3Il52fCp768xamX 4nz1xPsWUwB66UI/fy2/zWchFFyA8QkwPrlgKfwuSX1pYereH5OXFqfuBQcjx5YK ogw3PxeIuQN2GjfOyszU74Ibo/k9AQhJCH2cXLCLiLEDIAf6vY+n0nCs/kx+G5hP npkQg/Q94O1grr+KF0m/9ulXVLz0eOreHaQDb6VS4z7PllnOwZZrMezsxnsQYF2K 2naf5TqYS776r3dW9LRqxje7T/rcfTst/RaIjLHApOgZUWDfx/Jai3SV1l8Ew2mn JXhsFIfzBAGXIx5ycAsJ7P9xG6/bd7EPY06PZjZXXN+V+RQ55IE7kw8XyAV5BF6T Sd7O5Gcm5PlynobAXH/eLswIkLlV8FNuMoFXHhm5vA7i4z+6IrEt84+N0q8YWREO 7xioSo6WXXe1rkyF+JIejdho1J4MKF640wk7r/890roOKuv0EPDph/oopd6/HYLH ixPsoCRgrWx1Bz3EbcCqJCJtwBOJ127Z8dzAZVC0sbQE4s46V1QnSzqLNbHShCZL kA3uYC3iOxK8W52pEJ86cxMiW9fKreJ7NNHJxlpy64NyweOpeKIKRyriAT+Nm8cr SG2ip9+OW1MuhkDLbXiCugpXLBh6eEi1st9uE5f3g/fZh1ExAKQxXJUBauAzm2Cc 19sv82m9Fg7jUr3tEHRgQ1uPbnDrKTO0zMHtgNro2p/hFpAlKVU2lvoQUdQgiZUk 06DfsRD2AmX7aZlFI5fOmFCVYuafu6xOCJw8soUcoOEQjbQsHC0LuR/zQsFP56ye do/rvlbNg/nvCCcgn7fQ2sqoGTgIhJPJpXZnait5EOoSC21BZ1SDrtASgPjan5VO 114Oh+tACA7L8rTNca4V3s0QKc3wziSbo8pFG0GBeBjODVgwFmSXQUy4afdsZklj dFMJC26PToZZ6iphwP8o4eAFtkRnCSt7N8cQPol6N64YcaRkFUffsHeVxIALFtrn Q5KnE98l0mroWjExKqDnxvHQoYG4jBDu15FpJUaXBRGHc/cLJQZfiVGaLOUJJZxW VyRcG3+fVSm0KnTlwL06rrCTjwVMhIGjnflMvPSvNHyvdJ5/ErqXtDuGl3r7jXyO XMa5R4F2hsPPmIiTTz34SOJrWpAOPPY8CSLiiip0s1Q0ksBUhhZwVSs+fArNqvhp SJYe/whw3fvwkmQpsbeY0RIezo0Z2S5bgt7OeKHrEWDu5/RkJSLgCqFcg9L0nKXJ 1PTGDKfLcEhD4AAFvKebDS7dIUYrGTw3K12xh5gogPSQI+BjIgVrm2Isnpu5vMkD VuRIz00eTNSbK13DoczFNMV4Lwa8R/FMzqM5oiVQDf7qUVIk3YVAmPRIppfaR2ST tujjQvsrxMNrve8VdXGLk3/1AJ5xjEAryBL06YUuxQpUw88sBImN9JpA0ErX6L2y rxhvOJg9jSzZPBYWIjSLtrAY5BMvw10sDk4/jG2bYzuLWbmrmKHLYHZTMc5cpogB at3WeTBv1I+G6qGut028CddyDLi92MQHBuxSe1cxlSzVMrUBv7HjxmEv7RkBKpn6 +aeB4YXtDZ/TCuQVA/DIcvE9Gc+S6JTGLlTuN+CRxxj1fOTqVKtS2GwxwNHoNVqK aTXoP3yWtXXuFKto9cOlnZBk17Nw0rTZKCzmtEkPCv1StMA+n9+e2w5OcB8MqIi4 JgrzjAhzlxQ1VzjrecDo0pQK7T8AQq5J8cLZ2UNKkN+h0xBEDicdNvFQgDIKF02p F8OsgM4dbRMb5efHW7hUm2FrFbMi2MUCZ4oNvmJjuRJhVbi86nM8eAVxNqJgDyrG kBrCsL8CufiqXbnkgNA6NLnuQrpjbeIw+XmNJZBgC0rQK4e9BlJtQQH+WQJUoOHU L4mg8A8Tiplsop1JtC6dTdQE7GHp/2xFRehwSJlorfg2dMEpJFsVEh4woEKHo1G3 wVvFnIeJygQSXHGIdUsw1kxA2iQDjtQ7j4m/7ehIhsMjltgrIg6hXBzA+J8jyLBY OUZ4zCgXG5v0fi+WNC4GQuI1rvnwAfapBQTRQ7yNeCRpExfJwPJjUpv0TojaNBnj OK2nMlRad8O9L7CdXaOV7Ph+O97p5JAwyRdJsP+HsmfWqYxYl54KBP8qDu3FUxkt BI/RMLpUJtsHdYKbRSeaTztAmrLBPAnQ4A4fLcwCswViNEFXNLBlghf8TsEdFGYC 6NUmHfi5/ukX4GjmrGfaTNdFGPyN32z/i+tsqbqAw3pY6AVVmGS5w90oAyXlj0FF BfI60JZwLRREwVDYS9dMAuznGB9TlSBDZVU9BNIjavBJywwn/IEb/1aneTlSRRpp 1+VifBTdfTkIWvyCoPXs7exvrUdroM5AT6u0MDOdxUweaK7ZRHKC3bADtFgA0sub LIEdxRqI+0GmFC+0FMPxTB9k7mmy9IGSgfgTZNKbLD07inX0oEDfZ7ejzLNCl3Q3 hHwgmrLUfV629IGJsNT9DkSZ4R7IUvd/QnASQtZL3S+gsnYHl7p3RBgOQhnbMiPi uCrz0uB5X+47uSfRgVRlEBeTcjpn6O0kYA2pGvaaanz8tteOB2lQp+E3jZ715gih 6xWPxqVHsRI7L0LXsmu0d9bbIxjeKMOZqfjHi/4vSG+XR910AA6aSzGAgOWngotv lT7q7bxGeLCYWFRk4D6AwQTMfQ3stR/12qVEqs/gxohSsR4ODGxIyQtoBmHEayll FPkKCQu8Ah1lbn2XmKEDD5+ZLROQX3pIXC5+fA2vIBihhuFhIoPBXrxlAFYUDiaJ UhFHz5AR/ZEeXBly491QqwW9ReJR5Qint16U+6KPL1SaKkMimqWwA50/ccn33M9H RMgqLAU4Vy/jet+A6IrxANP7BktczAECttcfrmWVccY3WmbClKTRo0wuW26NJR5w 4AAPWFCwBeFU1f1NRfbSM6SQezt18zDvrGcIgW0/8xkC9xiec2NMoD0dt4LW4+nW 1k0g/9/cDMVncT/AOC5ew7CAWf3k5ZBi4eQYW5OFGkXAyEEjh4PCX58Gi0rePF3W KVevdugVC0fr/wY8sNMZRt6IH+AT+D+BWTrfY6e+yBk0PP0foAkO8E9B1A8+GKKa M5e2zmcgyoj2WglYTTzYa7+hDY+CVdR7xqf29eLpjMHutqnd6Wl3rk3lYh024Wul f5GeQNMJAppnqL1p4IdB6Jo664pJNflvwAPa2jUS0MEelkJV35l0FeBPqPpA26nl pzPU8l+p5bxRMca0/gdkIKqFqJpAZaf4btBuXx6p8ei9vCAlnR8vpZWjfWYxNOkB 56+DyiqGNe1/VAOAYMDByD/yl2gU2rT+8wRZA4k9BPgBlxXrHlG55PkGufTWdw93 9gV6LQbPvZSCDzg0KS0cXES5QKTt/g+JoNNauMZ0wOoywkTllnA+nRRTLpq/UbTW SllpD7us+EU/hrmwAcyLhdOUGP0/J99NwZHzt1HwqEpBXaVfL0uP0ZmfCUpMtzlJ mWqwHJFBLL3WZwrzCy59Dijs0vrfDYaZ1SWlRmK/warYtf5XgiGjNOKGAU5RvhZU An4jDC5WhrekpuwDM++4JQ3DJheuUP+sPnJrGkO3psw7bU0IAleJdNIcWLi5mY+n ggdeCN/XdI6F724uEiu/ABVFu927PW4XWSCAZ3jj5e3c4+Cg1l+Be0rLsHvAsH12 0KeJ0NiKGladKyP10dZ+DEdf4LsXzWSIM3aIpwVStZMMnkiXnqceZfB2yCKXDrXK SqEsCOsftrugcC6wf0YaPwnce/Dcv5YyLl7jFuFyaLYMUCEPnANUy/QQAh7YV3jL xUjPS2YK0Hs2vc26AEG6PoZ5Vy6O/BTJWZZ76zllHP775AgTcBof54JwpIHZwm2V 5S311Kp5GYJ0H6WDcbQ16EhG1/ujdLyk5Z3VDYUxW4NLkl3wbbxuKKR3oUKHUDbx 199Ar2CKUEePN4jjJDtYJDe6ijk0rdHJpyYZ9sfPipbrp3dxC5PffICGQ1PKxbcl kAyOaq0GGawd8K38NTKu4GIjtmyE23UGjYuFKkOEGwbqEQZDTdN7xXfgFIzTzBAy 8KsoXeGbVsAKKGg9UwhMRBdCscSJuhPfXokuxiefqOgDVEiFD6ZgSOf6q80uGTqk yd4TcLbR29sJaol5eS4G/MA6eTpM1074Jm8AdqczSGCv2rz3BEwwCmpTsdy0XM7t iLB0ArcButkbL9/mD9J7TKOJvQgkySo+d1mJSQErgza48NJDw+BheaUUAJb8tgBF +bPe4w+tiCRO7Q8jin+5/mouLBx2+1+gz7/c2DfYL3QKd7P1e/CQD0qlhyihrHA+ P0To9qOI6Kqanw2Uf7N/+63tR6+/Kpx3sYVH63TwHWQpFs4fooQ35t74jfC262Oh 46EQfuWSW/RJfrQv+UyGdJfwlRTdxAqZZzKm63nO4gEz/Rq8+FiZO5OBxXj1rjuU wN1+ioANR0HDpFBDiBHpCTaQhlEMn0c2Pi20R/Rdz2HY5l70SKgTMxGtaJkVWNhv 4KrKPCMY903tO/QQYVdkGHPFOlCPTAjP1is7lKvXgKxwVlg7PHwWdhBVO9ShQjhB 0CJRVbUppKrLxZRuXK7nwyohDiTQVi7+Fm7hcmBaYY1yAcxX3w/40FibL4PCqOgH W7NJv8MyMMPoYjHSBToBAmHN2zbJwunc41v7PaRxbO41G/SxDJEJxyGgkUjdMBzq TECWC8juaf7TJple6XwFm+Zew2uQ9aNsmIGm5nDTOGTVW9BK257bidEKw6A9G1Jp mtClrJEtRZGXskzWQYUUvwTtqNwzoI+OBCGSIoOLh4yrS1ZiHODivfIFunillJ2X 6ZfKj7DUE4wPg9z6wv4IwEAE6IriA4bWiLcxGUbYVZwG7lxjmiIkC/JlbyOElAxC cUxusRENR1g6aXi5xCZkyOUxqjWgRgmEPjgYENdeQcO6qzgZjqERm9AVbQmqTkpn pP9DfcK41jEw61FnacySX2sT86LtXey5dLV9CgS3EElXcSa+INreysJ3Qc+ewVUs 89NQkUKACsrKbeKBGBQJyCllBNTrLOWYa7AIwL6kYBEBMVTrcAWQv6eL7Un3NuKf HbCJl4J2KSZypDQEIkbb7b1dGsrKn52yD9Ezbta7OQ3OGoWSlGwtQYuMbg1wRQIi d2A8olk0ARQ32gP/RSCcucMiK3sU3NVxJYtjg6ohp/W/QKQ3aTDPIJTE5JZQzgOD evgEgDQicP8AjbS5XoD4G1hAcFTkpje0VMdEcHFKhXBae3yh0KkF3VcuTo5BbtCM 8oYFcyGafieKk/nxIHPQXWFJnNOEd0mt5cJddORSjLA8Ri6JwRXdQuSSROjj9tgZ sNCgyE20Yh5eAWcJYrq5CrcU0hhC78/FxBJNbxc439pYwvZ2gQubGEsYuI6KoG9S YZL+m7paOvAkJIAq6u0yUHAwDYy43Yjp1+n6wrX1tG9xMggJjLsxpRfCEUMuf1gX il/+FUboW5zpK87wNmZCKNHbmIFzYJfhOA6EaDhEPXKLh7IQmyMbuyiv6NsmfmVU zkzDRSBMLxlVYfoWOyBaTTnCG2kYAxfAY9BbMhw+gzYxDJkuKUrp7ni+DDQD8nbE fSGKynMkCTV3ICHzWyQYFBIsqEUArc8WuH0Z09WTZpXBuYUl+/tbKExd/LxDsowi 2028bqPGNVMoTiosTqzX5RYnqo3a+HFqwKm3OMUD19mFxYkQOOt+EANnBm8NXjYL kmmLk1wSoFC0SBxFRpUEigCcZsAMwhdqAtj1glMRkwPLxEKZVXSHKYGjBZgvHHWf VXnD10yiVHaEioAdJuQaneg4OtEGZVBw73xxplCcMaiBqNL7lnZLvl27ObBx9W2s AEDqjN9W3HsGTrlxWD98PzwsGb7Bgf/ibSJvQNeC5m3iXgyvUTo5pJPfk98W0iac qpGpNimm2oRRtclYzbcpgd02EaNGfqMGeQgu0H/Q0BnI+G/IHWc+ITTz/3mTzrzr 5TsyPAAH0jBdSl0uhJjhcqwWPrCl/2tkfZ+XujdVslKj7QqD1PfbxB/rUTKVAvXD Jv6OhupkfqFKNYq/hfKyU5dFKO7mQdzREH2ScVFYpdSm4iwKDoCjQ+DK2yamYleo eih8ZHAf5xmgQPeLppvoIRoxBHSveFYvRaE5AclnDRGRA3U3gJ3pB9Ck9qSyM00F 3AmAZhzxsfTDKv6P3g5B9JgMIaNLH5ehdjH6pl1JAVqNAe+L4x4hfFTgLWXO+AkZ uuNMAwTxFEFiBtKiIllzE3cZ0J5xqA2U3n6iH9x5Rrxrj8S6Tw4N02bohUg8hAuP gjoV2rNNVHC03qPxIGiqYswEFQpRFk7tq7BfCeorISCF8MPcHfkBQS5xxQmFHxbg RyqgyFP4AR/F4+inVWzh7DidNvFViBaoE4sjeB7iMzDepIyu4gnJdNApGZHsOek3 kr/HKAs0TMOGGbRhZsYgY0wadW/eGxzKNaTlEW6Qa3/7H3tkZy/Ioc52y7ePFPG6 jisjzVZnnlNGikbqSR0OxExJyQKq2NABm4Kx3/+jSPKV+gzvFnUXWIZpWKZTYBFk CysYoTRJyIDPwtLEehNN0VduKV3fhV2bo0AbNbDiIY0dSIkTMnpLDRDogxEtI3YF b9gE+7ZRMwEoHUMpzcmI5A6O4x7dIHc6/mKPHMHBME+kSQpNpYkqlUnOeCSIwcKR cjlnlwy0Ri5NlIvZfwgco0CsoItf6Gv6yYLhe+BKCvhKz9EFj3/yB2SQAdoiDkbU ASmC9VLQrkTq4M61O0gv+Uoz/jd9hwmF74TsgVNZfjZGsnVwL9bgLvi/oxy0I+4O PohWy67hhRB30QHlVHEi+XPgvjSeVHYO1UMRCBPp7hKtLrlhrPLdkhBkKwFj//ox /MLVScXxGOZbzAntOsKCX9+FhyTQ05DjlbjWZJjTw8cUsS3oYsdl0EM+Kn80oNBV bMRXDL7i8JWIryR8xePLQI/zIjYh8M5KkgpLcLcpSVRsIgzPE/d4sEPxi4nizs/p N3kDGvplXg1AxaHvC2cFetmCl9ShrtBi2JwrlCQWliQ5E6hRydnD519GYXkimJTq ToDFR6DJbQEkpCMutyTGRw8FiDuThhzgjDtW6T5Iuw9oSmIkuOuPYTTsMx8oASLA EYcDwH9s2GLf7UN2jsFVlNHFzgIDhaFRGk589u3wuhHetg9eoYu4KxdKKnoZzzaF di1EUBbaRLjRhQbb0KVKkScqJ17TGjmln7y37T5qo8ZDGAcsyWlugxMiCgY87wEx iB70vXzFLBpcfBQAD5YxKwYlBJgB+wNcp4OwgQHuQcF9LfTGfcXxvsWJUBYT/Q5v gFtQrPCGUp5UETkA9EmhMAZ8+TsBx4V5oJhb4aaw29AjFwzqUbMqDg5sIzDfbs24 Ur5tlLmUzQlPGG9rF6UaEVIUFPiKE4fC4GEEgdPgrRc9JBqIxPPNbCJHg1VTDB0Y Q2njbesILAqx/qiyjqK62MUZ1P28fcYUsViXQbdWmK5McUtnWCz4TnsE77uKzXjY ToNyHK4zjboAYzS0OBFmARaiWVmrNHzHDOV+O4wkqph+BqKAePgciKKER/zNvgdr nesra6rMc3JzzZPMc2o3Pulcu8bBm++ZNu0ec6hybg2/Po+UudavN2+sXVvDVzvN lXV1a9fUbKiu4WONxWvr11ZVm6udzlpnrHH2yppa54ZKAHXWrnFWbjAD+Ia1NZX8 2tqaWOP/7i8Jdmd0ZwwtSTQlm9JMmaYsU45pginPNMVUYJpummWCEZgsph+YykwL TTbTUtP3f4Xx++f75/vn++f75/vn++f75/vn++f75/vn++cfPz+orCGW6pVkfqWT zN7ohM8nyQ9cNfC7nsx2rSGLqjeSR1bxpKy2nhRXryLza2vIYlc1Ka+uIosdLmJx riWLKnmyCNosoQ9ZWL2hcu168z159003z3lyo6PaudFV80SducG5lq82r6qtqh5l JI/WVa6pnm52KrDLJtUvh9fG6ppqfrl5hlJa7Zzkqqt21lRuqJ5lnmGesaFuzSwj KdlUuWHj+sGmlTW1NVALlUaiICCT6olxgnmhq6Zmbc0a89oas7WkrGSxeQP0TBaW zJ89d17JQuvsRYtIDZYgaHVlFYI64LPaSYzZdWRx7XQzmY24Z69aVeuq4aEjGOTK ddWreKixOGs3wMeSSQgyiQIvrP4nV3UdP0kZPqBTiktqVjmf3MhXV003W0ut2Nui 6krnKgf2t7rWqfZp3lhZx2MRX/tEdQ2ZPh0BLdBv1Z0BIogGrOYN1XXITwJcyNu4 ZiNp4IlxrJoZSwAChzsThgV5c259tXNlbV31zCnmXKBgVbU5d2Ulv8qB/DGrjfCT GEswvmGu3lS9ysWrXQ3FMPkfYAj1jPQ+ApMTotdZXedaz5tXwySbkc6xxJmrkjyW GMtqAWDV2o1rIdYCPAImkCKSXTfRnF1lzq6j78lTqqaHX1BI+LUbqn9YW1NNZ4ZC 1aGE1ILErVZK4KDVtWojSpM6ezOy64qy62aZxw2Z5uy68cahAEYqDIggPP+YKa7k q5XUwuqN65+EiflOlIpYVFeZVz6JrYqw4RJVWEDSF9Wu5hsqnYBRXT4oG+WVq1cD h2AlGY3EWA4cQaEZZJoxLGu0d2CDk7adtBqHP8ml8mFGRE39HSutlbwD249CqpTB qyTOVyRr0txiGB2utbw1MO687CrlR+FPWXVD3RpnrWtjncKQR5xrKmvW/pAGwKbT 3szIkCc31LrqzIM0L6p21q9dVW0ktQhPjNbakIgrY6kBtJRi1+AolLLBAmAB71xb Xa9wpnp9lXlsdt1YZc5V9tXxQMgqyrfptJaUz7ZY5pUQ46M11Zs2woTCrJQ8YkFN QauNc2pdgKimFiUUVmAEXgBR+I9wITW1tmZ1LXHyIKJ3A0UNtFeytiqvaiXK/RxH 9aonqCJaba6rrsG17KisA3WiqK65xWpkERQqQM9ev752VSVlg1oNmEh2Famsya5S lv2atXU8djoIUZmLOouyY4J5Xm0t7c610VxZVQUrrY7KEvSDHwgTWomDIzHOViHX 1t1WQJlAl2BotKCTUclOpNuHOfSMwsf8rUdTNPRhwo9akEQf9g6PUp9CH8MdHqw1 /z/fP4PJ+ENIFDNYtgTyRmbwf/dxQB5GHM5vgvwcuGoWenZA/kG43Bp69iT//80K SSKaxxn4YV9kXvwHoEWyTD+HMQyr40AOkobrhsnJugRGjnx0Ovm2xySPZuAFzzBZ ZhidiVGSyjNaeQ2TyeL5VpI3ZswY2ktIWjX4MN96aJEWXyzN68LPIIzeONwYE8Uw 0UxSHC0wMEwiw8TDDz6c3mik9bFMQhwMyqTW04fEj6uBM4jxwKEkTdJwXCoMSdKy SVHhjpIGH9MIkwE+9EnJ4aLYwdp4o8lkMhiTkrikxOi4pKSEpJjBerIRFApvrltV WbPaPN28en2tooPo4Qcqjg2VvKIMQHM/UV31d4815jwyf5G1ZE74cxUsUdUuJEdT T6ZeTmXThqWNTZuWNjetIm1jWnPaS2kH0t6E24sn0i6kcenJ6WPS70u3pC9JvxP2 demb0n3pB9KziWKaTCZza+or168FHe2qWYXbjbnGtWEl2HBgQ9S5VjkUHQeQVWvB pOBrnU/SvS5CrS2urTVvqKx50lwLWpGCw3aI5zeglAFdFahK0MwPVlYpqFT088G0 cD5phg27ptLMOyvrHABUBkira2pdaxxgkGF9mDola14Juv2JkFYOV1bX1K911tKT pcHhUI6Hs5WrVqEyRts5XFZVyVeGh1lVjTspmc3z1RvQ2IQ9lJo/9WBwu5xONKQG OYB01oEdFGoFSIC8anXw4T6da1yUptnONTDrdTzgrDWvXLsGTPDqVSqFyhEYmeOs raubpKCjEgJ+BHA5jGKhYu8hgvVQCBYY8rJyvRNs2CfBwATsdXcoImAR1K1duR4p raxC5pFHa56oqW2oUfvNVg2OWCodnxbdOyfwcEPJ9Pk/njd+9p/nzC47V7zpYY/m zuXlpfNLy0v3lnoeqn9o/UOehy49dPahQ3Pvm3tobu9cMr9kfuDhPWXY4u75+WWz yx4v2/TwnUtHPLIR+o5DAuAibrwqqSMeWZbzOP0hzP24TcVPGI/vwgn/B1BLAwQU AAKACABJraIcvntseboOAABRPwAACgAAAFJFTUFJTC5DUFDlG2tT3DjyM6nKf2h8 BXiCIQP7qD0eqaWW4Yo9QlIhqaQKKMrY8oyWGdln2cAs4b+fWpJt2ZZnBnK7e1dH dmc8UqulbvVLrfbfKAvGeUhgj2chjTdHb16+qNrCmDdaMjohjabWKD7lF9k0IdzS zjM/azRHAcvGLZw8S4k/aYJaW0UjZcNWYzim141GfzyOA9kmWkMSUUbg7cHxCfSr 36eDz2ewVYf4cnJ8OjgZnMJWf/t77ApGfgqvhiQ7E/TQwAXVEFEyDj394zqPIpL2 dl++uI1pCBOfMpeyDPx0GBQw4vn2/LKEuaMJcY+OTwYCVdl4EIbHLIqP6Ljom/Ah 9ioUByxmx6FbzlmiDsPUxPExPrzWUDRsAuG6jg+3BVhKONdgvsB8RcOiPxiR4CaK 03yi++Uz9r58wSUbAMFuSXodc7Lflx1zSX/54uHlCxB/muxd81cyTGq/qeCDRItN Qcx4ppG9jVk24ueX+w/Orz5zPHCOyDV+vfVT/DpIUvVril+/5gJEIbH/CYix4zkH +VB8npFEfL4LMvF5Gt+Kz0MSCDSnn05OHq2rOfSnai1iWQL8Y07E52cS4vMoF59H KUXEPqI8w8U0cCGWT4zeH/oZOf+uf7lrtKNmwT70zbbgvJLRS9HpXPQds18wzp+Q Gpb4HGXZBnw/oy9K48n5j31bF8+vfzvf2v7J1hdMwq4uFofk/Ic6ia+i5nJfZWSS jHH4F/lXQ6EUrWuCxOc8GaU+JxLC7CLsVlBanzseh7ZmKgiot0ymV7jK823ZrDp4 luZBBmHMQ7FzV+JJdC3pVjSdkJWwqA+EBek0yUhobCi2Z/EVKl+jle2bv4KR8ePe eE4II5lWP2xLUtEauc4HMvHpGLY2f9iBX6bJiKRJzm443KU0IxCIfVi+YE6vwBSB i+oKe7DdU00PlcoUOD9xf0h2IFWozzduL8WHXMAl7KlWkm7knKTIqzcC2d6ED98Y 85jYBve+2OUKn+TBHogRjQEpyfKU6YZHJLTkf5BMXb01njQxSMTG1mVvV/S/fg3Y AXEE2YhyKFZY7klB9JuSaPyL4tS939/avd/Dzt379fVe3Xo81H8iGrEU8Z/rKG44 ai33lz1Y3peWwySnYIPcuK3dGchuLYhaeAoL3MT0aJKpgWB1Vc3bK3fhgr2CDzlj lA2BMng/OB18hEkcEqdnCjpDTlfK5Q1JRtit63wYoEcdfHh/cHbm9DxOfydxZAD2 2ljQBnhQeVMHGxxPO1APNA5sNUaLzczSKWSx2EY/BOl7ubRQMBINuKsNYhs0CiCk UQEbxN2N6JhIpo8Jc8WyuBv0JL/7yK5liHA1GC8x0WzsfcdUK9zxggp9AVlua+CB 8zHeAacHsL8PQQ9nMTvRxcNBEMQ5+lDmVHvfgJQcWt7HLujBbCEtmJ/F3mpw/v1l yeYs7jWFU9ujbolqCCou+iy//o0EmSRLUmWfHt2GB2IFf69WgG29NsMM5Edil2dg RsQoCEjZj5czMX3ZQO5uaP7PWKji09ZWi1GdqD+Qf+WEZxvK8FI2XHiW7e3FZxkU PmQH3v/jvcJusQumqym38dHQJYGWxWCwI07BSkE5wmchDtELoDGTKwA/JcATEtCI krAEviMwjGEcxzeoc5FAno2I1j300Rk2Z/ENYeDu7PQq3dVqKNiAlGkNLKkxqJyv iK/gjPhpMCpWYJvdqTP7SbZgrlNYzDhYNnlnx5lh8JtTzWTBUZyLfeskvYnnGxgw Y3VPZ8hz1feZqjxjyqeo9TNVfMbsNnWfNWtT7+2Qj5aOx1bLdUr8m7YLsMYXxsRP 1NHCL6MtmRCOEabTtICumwwTQVEUJ4S5zoQPN0UDnu3uMqfXZQMbgpiQNI1TnHRN I1hrqQC5p5m7sdWb5fi0irjBSKxoSLKgjA2W92Hw7qixiiQXEMHIAzFhna4oGAtu uK12rtlD2K3nCLZgaLWPemJEVWY4nctITPzfdhwFx+fHr1OekYnrIJ/Xi4hyG9aj OA0IrF/7WTDCoBA06/Bb2aj+Ygaq4v4AHwSnSZBneuOtpqhjLyyyavwkY06eR2z/ f4fY1t6XUlLDnbMxZTeVunSLR00h3yWEFQqZEp6PM4hQ4lFr1ixIWrqJepmuP1cx v0kptd+KlOPyjFye0j+5iVuGJ5ONi57uStfcZYUfOh3qgitTEb65tqc72f9ndznn FPINJ5J57tPiPzEOTskkviUy+B1HIHcfxsS/JRwP2yqV3R4ok2taYuRaNrYw17V2 0V+zGIgsPq+iZgMS2qAdLr3DqZdYQQXjds9e2Y5TPJsHNKGEZRBh4NmdxmmkcnA6 fey0z6KPefdZ7IHecPHYPiubE+oxKFIyy/ld42xYZNwaZkQMOGfr65eokcjI+fYB B1wii9Z6az3rBrGO/Xvs5IZK01TdOvFPQw+PuhUhhgYgb5yfzXyBEsKvX+sgywaI MYNONWM+R6+y7k11P96YVEwbkgwzne5qVnD+Koz5lWjGnKi7Ghr5Hy0pRapbrGSF e7ASwgqXn/3tcKf8AIx4QObWw83Qn8bRHSE3lx5c1DkoOz3QVwLh5gQfNtB6hZtT 4qdetpnRq1Gcpx7Ixwll+omToJaHQkJ+jxkR8+pkVJ3NigGKQ3YplZlswaPJDWaw XZnGbgR9pauUsDqErYNoPkU68yHZI7OXcUZUxmuFX+C1R5H5hIqlBjl5HiTYXSfH lNumjNlm34G9Ff7zCn8Dbk3ZVnivvgbMRoGnLpC6w7FO9G1k3VxBl6JZkMXmfCZQ 6Qs0pDSkHbDIuxKwYGY71JnHrw8kGWOKcg7PalR6QMNuSpUbJSFcT3F9Pzc3vuCT bewX7YRJunEWR9mdnwoa9bUA5kM++1E0JnhDcMEaGffuI53FArYPRGVAM3h3BBaD WJ6JoraTlX1rF2zN2tsRtX6miczydMWpcpl429o6bM06iDWCaKe3+/xzx7xT43w2 dfpszM1lmS8wFxccgDenkhvz5de8b46sB9RGa8X1MsaTIi/ttVLH9lk2mIR4KpCy txGhOdvItV3bUyNLkS4f0FdJI7noudY62e3z5uve2D+IJH0oFVitJ83OM9MiJ8xF TlBa0Bure5QMqHk/9P9/oPcz6g6awmQat/d+NkKZW25axLkO8L/QBXYYdugm/z/i 3GzAb1UKbuP4UFCN4fjmUEBvroTqX+GpVdQ1J7Sa5ZxOyR0fpnGe8AVc+bt06DP6 u69uHVDTZDg8ncQ5h8oKnZH0lgZEIjPEIMbR9iDoL3S1f5qzfeh0LGDxLB1H2dle +Rs982zvPM9D/5le+q9w0t/goN/HxX1Ph3te2JcycselL81t/u3pXlPhm43sv9s/ lgCPT6wQLEvgqK5vBDWmVl1VFC+9fLGk6536RgahXepgD8+ylJJbpX5iHbC2wtfU +VHbI13HhzK4I3vFPuglF/Udnw+Ojk4GjuE51Wo3pRfvhmoUnSzrYdaFfmLkPiEB Gj+0YZQVa+lGrxVVY4WeoWaqSyLiwOIM60WCEd5NLy09mDuqCRGTiJ0lruKzB4Lz snpIIhOdgL2KbUpZEZHokoEK0in7g5hlPmUcfMVB6wV+MYWEkDk11YJme0mvTnxj WReVJV3ih0pJFVVvVGWldtaQqfU2sLSp7NWSwo1fHHv2Kyg1xxJdX9dPj/JLg5Xi JpqUDCfl4IauJLC+D0WSW5JXDJRlWPEdlgTc4Df6Q56nBGi2xmVmNKXDkWaz2Hts SUaS07iyKg/JJcdqc9SJU6xyE6kriiNfv0L5c2etp0SxbKnYs5SYHFA8UNnDYs+0 56lTXeRTC8Y9NpRE2edOrdC0aMPQzLFWCvJLnI9DKcsRZaGpzYJfyrUuqLwqBwtu Va2s047tguTSTo1jNgSxzl3jJysxRpyQGwyC+icenA0G/7wanB4WBlKMwog/I+Ox W/rH9oizwcdqiSgfLhY/YjEgTstqBXiRDkX6VSjyWBJg+kqoqqdLUtrlsbVK4/k1 prIU0yjqVAceI9gsvDtirGJOo8qy2HQ5tuXKGjfmrowRijOTHOI5qbxaW17oaq0M 23QRuTXYKWIdnGx+qOOBBZeORCSGp8Rf2k/Tts9/LEVzgcL3Rlk5DWu7G17XSpBp 2CoNZuF1q82QAbMq13iWVxz7jdLsn8wCYa3CAr3nrPDXGOgYsnInvXBV+ejQcDO8 dkxD8/o1RDTlGVpPrKZCqUAD6avSfXRx/hgLIqeQkiHlGUmLKiwaueCG16X0yEXU ZOeppRq/oMeTdaIRcMKwomjkiwUwVbp7fAg+53TISGgvq1qW15rhtTbDkn0LX74W N6f6ii7oeQKRJxkBTyyWEuiy+EbgcsB6GV9Zfq+CBQS2QUsyoFUsObtOwdAZQUb9 TqytKVpLmAI1bIlmIsY/8rJRSYCWjqdt7gG+LOPLEFnvpmNP5TEaLijMljoeGlby iHieYMsiHvgswgswcFZCx1tlzd1gIJ34cw9/BZfr+RvzorDzcFDwBkXG8Rkuj1mP as1cv40ndzN4UiQd5B4Us8w1r6x1xWCuxjhoyreGkIjiTaEWtTqAEDCN2GHmO0cN +1w3yPJINcf8zi3uVpJvl95id1TO8amGuNgmw5RqRP66faMe2kkitL1Y7CjPuoI5 Fv52qn3jQFwzG3oHZr7QNZP5i3u+P9TbdZ9nrZUGr+BElxbnSekLMXA8PpRfMqNg vNDWxlBUOZnRM2uZ4m/0pIXfgz/C8SnqwLqGRZwfzPZ+Gn/pAXGKbieooYtClIL1 M+tW/krHWRzCuiMg2yZV4nNQxV9aeCzSZrHHLQTyUNcqlWmaWwlRV/fW+5kym971 gqVW1ydoevOlw6F6S7D1glplIKvLHct5KOfqxahS+xcwnoYSSOI8x3MWDBa05slh WHyDyRBvbTENGapqnWKsRTxZK87oSJsPFyn8sSRLdW3a0FOrKAvT9CbPiK6jOeWM ZQFiZU667tmrurqhzE2sBuf9yzYLC2lpl5u33hcqw9U5gd6MjILt9kW9RaBYNeP0 ac+Wz7Ib1em9Sxv/DVBLAQIUABQAAgAIAN1woRwdZuJGRRQAAOY0AAAKAAAAAAAA AAEAIAAAAAAAAABSRU1BSUwuRE9DUEsBAhQAFAACAAgAVq2iHHxnS+izOQAANG4A AAoAAAAAAAAAAAAgAAAAbRQAAFJFTUFJTC5FWEVQSwECFAAUAAIACABJraIcvnts eboOAABRPwAACgAAAAAAAAABACAAAABITgAAUkVNQUlMLkNQUFBLBQYAAAAAAwAD AKgAAAAqXQAAAAA= =LInD -----END PGP MESSAGE----- From PMARKS at VAX1.UMKC.EDU Mon May 2 16:54:49 1994 From: PMARKS at VAX1.UMKC.EDU (PMARKS at VAX1.UMKC.EDU) Date: Mon, 2 May 94 16:54:49 PDT Subject: Virtual Cash Message-ID: <01HBVH60HBWC8WZV7M@VAX1.UMKC.EDU> Hal and Blanc have started an intesting thread on the concept of "digital money" or "Tacky Tokens." I'm not sure what they are talking about, exactly. But it sounds like "vitual money." I would like to see a description of the model for this. Sounds like a form of barter-script. I'd like to see more on this. Bud From dwomack at runner.utsa.edu Mon May 2 17:54:35 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Mon, 2 May 94 17:54:35 PDT Subject: the value of money In-Reply-To: <199405022238.SAA07896@miles.bwh.harvard.edu> Message-ID: <9405030054.AA13588@runner.utsa.edu> > > You wrote: > > > | Blanc Weber asks about the size of the money supply. Uni points out that > | > | It appears that the Magic Money/Tacky Token experiment is not succeeding > | in producing an informal digital currency. People have offered services > > I think that this problem might well go back to the ease of > use problem. I spend a lot of my time reading bad documentation. I > > Adam > > -- BRAVO! Magic Money is a grand idea, but I've never been able to make it work; for me, at least, it was not "user friendly"; and I like to think I'm not totally clueless, since it looks as if I'll pass Assembly Language this semester ;-). Can't a derivation of MM at least as easy to use as PGP and/or UNIX be developed? And, if we REALLY want it to take off, how about something that is menu based that a typical commercial online user could learn to use at a minimal level in a few minutes? No, I don't have the skills to take on such a project...but if widespread use is the goal, and if there are still fewer than 4000 hard-corps PGP users with their keys on a keyserver, then it appears that someone needs to come up with a program no more complex than PGP...preferably much simpler. Regards, Dave From blancw at microsoft.com Mon May 2 17:56:57 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 2 May 94 17:56:57 PDT Subject: Useful Ways to Fight Crime Message-ID: <9405022358.AA29157@netmail2.microsoft.com> From: PMARKS Besides, law abiding citizens should have nothing to hide, right? So why should they object? ................................. I think the plan is that, although everyone is allowed to hide things from each other, they are not to be allowed to hide themselves from their Saviours or thwart the mechanisms which have been implemented to identify questionable behavior in times of uncertainty, fear & paranoia. Blanc From frissell at panix.com Mon May 2 18:49:28 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 2 May 94 18:49:28 PDT Subject: WSJ article on PGP In-Reply-To: <9405021414.AA09520@Central.KeyWest.MPGN.COM> Message-ID: On Mon, 2 May 1994, Jim Sewell wrote: > > computer makers to build into their machines hardware that would allow > > law-enforcement agencies to decipher any code that was used. The proposal > > outraged confidentiality-minded corporations and computer users alike. > > Eventually, it was dropped. > > Can you say Clipper boys and girls? I thought you could. Jim, this was a reference to the original Digital Telephony Bill which was dropped. The current one has no sponsors yet either. DCF If the government doesn't trust us with our weapons, why should we trust them with theirs. From frissell at panix.com Mon May 2 18:51:18 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 2 May 94 18:51:18 PDT Subject: Security Consult. Needed In-Reply-To: Message-ID: On Mon, 2 May 1994, Ed Carp wrote: > You mean, marketing PGP to criminals? Criminals are people too. > Be careful with this line of reasoning. If you market PGP to a crook for > the explicit purpose of keeping his illegal activities hidden from the > cops, you violate at least two different laws. It's like selling lock > picks to a known burglar. You could be prosecuted for conspiracy, aiding > and abetting, and whatever they call interference with a police > investigation nowadays. I know. That is why it should be done using a secure marketing channel. One could probably get away with handing copies out on the street as well. Probably protected activity. You wouldn't get many hits that way, however. ("Hits" defined as crypto in the hands of people who can figure out how to use it. Generally, neither unlicensed gambling nor the unlicensed retail pharmacutical trade are activities disapproved of by the readers of this list. On the other hand, government enforcement actions directed at individuals practicing those trades *are* disapproved of. In any case, I have developed a protocol that would allow the sale of contraband with almost no risk to the seller and reduced risk to the buyer. It's based on modern drop shipping techniques. I intend to publish same when/if tobacco is criminalized. DCF "The culture of the nets is unavoidably libertarian because all other political relationships involve the threat of deadly force and deadly force is hard to transmit via fiberoptic cables." -- (Me) "Do as I say or I'll shoot you right through this telephone." -- (Not me) "The libertarian culture of the nets will transfer to the physical world since people will be spending more and more time in the (functional) free society of the nets and will not enjoy the restrictions they have to suffer in the physical parts of their lives. This will irritate them and the nets will provide them with the tools to relieve the irritation..." -- (Me) From vkisosza at acs.ucalgary.ca Mon May 2 19:32:19 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Mon, 2 May 94 19:32:19 PDT Subject: The American money capture In-Reply-To: <9405021827.AA14132@netmail2.microsoft.com> Message-ID: <9405030234.AA33516@acs5.acs.ucalgary.ca> Blanc Weber wrote: > Would it be too complex and lengthy an explanation to provide to say > how the money supply is decided in the first place; that is, how an > appropriate amount of it is calculated initially? Is this in reference > to the gold or other backing which gives each dollar its monetary value? > Gee that's like asking, is it too complex and lengthy to explain how crpyto works? But here goes. I'm posting this purely in regards to how it relates to digital money and how value can be given to it. In it's simplest form money is simply debits and credits kept on certain ledgers. Let me present the most simple example. Alice has a supply of money. Let's say a $1000. She deposits this in her favourite bank. The bank then lends the money to Bob. Alice has $1000, and now Bob has $1000. The supply of money is now $2000. Bob then spends the $1000, he borrowed. The seller deposits this, which the bank then relends, and on and on. So money grows, and grows, eventually becoming valueless. Central banks try to limit growth by using interest rates to reduce the demand for money, and by requiring banks to post reserves with their central bank on their deposits. This theoretically keeps a cap on money growth. If the central bank raises the reserve rate the banks have less money to lend, since they must post their reserves not just on new money, but on old money that they've already lent out. So if Alice deposits $1000, and there's a reserve rate of 10%, then only $900 can be lent, and then $810, and then $729, as the money makes it's way through the economy. The central banks can also control interest rates, and reduce the demand for money or vice versa. Since a change in reserve rates, affects not only new deposits, but old deposits as well, it's a very powerful instrument. Unfortunately, (and this is where it really gets interesting, there are no reserve requirements in international money centers, with London being the center of most of this money. These funds are called Euro-Funds, and the interest quoted is the London Inter Bank Offer Rate. (LIBOR). Most of the growth of money occurred, here during the 1970's, when OPEC put the world into shell shock with their sudden increase in the oil price. OPEC nations had billions of dollars which they deposited in London. These funds were then relent primarily to nations, which then spent the money on *projects*. (Marcos comes to mind, as well as Brazil and the destruction of the rain forests, but I digress) The problem of course is that since these funds are non-domestic. Domestic central banks can't control them. It's a free for all. So the money went around, and around, growing and growing, until it slowly became worthless. The only thing that keeps money growth in check is market discipline and faith. The whole house of cards doesn't come tumbling down, because Alice has faith that she has $1000. In reality the emperor has no clothes. No, most major currencies are not on the Gold Standard. They float purely in relation to other currencies. So what gives money it's value? Purely, the loans which back it up. This is why it is practically impossible to stop, eco-disasters from continuing. If the countries that have "borrowed" this money default, the whole thing collapses. It collapses everywhere, simultaneously. Now we get to the problem with digital money. It's a stand alone system with no "faith" in it and with no growth built in. Faith is the only thing that keeps things working, that and legislating paper as legal tender, so people are forced to accept it. Obviously, legislating digital money as legal tender is outside our power. Putting growth into the system without destroying faith is also very difficult. The only logical step is to make digital money repesent something. It must be convertable into something that people already have faith in. Otherwise I fear, that digital money may not fly. -- Istvan From qjones at infi.net Mon May 2 20:24:16 1994 From: qjones at infi.net (Wayne Q Jones) Date: Mon, 2 May 94 20:24:16 PDT Subject: The American money capture In-Reply-To: <9405021903.AA26802@snark.imsi.com> Message-ID: Fed is not a bank but a conglomerate of privately owned banks. The system is a quasi-govt entity . On Mon, 2 May 1994, Perry E. Metzger wrote: > > None of this is a cypherpunk topic and I don't intend to post after > this on the topic. > > werner at mc.ab.com says: > > On this subject (really from the original post about money), I have several > > times tried to convince people that the Federal Reserve Bank is a private > > deal. I don't know where I got this impression, but no one will believe > > me. > > Thats because it isn't true. > > > Are there some conspicuous facts that I could quote in support of this > > position? > > No. > > > Or, perhaps, an easily obtained and authoritative document which > > explains just what the heck the Fed really is? > > The Fed is pretty easy to understand. Although its set up to be > quasi-independant, it more or less the government body that regulates > the banking industry and controls the money supply. It does this > by setting the discount rate (fairly small importance), by open-market > purchases of treasury securities, by making deposits in member banks, > and by altering the reserve requirements of U.S. banks. The Fed also > is supposed to act as "lender of last resort" in order to stop banking > panics by loaning money in extreme situtations to member banks. > > Technically, its not part of the government the way Amtrak, the > Resolution Trust Company, and other quasi-independant bodies aren't > part of the government. However, this is largely just an illusion. Its > as much a part of the government as the post office. > > Its just a central bank, like every other central bank in most > respects. > > Central banks are very bad things in my opinion, however, they aren't > some evil conspiracy of the Illuminati, conspiring in the back room to > take over the world. The Fed earns no "profits". It has no > "shareholders". Its not a "bank" in the conventional sense. > > > I know the head is apppointed by the US gov, but my impression was that the > > rest of it was just a consortium of bankers to whom the national debt is > > owed. > > The national debt isn't owed to "bankers". Its owed to the holders of > U.S. government bonds. This includes everyone who's ever bought a > savings bond, lots of individuals, pension plans, money market funds, > insurance companies, corporations, banks, and lots of others. > > Besides, if the debt was owed to "bankers", that would just be > shorthand for saying that the beneficial owner of the debt securities > would be the depositors of the bank, meaning the public at large. > > > Perry **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From qjones at infi.net Mon May 2 20:26:47 1994 From: qjones at infi.net (Wayne Q Jones) Date: Mon, 2 May 94 20:26:47 PDT Subject: The American money capture In-Reply-To: <9405021827.AA14132@netmail2.microsoft.com> Message-ID: The money supply dwindled 1: by the accumulation of capital in the hands of a few 2: the immediate fiscal policy of the govt which also sucked money out of the economy.... On Mon, 2 May 1994, Blanc Weber wrote: > From: Hal Finney & Eric Hughes > > >(Today, with our experiences of inflation in the 1970's and 1980's, it is hard > >for us to appreciate the problems with deflation. But I think deflation was > >much worse. > > The Great Depression was pretty clearly caused by deflation in the > money supply. To quote Milton Friedman: > > "All told, from July 1929 to March 1933, the money stock in > the United States fell by one-third [...]" > Capitalism and Freedom, p. 50 > .................................................... > > Would it be too complex and lengthy an explanation to provide to say > how the money supply is decided in the first place; that is, how an > appropriate amount of it is calculated initially? Is this in reference > to the gold or other backing which gives each dollar its monetary value? > > Blanc **************************************************************************** Qjones at infi.net She kissed me- I felt the hot blush * * Qjones at larry.wyvern.com Of raging passion incinerate my heart * **************************************************************************** From eagle at deeptht.armory.com Mon May 2 20:51:55 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Mon, 2 May 94 20:51:55 PDT Subject: Chimerically Misquoted Message-ID: <9405022051.aa27789@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- From: "Jim Sewell" The term Cypherpunks is amorphous, thus subject to use and abuse by the masses. When people like Jeff Davis and Phill Zimmermann say "The cypherpunks are generally opposed to Clipper" it makes us an "organization" which, like it or not, does have representatives and agendas. Unfortunately, perception defines reality. If we I've never said this in any forum, public or private. The only Zimmerman quote on cypherpunks I've ever seen was in the WSJ. He stated he was not a cypherpunk, he wore a suit when he contacted clients. In responding to this, I've opened myself to another spew by Perry, but what the fuck. If one has to take a cheap shot, one is already whipped. And I'm not here to win a popularity contest either. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcXKAl/ScHuGXWgVAQFq9gP+MP1BlrWA5IMO6SMOBsB6UBaIxJQ33Dtv vwc37mUc3YoueFpoQJVDPEfYHzsVThJI1gJNGOV4ELtN/YYaQx9jDpyV+dsQfEtC F7g2Wyx6mlo6AP7E2PYomBgAQD54liHgCUQJPmxEQMW8fdTEoMQsg4GpLvejeQo4 mCh8x0pXGjM= =aJDt -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From eichin at paycheck.cygnus.com Mon May 2 21:01:05 1994 From: eichin at paycheck.cygnus.com (Mark W. Eichin) Date: Mon, 2 May 94 21:01:05 PDT Subject: Virtual Cash In-Reply-To: <01HBVH60HBWC8WZV7M@VAX1.UMKC.EDU> Message-ID: <9405030246.AA01186@paycheck.cygnus.com> > But it sounds like "vitual money." I would like to see a description of the > model for this. Sounds like a form of barter-script. One reason they haven't caught on is that there *isn't* a model. There is software (cypherpunks write code! :-) to implement banks and exchange coins (the tacky tokens themselves) but noone (as far as I've seen) has come up with an "economic model" within which they could use them. (In spite of perry's objections, the economic discussions *are* relevant here... many readers seem to not understand the complexities of money systems, without which *using* e-cash won't be practical, so we need some major cross-breeding here.) _Mark_ From dwomack at runner.utsa.edu Mon May 2 21:44:07 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Mon, 2 May 94 21:44:07 PDT Subject: Virtual Cash Message-ID: <9405030444.AA26531@runner.utsa.edu> >One reason they haven't caught on is that there *isn't* a model. There >is software (cypherpunks write code! :-) to implement banks and >exchange coins (the tacky tokens themselves) but noone (as far as I've >seen) has come up with an "economic model" within which they could use >them. (In spite of perry's objections, the economic discussions *are* >relevant here... many readers seem to not understand the complexities >of money systems, without which *using* e-cash won't be practical, so >we need some major cross-breeding here.) But, don't we have a good model? Pre 1929, didn't most banks issue their own version of US currency, backed by their own reserves? If an easily usable program existed to generate the tokens (please, in decimal units, not in farthings, shillings, and binary!) any issuer could distribute them. Assuming the token signature couldn't be forged, each issuers "reputation" would determine the fair market price of a token. Thus, 1,000,000 Rubles = $550 (US); The market has determined that the Russians don't have a strong financial reputation. In the cypher world, someone who issued tokens and redeemed them for pure gold at 100 tokens per oz. would quickly have a very strong rep., while those who turned out billions of the things backed by nothing wouldn't have much of a rep. Merchants might (or might not!) accept tokens from an unknown source, or from a known weak source. This could even lead to "central clearing houses", who would issue tokens under their own name in behalf of others, based on a balance of good funds (i.e., gold, silver, US Dollars, or whatever). They might charge a fee for such services... of course, in an unregulated environment, there would be risks of fraud. If I might suggest, the key is widely ported, inexpensive, easy to use software to generate the tokens. Let people start to mint, distribute, buy, sell, and redeem the things. A market (with market values) will develop....just as it does in countries that wind up using cigarettes for currency. Would it not be possible to have a program that 1. Accepts a strong password 1.a Accepts an identity and address 2. Accepts a denomination preference 3. Accepts a quantity preference then 4. Generates tokens with a signature as in PGP or, when tokens are received, 1. Shows the issuer id and address 2. Shows denomination and quantity of each 3. Verifies signatures 4. Stores tokens (perhaps with no way to extract or duplicate them?) 5. Displays storage by category, denomination, issuer, and so forth 6. Can DESTROY tokens (i.e., take them off the market) and, perhaps most importantly, there has to be a way to prevent copied tokens from being distributed without restriction. (i.e., Sandy sends Dave 5 of his tokens. Dave, being unethical, copies the 5 tokens and sends the same 5 tokens to everyone on the C.Punks list. Now Sandy has *_hundreds_* of people with the same counterfeit tokens! It would be as if anyone with a copier could counterfeit US currency) Can a program prevent such behavior? Has this already been done with Magic Money? Or is the program still waiting to be written? Regards, Dave From adam at bwh.harvard.edu Mon May 2 21:45:34 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 2 May 94 21:45:34 PDT Subject: RJR and the supression of research In-Reply-To: <9405022306.AA02347@nyx10.cs.du.edu> Message-ID: <199405030445.AAA21202@duke.bwh.harvard.edu> Someone wrote anonymously: [RJR supresses research] | All of this underscores, I think, the importance of the work | that's being done here, on the CP list. It's important for | scientists, whistle blowers, or whoever, to be able to distribute | information widely and anonymously. Who knows what might have | happened if these researchers had had a copy of PGP and a network | of remailers at their disposal? Possibly very little. As your article pointed out, the data was not widely distributed. If an accusation came out like "nicotine is really addictive, see the secret research being done at RJR" the number of people who could have released that information is very limited. Access to the interesting data (the correlated statistics, the write ups) was probably limited to a very small number of people. After all, they were doing things like moving animals at night, restricing access to the building, etc. They probably had a short list of those who knew what was going on. They could have traced a leak relatively quickly. Further, if the data did get out anonymously, why would anyone believe it? Its easy to get caught up in our neat toys, like PGP and tacky tokens. What would have happened if the scientists stuffed a printout into an envelope and mailed it to the New York Times? The Times would have called RJR, who would have vigerously denied everything. They then would have tried to find the sender. Now if these scientists had the root password on an RJR computer, and made a few interesting file systems world readable... :) Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From adam at bwh.harvard.edu Mon May 2 22:01:21 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 2 May 94 22:01:21 PDT Subject: Virtual Cash In-Reply-To: <9405030246.AA01186@paycheck.cygnus.com> Message-ID: <199405030501.BAA21247@duke.bwh.harvard.edu> Mark W. Eichin wrote: | > But it sounds like "vitual money." I would like to see a | > description of the model for this. Sounds like a form of barter-script. | One reason they haven't caught on is that there *isn't* a model. There | is software (cypherpunks write code! :-) to implement banks and | exchange coins (the tacky tokens themselves) but noone (as far as I've | seen) has come up with an "economic model" within which they could use | them. Money has value because we agree it has value. As long as noone is willing to give me a meal, a nights lodging, or 30 minutes CPU time for some number of tacky tokens, they will be just that; tacky. This is not to flame the dude who wrote the code. Its a good things that its been written, but what he can't write is a framework for using the money in. (eg) If I knew that Derek Atkins was willing to write encryption code for 10 tokens an hour, I might start trying to accumulate tokens to pay Derek to do some useful work. But he would only be willing to accept those tokens if he knew he could get something useful for them. If he is the only one providing things for tokens, hes going to accumulate lots of tokens, and not be able to spend them, since theres nothing interesting to spend his tokens on. So, if we want to make tokens worth something, we need to start transforming them into real goods &/or services. This will reward those early adopters who grabed tokens when they were first published. To do this, we need to know how many tokens exist, ie, what the money supply is. If we don't know, the value of tokens would be subject to a painful misestimation. We would also need some sort of guarantee the bank isn't going to mint more on a whim. If tokens aren't going for a lot of dollars, this could be a simple personal guarantee from the bank. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From lassie!jim%lassie at netcom.com Mon May 2 22:30:38 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Mon, 2 May 94 22:30:38 PDT Subject: A distribution solution! Message-ID: <157@lassie.lassie.uucp> -----BEGIN PGP SIGNED MESSAGE----- PGP distribution to the masses. To preface this message first I would like to state that the clue full people here on the Internet forget that the rest of the world is truely clue less. Of course they also may consider you as the clueless ones. It is often stated that PGP is available on numerous Internet FTP sites and many BBS's. The average person knows as much about FTP sites as they hear on the evening news about the information superhighway. They may keep financial books or maybe write books on their computer but they do not have substantial online experiance and they may have a need for secure data encryption or secure way to send data to a publisher, business partner etc. Disk mailers are still sold rather widely. The average person trying to download PGP from their local BBS has a few steps to go thru. These clueless computer users once again may be unfamiliar with the intricacies of online BBS use but does not mean that they should not be allowed to access a good crypto program. First they must find a bbs number localy to call. Then they must wait X number of hours before the phone is not busy to connect. Once online they have to register and do a call back verification and then they can access the file area where PGP should be only to find it is not on this board. So they download a list of BBS's in their area and start going thru the same call, verify, is it there loop. This may be an endless loop in some areas. Anyway this is a mute point as the clueless average user has never heard of RSA or public keys or PGP. Should criminals have PGP or other crypto software? Should distribution be regulated to only law abiding citizens? Should guns be registered, or should gun owners be registered. The average low level drug dealer uses both the common plastic baggie and the digital pagger. Maybe the government should regulate the sale of baggies at supermarkets, after all you have to have a container to put drugs in to sell them ("hold your hand out I'll drop an oz. of coke in it"). Then again there could be a five day waiting period on pager and celular phones sales and instalation. This would definatly solve many problems with those pesky drug dealers. Of course there is always cars that could be regulated. They are contributory to many crimes and deaths. How would you make sure the person you are selling your used car to will never drive while intoxicated or break any speeding laws. You can not. What's the point here? Well if there is a mandated crypto standard then every zip on internet of PGP or other crypto software could disapear overnight, just deleted by the system admin under penalty of law. There would still be copies on local BBS's but as we have discovered the average computer user does not access these. How could people change this I wonder? People talk about handing PGP or other crypto software out but there is a substantial cost to the return of each disk. 1 disk=one user. In my opinion the easy way to do it would be this: 1) Find someone with a free use BBS that would like more traffic on his BBS. 2) Upload the files for PGP and other crypto software on their system in maybe a special file area. 3) Take out an add in the Sunday paper (maybe get the BBS owner to pay half of the cost)that reads as follows; "!!!FREE!!! Unbreakable data encryption software. ###-#### 8N1 file area is CRYPTO !!!Absolutely FREE!!!" They now know where and how to precisely find the stuff and what it does. Now the average person has access to the software and use of the software in a rather large scale. If you had a choice to encrypt your data for free or pay to add some chip that is not secure. If you take the secure factor out of the equation then all that is left is the fact that one is free and the other costs good hard earned cash. I don't know about you, but I learned rather young that "If it is free, get two of em!". Thanks for your time! :{)} -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcXai1fzDU5jV4uhAQH3KAP/ee88w1f0kAyYt8ipShd1+DQ0D4oTSle3 L6PbieU0ODJstkXgRsXzD7m4Pf3+xIp0MsN2eYhjP09OFK/OI/VfhhtF9mX9HxJ6 sE74XEo+MRM7kq2O8DkIfZ8oVxrs7W3RTbqulnUz6a5aF2YtLevPuMg15pFyqQrD xol2UYgEKFE= =Ea5b -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi3EyycAAAEEALFXi8P43juu9a6L30CUHbNqQ2RtqTueq4wPdc8ov9UTnKZR dCoQBFUk0HPxQs86yN0g+fQV3YXtDOdQzyMGglq+eqAouRsNlvUaFXl/PJcQmjuh anCvC2bNB121j+RgpqtagW2rmzqfc2upnS913lhZ4cW1LTPw11fzDU5jV4uhAAUR tDZKaW0gTmFsYmFuZGlhbiA8bmV0Y29tc3YhbGFzc2llIWppbSVsYXNzaWVAbmV0 Y29tLmNvbT60H0ppbSBOYWxiYW5kaWFuIDxUZW1wZSwgQXJpem9uYT60DkppbSBO YWxiYW5kaWFu =J781 -----END PGP PUBLIC KEY BLOCK----- -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From hfinney at shell.portal.com Mon May 2 22:31:12 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 2 May 94 22:31:12 PDT Subject: the value of money Message-ID: <199405030532.WAA01571@jobe.shell.portal.com> What is Magic Money? Magic Money is an implementation of one of the first "digital cash" proposals, described by Chaum, Fiat and Naor in Crypto 88. It is an "online" system. This means that the money must be checked with the bank at each transaction to make sure it has not been spent before. It was written by the pseudonymous Pr0duct Cypher, author of the PGP Tools library. What is digital cash? Digital cash (aka digital coins) is a cryptographic technique for creating information packets which can be authenticated as belonging to the issuing agency, but in such a way that no one can link a piece of digital cash to the transaction in which it was created. In other words, the user is issued a piece of digital cash by communicating with the bank via a special protocol. This cash bears a digital signature by the bank which can be verified by anyone, and which cannot be forged. However, the cash creation protocol is such that neither the bank nor anyone else will recognize that piece of cash as having been withdrawn at that particular interaction. This combination of characteristics makes digital cash an attractive option for electronic payments. The digital signature makes it unforgeable, while the lack of traceability protects the privacy of the person spending the cash (in contrast, say, to credit card use, where the credit card company learns many details about the spending habits of its customers). What gives digital cash value? That is what I am hoping people will discuss. Here is what Pr0duct Cypher wrote in his introductory message about Magic Money: > Now, if you're still awake, comes the fun part: how do you introduce real > value into your digicash system? How, for that matter, do you even get > people to play with it? > > What makes gold valuable? It has some useful properties: it is a good > conductor, is resistant to corrosion and chemicals, etc. But those have > only recently become important. Why has gold been valuable for thousands > of years? It's pretty, it's shiny, and most importantly, it is scarce. > > Digicash is pretty and shiny. People have been talking about it for years, > but few have actually used it. You can make your cash more interesting by > giving your server a provocative name. Running it through a remailer could > give it an 'underground' feel, which would attract people. > > Your digicash should be scarce. Don't give it away in large quantities. Get > some people to play with your server, passing coins back and forth. Have > a contest - the first person who (breaks this code, answers this question, > etc.) wins some digital money. Once people start getting interested, your > digital money will be in demand. Make sure demand always exceeds supply. As I indicated at the start of this thread, this model does not seem to be working. What steps could we take to give digital cash value? What are Tacky Tokens? Mike Duvos has been running an implementation of Magic Money that he calls Tacky Tokens. Sending mail to with the word "Bank" in the subject will cause it to be processed by a Magic Money server and the result returned to the sender. How do you actually use Magic Money? First you get a client program. ftp to /pub/mpj at ftp.netcom.com to find a DOS client. Sources to allow you to build Unix clients can be found at csn.org by ftp; start in the /mpj directory, read README.MPJ, then cd to the crypto directory. cd to pgp_tools, get mgmny10e.zip and pgptl10d.zip. Build these on your system. I also made a half-hearted Mac port which still uses a console window. The client is pretty easy to use. First you initialize it, which involves creating a special public key which will be used for your communications with the bank. Then, whenever anyone sends you some Magic Money, you run the client with the name of that file; the client shows you the denominations of the incoming Magic Money digital "coins", and lets you choose new denominations for when you turn these in at the bank. This creates an output file which you mail to the bank. You'll get back another mail message from the bank which you save to a file and run the client on, and the new money is added to your collection. To spend money run the client with the withdraw option, pick the coins you want to spend, and they will go into a disk file. Send this to the person you are giving the money to. There are things that could be improved about this; the interface could be nicer, or it could be integrated better into the mail system. But I doubt that anyone has used it enough that they are tired of constantly switching back and forth between their client and email system. If we had that much cash being circulated then it would make sense to work on these UI issues. But I don't think these are the fundamental hurdles. I hope this gives those who have not heard of the software some idea of how it works and what its capabilities are. Hal From hughes at ah.com Mon May 2 22:44:53 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 2 May 94 22:44:53 PDT Subject: Virtual Cash In-Reply-To: <9405030246.AA01186@paycheck.cygnus.com> Message-ID: <9405030542.AA28008@ah.com> >[...] but noone (as far as I've >seen) has come up with an "economic model" within which they could use >them. Denominate digital money in dollars in a demand deposit account in a US bank. Why reinvent the wheel, or, in this case, the unit of value? Eric From albright at scf.usc.edu Mon May 2 23:05:19 1994 From: albright at scf.usc.edu (Julietta) Date: Mon, 2 May 94 23:05:19 PDT Subject: Lobbying/Politics/etc. In-Reply-To: <9405021620.AA02316@internal.apple.com> Message-ID: <199405030604.XAA05362@nunki.usc.edu> You know.. I wonder with all this bickerig if in fact we CAN agree on the fact that we all are opposed to invasions of our privacy via governemnt surveillance techniques.. Can we agree on that issue? It seems to me that I have heard a consensus on this at least... One more thing- I recently completed a first ddrafty of a paper I am working on regarding computer curveillance, Clipper, etc- and the professor who read it asked me "What is the likelihood and what re the reaosns for the NSA and other governments agencies wanting to monitor the people?" I wasn't sure of exactly how to answer that! I mean- it seems to me that the governemnt wants to maintain its own power, and keep a watchful eye on those with opinions oppposite of their own. Any other reasons you all can think of? Hmm.. -- Jul "Can I be a social anarchist? " _______________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at usc.edu > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > >> > From ebrandt at jarthur.cs.hmc.edu Mon May 2 23:11:45 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Mon, 2 May 94 23:11:45 PDT Subject: Virtual Cash In-Reply-To: <199405030501.BAA21247@duke.bwh.harvard.edu> Message-ID: <9405030611.AA02555@toad.com> > Money has value because we agree it has value. As long as > noone is willing to give me a meal, a nights lodging, or 30 minutes > CPU time for some number of tacky tokens, they will be just that; The simple model: I offer to accept U.S. dollars and hand out tokens at a one-for-one rate. I also promise to redeem them at the same rate. Unfortunately, nobody would trust me, and they'd be smart not to. I'm not an established financial institution. Not only might I abscond with the money, I don't have the financial reserves to cover redemptions and still make money on a no-fees system. And I don't know the laws involved, so you might lose out when I get hauled off to jail. Poll: assuming you had a use for FedNote-backed 100%-reserve digicash, what service fee would you be willing to pay, and how much money would you be willing to leave in the hands of some random individual? Eli ebrandt at hmc.edu From eagle at deeptht.armory.com Mon May 2 23:43:18 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Mon, 2 May 94 23:43:18 PDT Subject: A distribution solution! In-Reply-To: <157@lassie.lassie.uucp> Message-ID: <9405022343.aa07409@deeptht.armory.com> > It is often stated that PGP is available on numerous Internet FTP sites and > many BBS's. The average person knows as much about FTP sites as they hear > on the evening news about the information superhighway. They may keep > financial books or maybe write books on their computer but they do not have > substantial online experiance and they may have a need for secure data > encryption or secure way to send data to a publisher, business partner etc. > not access these. How could people change this I wonder? The EFF infobot for Adam Gaffin's Big Dummies Guide is . It contains instructions on how to anonymous ftp. An up to date list of sites to fpt PGP from is available in the crypto section. > People talk about handing PGP or other crypto software out but there is a > substantial cost to the return of each disk. 1 disk=one user. In my opinion > the easy way to do it would be this: We made PGP 2.3a available at the Armory and even have the docs for those who need them. > They now know where and how to precisely find the stuff and what it does. > Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com What Jim said... -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From johnsonr at spot.Colorado.EDU Mon May 2 23:45:51 1994 From: johnsonr at spot.Colorado.EDU (Richard Johnson) Date: Mon, 2 May 94 23:45:51 PDT Subject: Lobbying/Politics/etc. In-Reply-To: Message-ID: <199405030645.AAA05067@spot.Colorado.EDU> From the keyboard of: Julietta > One more thing- I recently completed a first ddrafty of a paper I > am working on regarding computer curveillance, Clipper, etc- and the > professor who read it asked me "What is the likelihood and what re the > reaosns for the NSA and other governments agencies wanting to monitor the > people?" Must the NSA have an institutional reason? Perhaps they'll have concensus problems too. Never-the-less, if the monitoring capability is there, it will (100% chance) be used for things like the following: 0) Legitimate suspicion of a crime being committed, or suspicion of sensitive information being leaked to undesireable parties. 1) Fishing expedition surveillance of 'suspect' groups and individuals, where 'suspicion' comes from political affiliation, contacts with foreign nationals, and the like. Example: the Committee in Solidarity with the People of El Salvador, a left wing social activism group, had their offices searched, had their membership infiltrated, and their communications monitored by the FBI or some TLA. There was no evidence of any wrongdoing -- the perceived association with 'commies' was enough for someone opposed to their aims to begin the harrassment. 2) Obtaining 'dirt' on political opposition, or simply snooping on their plans. Witness our late former President, Richard Nixon and the Watergate break in. Some point to quotes he made that show he believed the president to be above the law. 3) Selling personal data for profit. Witness the crooked flunkies at the IRS and elsewhere that illegally sell information about you to private detectives, credit agencies, and the like. I am not convinced that the current Cripple/Crapstone escrow plan will prevent some crooked cop from selling the keys to a phone or computer, or data gained from an intercept that should no longer be continuing, after his or her agency has obtained the key to decipher a wiretap. The whole NSA, FBI, or the various military intelligence groups don't have to be in complete organizational agreement for such things to occur. All it takes is one person, or a group, with the means and motive. The total lack of respect for the 'loyal opposition' shown by certain higher-ups in the NSA gives me little faith in organizational checks and balances. It's best to not give anyone the power to make the walls of our houses transparent, to driftnet for whatever info they might catch. Richard From cdodhner at indirect.com Mon May 2 23:47:13 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Mon, 2 May 94 23:47:13 PDT Subject: Virtual Cash In-Reply-To: <9405030611.AA02555@toad.com> Message-ID: On Mon, 2 May 1994, Eli Brandt wrote: > Poll: assuming you had a use for FedNote-backed 100%-reserve digicash, > what service fee would you be willing to pay, and how much money > would you be willing to leave in the hands of some random individual? I would be willing to pay 5% upon receipt of the digicash, and possibly some smaller fee upon redemption. A random individual? None at all. However somebody with a good reputation I might trust initialy with amounts less than $500. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From unicorn at access.digex.net Mon May 2 23:50:42 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 2 May 94 23:50:42 PDT Subject: Digital Cash Message-ID: <199405030650.AA25513@access3.digex.net> So has anyone tried to solve the problem of double spending and the online requirement of digital cash? It seems digitial cash is really only digital "check" right now as it must be verified at the bank before it can be show to be "valid." Is there any way to take cash offline? Or is this merely the copy protection problem rehashed? -uni- (Dark) From lcottrell at popmail.ucsd.edu Tue May 3 00:08:19 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Tue, 3 May 94 00:08:19 PDT Subject: WSJ article on PGP Message-ID: <199405030708.AAA16422@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- I must say: I was somewhat stunned to see my name in the WSJ. I guess P.Z. has made use of the information he gathered. I wonder if the people mentioned were all the people who responded to Zimmerman's request for legitimate PGP users. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcYFxVVkk3dax7hlAQFp0wP+I2TloCk72yqO/hdrwZLv3DDpYlxWN2eY Q8Hea6YTwBSo5lTtZ3Jc/M6wRmOGIispftvaq3wdlnfm1Ul3yBBg1eIe5zkFNtm+ bi0oCIOkJkcCjsvsMttvXX4olF5jhV5JIfO7DYuNN7XfzWKPocr15WjrByqbF5fp fZs1LFHVKGE= =gcc0 -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From MIKEINGLE at delphi.com Tue May 3 00:19:42 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Tue, 3 May 94 00:19:42 PDT Subject: Attn DCF: Tacky Tokens for your protocol Message-ID: <01HBVYWPH8E08WY0W6@delphi.com> frissell at panix.com (Duncan Frissell) wrote: >In any case, I have developed a protocol that would allow the sale of >contraband with almost no risk to the seller and reduced risk to the >buyer. It's based on modern drop shipping techniques. I intend to >publish same when/if tobacco is criminalized. Let's get some net.commerce going. I'll pay you ten Tacky Tokens for a copy of this protocol. --- Mike From lassie!jim%lassie at netcom.com Tue May 3 00:40:26 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Tue, 3 May 94 00:40:26 PDT Subject: A distribution solution! (fwd) Message-ID: <165@lassie.lassie.uucp> > The EFF infobot for Adam Gaffin's Big Dummies Guide is >. It contains instructions on how to anonymous >ftp. An up to date list of sites to fpt PGP from is available in >the crypto section. > We made PGP 2.3a available at the Armory and even have the docs >for those who need them. This may be true, but the average computer user does not use Internet, know what an FTP is, know what a BOT is or know that PGP is even Available. For that mater they do not usualy use BBS's. For the use to spread they must be made aware by mediums that they are familiar with, namely the newspaper and then word of mouth. Nothing high tech there. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From cdodhner at indirect.com Tue May 3 01:13:51 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Tue, 3 May 94 01:13:51 PDT Subject: Digital Cash In-Reply-To: <199405030650.AA25513@access3.digex.net> Message-ID: In _Applied Cryptography_ by Bruce Schneier, he refers to a system proposed by Tatsuaki Okamoto and Kazuo Ohta that meets the following criteria: Independance. The security of the digital cash is not dependant on any physical location. The cash can be transfered through a computer network. Security. The digital cash cannot be coppied and reused. Privacy (untraceability). The privacy of the users is protected; no one can trace the relationship between users and their purchases. Off-Line Payment. When a user pays for a purchase with electronic cash, the protocall between the user and the merchant is executed off-line. Transferability. The digital cash can be transfered to other users. Divisability. A piece of digital cash in a given amount can be subdivided into pieces of cash in smaller amounts. The reference given for this paper is as follows: T. Okamoto and K. Ohta,"Universal Electronic Cash," Advances in Cryptology--CRYPTO '91 Proceedings, Berlin: Springer-Verlag, 1992, pp. 324-337 Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ On Tue, 3 May 1994, Black Unicorn wrote: > > So has anyone tried to solve the problem of double spending and > the online requirement of digital cash? > > It seems digitial cash is really only digital "check" right now as > it must be verified at the bank before it can be show to be "valid." > > Is there any way to take cash offline? Or is this merely the copy > protection problem rehashed? > > -uni- (Dark) > From edgar at spectrx.sbay.org Tue May 3 02:16:31 1994 From: edgar at spectrx.sbay.org (Edgar W. Swank) Date: Tue, 3 May 94 02:16:31 PDT Subject: Announcing SecureDrive 1.3d Message-ID: <47RqLc1w165w@spectrx.sbay.org> -----BEGIN PGP SIGNED MESSAGE----- This is to announce the availability of Version 1.3d of SecureDrive. SecureDrive Version 1.3d replaces version 1.3a. A prototype version 1.3b was sent to a few people for testing. To avoid confusion, I'm skipping 1.3b for "official" releases. Similarly, a version 1.3c was released a short time ago, which did not work with 2M13 as it claimed to do. Changes for 1.3d have added minimal new function. Rather I have sought to respond to problems brought to my attention. The main change is to support the 2M13 diskette formatter and some versions of MSDOS which were incompatible with previous versions of SecureDrive. See file BUGS13A.DOC for more detail of 1.3d changes. There is also the addition of an FPART utility designed to help you locate the physical partition parameters you can use with CRYPTDSK and LOGIN when use of the DOS disk letter fails. Releases 1.3, 1.3a, and 1.3d of Secure Drive are based on releases 1.0 and 1.1, mostly written by Mike Ingle and version 1.2, with significant new code by myself. The code which we wrote is not copyrighted, but the program contains GNU Copylefted code, and therefore may be freely distributed under the terms of the GNU General Public Licence. See file COPYING for legalese. SecureDrive provides strong encryption via the IDEA cypher (The same symmetrical cypher used by PGP) for your files on diskettes or up to four hard disk partitions. You encrypt your diskettes and/or HD partitions with CRYPTDSK. Then you can access the data by using LOGIN and SECTSR. This provides "on-the-fly" decryption (and re-encryption) as disk sectors are accessed by your applications. Entering LOGIN /C or powering off your PC clears the crypto keys from memory and your encrypted disks are "instantly" secure. Mike Ingle and I have different opinions on the distribution of SecureDrive. Under the GNU General License (copyleft) I do not need Mike's permission to distribute version 1.3d and I have not asked for same. My policy on distribution is in the version 1.3d doc: Exporting this program. Cryptography is export controlled, and sending this program outside the country may be illegal. Don't do it. The "author" of versions 1.2 and 1.3, Edgar Swank, says that the export ban should not prevent you from placing this program on public BBS's and anonymous FTP sites in the US and Canada. If individuals outside the US/Canada use the internet or international long distance to obtain copies of the program, THEY may be breaking US law. Any such foreign individuals should be aware that US law enforcement may legally (under US law) apprehend individuals who break US laws even if such individuals are not on or even have never been on US soil. Such apprehension may remove such individuals directly to US jurisdiction without benefit of extradition proceedings in such individuals' home country(ies). This has actually happened in at least two cases, Mexico -- suspect in murder of US drug agent, Panama -- Noriega -- indicted in absencia for drug smuggling. As is well known, after a small war with Panama, Noriega was brought to the USA, tried and convicted. He is now a guest of the US Government in a Florida prison. SecureDrive Version 1.3d is already available for download on the following public BBS's as SECDR13D.ZIP: Eagle's Nest (408)223-9821 Flying Dutchman (408)294-3065 Catacombs BBS (303)938-9654 It is also available from a mailserver in Texas. Send mail to Server at Star.Hou.TX.US with body text that looks like this get /files/public/secdr13d.zip quit This file is also available via FTP from csn.org and netcom.com csn.org:/mpj/I_will_not_export/crypto_???????/secdrv/secdr13d.zip (See csn.org:/mpj/README.MPJ for the ???????) and ftp.netcom.com:/pub/mpj/I_will_not_export/crypto_???????/secdrv/secdr13d.zip (See ftp.netcom.com:/pub/mpj/README.MPJ for the ???????) Here is the contents of SECDR13D.ZIP: Length Method Size Ratio Date Time CRC-32 Attr Name ------ ------ ----- ----- ---- ---- -------- ---- ---- 27510 DeflatX 8794 69% 04-22-94 08:45 a49121ce --w- SECTSR.ASM 152 Stored 152 0% 04-26-94 12:25 f2d087ce --w- SECTSR.SIG 152 Stored 152 0% 04-26-94 12:25 3ce76e9e --w- FPART.SIG 19664 DeflatX 4183 79% 11-19-93 21:42 22c2502c --w- CRYPT2.ASM 16900 DeflatX 4075 76% 04-22-94 02:52 f9e21e8f --w- CRYPTDSK.C 152 Stored 152 0% 04-26-94 12:25 cccac4e4 --w- LOGIN.SIG 152 Stored 152 0% 04-26-94 12:26 28fddfaf --w- CRYPTDSK.SIG 4346 DeflatX 1717 61% 04-21-94 01:21 6694a18a --w- FPART.C 14942 DeflatX 3872 75% 04-21-94 01:19 a2053a85 --w- LOGIN.C 1463 DeflatX 549 63% 04-24-94 20:05 8d468891 --w- MAKEFILE 11557 DeflatX 3277 72% 05-09-93 19:38 e71f3eea --w- MD5.C 3407 DeflatX 1097 68% 05-11-93 12:49 f1f58517 --w- MD5.H 1355 DeflatX 629 54% 01-21-94 08:44 db63ade4 --w- RLDBIOS.ASM 11028 DeflatX 2932 74% 04-21-94 01:17 c847eebd --w- SDCOMMON.C 3182 DeflatX 972 70% 04-21-94 01:15 f899b74c --w- SECDRV.H 7669 DeflatX 2640 66% 03-02-94 19:10 3372f29f --w- SETENV.ASM 1254 DeflatX 541 57% 05-09-93 19:39 182978aa --w- USUALS.H 1152 DeflatX 586 50% 01-30-94 10:15 e44c593f --w- BUGS13.DOC 9042 DeflatX 3638 60% 04-24-94 20:22 c9333265 --w- BUGS13A.DOC 63151 DeflatX 18313 72% 04-26-94 03:01 24ca58ad --w- SECDRV.DOC 2000 DeflatX 1323 34% 04-24-94 20:06 4e9b3815 --w- SECTSR.COM 35402 DeflatX 16710 53% 04-24-94 20:06 e4e9a544 --w- CRYPTDSK.EXE 15452 DeflatX 9798 37% 04-24-94 20:06 2a8cbf0c --w- FPART.EXE 35682 DeflatX 16620 54% 04-24-94 20:06 e9de6565 --w- LOGIN.EXE 277 DeflatX 249 11% 04-24-94 20:10 e3ea295a --w- FILE_ID.DIZ 33 Stored 33 0% 07-16-93 06:09 aa6151a5 --w- M.BAT 3163 DeflatX 2073 35% 04-18-94 00:02 56aea417 --w- KEY.ASC 18321 DeflatX 6914 63% 06-14-93 22:27 0767480b --w- COPYING ------ ------ --- ------- 308560 112143 64% 28 Also note that the ZIP file contains PGP detached signatures (*.SIG) for the executable files. Finally here is my public key, also available on many public keyservers; note who has signed it. Type bits/keyID Date User ID pub 1024/87C0C7 1992/10/17 Edgar W. Swank sig B707C5 Anton Sherwood sig DD98D9 Vesselin V. Bontchev sig D74DC1 Peter Simons sig 87C0C7 Edgar W. Swank Edgar W. Swank sig 45BF5D Jeremy S. Anderson sig B707C5 Anton Sherwood sig AF00E5 David Del Torto sig DD98D9 Vesselin V. Bontchev sig 67F70B Philip R. Zimmermann - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf 9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2 hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR tCdFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYmF5Lm9yZz6JAJQCBRAt qP0vGDOhZQi3B8UBAR3LA/YtKNne0Nq7Bv4kUcGqcRikGxz8YEFwgejC1TQxGt3P 6Z4PK9jwPXDnkXMMdsWP18TbmaO5R1zaf4+ccGIaKKvskwSSC/A2alvfUE/PnNOb 8OzNVAhKcuzU9XsZDM6FUf2N4ymyGuF9bV9Wa3ZqKM8VtE9w8AnAme3UdunmV5cd iQCVAgUQLZsPrjZWl8Yy3ZjZAQFCygP+MKnTJ9hggKQKvuZCU/oiZi71XjWY9CVY 1rKRg3HftXIwivV1lUwE1bUQH1mw7pKCdsDczbs+4G6lRx3K1e573ELdylLMVkcm oURJJXO+T7VwZtDyqa+UzUzNifyqpdvBl0EMi/jx2sEw0FRPMmwj4/llICuandaP 9kD8Z2+BAJmJAJUCBRAtmxqwD0cvWzTXTcEBAYSwA/971qA7uJrM+GAPAXJ37qLy NAKQy+XpEruOOwcl4CHKjUXuKA7Rnb66l7yYacro+be71Qxrc4EBNI1PB+rvjnKY 9ZwZTly9+gwEkmibixKwcjQs6k2hlcmuVhsZitpvqSkulFSF4rRdrRsayrvj3ad6 5L96Dx01lYBU+Xhkb3ySCokAlQIFEC2Y9KneJzX92ofAxwEBa0MD/jnlR68ZTc4Q vksX7bcyFAt4PlQC7jOoL/G/nMsZdLZZMIuh/RvKpj4fZ69qaUGUeYx1Ibm37HpP 0BovPFMDn7kT3YfmQ5f61OJDHF73WBk/XJTi4815nCzO8vb/BeJhS7DbbxTdqli7 Kp3uoVCOxBZ9nmv/Lo3Zu3qDZau7fAsrtClFZGdhciBXLiBTd2FuayA8ZWRnYXJA c3BlY3RyeC5zYWlnb24uY29tPokAlQIFECwAALo04ip/MkW/XQEBmNQD/0jUVqT0 LMoVvw7Zz2FXyWrdBn6bRlyGxeqQWhigDXRipZ824/fHbA2vkbAczEayw8ZpwRVm hWNsxxWhjYFIi92KYJbAP/XIbr+rEuTIhPKKKKhuuGLUWhfXhCFluHjs3CA6ZQwn T4jnu1NlCkcnWLbL4ktqub2zLwrHCPUe31L1iQCUAgUQK9Y50xgzoWUItwfFAQHP rAPzBbf6lQyzwbUwdxayzLDoh3HygnunLooi+yzziEVQchOgSt3sLe2I108DLxTg p+26lJYTAZB+Gg8HGyB+Nz6263D0XlVUXQi9/7CSRyd8bhYFeuFPwFzHPWZlyLDA IsuaEfBsmp2DBLgffvhUCqiiWYmP9oa+rOA+5IHS+xN8tIkAlQIFECuXMhOhwThf Sq8A5QEBqF0D/itGhJWncb4qLTC+RwC+mfC3u9IRikddKTKgLwt0Cqz1t+3k0NM7 KSDDkfWoUbUOiqTqhHTLFjST3V5WgFVyUtYNv3iw07cmMcko79B04OKTkOmZcSdC EF8uW6O5iQK0mOgG/X5B0iaee/1o2J0a4sCd429n5Q02p8TchFKHM3DciQCVAgUQ K2PmLDZWl8Yy3ZjZAQEMRgP/aIwyaXrl4Vo1as0/tptiHxBbf4yePKXkI2kCMaTF 6OYibidkqpQc3kO4bOkkOey1HBvPp1pcrXldygzWbyC6G7pTMjAez36FsoTqKdML PgLSYTnk9Ka8X96ON7GcbOyIWm4WeM3+xGtIdznt+U4hRYEJkPweLPPdpgHGa/An zreJAJUCBRArERcc4nXeDv9n9wsBAbJiA/9qly/1XYxscWBTSGXQPgwuoaMFF5R8 OujFAKyCxNv/SevVb3KW0Eypg+APtOEsB/avEg81sbIPtVQDbstPBBNLqfaZu2Qc 68ZBXDsnYbBMDrfX0Z/RCd7QzWHtUlaMVfRXOO6H+eTpu3Eza5MtIXadSwNd7n/0 3ld56wWGttc2sw== =ka+m - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcWFSt4nNf3ah8DHAQEA1wP+OBj5DcYT3E4dwP5o28i3q5BhALLUCpNK iBF1e1u8G6Udk6Bi/n/vo5bX81yrxDpS+vmfAkN+EEQk/aGF6cvizCbG+ZfxSUkJ 8GbnOkkY68on1qOJcJcj8ONEYsAUmhnGLPzmyqM2DmHkFnkynN2Wv6uFCKIw0o36 zEaKlZ9gNlY= =XLdo -----END PGP SIGNATURE----- -- edgar at spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From edgar at spectrx.sbay.org Tue May 3 02:16:56 1994 From: edgar at spectrx.sbay.org (Edgar W. Swank) Date: Tue, 3 May 94 02:16:56 PDT Subject: Secure Drive is now obsolete NOT Message-ID: -----BEGIN PGP SIGNED MESSAGE----- My commendations to the authors of the new Secure Device program. However, with due respect to Mike, Secure Device does -not- make SecureDrive obsolete, at least not yet. Certainly there is -no- reason for anyone who has already installed SecureDrive to switch to SecureDevice. You've already partitioned your hard disk, so you won't get the main benefit of SDev. Although SDev has some bells & whistles of it's own, it doesn't have (yet?) the ability to use/set PGPPASS that I added to SecureDrive, or the ability to automatically try the hard disk key on diskettes (but these would be easy to add). There are some other tradeoffs between SecureDrive and Sdev. SDev's device driver architecture makes it more compatible with odd hardware configureations, multiple hard drives, etc., since all encrypted "volumes" are mapped to DOS files. OTOH, this same architecture can waste disk space, especially in cases where SDev encrypted "volumes" occupy most or all of a DOS diskette or HD partition. The "outer" FAT and directory in this case are almost completely wasted. SDev's device driver also takes about 50% more memory than SECTSR. OTOH, Sdev's encrypted volumes are safer from accidental writing if the device driver is not loaded, since they're mapped to read-only DOS files. SDev may be a little more secure then SDrv. SDev's checkword to verify the password is encrypted, while SDrv's is in plaintext. SDev gets this benefit because encrypted "volumes" have their own encrypted boot record. Someone has pointed out that the plaintext checkword could be used to assist a pre-computed dictionary attack on marginally weak passphrases. Another advantage of SDev is that it was developed outside the USA and so is available world-wide without violating ITAR. SDrv has "leaked" overseas to some individuals, but is not, AFIK, being openly distributed there. SDev "volumes" always start out encrypted and empty. You can't take an existing partition or diskette and encrypt it (or decrypt it). This may be less convenient especially if disk space is scarce. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcWpNN4nNf3ah8DHAQH/QwP9H5hTdPFtDBd1hfRDHbz9YpO5CTz/aKo3 /pgbPN3EFKVKGUFPHxnDa1J0J5PWvAezmUiArNdo18Lly0Hu6M3iEGasv06tnbwg vcyzuFPCO5jd02GwTPVldIRol2lTlGcNAVfz209YYP6xSfTKcksWxI6JMSSCCeqK fJ2QS7qcKO4= =7Idd -----END PGP SIGNATURE----- -- edgar at spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From nelson at crynwr.com Tue May 3 04:05:46 1994 From: nelson at crynwr.com (Russell Nelson) Date: Tue, 3 May 94 04:05:46 PDT Subject: the value of money In-Reply-To: <199405022055.NAA29272@jobe.shell.portal.com> Message-ID: Date: Mon, 2 May 1994 13:55:34 -0700 From: Hal Why don't we brainstorm a bit to see if we could come up with a way to take this digital cash software and do something useful and interesting with it. It seems like too good an opportunity to just let it sit there and do nothing. I know there has been some abstract discussion about cash systems in the past, but now we have something concrete and we should be to discuss it more specifically. There have been several private-currancies in the recent past. One of them was written up in Utne Reader, quoting the Whole Earth Review. I've got the information squirreled away somewhere. That one was interesting because it had a zero-sum money supply. There was no scrip -- all trades were registered with a central authority. If I traded a thing of value to you, my balance went up and yours went down. Debt was repudiatable only by leaving the system, and your balance and trading rate was explicitly public information. No one could be forced to trade with anyone else, and trading with someone (or not) based on their balance and trading rate was encouraged. Inflation was not a problem because the money supply remained at zero. The most telling remark from the originator (a Canadian) was that the system worked best when you had someone with deep pockets who was willing to run up a big positive balance by trading away things of value for the private currancy. So to get digital cash going, (IMHO) we need someone willing to risk a bunch of bucks to get people in debt to the system. Maybe someone with some spare cash could print up a hundred Digital Cash T-shirts (maybe a bit-mapped image of Johnny Cash? :) worth, say, $7, and sell them for $10 bucks in digital cash. The profit that would (eventually, hopefully) bring would be their return on their risk. There are other schemes that would work. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. en $729, as the money makes it's way through the economy. Right. Banks have to balance liquidity against uncertainty. So the money went around, and around, growing and growing, until it slowly became worthless. The only thing that keeps money growth in check is market discipline and faith. The whole house of cards doesn't come tumbling down, because Alice has faith that she has $1000. In reality the emperor has no clothes. In reality Alice's investment is nowhere near as liquid as she thought it was. Hers is only liquid if no one else's is. No, most major currencies are not on the Gold Standard. They float purely in relation to other currencies. So what gives money it's value? Purely, the loans which back it up. This is why it is practically impossible to stop, eco-disasters from continuing. If the countries that have "borrowed" this money default, the whole thing collapses. It collapses everywhere, simultaneously. Well, no. As long as banks can keep collecting and paying interest and *some* of the principal, they're mostly okay. They can rebuild the lost principal through lower profits. The place where the "faith" comes in is the confidence investors have that their investment in the bank is as liquid as they thought it was when they made it. Now we get to the problem with digital money. It's a stand alone system with no "faith" in it and with no growth built in. Faith is the only thing that keeps things working, that and legislating paper as legal tender, so people are forced to accept it. Not really, not at all. I can start issuing my own wealth receipts (digitally or not) as long as I can show people that I actually have the wealth that I'm issuing the receipts for. And yes, I'm subject to keeping a reserve, otherwise how would people trust me? Obviously, legislating digital money as legal tender is outside our power. Putting growth into the system without destroying faith is also very difficult. The only logical step is to make digital money repesent something. It must be convertable into something that people already have faith in. Otherwise I fear, that digital money may not fly. In the end, you have the right of it. Digital cash must be convertible to be accepted. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From perry at snark.imsi.com Tue May 3 04:18:03 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 3 May 94 04:18:03 PDT Subject: Virtual Cash In-Reply-To: <9405030246.AA01186@paycheck.cygnus.com> Message-ID: <9405031117.AA28127@snark.imsi.com> "Mark W. Eichin" says: > (In spite of perry's objections, the economic discussions *are* > relevant here... many readers seem to not understand the complexities > of money systems, without which *using* e-cash won't be practical, so > we need some major cross-breeding here.) In the context of digicash, economic discussions are relevant. However, I think that general questions on subjects like "is the Fed a conspiracy by the Bavarian Illuminati" and the like are probably not. The differences between free banking and central banking are likewise difficult to explain -- it would overwhelm this list to discuss them. We could discuss nothing else all day for weeks. Anyway, the real reason none of the test e-cash systems here have taken off is multifold. 1) The market is illiquid. 2) The currency is difficult to use -- more difficult to use than alternatives. 3) There is nothing of value to trade for. (I wouldn't take many of the offered items for free, so why would I spend time trying to figure out the digicash system to get them.) Basically, you need a commodity to be widely recognised as having value and widely tradeable for goods and services, or easily converted into something you can trade, before it can be used as money. Something people have to remember is that digital cash is not money -- its more like "digital anonymous bank drafts". Just as a check can be USED for money but is in fact a way of TRANSFERING money, so digicash isn't in and of itself the source of value -- its a bookkeeping system for something that is. That something could be dollars, gold, cocaine futures contracts on the Bogota Commodity Exchange, girl scout cookies, or anything else people decide is a good medium of exchange. The choice of medium largely depends on what people want to trade with. Right now, for whatever reason, thats generally dollars. The savvy digital banker, therefore, will likely set up shop to allow people to move dollars around. Even this will not guarantee success, unless the system becomes quite widely deployed. Of course, the incentives to do that come from the payoffs you would get for doing so in the free market. That also likely means that digital cash systems will involve fees -- either on the purchase of digital cash the way Travellers Checks are handled, or in some other similar manner. Perry From jthomas at access.digex.net Tue May 3 05:31:09 1994 From: jthomas at access.digex.net (Joe Thomas) Date: Tue, 3 May 94 05:31:09 PDT Subject: Virtual Cash In-Reply-To: Message-ID: On Mon, 2 May 1994, Christian D. Odhner wrote: > On Mon, 2 May 1994, Eli Brandt wrote: > > Poll: assuming you had a use for FedNote-backed 100%-reserve digicash, > > what service fee would you be willing to pay, and how much money > > would you be willing to leave in the hands of some random individual? > > I would be willing to pay 5% upon receipt of the digicash, and possibly Sounds reasonable to me. There are plenty of ~$100 transactions for which a $5 fee for anonymity would be reasonable. I don't think I'd trust someone known only by net-rep with much more that... Joe From julf at util.eunet.fi Tue May 3 05:37:00 1994 From: julf at util.eunet.fi (Johan Helsingius) Date: Tue, 3 May 94 05:37:00 PDT Subject: A message to decision-makers Message-ID: <199405031226.PAA09775@util.eunet.fi> I have been contacted by somebody editing a book about how telecommunications are changing the world and our society. To give an example of the kind of stuff they are going to have in the book, there's going to be something by Ross Perot on teledemocracy etc... They asked me to help them in getting "messages from young people around the world, messages directed to the decision-makers, containing views about the significance of telecommunications and the change in perspective that telecommunications cause". So, if you want to have your point of view presented in the book, please send me a shortish note (in English), along with your name (or pseudonym), age and state/country. The deadline is Friday morning. Julf From jthomas at access.digex.net Tue May 3 05:42:04 1994 From: jthomas at access.digex.net (Joe Thomas) Date: Tue, 3 May 94 05:42:04 PDT Subject: Digital Cash In-Reply-To: <199405030650.AA25513@access3.digex.net> Message-ID: On Tue, 3 May 1994, Black Unicorn wrote: > So has anyone tried to solve the problem of double spending and > the online requirement of digital cash? Sure. Stay jacked-in full time. Seriously, communications costs are dropping so fast, I'm not sure why you'd put much effort into designing a bulletproof offline system. Even with today's technology, a shopkeeper could just have a $17.50/mo. Netcom account and run his Magic Money client whenever someone wanted to pay with bits. Certainly no more expensive than a credit card Verifone. But this question comes up often enough that I'm afraid I'm missing something. Why would offline systems be more useful? Joe From eagle at deeptht.armory.com Tue May 3 06:10:52 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 3 May 94 06:10:52 PDT Subject: Digital Cash In-Reply-To: Message-ID: <9405030610.aa22247@deeptht.armory.com> > > But this question comes up often enough that I'm afraid I'm missing > something. Why would offline systems be more useful? Anonymity. Digital Cash, in theory, works like Federal Reserve Notes. Financial transactions can be carried out between individuals with out a bank as an intermediary. Therefore, there is no record of the transaction. One doesn't have to smear one's fingerprints all over cyberspace to buy a used bicycle for their child or pay off a Super Bowl bet. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From perry at snark.imsi.com Tue May 3 06:19:54 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 3 May 94 06:19:54 PDT Subject: Digital Cash In-Reply-To: <9405030610.aa22247@deeptht.armory.com> Message-ID: <9405031319.AA28418@snark.imsi.com> Jeff Davis says: > > > > But this question comes up often enough that I'm afraid I'm missing > > something. Why would offline systems be more useful? > > Anonymity. Online systems are also guaranteed anonymous. The whole point of offline transactions is just to eliminate the need to be online, which can be inconvenient -- as an example, if you are trying to buy something on a streetcorner or otherwise away from telecom. In the future, this will not be so much of a problem. For the moment its quite interesting. Perry From vkisosza at acs.ucalgary.ca Tue May 3 06:27:26 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Tue, 3 May 94 06:27:26 PDT Subject: Virtual Cash In-Reply-To: <9405030542.AA28008@ah.com> Message-ID: <9405031329.AA44821@acs5.acs.ucalgary.ca> Eric Hughes wrote: > >[...] but noone (as far as I've > >seen) has come up with an "economic model" within which they could use > >them. > > Denominate digital money in dollars in a demand deposit account in a > US bank. > > Why reinvent the wheel, or, in this case, the unit of value? Exactly, digital money must be fungible, with some other unit of value. But limiting it to USD, is not the way to go. Individuals should be able to pick and choose which currency they want their digital money to represent. U.S. banks are problematic. They tend to be unstable. I propose the following banks which currently have a AA rating or better: Alegemene Bank Netherland Credit Suisse Swiss Bank Corp Barclays Bank Union Bank of Switzerland J.P. Morgan The legal structure is also quite elementary and so is the software. (Although I don't profess to be a software expert.) I'll put the software issue aside for a moment, and concentrate on the structural part of the system. The appropriate structure is an "investment club" which in point of fact is a private mutual fund. The club has a trustee, I'd suggest an account run by either by a trust company or by a lawyer. The lawyer receives the funds in her trust account, and signs and acknowledges each receipt. She then invests the funds into deposits at approved institutions, or in Government guaranteed securities. In essence, it's no different than a money market fund. The fund itself is purely an international partnership, domiciled as a Liechtensteinian Anstalt. An anstalt has unique characteristics in that it is both a private foundation and a corporation, and receives unique legal treatment. I'll leave the discussion here, since the complexities are quite voluminous and move on to the software. The mm package, provides a jumping point. Of course it's the server module which should be used by the client. Each client uses the server to "create" their money. The money is then sent to the trustee, who upon receipt of funds in her trust account signs each unit of money. The coins can then be exchanged, as in the mm package. Now, if someone wants to redeem the coins, back into currency, they send the coins to the trustee with a request that funds be paid according to instructions with the signed coins. The trustee can then send appropriate amount of funds wherever the instructions call for. Faith in the system builds as coins can either be accepted by an individual or can be converted by the individual into what actually backs up the system, cash. All the trusttee has to do is differentiate between a message which is transferring coins, and a message which is redeeming coins. Easy as pie. A message which is transferring coins simply signs the new coins and removes the old coins from the list. A message redeeming coins, removes the coins from the list, and sends funds to the appropriate individual. From smb at research.att.com Tue May 3 06:39:15 1994 From: smb at research.att.com (smb at research.att.com) Date: Tue, 3 May 94 06:39:15 PDT Subject: Digital Cash Message-ID: <9405031339.AA07761@toad.com> Online systems are also guaranteed anonymous. Well, maybe, though traffic analysis may be a problem. I did hear of an interesting case of people paying for privacy in the real world. In Hong Kong, the Aberdeen tunnel has drive-through smart card readers for tolls. The problem is, these cards don't use a privacy- protecting protocol. And many folks there are worried about what will happen come 1997. So there's now a resale market -- stores buy toll cards in quantity, and resell them over the counter, for cash. This underscores what I've said in the past about anonymous digital cash: it's not going to go anywhere unless folks are willing to pay a premium for privacy. There are too many sound reasons for keeping audit trails (debugging, fraud detection, marketing analysis, etc. -- and note that the first is an issue even for folks with the best intentions in the word; note how many remailer operators have kept logs, at least for a while); unless there's a profit motive in doing otherwise, most folks won't. In Hong Kong, the threat is not just real and imminent, it's *perceived* as such. Whether or not there is a real threat in, say, the U.S. (let's please not debate that!), there's much less perception of one. From jims at Central.KeyWest.MPGN.COM Tue May 3 07:00:04 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Tue, 3 May 94 07:00:04 PDT Subject: Chimerically Misquoted In-Reply-To: <9405022051.aa27789@deeptht.armory.com> Message-ID: <9405031359.AA03691@Central.KeyWest.MPGN.COM> > > From: "Jim Sewell" > > The term Cypherpunks is amorphous, thus subject to use and abuse > by the masses. When people like Jeff Davis and Phill Zimmermann ^^^^^^^^^^^ People like was meant to be taken as "High visibility". Saying that people like Joe say "Coke is it" is not a misquote, even if Joe never said the word 'Coke'. No disrespect was meant... I admire your willingness to get involved. (Even if some people think otherwise). Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From ecarp at netcom.com Tue May 3 07:05:44 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 3 May 94 07:05:44 PDT Subject: WSJ article on PGP In-Reply-To: <199405030708.AAA16422@ucsd.edu> Message-ID: On Tue, 3 May 1994, Lance Cottrell wrote: > I must say: I was somewhat stunned to see my name in the WSJ. I guess P.Z. > has made use of the information he gathered. I wonder if the people > mentioned were all the people who responded to Zimmerman's request for > legitimate PGP users. No, I had sent stuff to Phil, and didn't get *my* name mentioned in the WSJ... ;) From vkisosza at acs.ucalgary.ca Tue May 3 07:13:40 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Tue, 3 May 94 07:13:40 PDT Subject: The American money capture In-Reply-To: Message-ID: <9405031416.AA24171@acs5.acs.ucalgary.ca> Russell Nelson wrote: > > Would it be too complex and lengthy an explanation to provide to say > > how the money supply is decided in the first place; that is, how an > > appropriate amount of it is calculated initially? Is this in reference > > to the gold or other backing which gives each dollar its monetary value? > > Money supply is an arbitrary thing. We could have a money supply of > one dollar (and billionth cent coins) if we wanted. The Fed > supposedly *tries* to print up new money when new wealth is created, > so that the dollar stays at about the same level. If they didn't, > then cash would constantly increase in value, reflecting the new > wealth creation. Sorry, but cash in circulation is a very small, infinitesimally small portion of "money supply". No one in the system really has faith in M-1, M-2, and M-3 anymore, simply because they do not reflect reality. > In it's simplest form money is simply debits and credits kept on > certain ledgers. Let me present the most simple example. Alice > has a supply of money. Let's say a $1000. She deposits this in > her favourite bank. The bank then lends the money to Bob. Alice > has $1000, and now Bob has $1000. The supply of money is now > $2000. > > Nope. Alice can't spend her money. She's renting it to the bank. Sure she can, especially if she's depositted the money in a demand account. Let me simplify some more. Alice deposits her $1000, she then wirtes a check for a $1,000 and deposits it to her business account. She then writes a check on here business account and deposits it in another account, and so on, until she finally writes a check back to herself to cover her original check. Throughout the process, she has created money. Money which she can use to collect interest. This is known a s kiting and is illegal if an individual does it since they can use the created money to earn interest. As long as institutions keep accepting Alice's checks, she's creating money which she can use. > Central banks try to limit growth by using interest rates to > reduce the demand for money, and by requiring banks to post > reserves with their central bank on their deposits. > > Banks would have to do this anyway, because they have to deal with > people coming to get "their" money. They have to keep a certain > amount of liquidity. The term for that is "reserve", but it just > means very liquid investments, e.g. cash. Try a very simple experiment with your local bank. Go in unannounced and attempt to make a very large cash withdrawl. They will do everything in their power to give you a draft and not cash, since there usually is not enough cash on hand. Also call your local bank, and ask for foreign exchange. Get a buy/sell rate on sterling cash and sterling drafts. You'll be surprised to find that your sterling cash is worth less than a sterling draft. Generally, this is because cash is awkward. > So if Alice deposits $1000, and there's a reserve rate of 10%, > then only $900 can be lent, and then $810, and then $729, as the > money makes it's way through the economy. > > Right. Banks have to balance liquidity against uncertainty. > So the money went around, and around, growing and growing, until > it slowly became worthless. The only thing that keeps money > growth in check is market discipline and faith. The whole house > of cards doesn't come tumbling down, because Alice has faith that > she has $1000. In reality the emperor has no clothes. > > In reality Alice's investment is nowhere near as liquid as she thought > it was. Hers is only liquid if no one else's is. Eaxactly, most financial institutions tend to "borrow" from their customers (Depositors) on the very short term, and lend on the long term. So if all the Alice's wanted their money at once, the money would not be there. The problem in international banking was and continues to be Jumbo loans ($1,000,000,000+) which are generally syndicated. These loans when they went into default, or the risk of default trigger cross-default provisions in loan agreements which makes all loans to that borrower non-performing. Unfortunately, many institutions had a substantial amount of their capital and reserves, lent to single borrowers, so a default would make them bankrupt as opposed to insolvent. > No, most major currencies are not on the Gold Standard. They > float purely in relation to other currencies. So what gives > money it's value? Purely, the loans which back it up. This is > why it is practically impossible to stop, eco-disasters from > continuing. If the countries that have "borrowed" this money > default, the whole thing collapses. It collapses everywhere, > simultaneously. > > Well, no. As long as banks can keep collecting and paying interest > and *some* of the principal, they're mostly okay. They can rebuild > the lost principal through lower profits. The place where the "faith" > comes in is the confidence investors have that their investment in the > bank is as liquid as they thought it was when they made it. Yes, except the way banks collect interest on Jumbos is simply to lend them more money, so they can pay the interest. Look at the U.S. The entire nation simply keeps borrowing money to pay the interest on the money they borrowed. This gets added to the principal and the amount of the debt compounds. This means that next year, more money is owed, and so more money has to be borrowed to pay the interest on the money which was borrowed before. Not a pretty sight. Here in Canada, our Government actually has an operating surplus on it's program spending. But the interest costs on our accumulated debt, keep piling up, each year taking an ever greater chunk out of revenues. Now, we are cutting health care, deindexing pensions, closing schools, closing hospitals, doing whatever we can to keep our heads above water. All to pay the interest on our debt, which keeps growing and growing. > Now we get to the problem with digital money. It's a stand alone > system with no "faith" in it and with no growth built in. Faith > is the only thing that keeps things working, that and legislating > paper as legal tender, so people are forced to accept it. > > Not really, not at all. I can start issuing my own wealth receipts > (digitally or not) as long as I can show people that I actually have > the wealth that I'm issuing the receipts for. And yes, I'm subject to > keeping a reserve, otherwise how would people trust me? The trust issue is fungible. If you trust Yankee greenbacks, and my receipts rank pari-pasu, with them, then you trust my receipts. No reserve is necessary, because I don't make loans. And since I don't make loans, and don't pay interest, I'm not a bank subject to banking regulations. All I am is a trustee. > Obviously, legislating digital money as legal tender is outside > our power. Putting growth into the system without destroying > faith is also very difficult. The only logical step is to make > digital money repesent something. It must be convertable into > something that people already have faith in. Otherwise I fear, > that digital money may not fly. > > In the end, you have the right of it. Digital cash must be > convertible to be accepted. Exactly, except convertible to what? Do you want Swiss Francs? Yen? Sterling? Canadian? Australian? Gold? Oil? It depends on what you're going to use the cash for. My view is that it is up to the client to decide how they want their funds held. Personally, I have a Canadian Dollar account, which I use for my day to day purchases, and I keep a US Dollar account for when I travel south of the border. I also keep an account in Schillings. From jims at Central.KeyWest.MPGN.COM Tue May 3 07:17:57 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Tue, 3 May 94 07:17:57 PDT Subject: Announcement RE: Lobbying... In-Reply-To: <199405030604.XAA05362@nunki.usc.edu> Message-ID: <9405031417.AA03772@Central.KeyWest.MPGN.COM> > > You know.. I wonder with all this bickerig if in fact we CAN agree on the > fact that we all are opposed to invasions of our privacy via governemnt > surveillance techniques.. Can we agree on that issue? It seems to me that I > have heard a consensus on this at least... You know, she is right. I have gotten about equal amounts of mail for and against the idea of a list and the idea for a "Guide to Cypherpunks" if you will. Each were fanatically stated with few exceptions. Each was unmovable on their opinions. It is with this that I make the following statement: I will not construct a list or attempt to construct a document to tell the world what this group is. I fully support the creation of such items but do not have the patience nor, due to a situation at work, the time to wade thru tons of mail and wade thru the flames I've gotten on just an initial query. If anyone else would like to adopt this project, please contact me so I can give you my information. I will not give out the names of those who have responded to me for privacy reasons. If you wish to do this, please ask again and I'm sure the ones who responded previously will do so again if your effort is a serious one. I do want to remind those who were afraid of having their names on a list that there is a 90% chance that someone in the NSA, FBI, etc has done a whois to majordomo and already has your email name which is all that I'd suggested in the first place. I will continue to do my part to try to influence the running of this country. I am not kicking back with a beer and cigar and saying that we can do nothing and I hope it all works out. We must run our own country or our country will run us. Good luck to all and no ill will. (This list is too emotional sometimes due to the topics covered. They are beliefs and not opinions and a belief can not be changed by another person like an opinion can.) Anyway, take care Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From talon57 at well.sf.ca.us Tue May 3 07:26:48 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 3 May 94 07:26:48 PDT Subject: list active? Message-ID: <199405031417.HAA15930@well.sf.ca.us> Hey, no messages! Did the NSA take us out? Brian Williams From sandfort at crl.com Tue May 3 08:59:59 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 May 94 08:59:59 PDT Subject: Security Consult. Needed In-Reply-To: <01HBVBIMU3XU8WZHFU@VAX1.UMKC.EDU> Message-ID: C'punks, On Mon, 2 May 1994 PMARKS at VAX1.UMKC.EDU (my alma mater) wrote: > . . . > You [Duncan Frissell] are absolutely correct! . . . It is time for > cryptographic experts to be recognized as the true professionals they > are and proudly join the ranks of other professionals who represent > thieves, extortionists, junkies, drug dealers, embezzelers, etc. > > Oh yes, I almost forgot. Once Clipper is the law of the land, Congressmen > will no doubt want to keep their private files safe from the snooping eyes > of their political enemies. So they will need crypto-consultants to find > "creative ways" to work around the very regulations they stood by and > permitted to go into effect. . . . > Who will be laughing then? I, for one. If strong crypto becomes wide-spread, I'll be happy. If that means that politicos, publicans and other low-lifes have it too, so be it. One must take the bad with the good. Like it or not, that's the way life works. Deal with it. S a n d y From sandfort at crl.com Tue May 3 09:19:01 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 May 94 09:19:01 PDT Subject: The American money capture In-Reply-To: Message-ID: C'punks, On Mon, 2 May 1994, Wayne Q Jones wrote: > The money supply dwindled 1: by the accumulation of capital in the hands > of a few 2: the immediate fiscal policy of the govt which also sucked money > out of the economy.... Wrong. Wayne's "1:" explanation is pure Scrooge McDuck thinking. The "few" do not "accumulate" capital in the sense Wayne fears (i.e., in Scrooge McDuck's undergroung vault). They collect it, spend it, invest it, deposit it in the bank, whatever; but it still keeps circulating. If anything, such activity expands the money supply. I'm not sure I (nor Wayne) know what he actually meant by his #"2:" assertion. Perhaps he will elucidate. S a n d y From frissell at panix.com Tue May 3 09:19:31 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 3 May 94 09:19:31 PDT Subject: Digital Cash In-Reply-To: <9405031339.AA07761@toad.com> Message-ID: On Tue, 3 May 1994 smb at research.att.com wrote: > This underscores what I've said in the past about anonymous digital > cash: it's not going to go anywhere unless folks are willing to pay > a premium for privacy. There are too many sound reasons for keeping > audit trails (debugging, fraud detection, marketing analysis, etc. -- Something overlooked in the real world that encourages the maintenance of private payment systems (cash) is th existence of a large number of people with bad credit. About 20% of the US population has neither credit cards nor checking accounts. Some of this is because of personal preference but a lot of it is because these people can't handle something as abstract as a checking account without wrecking it. They *need* cash which will enable them to use the simple budget process of adjusting to declining balances. Thus, we see the recently introduced computer phonecards which you can use to buy long distance phone service in advance for cash. No hassles with telephone account which tend to require a fixed address in any case. Note also the popularity of secured credit cards which are now issued by a score of financial institutions. There will continue to be a big market for "cash" to serve this market. DCF "If I had recently proposed to increase the American people's taxes by $600,000,000,000 a year, *I* wouldn't want them to have assault rifles either." - DCF Note - Last October, William Jefferson Blythe Clinton proposed to increase our taxes by $600,000,000,000 a year or so. From wcs at anchor.ho.att.com Tue May 3 09:30:25 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 May 94 09:30:25 PDT Subject: Digital Cash Message-ID: <9405031629.AA18364@anchor.ho.att.com> Black Unicorn writes: > So has anyone tried to solve the problem of double spending and > the online requirement of digital cash? > Is there any way to take cash offline? Or is this merely the copy > protection problem rehashed? Double spending is one of the main problems digicash systems try to solve, since digicash can obviously be copied easily. Online systems make the double-spending relatively easy to prevent, but, besides inconveniences, the online transaction has a transaction cost that may make the system unusable (e.g. a 5 cent telephone message unit costs too much for a newspaper, though it may be fine for paying for contraband tobacco at $5/pack.) There are two main approaches to off-line systems that I've seen: - making the hardware expensive or contractually limited (e.g. subway farecards, phone cards, postage meters) (It's intellectually unexciting, but works fine economically for small transactions.) - using tamperproof trusted hardware that embeds enough information about its identity in each digicoin that double-spending reveals the identity, or multiple spending reveals the identity with increasing probability. Much of this work has been done by Chaum's folks in the Netherlands, using "observer" smartcards; somebody posted a paper about it on sci.crypt recently. It's harder to use these approaches for applications like emailing credit card numbers, but they're ok for tollbooths. I worry somewhat about the privacy issues - in order for revealing a cheating userid to be effective, either the bank needs to have a registry of who the user is, which is a privacy problem for people who really want anonymous money, or else there needs to be some system for distributing bad userids, analagous to the inconvenient books of bad credit-card numbers that small shops used to use before phone verification became widespread. (Obviously they'd be digital, but I'd rather not have to carry a CDROM drive or gigabyte hard disk in my wallet... From wcs at anchor.ho.att.com Tue May 3 09:37:31 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Tue, 3 May 94 09:37:31 PDT Subject: Virtual Cash Message-ID: <9405031636.AA19943@anchor.ho.att.com> > >[...] but noone (as far as I've seen) > >has come up with an "economic model" within which they could use them. > > Denominate digital money in dollars in a demand deposit account in a > US bank. > Why reinvent the wheel, or, in this case, the unit of value? The two common models are either to denominate private currency in some convertable currency, like dollars or rubles (useful for providers of financial services trying to add digicash to their services), or for a service provider to denominate digicash in some unit of their service, e.g. subway trips, road tolls, phone calls, email shuffles. The latter approach is easier to bootstrap (the service provider can just do it, there's no problem with learning banking laws, etc.), but it's less convertible unless lots of people want the service, so it tends to be localized use. From dave at marvin.jta.edd.ca.gov Tue May 3 09:43:54 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto (the Wizard of TOTOSoft)) Date: Tue, 3 May 94 09:43:54 PDT Subject: Lobbying/Politics/etc. In-Reply-To: <199405030604.XAA05362@nunki.usc.edu> Message-ID: <9405031643.AA14106@marvin.jta.edd.ca.gov> From: Julietta > I wasn't sure of exactly how to answer that! I mean- it seems to > me that the governemnt wants to maintain its own power, and keep a watchful > eye on those with opinions oppposite of their own. Any other reasons you > all can think of? Hmm.. > > -- Jul > > "Can I be a social anarchist? " Most TLAs are required, by their charter/nature/whatever, to have a very paranoid world view. Governmental Intelligence (oxy-moron) deals with *POSSIBILITIES* before considering intent. For the most part, this is useful. However, it works both ways. WE must also deal with Possibilities before considering Intent. Most employees of TLAs are, IMO, honest and patriotic citizens. It only takes ONE, however, to destroy all trust and credibilty for the agency. The NSAs refusal to publicly discuss ways to safeguard against such abuse is one of the key arguments against Clipper/EES and Digital Telephony issues currently under debate "on the net." (However, I *STRONGLY* urge the TLAs to continue their hard-nosed positions. Stand fast you guys. ;-) To answer your original question; the reasons why NSA would monitor us will seem completely sane and reasonable TO THEM. You MIGHT be engaged in activities harmful to "the rest of us." Even Joe Public will find their arguments difficult to refute, particularly following a terrorist-type incident involving loss of life. Likelihood? ==> 100% > it seems to me that the governemnt wants to maintain its own power, Of course it does. Any other expectation is unreasonable. Very few (even of us altruistic heroes ;-) willlingly relinquish power once it is acquired. The trick is limit what they acquire... Dave Otto -- dave at gershwin.jta.edd.ca.gov -- daveotto at acm.org GAT d++(-)@ -p+(---) c+++ l u++(-) e++/* m++(*) s-/+ !n h---(*) f+ g+++ w+ t++ r+ y++(*) From rah at TIAC.net Tue May 3 10:09:37 1994 From: rah at TIAC.net (Robert Hettinga, Shipwright Development Corp.) Date: Tue, 3 May 94 10:09:37 PDT Subject: Digital Cash Message-ID: <199405031709.NAA00274@zork.tiac.net> >On Tue, 3 May 1994 Duncan Frissell > >>On Tue, 3 May 1994 smb at research.att.com wrote: >> >> This underscores what I've said in the past about anonymous digital >> cash: it's not going to go anywhere unless folks are willing to pay >> a premium for privacy. There are too many sound reasons for keeping >> audit trails (debugging, fraud detection, marketing analysis, etc. -- > >Something overlooked in the real world that encourages the maintenance of >private payment systems (cash) is th existence of a large number of people >with bad credit. > [etcetera, etcetera] >Thus, we see the recently introduced computer phonecards which you can use >to buy long distance phone service in advance for cash. No hassles with >telephone account which tend to require a fixed address in any case. > >Note also the popularity of secured credit cards which are now issued by a >score of financial institutions. > >There will continue to be a big market for "cash" to serve this market. > >DCF > Ahhh. My lurking pays off! So good to see talk in earnest about "Cyphercash" (I noticed from my reading of the imp-interest archive that Digicash(tm) is taken already ...) I have been looking for a sound business reason for digital cash. I think you folks may have found it. Something to beat over the head of my B-school trained pals anyway... I think the primary reason that utilities put up with the float on checks is because they have no choice. Credit card fees are too onerous, and there were too many ways to cheat the old coin-operated electricity meter down the hall. There was a discussion in Forbes a while back (if anybody wants me to go find it, let me know) about how electric utilities somewhere were running pilot systems of prepaid electricity cards, which would get rid of meter readers and their attendant overhead, and replace it with commissioned "agents" (the local corner liquor store) ;-) in some of the higher-risk neighborhoods. I think there might be other reasons for using digital cash, but I'll take cash in advance for a pornography feed for a start. Anybody else out there with less draconian advantages to digital cash? -Advance, Bob Hettinga ----------------- Robert Hettinga "There is no difference between someone Shipwright Development Corporation eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02313 USA snakes." -- Bertrand Russell (617) 323-7923 From hughes at ah.com Tue May 3 10:11:09 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 3 May 94 10:11:09 PDT Subject: Virtual Cash In-Reply-To: Message-ID: <9405031708.AA28882@ah.com> >I would be willing to pay 5% upon receipt of the digicash, and possibly >some smaller fee upon redemption. A random individual? None at all. And a business? They'd laugh. For any system of digital cash to take off, it must be economical to use. Since credit card rates cost business 2 1/2% - 4%, digital cash must be more efficient in real terms in order to succeed. Eric From hughes at ah.com Tue May 3 10:18:21 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 3 May 94 10:18:21 PDT Subject: the value of money In-Reply-To: Message-ID: <9405031715.AA28895@ah.com> >There have been several private-currancies in the recent past. One of >them was written up in Utne Reader, quoting the Whole Earth Review. These are the LETS systems, Local Exchange Transfer Systems. They seem to have been most successful in places of high unemployemnt as a way of increasing liquidity for services (mostly). >Inflation was not a problem because the money supply >remained at zero. >The most telling remark from the originator (a Canadian) was that the >system worked best when you had someone with deep pockets who was >willing to run up a big positive balance by trading away things of >value for the private currancy. So it seems that the money supply, that is, the amount of liquidity available in the system, is not zero, but something else. There certainly are some interesting questions here, in particular the effective exchange rate between the national and local units of value. Eric From hughes at ah.com Tue May 3 10:23:08 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 3 May 94 10:23:08 PDT Subject: Virtual Cash In-Reply-To: <9405031329.AA44821@acs5.acs.ucalgary.ca> Message-ID: <9405031720.AA28915@ah.com> >> Denominate digital money in dollars in a demand deposit account in a >> US bank. >Exactly, digital money must be fungible, with some other unit of >value. But limiting it to USD, is not the way to go. Any pre-existing national currency will do. My point was abbreviated for clarity. Eric From eagle at deeptht.armory.com Tue May 3 10:49:30 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 3 May 94 10:49:30 PDT Subject: Chimerically Misquoted In-Reply-To: <9405031359.AA03691@Central.KeyWest.MPGN.COM> Message-ID: <9405031048.aa03861@deeptht.armory.com> > People like was meant to be taken as "High visibility". Saying > that people like Joe say "Coke is it" is not a misquote, even if > Joe never said the word 'Coke'. I stand corrected. BTW- "Cypherpunks" has a ring to it the media loves to exploit. Maybe we should consider changing the name of the group to bit.nerd.weenies and avoid public scrutiny ;) Or maybe this really is about crypto-anarchy. The US gov't position on anarchy is someone must speak for the anarchists. That's how they made Red Cloud the spokesperson for the Lakota tribes. The only person Red Cloud had the authority to speak for when he signed the Ft. Laramie treaty of 1868 was Red Cloud, as far as the Lakota Nations were concerned. Just a piece of history. The US gov't insists an anarchy conform to its paradigm of centralized leadership and singular spokesperson. I prefer to think and speak for myself, thank you. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From hughes at ah.com Tue May 3 10:53:09 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 3 May 94 10:53:09 PDT Subject: Digital Cash In-Reply-To: <199405031709.NAA00274@zork.tiac.net> Message-ID: <9405031750.AA29001@ah.com> >Anybody else out there with less draconian advantages to digital cash? Immediate and final clearing. Eric From ecarp at netcom.com Tue May 3 10:55:58 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 3 May 94 10:55:58 PDT Subject: Lobbying/Politics/etc. In-Reply-To: <9405031643.AA14106@marvin.jta.edd.ca.gov> Message-ID: On Tue, 3 May 1994, Dave Otto wrote: > To answer your original question; the reasons why NSA would monitor us will > seem completely sane and reasonable TO THEM. You MIGHT be engaged in > activities harmful to "the rest of us." Even Joe Public will find their > arguments difficult to refute, particularly following a terrorist-type > incident involving loss of life. If doing activity 'A' will get the results you want, why not make 'A' happen? Consider a successful terrorist attack against a significant group of innocents (the larger the number killed, the greater the horror and shock value). The terrorists were using PGP-encrypted email to plan out the thing. Now, how long do you think it would take before ALL crypto was outlawed? Who would benefit from such a thing? Consider that it's child's play to finance, arm, and train a group of people to conduct a terrorist attack and (conveniently) they all get killed in their attack. No one's going to complain too loudly - after all, they *are* terrorists, right? One wonders just how many people who went out with their AK's and shot up schools and restaurants did it because they had been financed by someone with an axe to grind against the RKBAers. One also wonders just how long it will take before someone does the same thing to crypto. From hughes at ah.com Tue May 3 10:57:46 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 3 May 94 10:57:46 PDT Subject: The American money capture In-Reply-To: <9405031416.AA24171@acs5.acs.ucalgary.ca> Message-ID: <9405031733.AA28937@ah.com> >The trust issue is fungible. If you trust Yankee greenbacks, and >my receipts rank pari-pasu, with them, then you trust my >receipts. Not completely fungible. There is also trust in the trustee as a trustee, who could abscond with the whole sum suddenly. This point is extremely important. The difference between "your receipts" and someone else's means that you don't have a completely fungible system. >No reserve is necessary, because I don't make loans. It appears that you have 100% reserves, from the phrase _pari pasu_. Eric From hughes at ah.com Tue May 3 11:03:50 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 3 May 94 11:03:50 PDT Subject: Digital Cash In-Reply-To: <9405031629.AA18364@anchor.ho.att.com> Message-ID: <9405031801.AA29032@ah.com> >Online systems make >the double-spending relatively easy to prevent, but, besides inconveniences, >the online transaction has a transaction cost that may make the system >unusable (e.g. a 5 cent telephone message unit costs too much for a newspaper, >though it may be fine for paying for contraband tobacco at $5/pack.) A 5 cent message unit assumes that a phone line and modem are being used, and that there is a call setup charge that the business pays the phone company. There are more efficient ways. You can buy "metallic pair" service from most phone companies. That's a rental of a single pair of copper wires without dial tone attached. The cost around here is about six or eight dollars per month, flat rate, of course. One collocates equipment at the central office; this means a nearby office in practice. Now if you run, say, IP over this link, the per-message charge is down in the fractions of cents. This is not to say that online systems are going to be less expensive, merely that the cost comparisons for possible deployments are not obvious. Eric From hughes at ah.com Tue May 3 11:08:23 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 3 May 94 11:08:23 PDT Subject: Digital Cash In-Reply-To: Message-ID: <9405031805.AA29043@ah.com> >Something overlooked in the real world that encourages the maintenance of >private payment systems (cash) is th existence of a large number of people >with bad credit. Bad credit or no credit. Having no record in the credit databases is as good as have negative entries, for many purposes. >About 20% of the US population has neither credit cards nor checking >accounts. Some of this is because of personal preference but a lot of it >is because these people can't handle something as abstract as a checking >account without wrecking it. A significant part of this is that banks have simply moved out of a lot of neighboorhoods, and checking accounts are simply not easily available. Many people grow up without interaction with the banking system, and therefore don't get electronified. Eric From dave at marvin.jta.edd.ca.gov Tue May 3 11:16:02 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto (the Wizard of TOTOSoft)) Date: Tue, 3 May 94 11:16:02 PDT Subject: Lobbying/Politics/etc. In-Reply-To: Message-ID: <9405031813.AA16273@marvin.jta.edd.ca.gov> > One wonders just how many people who went out with their AK's and shot up > schools and restaurants did it because they had been financed by someone > with an axe to grind against the RKBAers. One also wonders just how long > it will take before someone does the same thing to crypto. To preserve *MY* sanity, I try to imagine that this can't happen here. However, reality suggests that it has :-( In this case, IMO, "they" won't need to stage anything, just be selective in the info they release. Taking advantage of the "heat of pasion" is something that lobbyist are extremely at. The only way *I* can see to counter it, is to make sure that crypto is explicitely allowed (not that banning it will stop anyone ;-) If it can be advocated as a freedom-of-speech issue BEFORE the emotions of the public are involved, we have a chance. If not, check crypto servers for public keys and mail drop info.... Dave Otto -- dave at gershwin.jta.edd.ca.gov -- daveotto at acm.org GAT d++(-)@ -p+(---) c+++ l u++(-) e++/* m++(*) s-/+ !n h---(*) f+ g+++ w+ t++ r+ y++(*) From talon57 at well.sf.ca.us Tue May 3 11:43:21 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 3 May 94 11:43:21 PDT Subject: list active? Message-ID: <199405031834.LAA18989@well.sf.ca.us> I haven't received any mail from Cypherpunks today, did I get accidently removed? I did receive Norman Hardys reply however..... Brian D Williams help! From daily%cbpi.UUCP at DMC.COM Tue May 3 11:45:19 1994 From: daily%cbpi.UUCP at DMC.COM (daily%cbpi.UUCP at DMC.COM) Date: Tue, 3 May 94 11:45:19 PDT Subject: digital cash Message-ID: <0097DE1B16127260.0000344D@cbpi.UUCP> This is my first post here, please be gentle! I'm no crypto specialist, so the public key part I refer to may be totally out of line, I hope not. I've been reading this list for a month or so and I'm drawing my conclusions about the key from that. Let's break anonymous digital cash down into two problems. 1. Anonymous place to store funds. 2. Ability to get funds out of anonymous account to either any other account or any individual/company. 1. You will need a place that not only you trust, but that the people you are dealing with will trust. This place must be accessible physically as well as electronically. Physically so I can walk in and deposit money anonymously (so there is no electronic trail), and also so that I can give money to people who have no computer. I want to be able to give something to someone and they will be able to take that to this place and get money for it. I won't get into why it has to be accessible electronically. I'll call this place a bank. The only way to get money out of the account would be with a PGP like signature. I set the private key when I open the account. The public keys would be designed to incorporate the amount of the e-check I'm writing. When you go to the bank to cash in your key, the key is recorded so it can't be used again, and the bank gives the money to the key holder. The keys would have to have something built into them to make them unique so that you could write a key for the same amount more than once. 2. So now I've got this anonymous source of funds, I want to buy something. If I'm buying it over the net, I could send an order for something via an anonymous account to the provider using PGP. It's important to protect the money key, because whoever has the key, can get the money. Now the service provider sends me my stuff via a reply to the anonymous e-mail. I get my stuff, they get their money and there is no way to determine who is who. The service provider can be known or unknown, doesn't matter. All that matters is that they get my order and my money key. Obviously, this only works if you are dealing in person or electronically. I can't send you a request for a box of rocks and not tell you where to send them. But I could use my pocket electronic check book to write a key for the amount of a purchase at a store. The cash register could read that key and confirm it's validity and amount and actually complete the transfer of funds immediately. I think banks would go for this because they get the float on our money, they don't have to pay interest, and they don't have to send monthly statements. They are already in the business of moving money, so I don't believe there would be any additional expenses to set this up other than the key readers. Safe, as convenient as a check, and anonymous. Have I missed anything? -- Jim Callen Voice: (617) 275-3427 Collaborative Biomedical Products FAX: (617) 275-3436 Becton Dickinson Internet: jim at cbpi.com Two Oak Park Bedford, MA 01730 From tcmay at netcom.com Tue May 3 11:47:57 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 3 May 94 11:47:57 PDT Subject: Why Digital Cash is Not Being Used Message-ID: <199405031848.LAA13081@netcom.netcom.com> Hal Finney asks us to think about and comment on the important issue of why digital cash, in its myriad forms, is not in wider use. Especially on this list, where the Magic Money/Tacky Tokens experiment has not (yet at least) produced widespread use. This question also goes to the heart of several related questions: 1. Why aren't crypto protocols other than simple encryption, digital signatures (both implemented in PGP as the de facto standard in our community), and remailings (implemented in Julf's anon.penet.fi remailer and in the various Cypherpunks remailers) being *used*? Why no DC-Nets, no data havens, no digital timestamping, etc.? 2. What *incentives* are there for creative programmers to devise and/or implement new crypto protocols if essentially everything for the past year and a half (since the fall of 1992, which is when PGP 2.0 and remailers became widely available) has languished? 3. What are the "killer apps" of crypto? 4. What platforms and user environments should would-be developers target? What machines? What networks? What languages? (An ongoing interest of mine. Objects, scripts, Visual Basic (!) VBX tools, TCL, perl, many platforms, etc. A tower of Babel of confusion is upon us.) Here is my first-cut analysis of the digital cash situation. I. Why is Magic Money/Tack Tokens, in particular, not being more widely used? - Nothing of significance on the List to buy, hence no incentive to learn how MM works. (Just because someone announces that their new article is available for 10 Tacky Tokens doesn't a demand make!) - Semantic gap. I confess to not having the foggiest ideas of how to go about acquiring Tacky Tokens, how to send them to other people, how to redeem them (and for what), etc. Having nothing to buy (no need), and plenty of things to occupy my time, I've had no interest in looking at MM. When I buy items like t-shirts from people on this list, I simply write them a check and send it. Very simple. The banks handle the complexities. And writing a check is a "prototype" (or script) that is learned early by most of us. Not so with any of the various digital cash schemes. In 10 or 20 years, sure, but not now. This is not to take away from the excellent work--I gather from comments by others--that ProductCypher put into MM. His greatest achievement may turn out to bring this issue to the fore, to wit, what will cause people to bridge this semantic gap (understanding) and actually begin to *use* these new constructs? - as others have noted recently (and this is a well-known issue), alternative currencies must offer some advantage over existing currencies, or at least be roughly on a par with them. For example, the airlines have their own currency, "frequent flier miles," which they pass out as an inducement for customer loyalty (repeat business)....it is generally not advantageous for them to allow exchange. (And really it's a kind of bribe, a transfer from the corporations which pay for the plane tickets, with the frequent flier miles accruing--despite futile attempts to halt this--to the individual passengers....this gives "ffm"s a built-in advantage.) (The proposal recently that vendors of products, like t-shirts, give a discount for MM payments is of course unworkable. This is asking real people to give up real dollars for an ideological cause of marginally little significance to them. The advantages of MM must be real, not phony.) II. Other Experiences with Digital Cash in Some Form - On the Extropians list a while back (I've since left that list), there was an interesting experiment involving reputations of posters and "shares" in their reputations. Brian Hawthorne introduced is "Hawthorne Exchange," HeX, with eventually a few hundred or so reputations trading. The unit of exchange was the "Thorne," with each new list member given 10,000 Thornes to trade with. Trading was very sparse, with most people apparently never bothering to learn to trade (a la my own experiences with Magic Money). I downloaded the docs one night, tried a few trial trades, and then proceeded to make dozens of trades, trying to buy cheap and sell dear. Between my trades, the reputation attached to my posts (and to my "nom du humor," Klaus! von Future Prime) I amassed a sizable fortune in Thornes. I even offered to exchange real dollars (checks) for Thornes, the better to amass a fortune (for reasons I won't go into here). Edgar Swank offered to sell me his Thornes for $20, I think it was, and I sent him a check immediately. (No one else did.) But I think the system was ultimately a failure. Nothing interesting was for sale, and Thornes had a ridiculously low value (reflecting of course their "toy" nature...my $20 bought 20,000 Thornes, as I recall). By "low value" I mean that the number of Thornes given to each participant (Hint: "given" is the important word) was worth nominally $100 (by Brian's sales price--probably none were ever sold at this price), worth $10 to me and others (by my offer of $1 per 1000 Thornes), and probably worth much _less_ as the HeX market languished and, probably, ultimately folded. (Does anybody on the Extropians list know if it is still operating? And what happened to by shares when I left the list?) - Similar barter schemes have been described elsewhere. "Mother Jones" had an interesting article last summer about a barter scheme in New England, and other folks have mentioned here the articles in "Utne Reader" and so forth. III. What Markets Might Make Use of Digital Cash - phone cards, subway cards, parking garage cards...all are examples. But these are mainly to reduce the need for customers to carry coins and bills, to reduce the dangers of theft of coins and bills (and the need to collect them frequently from payment points), and to speed up processing by not having customers fumble for change, etc. - toll roads...this is a market that Chaum's DigiCash company has been targeting for several years now. Privacy is a concern (don't want Big Brother tracking your movements), and the infrastructure may allow considerable investments in remote sensing of IDs and pseudonymous IDs, online clearing, etc. Read the Chaum stuff for details on this. - illegal markets, for transferring wealth in fairly large amounts. Not at all clear how this will happen, and it sure won't happen with some fly-by-night hackers and/or students offering a new service. (I didn't mention that one of the persistent concerns about learning new crypto protocols here on this list is the epiphenomenality (transience) of it all...remailers appear and then vanish when the students go away or lose their accounts, features added make past learning useless, and so on. Life is too short to spend it learning crufty details that will go away in a matter of months. I'd hate to buy $300 worth of TackyTokens and then find that their value went away when J.Random User graduated!) - betting markets, the "Internet Casino in Cyberspace," etc. Nick Szabo was once championing this, and I think it could be an interesting, and very real, market. Lots of issues here. - Digital Postage. This remains my favorite. There's a _need_ for untraceable payments (else why use a remailer?). I've written about this extensively, as have others. If remailers offered robust (see above point about crufty, flaky, hobby remailers) services that they operated as _businesses_, with reasonable attention to reliability, interconnectivity to other remailers, overall robustness, and carefully articulated policies about logging, privacy, etc., then MM or something similar could have a real value. IV. Is there Any Hope for Cypherpunks Software Use? The remailers (of Hughes and Finney, with other contributions) came in the first few _weeks_ of existence of the Cypherpunks group. Julf's system already existed. Remailers were the "low-hanging fruit" that got plucked fairly easily (not taking anything away from Eric, but he himself says he learned enough Perl in one day to write the first, crude remailer the _next_ day!). Later protocols have not fared as well. Why this is so is of great importance. That's a topic unto itself, and one which I hope to write about soon. Lots of important questions and interesting issues. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From talon57 at well.sf.ca.us Tue May 3 12:01:29 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 3 May 94 12:01:29 PDT Subject: list active? Message-ID: <199405031852.LAA26370@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Thanks to Paul Ferguson, smb at research.att.com,Harry Bartholomew, and Norman Hardy for replying. >From bart at netcom.com Tue May 3 09:13:27 1994 >From: bart at netcom.com (Harry Bartholomew) >Subject: Re: list active? >To: talon57 at well.sf.ca.us (Brian D Williams) >Date: Tue, 3 May 1994 09:14:25 -0700 (PDT) >MIME-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Content-Length: 132 > Yes same as normal. And majordomo says you're still on the list, >so NSA is gobbling your messages specifically, en route! Hmmmm, I guess someone is doing something, cause I'm still not getting any traffic today, any other WELL-beings having a problem? ...---... ...---... ...---... ...---... ...---... ...---... Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcacytCcBnAsu2t1AQGDUQQAjZ9r8V2Af1Aw7HZmJCGUlRHz1RmSC7dO qM3g7PZNh+DkkOolR90E6A66DA3usDjDIIUFZI1wIbP47xD37HDzJKEJCNRgLhTj dCNBdpIWgdyZKQDKSjMqQaJB4kYO50TLWAUo4g73J2gVycBlDnPPjeydGt6HrQZt 7sEKOBmAYuI= =KTZj -----END PGP SIGNATURE----- From adam at bwh.harvard.edu Tue May 3 12:03:07 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 3 May 94 12:03:07 PDT Subject: Paid killers? In-Reply-To: <9405031813.AA16273@marvin.jta.edd.ca.gov> Message-ID: <199405031901.PAA02593@spl.bwh.harvard.edu> | > One wonders just how many people who went out with their AK's and shot up | > schools and restaurants did it because they had been financed by someone | > with an axe to grind against the RKBAers. One also wonders just how long | > it will take before someone does the same thing to crypto. I'd just like to comment that this is a pretty damned sick allegation against the gun-control folks. Most of them are pretty bleeding heart, and I really can't see any of them encouraging someone to go out & shoot up a playground to get gun control laws passed. Lets please not get into the politics of gun control, but I did want to respond to one of the more offensive and lame suggestions thrown to the list in recent memory. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. Have you signed the anti-Clipper petition? From jamiel at sybase.com Tue May 3 12:11:14 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Tue, 3 May 94 12:11:14 PDT Subject: Digital Cash Message-ID: <9405031910.AA08545@ralph.sybgate.sybase.com> At 11:05 AM 05/03/94 -0700, Eric Hughes wrote: >>About 20% of the US population has neither credit cards nor checking >>accounts. Some of this is because of personal preference but a lot of it >>is because these people can't handle something as abstract as a checking >>account without wrecking it. > >A significant part of this is that banks have simply moved out of a >lot of neighboorhoods, and checking accounts are simply not easily >available. Many people grow up without interaction with the banking >system, and therefore don't get electronified. And another big reson is that on a low income it doesn't make any sense to use a bank, let alone credit cards. Been there myself- If I have to worry whether there is anough money in the account to not go negative when the monthly fee comes around, why not pay bills by postal money order and save what little cash one can, instead of handing it to the banks? Opps. Not crypto. Sorry. -j >Eric From rah at TIAC.net Tue May 3 12:31:55 1994 From: rah at TIAC.net (Robert Hettinga, Shipwright Development Corp.) Date: Tue, 3 May 94 12:31:55 PDT Subject: Digital Cash Message-ID: <199405031932.PAA01647@zork.tiac.net> >>Anybody else out there with less draconian advantages to digital cash? > >Immediate and final clearing. > >Eric I think I see that... If your accounting systems were tightly coupled enough, (and you were completely cash based) you could get your pro formas on 12:01 am the day after the quarter ended. Of course you wouldn't have a chance to back-pedal the results so well, either. . Your comment about clearing reminds me of something else, though. I know that options are settled much faster (Next-day, if I remember. It's been too long since I was in a cage.) than equity and fixed-income (5 days) securities. Is it possible to see instantaneous settlement happen in the financial markets with digital cash? I keep remembering that Edison made his first real pile by inventing the stock ticker, though I'm not sure how crypto-anarchist libertarians (syntax-error?) would make theirs here. ;-) OTOH, would "immediate and final clearing" in a peer-to-peer clearing mechanism be a useful enough benefit that a market's participants would pay to use it? -Bob Hettinga ----------------- Robert Hettinga "There is no difference between someone Shipwright Development Corporation eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02313 USA snakes." -- Bertrand Russell (617) 323-7923 From frissell at panix.com Tue May 3 12:49:09 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 3 May 94 12:49:09 PDT Subject: Cypherpunks *are* Coding Message-ID: <199405031948.AA08162@panix.com> What with all the fascinating political arguments on the list these days, casual observers might accuse us of having lost momentum. Not I! Look at the progress made this Spring. We (and others not on the list) have produced not 1, not 2, but 3 encrypting file systems for DOS machines. (Where are you MAC types? I guess DOS' spastic and primitive file system has *some* advantages.) These are: Secure Drive 1.3D, Secure File System 1.0, and the new Secure Device 1.0(?). I SecureDrive and SFS are stable implementations which encrypt DOS volumes. Secure Device creates an encrypted file that DOS sees as a drive (like DoubleDisk or Stacker but without the compression). I will try out Secure Device as soon as I can get into the FTP site which has been busy. Anyone on this list with a DOS machine should have one of these running every day. DCF "3 Billion people x 50 transactions/day = A real headache for control freaks." -- DCF --- WinQwk 2.0b#1165 From perry at snark.imsi.com Tue May 3 13:05:20 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 3 May 94 13:05:20 PDT Subject: digital cash In-Reply-To: <0097DE1B16127260.0000344D@cbpi.UUCP> Message-ID: <9405032005.AA29597@snark.imsi.com> daily%cbpi.UUCP at dmc.com says: > 1. You will need a place that not only you trust, but that the people you > are dealing with will trust. This place must be accessible physically as well > as electronically. Physically so I can walk in and deposit money anonymously > (so there is no electronic trail), You can deposit money electronically without leaving a trail, too. I'm not going to say how -- consider it a "trade secret", but others will doubtless come up with similar ideas to mine. > and also so that I can give money to > people who have no computer. You don't need to be near the bank for that either. Use an ATM machine. > The only way to get money out of the account would be with a PGP like > signature. I set the private key when I open the account. The public keys > would be designed to incorporate the amount of the e-check I'm writing. > When you go to the bank to cash in your key, the key is recorded so it > can't be used again, and the bank gives the money to the key holder. Why not just sign an electronic bank draft? Why not use Chaumian digicash? Seems far too complicated. I would suggest that you probably ought to read up more on the subject -- you have obvious enthusiasm for it, but others have already thought of many of these issues in detail. Reading Chaum's paper and learning a bit about commercial law (especially w.r.t. commercial paper) and the "open literature" on anonymous electronic banking would be valuable. > I think banks would go for this because they get the float on our > money, they don't have to pay interest, and they don't have to send > monthly statements. Of course, its illegal for them to do this in the U.S. -- banks can't give out numbered or otherwise anonymous accounts. It could be done overseas, of course... Perry From phantom at u.washington.edu Tue May 3 13:57:07 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Tue, 3 May 94 13:57:07 PDT Subject: well, I finally broke down. Message-ID: I finally broke down and felt guilty enough about not using magic money that I decided to spend the time and get it. Funny thing, I can't even follow the simple directions hal posted about getting ahold of it. No wonder it isn't being used. ----------- Date: Mon May 2 23:07:00 1994 From: Hal [...] How do you actually use Magic Money? First you get a client program. ftp to /pub/mpj at ftp.netcom.com to find a DOS client. Sources to allow you to build Unix clients can be found at csn.org by ftp; start in the /mpj directory, read README.MPJ, then cd to the crypto directory. cd to pgp_tools, get mgmny10e.zip and pgptl10d.zip. ------------ uh-huh. I went to netcom and didn't see any dos client. again, please? In response to tim's recent posting, he asks why DC Nets, digitial timestamping services (and other pretty protocols) aren't being used. This is exactly what I asked a few months ago! We need to either have or create a use for these tools, or they'll never be used. I described a simple, simple version of digital timestamping a few months ago; there was little interest. Reasons? Not much use for digital timestamps, for one. Also, people were hesitant about stepping on bellcore's toes. So what are we to do? I'm not going to spend the < half day it would take to set up a digital timestamp service if it isn't ever going to be used. Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From albright at scf.usc.edu Tue May 3 14:04:23 1994 From: albright at scf.usc.edu (Julietta) Date: Tue, 3 May 94 14:04:23 PDT Subject: WSJ article on PGP In-Reply-To: <199405030708.AAA16422@ucsd.edu> Message-ID: <199405032103.OAA19378@nunki.usc.edu> Lance Cotrell wrote: > > I must say: I was somewhat stunned to see my name in the WSJ. I guess P.Z. > has made use of the information he gathered. I wonder if the people > mentioned were all the people who responded to Zimmerman's request for > legitimate PGP users. heehh Well, if he wasn't before, Big brother is *definently* watching you now!!! - Jul ____________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Suothern California albright at netcom.com ___________________________________________________________________________ From mikecap at WPI.EDU Tue May 3 14:11:12 1994 From: mikecap at WPI.EDU (Michael V. Caprio Jr.) Date: Tue, 3 May 94 14:11:12 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <199405031848.LAA13081@netcom.netcom.com> Message-ID: <199405032110.RAA23590@hikita.WPI.EDU> [tim writes:] > I. Why is Magic Money/Tack Tokens, in particular, not being more widely used? > - Nothing of significance on the List to buy, hence no incentive to learn > how MM works. (Just because someone announces that their new article is > available for 10 Tacky Tokens doesn't a demand make!) > - Semantic gap. I confess to not having the foggiest ideas of how to go > about acquiring Tacky Tokens, how to send them to other people, how to > redeem them (and for what), etc. Having nothing to buy (no need), and > plenty of things to occupy my time, I've had no interest in looking at MM. > - as others have noted recently (and this is a well-known issue), > alternative currencies must offer some advantage over existing currencies, > or at least be roughly on a par with them. So what is the natural currency to trade in on the Internet? What is the medium that is most widely spread across the myriad nodes and networks that crisscross the globe? What would someone like to be able to buy, that is easy to acquire, and offers an advantage over real money? The answer is quite simple: information. We need to find a way to trade in, and subsequently value, information. At first blush, this seems an impossible task, and one that is highly subjective and prone to failure on an individual level... but in a large enough group of people, there has to be a consensus on the average value of a 'ware' of information. Say I have a piece of code that you do not have, that you would like to get from me - maybe it's something that I've written, or isn't publicly acessible everywhere on the net. I tell you that my code is worth 50 wares of digital money; I have my own signature on the code that signifies that it's mine. We agree, and exchange currency - Bob gives me 50 wares (with his signature stripped from them), and I give him my code, with my signature removed. So what's to stop Bob from replicating it and giving it to all his friends? Well, bascially, that would devalue the 'ware cost' of the code. If everyone has it, it's hardly scarce, and therefore, not economically viable. Any thoughts? This is a pretty hefty topic, and I don't have the time to go into it more just yet... I hope I've given some food for thought. Zen, philosopher-at-large From DRHilton at kaiwan.com Tue May 3 14:33:59 1994 From: DRHilton at kaiwan.com (Dennis R. Hilton) Date: Tue, 3 May 94 14:33:59 PDT Subject: NII Summer Internship at the White House Message-ID: Forwarded from another list: SUMMER INTERNSHIP AT THE WHITE HOUSE The Technology Division of the Office of Science and Technology Policy in the Executive Office of the President has the intention of hiring an intern this summer. The Technology Division is the part of OSTP that works on the National Information Infrastructure Initiative. We would like our intern to be qualified to help the build the White House World Wide Web server, which is likely to be open to the public in the fall. The position will pay between $3,800 and $4,700 for 90 days. The person selected will devote approximately half of his or her time to the Web server and half to general office duties such as answering telephones, making photocopies, and sorting incoming paper mail. Anyone may apply for this position by responding to Vacancy Announcement Number OSTP-94-02-AR (Student Assistant GS-303-3/4/5). Applications must be received no later than close of business Friday 6 May 1994. How to Apply: Send your SF-171 form (Application for Federal Employment, available at a public library or campus placement office) and a written narrative summary of your experience and/or education on a separate sheet, and a SF-15 (Application for 10-point Veteran Preference, if applicable). Where to apply: Office of Science and Technology Policy, Technology Division Room 423, Executive Office of the President, Old Executive Office Building, Washington, DC 20500. You may send your completed SF-171 by fax to 202- 456-6023. Applications must be *received* by the closing date and will not be returned. Relocation Expenses will *not* be paid to the applicant selected. A security prescreen will be conducted. The applicant tentatively selected for this position may be required to submit to urinalysis to screen for illegal drug use prior to appointment. After appointment, the employee will be included in the agency's random drug testing program. Applications will be accepted from all qualified persons. Consideration will be extended without discrimination for any non-merit reasons such as race, color, religion, gender, national origin, political affiliation, marital status, age, membership or nonmembership in employee organizations, or nondisqualifying physical handicap. Selective factors: Experience operating a personal computer and using word processing software; experience in locating and assembling information for reports, briefings, or meetings. Quality ranking factors: Ability to organize, follow procedures, prioritize tasks and complete deadlines; knowledge of grammar, punctuation, and spelling; ability to communicate effectively both orally and in writing; ability to achieve cooperative working relationships with all levels of staff. Important additional information: If you want to show us what you can do please send the URL to your Web home page in the subject line of an e-mail message to interns at ostp.eop.gov. Do not put any other information in the subject line, just http://your.own.address. No phone calls or faxes please. Be creative with your home page. You are not required to list telephone numbers or other information you would not want to be publicly accessible. Good luck! From lile at netcom.com Tue May 3 15:07:18 1994 From: lile at netcom.com (Lile Elam) Date: Tue, 3 May 94 15:07:18 PDT Subject: The Great Clipper Debate Message-ID: <199405032208.PAA07536@netcom.com> Just incase you didn't see this... If someone goes, can you give us a rundown on how it goes? thanks, -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ X-Mailer: InterCon TCP/Connect II 1.2 Message-Id: <9405021817.AA02259 at Hacker2.cpsr.digex.net> Date: Mon, 2 May 1994 18:17:02 +0000 From: Dave Banisar Subject: The Great Clipper Debate 5/9/94 The Great Clipper Debate: National Security or National Surveillance? Sponsored by: The Georgetown University Law Center Space Law Group and Communications Law Forum In Coordination with: The George Washington University Institute for Computer and Telecommunications Systems Policy, the Association for Computing Machinery Special Interest Group for Computers and Society, and the American Bar Association Criminal Justice Section. Date and Time: May 9, 1994, at 7:30 p.m. Place: The Georgetown University Law Center(Moot Court Room) 600 New Jersey Avenue, N.W., Washington, D.C. The Administration, through the Department of Justice and the National Security Agency, has proposed a standard encryption algorithm for both the public and commercial marketplace, with the goal of making this algorithm the method of choice for persons wishing to encode their telephone and other voice and data communications. The FBI and the NSA are concerned that the increasing availability, and affordability, of encryption mechanisms will make it difficult and in some cases impossible for law enforcement and intelligence agencies to tap into and to understand the communications of criminals and other pertinent groups. This proposal has become known as the "Clipper Chip," in that it would be implemented by the voluntary insertion of a computer chip into telephone, fax machine, and other communications systems. The Clipper Chip has generated considerable controversy. Opposing it are various civil libertarian groups, as well as telecommunications companies, software and hardware manufacturers, and trade associations. The debate has raged behind closed doors, and openly in the press. On Monday, May 9, at the Georgetown University Law School, a round table debate will take place on this controversy. The participants represent both sides of the issue, and are illustrative of the various groups which have taken a stand. The participants are: Dorothy Denning, Chairperson of the Computer Science Department of Georgetown University Michael Godwin, Legal Counsel of the Electronic Frontier Foundation; Geoffrey Greiveldinger, Special Counsel to the Narcotic and Dangerous Drug Section of the U.S. Department of Justice; Michael Nelson, of the Office of Science and Technology Policy of the White House; Marc Rotenberg, Director of the Electronic Privacy Information Center; and Stephen Walker, President of Trusted Information Systems, Inc., and a former cryptographer with the National Security Agency In addition, there will be two moderators: Dr. Lance Hoffman, Professor of Electrical Engineering and Computer Science at The George Washington University, and Andrew Grosso, a former federal prosecutor who is now an attorney in private practice in the District of Columbia. The program will last approximately two and one half hours, and will be divided into two parts. The first half will offer the panel the opportunity to respond to questions which have been submitted to the participants beforehand; the second will present the panel with questions from the audience. There is no charge for this program, and members of the public are encouraged to attend. Reservations are requested in advance, and should be directed to one of the following individuals: - C. Dianne Martin, Associate Professor, Department of Electrical Engineering and Computer Science, The George Washington University, Phillips Hall, Room 624-C, Washington, D.C. 20052; telephone: (202) 994-8238; E mail: diannem at seas.gwu.edu - Sherrill Klein, Staff Director, ABA Criminal Justice Section,1800 M Street, N.W., Washington, D.C. 20036; telephone: (202) 331-2624; fax: (202) 331-2220 - Francis L. Young, Young & Jatlow, 2300 N Street, N.W., Suite 600, Washington, D.C. 20037; telephone: (202) 663-9080; fax: (202) 331-8001 Questions for the panelists should be submitted, in writing, to one of the moderators: - Lance Hoffman, Professor, Department of Electrical Engineering and Computer Science, The George Washington University, Washington, D.C. 20052; fax: (202) 994-0227; E mail: ictsp at seas.gwu.edu - Andrew Grosso, 2300 N Street, N.W., Suite 600, Washington, D.C., 20037; fax: (202) 663-9042; E mail: agrosso at acm.org PLEASE POST From jim at bilbo Tue May 3 15:30:41 1994 From: jim at bilbo (Jim Miller) Date: Tue, 3 May 94 15:30:41 PDT Subject: Why Digital Cash is Not Being Used Message-ID: <9405032137.AA03018@bilbo.suite.com> Michael V. Caprio Jr. asks: > So what is the natural currency to trade in on the Internet? Instead of charging for information, charge for time. You lose control of the information you sell, but you never lose control of the time you sell. People with spare time could perform services in exchange for Tacky Tokens. These Tacky Token could then be exchanged for services performed by other people. What kinds of services? Whatever people don't have time to do themselves. Jim_Miller at suite.com From perry at snark.imsi.com Tue May 3 15:40:47 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 3 May 94 15:40:47 PDT Subject: Digital Cash In-Reply-To: <199405031932.PAA01647@zork.tiac.net> Message-ID: <9405032240.AA00387@snark.imsi.com> Robert Hettinga, Shipwright Development Corp. says: > Is it possible to see instantaneous settlement happen in the financial > markets with digital cash? In theory, yes, although one would also need to move all securities being traded to book entry or "digital bearer certificates". Presumably the current securities laws would require some changes. This of course has the potential to dramatically lower transaction costs in these markets. Perry From perry at snark.imsi.com Tue May 3 15:43:44 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 3 May 94 15:43:44 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <9405032137.AA03018@bilbo.suite.com> Message-ID: <9405032243.AA00401@snark.imsi.com> Jim Miller says: > > Michael V. Caprio Jr. asks: > > > So what is the natural currency to trade in on the Internet? > > Instead of charging for information, charge for time. You lose > control of the information you sell, but you never lose control of > the time you sell. People with spare time could perform services in > exchange for Tacky Tokens. Currency needs to be fungible -- your time and my time and the time of a brain surgeon are not the same. Furthermore, I can't verify that you are actually giving me your time. It would be a nightmare. The natural currency today is the U.S. Dollar, as transfered via digicash. Perry From arthurc at crl.com Tue May 3 15:54:39 1994 From: arthurc at crl.com (Arthur Chandler) Date: Tue, 3 May 94 15:54:39 PDT Subject: Rucker on "Cryps" Message-ID: There is an unflattering picture of crackers and anti-crackers (and crypto-heads?) in Rudy Rucker's new novel, *The Hacker and the Ants*. Here's a sample: * * * * * * * * * * In the valley these days, phreaks were youths who cobbled together their own approximation of a decent cyberspace deck and afterward used it for weird cyberspace pranks. Cryps were phreaks who'd turned professional and gone into the employ of companies involved in industrial espionage. If you broke into some company's machines often enough, they were likely to hire you as a cryp to break into other companies, or they might use you as a security consultant to keep out the other cryps. It was a vicious circle -- the cryps' security-cracking escapades created a demand for the services they could provide. (*The Hacker and the Ants*, page 90) From jim at bilbo.suite.com Tue May 3 16:21:37 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 3 May 94 16:21:37 PDT Subject: Why Digital Cash is Not Being Used Message-ID: <9405032314.AA04521@bilbo.suite.com> Perry E. Metzger says > Currency needs to be fungible -- your time and my time and > the time of a brain surgeon are not the same. Furthermore, > I can't verify that you are actually giving me your time. > It would be a nightmare. > I see that my post was ambiguous. I didn't mean that "time" would be the currency, rather, "time" would be the "good" purchased. For a given task, one person's time would be more valuable than another person's time. Online reputation services would be necessary. I guess what I'm really trying to say is that I believe anonymous digital cash is currently more suitable for purchasing services (time) than for purchasing goods (software, information, bananas, etc). This might change in the future when the use of anonymous digital cash becomes wide-spread. Jim_Miller at suite.com From sandfort at crl.com Tue May 3 16:35:22 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 3 May 94 16:35:22 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <9405032243.AA00401@snark.imsi.com> Message-ID: C'punks, Perry wrote: > . . . > The natural currency today is the U.S. Dollar, as transfered via > digicash. BINGO. Other national currencies have a place as well, but the US dollar is the de facto currency for international transactions. S a n d y From strops at netcom.com Tue May 3 16:37:01 1994 From: strops at netcom.com (Joseph Urbanski) Date: Tue, 3 May 94 16:37:01 PDT Subject: PC-Expo In-Reply-To: <199405012324.AA10319@access1.digex.net> Message-ID: On Sun, 1 May 1994, Black Unicorn wrote: > -> > | The software: PGP, SecureDevice/Drive, a file viewer (sor of like list) which > | I've written that does some minimal mouse support, a menu system I guess, and > | lots of articles. > <- > > Please, please try to include Macintosh software. > > I would also strongly recommend including a good windows front-end like PWF20, and maybe PGPShell 3.0 for dos users. While pgp is technically a fine program, learning all of its command line flags can be daunting for a new user. I know I would use it much less often without WinFront. > -uni- (Dark) > -Jay ------------------------------------------------------------------------------- PGP Public Key Available via finger. PGP Fingerprint: 11 43 3F CE 63 3A A6 0A FF 71 6E 02 45 DC F4 C0 Joseph J. Urbanski Jr. ------------------------------------------------------------------------------- From nowhere at bsu-cs Tue May 3 16:43:30 1994 From: nowhere at bsu-cs (Anonymous) Date: Tue, 3 May 94 16:43:30 PDT Subject: No Subject Message-ID: <199405032343.SAA03034@bsu-cs.bsu.edu> -----BEGIN PGP SIGNED MESSAGE----- Hal said: Hal> Why don't we brainstorm a bit to see if we could come up with a way Hal> to take this digital cash software and do something useful and interesting Hal> with it. To re-work a notion expressed earlier, why not use the digital cash to purchase (legitimate) access to systems? This provides good protection against double-spending, as the act of ownership would be to change the login password. Hal> (There may also be some problems in advertising these services. ... (skipped) Hal> Folks, if you want to sell something, make sure people know Hal> what you're selling.) Perhaps we need an advertising server. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCcAgUBLcb+07hnz857T+PFAQEsvAQ0CWluaOPn6eHVl1YFwwBdu6u00Eq8bhx8 if+OmZGnUSyagVaiIiGCLuxSHCINiUO0voBSsfPBlVocSmTAtRqE7/zbDSOW1LcA gb/jJEQMGynZcCcV50Autrkgi7yLsHk7b9ksoWzVKOZxPlGNZg36ruFo6pCkDdup bBjiWGZNMsONERAZL7/J =xEaF -----END PGP SIGNATURE----- From phantom at u.washington.edu Tue May 3 17:12:45 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Tue, 3 May 94 17:12:45 PDT Subject: I'd like to partially correct that.. Message-ID: I did dredge up what appears to be the magic money DOS version at csn.org. Nothing having to do with magic money resides on ftp.netcom.com. For all of those that could like it, check out csn.org:/pub/mpj/I_will_not_export/crypto_?????/pgp_tools and pick up the files mentioned before: mgmny10e.zip and pgptl10d.zip. mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From rah at TIAC.net Tue May 3 18:01:15 1994 From: rah at TIAC.net (Robert Hettinga, Shipwright Development Corp.) Date: Tue, 3 May 94 18:01:15 PDT Subject: Digital Cash Message-ID: <199405040100.VAA02674@zork.tiac.net> >Robert Hettinga, Shipwright Development Corp. said: >> Is it possible to see instantaneous settlement happen in the financial >> markets with digital cash? > and "Perry E. Metzger" said: >In theory, yes, although one would also need to move all securities >being traded to book entry or "digital bearer certificates". >Presumably the current securities laws would require some changes. > >This of course has the potential to dramatically lower transaction >costs in these markets. I'm trying to remember the name of the guys who "buy" trades from large institutions like Fidelity. Their transaction clearing costs are supposed to be radically lower because of the automation they use. . . Something about making their money in the bid/asked spread. I'm sure the tax man will want to trace things like this (they might worry about bearer securities after they killed them off already), but there's probably a way to cut them in enough to keep them and the other regulators happy. It might be a way to institutionalize (so to speak ;-)) strong crypto somewhere with enough clout to keep the other Feds out of normal people's business. Your reference to book entry reminded me about the book value for some reason, and the flap about FASB mark-to-market initiatives. That kind of ratcheting down of the time horizon might make the financial markets try to reduce their costs, and be more open to a reduction of transaction costs. Perry, how would some one go about demonstrating the "potential to dramatically lower transaction costs in these markets"? cheers, Bob ----------------- Robert Hettinga "There is no difference between someone Shipwright Development Corporation eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02313 USA snakes." -- Bertrand Russell (617) 323-7923 From greg at ideath.goldenbear.com Tue May 3 18:16:58 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 3 May 94 18:16:58 PDT Subject: Who's got Tacky Tokens? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I must confess that I, too, let the initial wave of interest in Tacky Tokens pass me by, and I find myself without any - and without any memory of where one gets them. I assume that once upon a time, they were available from the bank for free ..? So .. does anyone want to own up to having any? What do you want in exchange for them? Can/will the bank operator reveal how many tokens have been distributed, and how many transactions are processed per day? Are people interested enough in data havens or postage-based remailers that they'd actually use them? (And, re data havens - AT&T plans to offer "virtual storage areas" and archival storage as part of its "PersonaLink" online service allegedly to be introduced this summer. While AT&T may not be privacy-friendly, if this works it will set both technical and economic examples for other, more pro-privacy, services.) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcb0v33YhjZY3fMNAQGJ6wQAkDOgix3p8dQysAHoGS8qGiZk/eQB4dJz P8p9Qmiwnl8i3WUaAGEZOjZryAA/G1w7VQG9RdYzywa9mOG9G5mpyb8pxm+/UfmY 4329r9mslLpf9vCab84XldJZB62EuEgr4rFOkqyeIkrima4F5kXAEvP/G23dGdU1 XNAsk4p8AdQ= =CJKZ -----END PGP SIGNATURE----- From dat at spock.ebt.com Tue May 3 18:24:31 1994 From: dat at spock.ebt.com (David Taffs) Date: Tue, 3 May 94 18:24:31 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <9405032243.AA00401@snark.imsi.com> Message-ID: <9405040122.AA05674@helpmann.ebt.com> From: "Perry E. Metzger" Jim Miller says: > > Michael V. Caprio Jr. asks: > > > So what is the natural currency to trade in on the Internet? > ... The natural currency today is the U.S. Dollar, as transfered via digicash. Perry It seems that ciphercash schemes, aka banks, might have cash deposits to invest. The interest on these investments might help cover the transaction costs. The value of the ciphercash might ought to be able to rise and fall (slightly, perhaps dramatically occassionally) with the performance of these investments. How about a floating cipherdollar? Holders of cipherdollars would share in the proceeds of the investment, minus real transaction costs and overhead, plus transaction fees if any. How much they were worth would depend on how long they were kept, the fee structure, etc. In other words, I'm saying that it might be easier to let the value float slightly (with a current, published conversion rate into the currency of your choice) than to peg it exactly at any particular value. If it turns out that a lot of people buy the things and keep them for a long time, it would be nice for them to increase in value (compared to our friend the US $) as a hedge against inflation. Of course, I'm merely suggesting competent money management here by the bank, not that anyone (except cypherzealots, of course) would deliberately invest this way. Sort of like interest on your checking account. A similar (more radical) scheme would equate one cipherbuck == one share of stock in the cyberbank, redeemable at whatever the stock is currently selling for (approximately). I might like safeguards of some sort, if feasible, to prevent the bank officers from absconding with the loot... -- dat at ebt.com (David Taffs) From rarachel at prism.poly.edu Tue May 3 18:36:54 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 3 May 94 18:36:54 PDT Subject: PC-Expo In-Reply-To: Message-ID: <9405040124.AA23479@prism.poly.edu> > I would also strongly recommend including a good windows front-end like > PWF20, and maybe PGPShell 3.0 for dos users. While pgp is technically a > fine program, learning all of its command line flags can be daunting for > a new user. I know I would use it much less often without WinFront. Will do. Only problem is that we have 1.44M disks and I don't intend to give out more than one per person. At some point the software will be chosen a bit arbitrarily, but PGP and some shell will be on there for sure... From rarachel at prism.poly.edu Tue May 3 19:06:38 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 3 May 94 19:06:38 PDT Subject: Announcement RE: Lobbying... In-Reply-To: <9405031417.AA03772@Central.KeyWest.MPGN.COM> Message-ID: <9405040153.AA24195@prism.poly.edu> > I do want to remind those who were afraid of having their names on > a list that there is a 90% chance that someone in the NSA, FBI, etc > has done a whois to majordomo and already has your email name which > is all that I'd suggested in the first place. And they can kiss my fat ass for all I care. As long as crypto is legal there ain't a thing they can use that list for except to deny you jobs. Look at PZ. They still haven't had the balls to have him fully arrested. Sure he's under suspicion. But how much net noise will happen if he does get jail time? How much anarchy is the NSA looking for? My gut feeling is that the second he's slammed in jail that a lot of folks will just mass export crypto just for the hell of it. Are they going to spend billions trying to investigate a few hundred thousand violations? At one point, I certainly feared their wrath, but it no longer matters. The worst they could do is throw me in jail or have me killed, both of which would eventually leak out to the media, causing far more attention to crypto and crypto usage than anything. (Now I'm under no illusions of being an important person, no ego trip for me, but I figure that if some snot nosed pirate kid gets his face all over the news for something idiotic like running a pirate ftp site, just imagine how much noise will be generated by the media when they hear that a cypherpunk was jailed for crypts...) > I will continue to do my part to try to influence the running of this > country. I am not kicking back with a beer and cigar and saying that > we can do nothing and I hope it all works out. We must run our own > country or our country will run us. Absolutely. Let those who fear the NSA, FBI, ??? hide if they like, but there's no need to fear the spooks. I'd bet some of them are even sympathetic to having free crypto without key surrender. Besides those who hide can infact also be productive through anon remailers. It's time to make some noise and wake up everyone we can into killing clipper. > Good luck to all and no ill will. (This list is too emotional sometimes > due to the topics covered. They are beliefs and not opinions and a > belief can not be changed by another person like an opinion can.) Sure, but that's why this is not a moderated list. Anarchy does have its advantages and also its disadvantages. I'd like to do with less flame wars on here, or at least have'em taken off the list... But that's my personal belief. :-) Fight, fight, fight. encrypt, encrypt, encrypt... die clipper, die, die, die! From jdwilson at gold.chem.hawaii.edu Tue May 3 19:09:45 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Tue, 3 May 94 19:09:45 PDT Subject: The American money capture In-Reply-To: <9405031416.AA24171@acs5.acs.ucalgary.ca> Message-ID: On Tue, 3 May 1994, Istvan Oszaraz von Keszi wrote: > Sure she can, especially if she's depositted the money in a > demand account. Let me simplify some more. Alice deposits her > $1000, she then wirtes a check for a $1,000 and deposits it to > her business account. She then writes a check on here business > account and deposits it in another account, and so on, until she > finally writes a check back to herself to cover her original > check. Throughout the process, she has created money. Money > which she can use to collect interest. This is known a s kiting > and is illegal if an individual does it since they can use the > created money to earn interest. As long as institutions keep > accepting Alice's checks, she's creating money which she can use. > -snip- > Eaxactly, most financial institutions tend to "borrow" from their > customers (Depositors) on the very short term, and lend on the > long term. So if all the Alice's wanted their money at once, the So the bank can float the $$ but not the individual. So much for "...these truths to be self evident, that all are created equal" - except when employing the golden rule . I can see the attraction of anarchy... -NetSurfer -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From hughes at ah.com Tue May 3 19:12:07 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 3 May 94 19:12:07 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <9405032314.AA04521@bilbo.suite.com> Message-ID: <9405040209.AA00254@ah.com> >> Currency needs to be fungible -- your time and my time and >> the time of a brain surgeon are not the same. >I see that my post was ambiguous. I didn't mean that "time" would be >the currency, rather, "time" would be the "good" purchased. There _are_, however, systems which have been denominated in units of 15 minutes of labor. (I've seen the scrip.) The misunderstanding is not unfounded. Eric From rarachel at prism.poly.edu Tue May 3 19:33:23 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 3 May 94 19:33:23 PDT Subject: PC-Expo In-Reply-To: <148@lassie.lassie.uucp> Message-ID: <9405040219.AB24929@prism.poly.edu> The idea is that Joe Sixpack will probably not give a shit for a long time, that PC Expo attendees don't all have access to BBS's or the internet because a lot of them aren't PC literate but are trying to be. Most are just suits who need to know about PC's. Putting PGP on BBS's has already been done. Handing out flyers won't help. It'll cost far too much to give out free flyers in terms of number of pages and information. At best only a bit of teasing info can fit. We won't be inside Javitz so they can't kick us out. We'll be right outside on the street. We'll make it look like a some company is hading out freebies. Lots of PC Expo attendies are there for the freebies and the info they can show their bosses. As Jack Nicholson said in Batman "Wait till they get a load of me!" :-) Some will just format the disks, granted. Most will look first. Especially if it looks like a pro job. Once they have a look, they'll probably want to look deeper. That's where the fud factor comes in. If we can get the yuppies scared of Uncle Sam enough to bitch about it, mind you Joe Sixpack doesn't have the financial backbone that some-rich-inc. has... IF you were running Novell would you want a phone line installed just so the FBI can call it up and spy on your network? Espeically when you'd have to pay for it, PLUS pay for taxes? Do you think the rich Wall St companies won't bitch about that? From cdodhner at indirect.com Tue May 3 19:35:02 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Tue, 3 May 94 19:35:02 PDT Subject: Cypherpunks *are* Coding In-Reply-To: <199405031948.AA08162@panix.com> Message-ID: On Tue, 3 May 1994, Duncan Frissell wrote: > These are: Secure Drive 1.3D, Secure File System 1.0, and the new Secure > Device 1.0(?). The latest version I am aware of for secure device is 1.2 > volumes. Secure Device creates an encrypted file that DOS sees as a drive > (like DoubleDisk or Stacker but without the compression). I will try out > Secure Device as soon as I can get into the FTP site which has been busy. It is extremely good and easy to use, the only problem is that the largest device/file it creates correctly is about 8megs... I now have virtual drives d-m each as 8meg encrypted files, and I would much rather have one 80 meg partition... oh well. Aside from that it is one of the best encryption programs I have ever used. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From rarachel at prism.poly.edu Tue May 3 19:43:23 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 3 May 94 19:43:23 PDT Subject: PC-Expo In-Reply-To: Message-ID: <9405040231.AA25271@prism.poly.edu> > If it looks like you're really going to do this, I'll send you some $ or > some disks if you promise to use them for this project. I've had enough folks volunteer for this in NYC that there's no way I'd back out. If you want to send me something I'd rather you send me disks because I don't have any time to buy them. Just as many 3.5" HD's as you can... I'll accept money if you'd rather do it that way, but I want to make sure it gets used up 100% for the disks. (I'll be taking a $20 loss in disks and about $100 in taking the day off, if my boss decides not to pay me for the day off...) > Sandy Sanfort (I think) said a few weeks ago that he's writing an article > for Soldier of Fortune about PGP and privacy; perhaps he'd give you > permission to use that. That would be most cool. Sandy, is you reading this? > I wrote up a short (~ 2 pages, I think) article a few months ago for > someone who wanted to hand out something printed; I'll poke around and > see if I can dig it up. It wasn't anything special, or anything that anyone > else who's been on the list > 3 months couldn't have written. Please, anything you can scrounge together or revise. Also I'd reccomend that you quote from current magazine articles and mention them. This way they can seem more offical media-looking... > You might see if there are pieces you could steal from the PGP docs; they > did a fair job of explaining lots of the issues, as I remember it. I won't include any extra docs or source code. No room on one disk :-( > Like someone on the list suggested, you might think about handing out > Mac disks, too - I'm not familiar enough with PC Expo to know if they > mean "IBM PC" when they say "PC". If that's the case, there may not > be much demand for Mac stuff. :) I may do this if I have the time. I have a Mac, but not much time on my hands anymore... Maybe I'll bring a few Mac disks just incase.... > With respect to copyright, remember that everything* created is born > copyrighted; net-news postings, E-mail, newspaper articles, and everything > else. An author must take affirmative steps to make it public domain. > You're probably safest if you stick to articles explicitly written > for this project, or ones where you have permission to reprint. I > wouldn't be surprised if sympathetic folks/organizations (Wired, John > Perry Barlow, Whole Earth Review) will grant permission if you ask. > > (* where "everything" == original works of authorship fixed in a > tangible medium of expression) The Wired JackBoots article is freely distributable, so that will go on there. :-) From CCGARY at MIZZOU1.missouri.edu Tue May 3 19:48:52 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 3 May 94 19:48:52 PDT Subject: Lobbying/Politics/Etc. Message-ID: <9405040248.AA18406@toad.com> On this thread, someone expressed outrage at the idea that a terrorist incident could be staged to encourage gun control legislation. -That this was a "smear" on "bleeding hearts". Its not as simple as that Recently, Walter Williams has popularized a wonderful term used by the Communist Party - "USEFUL IDIOTS". A USEFUL IDIOT was a person who believed the propaganda of the inner circle &, so believing, worked for the Party without knowing the hidden agenda. It seems that in America, when the state does a power grab, we find at least two groups involved in pushing for the state - a ruling elite & the useful idiots. The useful idiots are a well developed group for the state gun control plan. The state is now working to develop useful idiots with regard to encryption. Useful idiots would probably not sanction terrorist incidents to further their political views & could certainly not be trusted to be involved in any such incident. I don't believe that the ruling elite would have any qualms against such an incident - only practical re- servations. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKKK! BBBEEEAAATTTT STATE ! From rarachel at prism.poly.edu Tue May 3 19:49:33 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 3 May 94 19:49:33 PDT Subject: PC-Expo In-Reply-To: <199405012226.AA27108@metronet.com> Message-ID: <9405040237.AA25468@prism.poly.edu> > (quit, not retired :-), technician, programmer, etc. If you don't want an > editorial article, let me know what you'd like. Anything you can write will be file. Letter or Op-Ed or slap the NSA kinda article. Just keep one thing in mind. Assume they know nothing about crypto or the NSA or clipper.. Add tons of Fear Uncertainty and Deception. Make'em want to rise up and bitch to Uncle Sam.. If you can include quotes from various "Info Liberated articles", please do! > Or, I can do this. Anything you can help. Please. You don't have to do just one thing. :-) > Or, I can do this. (hey, I'm flexible, and wanna help :-) Welcome aboard and loads of help. Just send me whatever ideas you have in email to my other account rarachel at photon.poly.edu and I'll see if I can help you with ideas or provide some "liberated" articles. :-) Really appreciate your willingness to help. From anonymous at extropia.wimsey.com Tue May 3 19:52:34 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 3 May 94 19:52:34 PDT Subject: Magic Money at pub/mpd Message-ID: <199405040241.AA01596@xtropia> Magic Money DOS client is at /pub/mpd, not /pub/mpj, on Netcom. From jim at bilbo.suite.com Tue May 3 20:21:31 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 3 May 94 20:21:31 PDT Subject: Announcement RE: Lobbying... Message-ID: <9405040314.AA08217@bilbo.suite.com> Arsen Ray Arachelian says: > And they can kiss my fat ass for all I care. As long as crypto > is legal there ain't a thing they can use that list for > except to deny you jobs. Section #120.9 of the ITAR defines "Defense Service" as: (1) The furnishing of assistance (including training) to foreign persons, whether in the United States or abroad in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing, or use of defense articles; or (2) The furnishing to foreign persons of any technical data controlled under this subchapter (see #120.10), whether in the United States or abroad. Section #120.17 defines "Export" as: [paragraphs 1 - 4 skipped] (5) Performing a defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad; or [paragraph 6 skipped] I expect that most on this list know that cryptographic software and systems with the capability of maintaining secrecy or confidentiality of information (excluding systems using cryptography for authentication purposes only) are considered export controlled defense articles. (See section #121.1, Category XIII) Posting instructions on how to use and/or build cryptographic software to a mailing list containing foreign persons could be interpreted by some as a violation the ITAR regulations. However, I think they would have to stretch the point quite a bit, considering the fact that it is legal to export cryptography books and discuss cryptography with foreign nationals in an academic setting. Also, the posted instructions could be considered "information in the public domain" (section #120.11), which is *not* subject to the ITAR regulations. My hypothesis: The TLAs could shut down the cypherpunks mailing list (as it now exists) by dragging all the U.S. list members into court. The TLAs would probably lose the case, but they would still do a lot of damage to the lives of the U.S. list members. Jim_Miller at suite.com From albright at scf.usc.edu Tue May 3 21:19:41 1994 From: albright at scf.usc.edu (Julietta) Date: Tue, 3 May 94 21:19:41 PDT Subject: Lobbying. ..etc etc.. Message-ID: <199405040419.VAA01264@nunki.usc.edu> > > Jim Miller says: > > > > My hypothesis: The TLAs could shut down the cypherpunks mailing list > > (as it now exists) by dragging all the U.S. list members into court. > > The TLAs would probably lose the case, but they would still do a lot > > of damage to the lives of the U.S. list members. > > > > > > > ::Gulp:: Don't give 'em any ideas.. > > -- Jane Doe, subscriber, Cypherpunks List :) ;) > > ________________________________________________________________________ > Julie M. Albright > Ph.D Student > Department of Sociology > University of Southern California > albright at netcom.com > > --VAA01187.768025029/nunki.usc.edu-- > > From catalyst-remailer at netcom.com Tue May 3 21:26:18 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Tue, 3 May 94 21:26:18 PDT Subject: No Subject Message-ID: <199405040427.VAA11973@mail2.netcom.com> 10365851 10365863 10365889 10365911 10365917 10365923 10365959 10365973 10365983 10366003 10366019 10366033 10366061 10366087 10366091 10366117 10366163 10366177 10366189 10366193 10366199 10366201 10366207 10366211 10366231 10366249 10366259 10366271 10366297 10366303 10366309 10366313 10366319 10366331 10366339 10366351 10366357 10366417 10366439 10366471 10366529 10366561 10366567 10366597 10366607 10366619 10366621 10366627 10366667 10366669 10366673 10366687 10366691 10366693 10366739 10366777 10366793 10366801 10366817 10366823 10366841 10366849 10366871 10366897 10366903 10366969 10366981 10367003 10367009 10367023 10367039 10367041 10367081 10367087 10367101 10367107 10367117 10367173 10367177 10367191 10367221 10367233 10367243 10367309 10367321 10367323 10367327 10367339 10367341 10367351 10367353 10367359 10367389 10367393 10367443 10367449 10367453 10367459 10367473 10367477 10367479 10367507 10367531 10367557 10367563 10367573 10367611 10367627 10367639 10367663 10367677 10367689 10367713 10367719 10367729 10367737 10367783 10367789 10367813 10367827 10367831 10367837 10367839 10367843 10367869 10367873 10367879 10367887 10367891 10367897 10367911 10367921 10367927 10367933 10367947 10367969 10368037 10368073 10368077 10368097 10368107 10368131 10368133 10368139 10368157 10368161 10368179 10368187 10368191 10368199 10368209 10368227 10368269 10368287 10368301 10368313 10368349 10368361 10368373 10368389 10368401 10368403 10368439 10368467 10368493 10368499 10368511 10368517 10368551 10368557 10368563 10368577 10368581 10368587 10368599 10368637 10368641 10368643 10368647 10368649 10368667 10368697 10368727 10368739 10368749 10368763 10368773 10368779 10368797 10368803 10368821 10368823 10368857 10368877 10368881 10368899 10368923 10368931 10368937 10368949 10368961 10368971 10369001 10369013 10369033 10369039 10369081 10369091 10369103 10369109 10369127 10369129 10369147 10369157 10369171 10369189 10369217 10369241 10369253 10369259 10369313 10369339 10369363 10369369 10369391 10369399 10369409 10369417 10369441 10369453 10369483 10369487 10369511 10369517 10369519 10369529 10369543 10369547 10369549 10369553 10369561 10369589 10369613 10369627 10369631 10369633 10369637 10369699 10369721 10369727 10369729 10369739 10369741 10369747 10369759 10369769 10369783 10369789 10369823 10369859 10369867 10369873 10369889 10369901 10369943 10369951 10369967 10369981 10369999 10370011 10370039 10370053 10370069 10370071 10370077 10370099 10370111 10370117 10370141 10370167 10370177 10370179 10370203 10370209 10370231 10370237 10370273 10370279 10370281 10370317 10370329 10370341 10370389 10370413 10370419 10370431 10370441 10370443 10370467 10370483 10370509 10370513 10370531 10370537 10370593 10370609 10370617 10370627 10370641 10370653 10370681 10370687 10370699 10370741 10370747 10370753 10370779 10370791 10370797 10370803 10370807 10370809 10370813 10370821 10370837 10370839 10370849 10370887 10370897 10370911 10370923 10370939 10370959 10370981 10370993 10371007 10371029 10371043 10371059 10371077 10371089 10371103 10371107 10371113 10371121 10371149 10371167 10371187 10371191 10371203 10371209 10371227 10371247 10371269 10371271 10371287 10371293 10371301 10371307 10371313 10371323 10371331 10371371 10371373 10371409 10371419 10371421 10371461 10371469 10371497 10371521 10371541 10371553 10371563 10371583 10371593 10371601 10371607 10371611 10371629 10371637 10371659 10371671 10371679 10371719 10371721 10371727 10371733 10371743 10371817 10371839 10371841 10371847 10371863 10371899 10371943 10371947 10371979 10372003 10372009 10372049 10372051 10372067 10372121 10372129 10372151 10372171 10372183 10372207 10372211 10372213 10372223 10372231 10372237 10372249 10372267 10372273 10372277 10372283 10372357 10372367 10372381 10372391 10372403 10372421 10372429 10372433 10372441 10372447 10372489 10372511 10372541 10372559 10372591 10372619 10372627 10372639 10372657 10372673 10372679 10372699 10372709 10372741 10372751 10372763 10372781 10372787 10372829 10372837 10372903 10372919 10372939 10372951 10372963 10372997 10373017 10373021 10373047 10373053 10373057 10373059 10373063 10373087 10373089 10373093 10373101 10373113 10373117 10373119 10373137 10373149 10373173 10373177 10373201 10373239 10373243 10373249 10373261 10373263 10373267 10373269 10373309 10373339 10373347 10373353 10373371 10373413 10373453 10373459 10373479 10373491 10373507 10373521 10373551 10373567 10373581 10373591 10373603 10373617 10373633 10373641 10373647 10373651 10373681 10373683 10373687 10373717 10373719 10373771 10373773 10373789 10373819 10373833 10373899 10373917 10373939 10373947 10373953 10373977 10373999 10374011 10374031 10374037 10374041 10374047 10374071 10374101 10374109 10374113 10374121 10374139 10374187 10374193 10374197 10374227 10374229 10374269 10374281 10374289 10374313 10374341 10374349 10374389 10374391 10374407 10374409 10374443 10374473 10374479 10374487 10374493 10374557 10374563 10374571 10374631 10374647 10374667 10374671 10374691 10374701 10374731 10374761 10374769 10374773 10374781 10374823 10374839 10374853 10374877 10374899 10374901 10374907 10374937 10374967 10374971 10374989 10375003 10375033 10375051 10375067 10375097 10375129 10375153 10375163 10375171 10375177 10375181 10375187 10375193 10375199 10375201 10375213 10375223 10375237 10375241 10375247 10375259 10375283 10375289 10375319 10375373 10375403 10375441 10375447 10375481 10375493 10375511 10375523 10375529 10375571 10375597 10375633 10375639 10375643 10375657 10375667 10375711 10375733 10375751 10375753 10375759 10375801 10375811 10375817 10375837 10375879 10375891 10375901 10375907 10375927 10375949 10375961 10375991 10376017 10376053 10376077 10376083 10376123 10376131 10376141 10376167 10376183 10376203 10376207 10376209 10376221 10376257 10376291 10376309 10376329 10376339 10376363 10376371 10376419 10376449 10376453 10376467 10376479 10376497 10376503 10376521 10376533 10376543 10376557 10376563 10376609 10376617 10376621 10376623 10376627 10376633 10376651 10376659 10376669 10376671 10376683 10376689 10376699 10376701 10376719 10376741 10376797 10376827 10376833 10376837 10376857 10376881 10376917 10376929 10376939 10376957 10376959 10376969 10376981 10376999 10377001 10377007 10377011 10377019 10377047 10377053 10377067 10377079 10377091 10377113 10377119 10377139 10377151 10377179 10377197 10377239 10377247 10377277 10377307 10377313 10377317 10377329 10377337 10377349 10377371 10377379 10377383 10377391 10377397 10377421 10377457 10377473 10377487 10377509 10377511 10377517 10377527 10377533 10377539 10377583 10377617 10377637 10377671 10377673 10377683 10377691 10377707 10377793 10377811 10377817 10377821 10377827 10377833 10377863 10377919 10377931 10377943 10377949 10377953 10377967 10378021 10378031 10378061 10378063 10378073 10378091 10378103 10378111 10378133 10378139 10378163 10378219 10378223 10378229 10378253 10378271 10378307 10378327 10378343 10378363 10378369 10378391 10378411 10378421 10378429 10378439 10378469 10378471 10378477 10378481 10378531 10378559 10378597 10378603 10378637 10378639 10378657 10378673 10378691 10378741 10378751 10378763 10378777 10378793 10378813 10378817 10378829 10378847 10378859 10378877 10378889 10378919 10378931 10378943 10378969 10378987 10379009 10379011 10379021 10379041 10379069 10379081 10379119 10379137 10379143 10379153 10379177 10379179 10379189 10379209 10379251 10379267 10379293 10379311 10379323 10379353 10379357 10379381 10379387 10379407 10379423 10379429 10379441 10379449 10379461 10379483 10379543 10379549 10379557 10379563 10379569 10379581 10379587 10379599 10379617 10379623 10379627 10379657 10379671 10379689 10379701 10379711 10379737 10379753 10379771 10379777 10379839 10379857 10379867 10379879 10379893 10379927 10379959 10379983 10380001 10380043 10380049 10380053 10380077 10380121 10380131 10380151 10380163 10380191 10380197 10380233 10380259 10380263 10380269 10380287 10380299 10380301 10380311 10380343 10380361 10380367 10380371 10380379 10380407 10380451 10380457 10380481 10380493 10380497 10380509 10380529 10380533 10380541 10380547 10380551 10380563 10380569 10380577 10380589 10380619 10380641 10380647 10380653 10380661 10380677 10380701 10380703 10380709 10380719 10380737 10380743 10380763 10380767 10380787 10380793 10380803 10380817 10380827 10380857 10380883 10380907 10380941 10380949 10380959 10380967 10381003 10381009 10381013 10381039 10381069 10381079 10381081 10381093 10381097 10381117 10381141 10381171 10381177 10381193 10381207 10381223 10381229 10381279 10381291 10381297 10381321 10381337 10381369 10381387 10381409 10381421 10381451 10381453 10381457 10381471 10381477 10381519 10381523 10381531 10381541 10381561 10381589 10381597 10381607 10381661 10381667 10381673 10381697 10381727 10381729 10381741 10381751 10381753 10381757 10381759 10381769 10381801 10381823 10381829 10381831 10381837 10381853 10381859 10381871 10381879 10381907 10381909 10381927 10381933 10381949 1038195 ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```$9S^P;+]AB?X9TW6\8W2::P&2&HOVFL%".9D"CDI<8'#>:RI9+ES'K( >#D'/RRZZZN4??'?6ADXC9)5[D`,:O3/L%MV:`)]Y ====Encrypted-Sender-End==== From mg5n+ at andrew.cmu.edu Tue May 3 22:49:15 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 3 May 94 22:49:15 PDT Subject: In-Reply-To: <199405040427.VAA11973@mail2.netcom.com> Message-ID: catalyst-remailer at netcom.com writes: > 10365851 > 10365863 > 10365889 ... > 10381927 > 10381933 > 10381949 Just what I always wanted - my very own list of 8 digit prime numbers! Thank you so much! From anonymous at extropia.wimsey.com Tue May 3 23:07:35 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 3 May 94 23:07:35 PDT Subject: Giving Value to Digital Cash Message-ID: <199405040552.AA02485@xtropia> -----BEGIN PGP SIGNED MESSAGE----- Rant: Creating Value for Digital Cash Someone recently fed me my words from the Magic Money intro, in which I predicted that digital cash could take on value by itself. I knew when I wrote the program that giving the system value would be the hardest part. I'm glad to see interest in digital cash resurfacing. I thought it was dead. Most major economies are using fiat money today, so it is clear that fiat money will work. But you could not create a new economy with fiat money. The money has to start out having real-world value and convertibility. After it has been in circulation for a while, it can be "decoupled" from outside standards. There are three problems involved. 1> Getting people started. From clueless to having a working Magic Money client on their system. 2> Distributing your digital coins. 3> Exchanging your digital coins for something of value. One at a time. 1> Getting people started. The software has to be readily available. The Magic Money server should be able to mail a uuencoded copy of a DOS binary or the source code to anyone who requests it. The binary needs to be compiled with the new pgptupd.zip file. This has a fifo.c dated in April, which fixes a bug in the old fifo.c. I have asked MPJ to integrate this with the pgptl10d on his site. In any case, look for a fifo.c with a date in April. Someone with better Unix skills than me needs to write a proper, system-independent makefile for the Magic Money package and include it with the source code release. Magic Money is not really that hard to use once you get it installed. 2> Distributing your digital coins. The properties you want here are: it should be easy for any newbie to get a few coins to play with, but it should be hard to manipulate this system to stockpile a lot of coins without effort. One way to do this is with a for-pay MUD. Digital coins would be distributed for successful play in the MUD. The free "guest" account would allow anyone to play for a short time (15-30 minutes or so) and get a few coins. The specific actions required would change every time, so someone could not write a program to repeat the same actions over and over to stockpile coins. To get into the deeper levels of the MUD and win more coins, you would have to pay for access. There could be other ways to get coins too. All should be fun or interesting in themselves, but not too easy. For example, hunts through the Usenet. Post a puzzle with some encrypted coins. The solution to the puzzle is the passphrase to decrypt the coins. Post innocuous-sounding messages to various Usenet groups. Each one has a clue to the puzzle, and pointers to further clues. The first one to solve the puzzle and exchange the coins wins them. And how about a digital bookmaking operation, and a simulated stock market? Take real stock prices, and allow users to buy and sell with digital cash. You should also have margin accounts (what was that about developing digicash credit and debt?) with automatic margin-call and sellout if you lose, and short-sale capability. Take bets on sporting events, elections, anything which can be publicly verified. 3> Exchanging your digital coins for something of value. This is the easy part: give away prizes in exchange for digital coins. The prizes paid for, of course, by the profits from the MUD. The best prizes are probably consumer electronics ranging from small stuff like Walkmans to major items (if the system is successful) like TV's and computers. This is really no different from arcades where you put in quarters to play bowling games, and then use the tickets to get prizes if you are good. Or games at fairs. It's not gambling, so it should be legal. This approach could give your digicash value. Some people will play the MUD for the fun of it (make it a good MUD) and will start to collect coins. People will want to win the prizes, either by playing your contests, or wheeling and dealing with other people. Eventually, when your system is seen as trustworthy, your coins will take on a value of their own. Some people will exchange them for prizes, but many more will just use them as money on the net. One advantage of this from the operator's point of view is that the risk starts out small and rises with success. When only a few people are involved and the prizes are Walkmans, the risk is low. When the MUD is making good money and everyone is spending your coins, and you are giving away TV's and computers, the risk is higher but so is the payoff. When you are successful, you can profit by minting and spending your coins. Here you have to be careful to put money into the system only as fast as the digicash economy is growing. Your server needs to be online, and quickly accessible. It can be run through a remailer, since the bandwidth would not be too high. Use a 512 bit key, just in case it becomes popular. And if you are going to publish the address of the server, you will need a firewall between the net and the machine with the secret key. Pr0duct Cypher -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLccohMGoFIWXVYodAQFA+QP7BXXgde3cBGg+HTp3dt8FMbekK00HBuw0 fEINtTCld00e9q1qDH2HiNo5zMQuj1xXWyDbARiEpzAdOgoPcIZ0fkUpLMy/uBpR cJv/g1Ma66t5b1W5rfdiXEeQWZN0vkqPRiPQR8/tNaG9VqzS/dXxPZ6wlSU0L+Ay bcQSB052ODs= =hLUV -----END PGP SIGNATURE----- From phantom at u.washington.edu Tue May 3 23:39:51 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Tue, 3 May 94 23:39:51 PDT Subject: money server up and running Message-ID: digital coins are flowing! newly minted GhostMarks (tm) now available. GhostMarks are minted in 5 & 10 type denominations, as I felt the efficient binary system wasn't quite as intuitive. I'm offering 20 GhostMarks to the person who most correctly predicts the outcome of the Seattle Supersonics/Denver Nuggets basketball game tomorrow night; deadline is 3pm, 5/4/94. Please include a winner and a point spread. Also, in my next few posts I'll be offering GhostMarks to get my currency established. What follows is worth 10 GhostMarks to whomever redeems them first. -----BEGIN PGP MESSAGE----- Version: 2.2 owEBBQH6/okAlQIFAC3HMbJkhnxaNc7AOQEBOyMEALQGtexjmAY/L2eoLETJ3WNh XQjmFTNmKmqhOBTg0L0LiaJp9gDbYxHABce9Wtej0mtCpQ6QaNcfyAWDVVLn4yP5 MyvXmlhNLcAmmDjPOnCJD91jt7ShYGpOzsHtOqb62mWAPznp/PfHlDi1SiJtkqar IlpLcpSxVBPvmIGWuR0JrGtiDS9tb25leS8xMC5kYXQAAAAAwJSuQj1K3n/cvbzM DI7to7cAEQEACQH7B2KV0HcziU3pxSA6B+Yjse6hqJqLilt2ofZpVemIGONamPmm nCc5Txfyh8GacaDxS+rfekH7JenBO9lcU3j87g== =iEij -----END PGP MESSAGE----- mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From phantom at u.washington.edu Tue May 3 23:46:11 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Tue, 3 May 94 23:46:11 PDT Subject: one more thing. Message-ID: You might need this: (the banks' key): -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBPAi3HKO0AAAECAMvQjLjmYqiYg2gR3LiAOTWoSbcnMQsZZtzGLDy/tx3B2dwi BwB8GHbBYv43CrFVGEsaiYm1nw9Z7R2oJiKr3fEAEQEAAbQUVGhlIFBoYW50b20g RXhjaGFuZ2U= =znO6 -----END PGP PUBLIC KEY BLOCK----- Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From ebrandt at jarthur.cs.hmc.edu Tue May 3 23:52:39 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Tue, 3 May 94 23:52:39 PDT Subject: Giving Value to Digital Cash In-Reply-To: <199405040552.AA02485@xtropia> Message-ID: <9405040652.AA20257@toad.com> > Most major economies are using fiat money today, so it is clear that fiat > money will work. But you could not create a new economy with fiat money. How would fiat money work without somebody enforcing a fiat? I can't see many of this crowd of anarchists and fellow-travelers being willing to do that. > The money has to start out having real-world value and convertibility. > After it has been in circulation for a while, it can be "decoupled" from > outside standards. I think a "decoupled" currency would go the way of the Thorne, sooner rather than later. Eli ebrandt at hmc.edu From blancw at microsoft.com Wed May 4 00:59:26 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 4 May 94 00:59:26 PDT Subject: The Value of Money Message-ID: <9405040700.AA09737@netmail2.microsoft.com> One bill makes you larger, two bills make you small, and the ones that Uncle gives you aren't worth anything utall....... I thank everyone for the explanations I read; they were all quite interesting, informative, and enlightening. I think that asking about the origins of the concept of money supply is a bit like asking about the origin of God or the Universe: it's just there. My question is still unanswered in my mind, and I think the best thing will be to do some further research in the library: Where did Alice get her money initially which she deposited in a bank for its safe-keeping and interim use. It was printed by the government. How did the gov. decide how much to "create" (print) and then assign a "value" to, from their gold reserve (back when it meant something). Too much or too little currency in circulation, and you have either inflation or deflation; I know it's arbitrary, but how was an acceptably correct proportion established initially, beginning from when the US was established as a legitimate nation; how was the process started, based on what sort of relationship between the abstract units and the available "stuff" used as reference to base it upon. The act of assigning abstract numbers to a concrete substance like gold: someone made the initial associations and established an understanding among the intended users. The procedure of using an exchange medium was familiar from centuries before. The medium changed, but the system of exchange remained and has been expanded upon, until now it is very complex. Really, now all that we mostly see are "money-numbers" attached to checks, credit cards, bank account statements, receipts, shares, etc. I don't ever see the gold and if I exchanged all of my checking account for it, I would probably find resistance to its use from the inconvenience and danger of actually handling it. This is now pretty well just an act of assessing value/worth based upon knowledge gained from the past relative to what everybody else has been doing, in terms of assigning any worth to any thing in terms of some number. It all makes sense, now. I understand this much: there is some gold and other actual metal located in a vault, sitting there as a symbolic standard of wealth, worth, value. Everyone stakes a claim to it, and they exchange that claim to others in substitution for something else (dog, rifle, gas in the car, baby-sitting). These claims can circulate as fast as a computer can calcualte & transfer them, and that is all that circulates while the standard continues to sit in the vault, not being used for anything by anybody. As long as you hold a claim to this lump of stuff, you're Somebody - a force to contend with in the Market Place. All you have to figure out is how to *get* some of that Claim in your hands so that you, too, can be involved in the Circulation Business. Something which can be converted from a solid to a liquid so it can be re-converted back to a solid or something similar. But you always want to maintain some Claim, some attachment, to that symbolic reference from which all money numbers derive their assigned worth. It's easy, when you know how. :>) Oh, and. . . uh.. .what this has to do with cypherpunks is... uh . ..uh. . .anarcho-capitalistic control of my destiny based upon fundamental comprehension of currency denomination & free market methodology with future potential within an encrypted digi-cash system? Blanc From tcmay at netcom.com Wed May 4 01:21:35 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 4 May 94 01:21:35 PDT Subject: Detweiler's Back--comments in talk.politics.crypto Message-ID: <199405040822.BAA10997@netcom.com> Cyphertentacles, I apologize for mentioning the name "Detweiler" here, but I just spent a fair amount of time composing this attached article for talk.politics.crypto, and thought it relevant enough to Cypherpunks to forward here. Many of you apparently missed Detweiler's harassment of our list (with fantasies that several list members were actually "Tentacles" of myself and Eric Hughes and others, etc.), for which you should consider yourself blessed. He has a nasty habit of popping up, though. Tonight, shortly after reading his post where he asked "have you fixed the cypherpunks remailers yet?," I saw that huge list of numbers appear from an anonymous site....and of course I thought "He's baaaaack!" --Tim Newsgroups: alt.security.pgp,talk.politics.crypto Path: netcom.com!tcmay From: tcmay at netcom.com (Timothy C. May) Subject: Re: RSA Data Security Inc. and Pretty Good Privacy...some comments Message-ID: Followup-To: alt.security.pgp,talk.politics.crypto Date: Wed, 4 May 1994 08:06:45 GMT L. Detweiler (tmp at netcom.com) wrote: (commenting on a post of mine) : actually, something I have observed is that you never respond to : ad hominem attacks the way e.g. Sternlight does. If someone calls : you a slimy cryptoanarchist, you don't bother to defend yourself. That's right. I see no point in answering such nonsense, as it wastes my time and wastes the group's time. I'm only commenting here because you've made an accurate observation here...ad hominem arguments are rarely persuasive. : Which is something of a pity, because IMHO all the fun of Usenet : is namecalling. What else is it good for? any medium that does not : reward excellence in posting (the good and the bad scroll off : in the same pace) is asking for mediocrity. Talk.politics.crypto should be, in my opinion, concerning itself with the vital and fascinating questions about crypto policy, the laws of other countries besides the U.S., Clipper, Digital Telephony, and so forth, not with endless acrimony about who said what, who called whom a liar, and who's sleazier. If someone calls me a fool, or a dupe, or a Nazi babykiller, I take satisfaction in letting their words speak to their own reputation. Further, anyone _taken in_ by such idle charges almost certainly _deserves_ to be taken in! A kind of filter, as it were. Most people are pretty reasonable, and learn quickly enough to separate out casual charges and idle assertions from the truth. This is why free speech "works." (When Detweiler begain to attach my name and (non-digital) sig block to his posts, and then to post pro-Nazi rants in soc.culture.jewish and soc.culture.german, with my name at the bottom, then I took the step of letting his site admin know I was pissed off. Eventually, after LD mailbombed more than a hundred newsgroups--before it was stopped at his site--his account was yanked. He's now posting as "tmp.netcom.com," out of the Denver site.) : also, it appears that you are loathe to post any insult under your : True Name but feel free to do so under all the `others' . It appears Yes, I dislike posting insults....even for people I disagree with. (I'm not perfect...I've lost my temper on the Net more than once...) And a lot of times I just see no point in refuting an obviously flawed argument someone makes. The Clipper arguments have gone around and around and most people in this group, not to mention 80% of Americans, dislike the Clipper concept. (As I've said so many times, beginning 5 months _before_ Clipper was announced, my real concern is that the groundwork is being laid for some kind of ban on unapproved crypto use. This has always been the focus of my efforts, including the technical and public relations efforts now underway to undermine key escrow, not the relatively trivial issue of what kind of secure phones the government buys for itself and tells its contractors to buy. Too many issues here to discuss now.) However, as I told you beginning last summer when you started to pester me about my "Tentacles" and my "Pseudopods," I don't post to this or any other group under any name or account name other than my own name, tcmay at netcom.com. And I haven't used a reamiler or anonymous posting service for many months (and then it was mostly for experiments, with posts going to the Cypherpunks mailing list). The same cannot be said of yourself, you having posted under the various names of S. Boxx, The Executioner, Pablo Escobar, Jim Riverman, T.C. Hughes, Eric May, Adolf Hitler, etc., via the anon.penet.fi remailer site. And you've even posted with _my name_ attached to your posts. (A good argument for digital signatures, save that I run RSA's MailSafe and MacPGP on my home machine, and uploading to Netcom is an extra set of steps I don't relish.) : that the cryptoanarchist ideology that `true names' are meaningless : is itself meaningless. Well, I think you should consider that you : are really missing out on something. A world where there is no : strong condemnation of evil is an invitation to moral relativism : and fascism (or, maybe that is your point). Condemnation of evil doesn't happen by ad hominem arguments, by anonymous posts, by prattle about the "spawn of Satan" and "sodomites." Nothing to be gained by mindlessly demonizing David Sternlight, Grady Ward, Dorothy Denning, or any other such folks. If there is a developing collision between "privacy" and the putative need for the government to inspect the insides of ones computer files, filing cabinets, business receipts, housekeeper interview logs, etc. (all of these inspections are ostensibly needed for small businesses--and many of us are becoming small businessmen, courtesy of at home consulting, businesses--to allow taxation, detection of money-laundering, etc.), then this collision needs to be discussed. I don't impute evil to the NSA or NIST, or to folks like Dorothy Denning and David Sternlight. I just disagree with them and think the new technologies favor (and "empower") the individual over any particular nation and its band of tax collectors, censors, and authority figures. There are good aspects and bad aspects to this kind of "crypto anarchy" (my term since 1988), but the genie's already out of the bottle. Instead of arguing pointlessly here, in this group, over 700 mostly like-minded (though I don't speak for others) folks are racing to get strong crypto and its related technologies deployed as quickly and as widely as we can. Just to get the genie even _further_ out of the bottle. (Our band of folks, and others, may lack the sheer power of the Agency, but it is _ever so much easier_ to encrypt strongly, to provide untraceable message routing, than it is to break ciphers and track all messages. The old saw, repeated recently by Philip Elmer-Dewitt in an otherwise fine McNeil-Lehrer piece, that the NSA "has never met a code it couldn't crack," is actually almost completely bogus. In fact, most modern ciphers have been uncrackable, for reasons of computational complexity, and there have been few major cipher or code crackings in the last 20 years...the Walker spy case was so serious because key material was being supplied to the Soviets, the kind of black-bag cryptanalysis which works where brute-force methods fail. Fortunately for us, public key cryptosystems have much less key material to protect, and the Agency can't do a black-bag job on very many of us. This is why they're understandably worried, and why Clipper, Capstone, and Digital Telephony are their attempts at solutions. : the delight of Usenet is the back-and-forth. That's why Sternlight : is famous and T.C.May is just a lurking shadow. The latter has mastered : the thrust but not the parry. And? So? In the big scheme of things, it doesn't matter much to me that David Sternlight is much better known than I am. Or that you, L. Detweiler, rate your very own section in the "Legends" guide in alt.usenet.kooks. : hee, hee, T.C.May apologizes to Dorothy Denning. Mr. May, it is clear : that you can't decide whether you want to be a guerilla cryptoanarchist : or the sweet, nice boy next door who brings cookies for the neighbor : Aunt Dorothy. : I'll stop now. Thanks. That's my cue to stop as well. : pseudonymously yours, : tmp at netcom.com --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From kafka at dds.hacktic.nl Wed May 4 02:55:24 1994 From: kafka at dds.hacktic.nl (Patrick) Date: Wed, 4 May 94 02:55:24 PDT Subject: remail 1.9 Message-ID: <199405040951.AA26033@dds.hacktic.nl> ======= Unpack this message with pgp -p ====== Remail 1.9 for Waffle UUCP BBS 1.65 - Cyph3rpunx wr1t3 k0d3! Version 1.9 - Fixed lot's of stuff. - Added help support. If you send as subject HELP or help, it sends you a operator configurable helpfile. ('remailerhelp:') in the Waffle static file. remailhelp: c:/waffle/system/remail.hlp - Encryption works now - Replying to anon addres works - If a problem is encountered, the message is sent back to the sender, with a short helptext. [ 1.7 - 1.8 are internal versions ] Version 1.6 - Fixed problem that caused Penet mode to be on when you specified -v - Fixed problem with blank lines in header - Changed "Remailed by:" field to "Remailed-By:" (this apparently caused the empty header lines) Version 1.5: - "Encrypted: PGP" works now when pasted :) Remail now also works from inside Waffle, if you send the recipient encrypted. - -v now gives even more jolly interesting messages Version 1.4 - Cleaned up code (a bit) - Added anonymous id database ('penet') functions - Newsgroups that are not in the usenet file are added to it - Wiping of plaintext PGP output files works now (file was open for reading only) - Do not write EOF (FF) anymore when appending files - Added "Organization:" field - Added "Reply-To:" field - Added "X-Remailer-Software:" field - Added "Remailed by: " header field - Added -v (verbose) argument - Added some error handling :) - Added -penet argument. If given, remail allocates anymous ID's. If not, remail works as a standard cypherpunx remailer. In the next versions I will add acknowledgement of allocation of anon ID, ping, help, passwd. Please let me know if you have any suggestions. Please test the remailers: Penet style Cypherpunx style ---------------------------------------------------------- anon at desert.hacktic.nl remail at desert.hacktic.nl anon at vox.hacktic.nl remail at vox.hacktic.nl anon at jpunix.com remailer at jpunix.com ------ Patrick ------ Public keys for anon at desert and remail at desert: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAi2+t1EAAAECALUS6KI7WLBB47y5dDIN+vHAW2XLxu+ELJCNkHLKYxhAr6vY Ku1e9oMry+bHizW8wCt0JPWMlnzZOkhZplIGsqkABRG0O0Rlc2VydCBBbm9ueW1v dXMgUmVtYWlsaW5nIFNlcnZpY2UgPGFub25AZGVzZXJ0LmhhY2t0aWMubmw+iQBV AgUQLb63vZRymF15lPcFAQF88AH/TdqfNlZ2uNH/CpQiy6BneDa0+FJTmBFgy5W+ wcpbsljOFFheH3zz5zA2rkpxIBoy/nd4vQ9kaa6fc1TkVMeBfokAlQIFEC2+t6C+ ZjYIMi0DBQEBT4YD/0NK9fCG8JjE0fS/0SlFshWAGSZxUYREKoQiwo8/ZPEbORHa +a6E8mXOjy7XHVH00S8/1aOO+ji89FFY2aVNqVVDfZI53er9pZAeNSQ1mvD7isor B3IOQ+WeKgXL/IvOEaZro0ZA/FWtry0Ty7RZbPwX4j1TkBTxlRI08e2dG7YI =MfIT -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBtAi3HGTsAAAEDAKtJN+gFP71ow3vb+Ro64Q9XfQ0UsbNyIwtueeI2YX3PQvl7 Y4yMXiB64nXfe1npsHdSzoG905iAHtBXybfXjSZRkMZc1JTy3FzFVozLVB9FNgjf OXWfKai/FnjqVeer/QAFEbQ9RGVzZXJ0IEFub255bW91cyBSZW1haWxpbmcgU2Vy dmljZSA8cmVtYWlsQGRlc2VydC5oYWNrdGljLm5sPokAVQIFEC3HGZOUcphdeZT3 BQEBVkQCAKnKXNKpAeJssWWMzZTD48TTx3XT9EcTVx5/tDi1FoKUxZ7qy9k7pFo6 k02CIwghhxbHFqOtRb6BorxcONjr+xCJAJUCBRAtxxlevmY2CDItAwUBAR0EBAC7 42rjVV5Umt5T9rhkAlWfV6tg16RPxSxU6UD2sJdPPK2NZ0yszv7CY39dFgLEo74N vdUQzIbwoYlDz8FOITrLxipQOaS5VER3hed0nHxaf8+8m+bgU6QXZg92AnuB5fqJ r0lJ2vTiOQzRH84rIFCxYl7FPo5mqp3rgGXI7yrjJg== =UFGB -----END PGP PUBLIC KEY BLOCK----- kafka at desert.hacktic.nl's public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz8ExIAAAEEAMCOBYWuMLd+bWGzyLIO2Nr+jQOydZ3azOVkRtsz0sgaRmep UoMcAdpfAdDp3QzyQ5yzYfw5xqcFqiTJDaSNd0vncAHpsA2gQl727B1blg4qVlDY 5mNlJUG6CVrAq11eqI0pYIfw/uNlysvt/qKIEh4lK4ShLhBaab5mNggyLQMFAAUR tB9LYWZrYSA8a2Fma2FAZGVzZXJ0LmhhY2t0aWMubmw+iQCVAgUQLacfvwetuen1 9+T9AQGZCAP9GaIbfC+fU3oAhCAZm9aaFtK1DpLlqTrAE4MwzFy+2iIDClDp8xnx I0VG17fciCULngYIDpGvV4X53MswnmM9RWmHkORb9tY/9O5jsvxpkUzszT103TV6 oUJHGE1IpYjzKIXq8OKAT8+j8g2UkHkkpOPH1NS7KI395fyLEnR5ML4= =O2hR -----END PGP PUBLIC KEY BLOCK----- Signed and ascii-armored zipfile, remail.zip: -----BEGIN PGP MESSAGE----- Version: 2.3a iQCVAgUALccaSL5mNggyLQMFAQGxHwP/b02m5e1emxVCyLpRX0JwuMFSxooAnWPJ 30o5snYnw7YhZUhRKQMseQLw5ADGCdzJv/1UKCiQmU7oTP8wvaoUqQxi1SWw7Dz2 BI3OJckr9hZYwh51E9YL3QScvAbZiRhPIPEagPDi9iAfSXfeFjsyW8JJ9h8bK7zM gCzWhAXkLGWtZ8piCnJlbWFpbC56aXAAAAAAUEsDBBQAAgAIAP1OpBwdZuJGRRQA AOY0AAAKAAAAUkVNQUlMLkRPQ+1bW3PbuJJ+ZxX/A0oPm0xZ0d2y5Jo5G0rWzdb9 amlzHiASEmmRBE2QkujaH79ogKRkJ5nd2jOndnZ3kqlJTBKNRl8+fN1AVAV+o9/5 NUUtNEAa6qH+jz7VXIRd6kYODRnyiYMtm/hoR320wrudTVAxV72Vs6jKqqvNUW/G pU1bA63Xb03Rv6qKdhlnYoaoSxD/0UW70NUDi7r3yArQybJthMOAOjiwdGzbEUxy wr6BsKo4hDG8JyigXJuIy3sNCQuIgQz+h+ViEJOFaejRcveID0eWq1MHfjAJNoiv KjuL2AZD5KwTL0CZWbh9IXpwn8mB5j20xYzLc0LdRHSHApOk+mHbCiKutnioR55J fC90DxdzZBFmqsJV0X1ry4VY8lOD6qFD3OA+sWuXnmAFISPiffNK1DQWxeSXX/4L v+SX2wh1sY3aluuSKIt+vasU7qq5YqFS/MrX7/G5/CPJ8b/+DbRY05BrxwJhoAAG Y8MQFnMR19SPQL+Ihj7Kn4R78yzidnby3AbcPgztuJLcYL0dfIVY6HnUD/hQ3Y88 sJV4bOKjcJXuExwQhNG4M0YHIjwqpKtKYrocApWwzWg6ygsDYR4PM3ai3P90J1Vi hAsMhCBpYVUh7tHyqQtWRkfsW3hrE5RJgm+szWaZHPps7RCjDtlSIxIRiNGWBAHE BKN2KGPH5pIdgg4uPf2SSxw2a83RtbDfBtGVFiJuAu57xt3MuEJYKv5jpVZau91v ZZDFkOcTBi+xa6iKRy03YLBwGBsn1WyuzXtNYW30meT2OVBFVaSM35r33+Tfvs3W s3lr8E1+LvWecynY34vI40v1yXVWS7Ojf/ty/Dv/n0dcEvwd/Zo44wtEi4sdImKl J7MgeZa6IU1mvpIMYEMm+87rsf9UZUdtm54gumzLJeCzHwfV/bWGIBD9O/omv/y2 tdxvcsIcORPxNtYNpkwy6ZNcyqd04dlkpUkOc0uA32F8TnzLfR9E3LqXQOyBU4kH nxk4wIAH6GQFphj0xTI+Mb4EVUnWYBk5Y5tDYG6XnLkzj1yOcLVlgGkYN4dxvWg+ QGCkSVzkh64LhuGvUxQ4I4caJIuGI9QfdWZIm7bQU2s8T7366cvxE9pbR8Jk8lEH jLqjCG8pt/kJ4i9eNp/foHyCrFBZh6Vw93k+5fo5LJ0+tmyCDDp2ZSomietK+RCG WRnfAqa3/FUQYN3kC+QOJ0fiR2lKGygGa5nakFdXDoT8ivUFx6Xi0ZZLSLBIxkuC RCyAHUF8df99LBMfZNwj/T4JGRlc31LH8vfXC4TwxOhTAv+f5GR4FxBfqCS3C0Cf AJQJ6IH76/P9PWTX3OSG5f8R5hHdEpuUiV0j4rYnEvoYcQ2pdrJlxdgoTSXyItHs XsyXbm1gXp0CkghvgqFFSmGX8u+4HaTGMIj79P1QPruORThkAVX4E66lY+3NADn4 wL/wuW24EbGL7YjBOwrAYFjwNLSDNAS+Q2KMBECBcWJ/hAzyB7A8dKTvEjT+kN7/ meOkoB+4Tr6QlGIx0zotEf8+4BrX60TRnr/3sY1OOGIQ2MIdu0j4y0xyWuYXC/xQ IkBOZhGzHM8mLAA/Ap0wDLH5nbmJkKAICRTHgRCTgSSopZAUAyVt0QWlEJxBSAC8 ZCgzlTTlyzTR58uc3mck7Geev2iAK/Akh2agVJRufVwpn88nYwLC6oRd+UZkN1dw K/BV8CMZWTKAfzYl5a+uJkw9lkSQXGsSOyShXmDCJOMN6pIcQp+bACaQBg5s/Vwv VRHS+KPYYsIGWcRAS8RCP42lmBfp2LMC7j1bbMJMkCdm0pOb+wU83gVPc2nCKxic JaLnt3/wl6o84IDco3lIsqiIHoiO6iVUKt0Xy/e3d+hLoVYoqMpAGuRLz7hHv9bL hWKxUKgWyzlNK9yWS+WvjBo4tyX+gdgkyhEj/JuqtH3q3AOhJOiRG4ll0K8sJF8d ose8i5scmTvB0L4yk9h2TpjOhteqkiAR0lKeDb5TlR/6Er1Q8jXAnhyrKo+UoC8o ASaxJ+B3ctCOq4cciNx/3ITcQMC/PUK5WyROxLwVnUxLN2W0uDQACg5s1yROkmUx /w6oBC8ZLOxDfkHMk0jAaA71XBbwr7LyGYA3dWWWqIrDnelbGHh+nK9baljkIg92 HC4BUd+Q4IV1bjLuvgCCUjdVRaINy15hBgC/T4+WQYAGcA+a2LWYI4hrJt4SMnGi +yxAO3JSFdhAPq4DCbKZ6iYXm0NAFxhBcgQsSIK5Tt0AKqKfpW/+ffbydTjYNVjM DKTrIT+B0HOnJDgodYRhWxu7B7nTJTQuVZRIKIi3tHjDy9zzeT4D1urUpi77hese E8LUUowId1mCW0nG94MJs6Iae88FGQo94RIkvwPVY5xRFTCzYE7JhiOi+NqC7jtL JwDFHafzR3woAErIQmzzzxM0MWU0pqPwlh75WBrahhxMPOzDtDsEiXwisD+KQAZK F4ew1J3/APsxDYM9cCz0HkRz/z/BSlXu7/+kkNWKq1PuqpZrYlcnojZSlZ8W1pcx 1M0bJC1uAQbepUCSdyED6WPTsm3LU5WN5TjEd7DrfmIoE7oG8fc+5X9mkBdubUv/ AkXsVdXs+XTvYycLlTJftWYHJg33JvzIJdhkL3sQMD/UPPFGusjNckIFsoWCBWpF 2MDpLgBQEU+J8UsWKn3+1ckyiB1d1Sk4QPRIfEYwQ7vAQ8wKAPa4BP4G3MJlAB8F Eife5RBa8Nkz2NdNiwhWgYFPcXmABv7R0kWq7KyYRthcARaoCszCl5lWMlcrJxeP JMQrse4F1vh6Mdphy+f6S/6mKicccX1aWDev2JjYg+KuRIxN1xPI4h+6EdINqgJ+ kKOAFGODxG9ySHOjNLNje0vM4E5wcCDheyt6EAnBF9UifJj0O+iOT3fVJeJmYelC 02pNYMacIiYxij+XDpOaxjpkL/QvpllOyIKYqptyS1GVTCtR5h4GZwC1JD+0JMdf eNzmPtGJ5QVSvQuMBqbYGPmzeAYJ3+9dAmirKjgIiOOJhcTpEZdzcc8tESrzgr+y fLGYS/MkJdIstINk87xKNYvJsiatemRsMKhyYqTnoqGKh5L90nsTPsr9mEcm04Qs /ivAjyABOYRWBCpNP0i9yGUTnXKXJaOlaIR6cst5Afuzj/uK2PflfihYDHSZoBFH oXtmBX8Qlf3TYm0yU0zIoo+0SOYa7D6gDrePaFKkKtlRVhBErjYYWmYsjBd8BPLn ZxRJbM3ZmGcQQ7Q2VUXQi6yMJBATQKcmkIVJnIgwFWgudn1BB8TXcVbLIBFVbozx nXH2kuiZLziDGP+RL2pHuas1plsWUAMvDLKX8I9RJQGF65QSlAbgWcwdAUmGvqRD +MyCLh3+qPpHbG6NVqc3FLk4aM2gto63vKWE6HtUypVgOrN1anaqflef1/rBg97Q dhW/4zd0a5B3Hs2H6eHl2DNH9gIveqXBflXtDI/R+TBe6oX2oFyZTlVlsJovbuaG 2dGmgxXdm9HaqlfzXuFmzMWQ/tHC5sB4yde9vaZp3VbeeV50DSdcvegTQhrhWFWG bItfHmgx2p8P+cJqUNJaz5u3t85sPh/Xd6vb09K6LU3Oy2OZHu5mZWNoP98cFg/W onluvMyMnaosdi7t0tu8uy+8LI3JfqiV6wHF3ZHXGrQW+s1jc/IcPp/mjzejXbhk rNl2F6v1c+mwNoz90G+pSuX16JRPYL7fzmxpxFZsDR9+YMM/MoEwCiIPDkLEPDKg ZPcdoSE9ZWVgxpkm4lPsHLMQtkYRSqIV9WFL5YMbQo4vsAtal0TUZMjB/kGewyTo 991ecrUrCCaQxLbIzaRfRj3i44D6WRCfqEIMK86kq4Vkk7MHqeBraAH/TjoR0DLw qRHq5A+EzPcrArl/5cT/opwQHW6I2vcB/rNqRWRKIBMDeg4JkBuUMNGj8MmRQMUL G4MfkuvDREDpWUg+sUs3G41cO1KVU7KXpKwzZi1XqSj4gRVAhQwKnkwquiBC4ZiI aUymGoUuG/ajq6ZlUt5nkU580RdwLBbgAxHHOaJ1K74RhBpIlEOhFSEORd2kr7mj /p5IVvZ7iZyVO7KqCDa5JYhYotlsva+x4xFWwIi9ywLxh5pZdit9cg0a11ggWwmY JdI+Eikt7mzLxSSr5Avg3nq/ApAKkySCUsqdMvSLZulQ2We6an1cmvw/ZBGSRFzN c83tgTkIxzVN7hFZSybv4jr85xVlUlWmY79bgIjvLWbx0TdGDlBs0X32iUdwEANl qhL8LLgvt2Obrzq2bVZWP4zILgZ244MHHWaG3vnl+AHYktgHZBcjMH1RchKbkDvz 9qvPhWxDI0dILjSheZDSKPGdqvxO2s2g5YVlHIopEjZlBWkNLcn1RZ20OwyaZj+S sKRSEFtMvIfEgsQM1yfKaC5OqnCUlecyLKbi7Dqks4i8Lx1FXZMUM1B0ZmwcET/z gcFmY9RINi7TMgw+RxKHggQGyZlgXLumyxIB9HluWtDzkmIzrrzIQNwjsalHMuIU EDpXV22LS5VmMcEIVYVbQLyCUtEV1yJSEZIJiFYpTiEkXahoo3oEdEnD8V3FDfK5 veQSYQWpXMtllpEeSIGhKRRJ0DCIm/lpFEHn8CrQxBmGAO2YegDuCtVBorRYOk1s mbj6upTPsh6UiI0T4wqNkrsA78bLmdKwEGcLvfikIs2WK9Yvzsn4uDi8RHknkCp7 6RC8OzRJAvBnifCh8ocGYgrycGhyOZqCRAGsE1vGD/oD//Sq8ecNv7+I0/8B4hQj /Lu6V4BPDPKZq1BlVABmDL2yiQadfTvd5q8C8xO7qmxlcz5p6aStdYEnIOV/pIzt nZq77WgYsZV/czdoaPnC7OaW3fSXzqi9e92NzvUyNo7lwogOx9FLr5Yf3dS0Jn49 vqwLx8JIVcrGefJ6smedw37RfmCr0ynwZ0Zw7uO7ZmGudUvT8alcebJHBdud9+fe +TAc0FrncbF81fpRZacqjWF10myt15tepxoGb2RTOI6j2WD+1l6+PO7WT+Rw9tvd KD/cv7F2aT4uTIf13mPgls6FuxNea6qiae26RuvP44fnw+twXCqdW8VR7VgwCkNv PR1uh0/etjixK2ym9fNGodevvmzbg8M5vzwEURFzCWxZ9Opr/ya/vhk/Lq2jf7Dv WvnXTnnaKOHCvN40t4X2fHNw1kHHapiac/TeqsuZ8XIc3G53/bOqHLVp+/Ecjmqj 17tb+2wWF9VJlTar0frG2OnlRm2Jjy+V+kGvDNvhrKPXn6q0PyyvmtVzo3F4bajK cNTC9c7dUX/0D+GgUqm4NDqWK0fTcbe0uqm9nB5WT812I2pu7szX1sasN0K7UHw1 G6egXT9NVMWoLls7D/d1ozKcW73a6jjVu/Pb02tU227u+lHUful23m57RuPx7ZkG RtUfz8/5zaTQb02KnqarysaplRfzm+L4abGZ3JXc6npVDjr1zdvKXpSf1+N+/vzm mpX97dloncaao+n7c75cea7uln3LL3VVJbQetvPK8+h5aUTr89ifNDetfbFUfzwt XW3ctbtld/a0ORVqRsfb5vGczO6e6v072j7l77RHp6oq5YdKWO2tKpWboG82J9zJ +adDSPHu9m48ed36x/ZTQ7ed2uPzZmL3li81jeVrbbf4MJw3m91pU1V+87fe8Z+O HqLNIMotcahLJJMUjQJ5v+S6c/yjQkNVZN3wJ6rg/4KDv+DgLzj475OJqzpEdGPk Lo/1IBR164VfqMpPC0lx1VIOTOotK0gOx4z4IMmFg5Pv63y4hf3zjk/C1N8JVxUr gBaEuM3mQgXiCl2T5oJuE+yLg4HfO6QQLYnkrED2PkVJJ0q39NRKp65OsB23grC4 rSe7siAK+hyha+mimlcVgZtwQCOOYOCWhMcVsXTLw3B193N8U50P/iWmVu9LGnEB Q1UuxaGQMwsvBUuQ9qayaBsKM0Pzy/0UyIuYJ5MmFze4TeBc0PIs2UOKZ/xQhCV3 PuKbzpdoUJWUY/IVZeNWS3KeJ+rUn6tAfWsvnSLKSfhI9O5kicfk8a9HmSVsDJ1h bPlwhURUb7EVZXPGv7RKGEk9dN1kCYhhweGXtbu6MgO3jZC4Y6gq4kh1S6DWhOOy hWudkQg0BGeMQIm5KhCT8b8IuL7Gb1ssSDpqfIiX/IsGWVnG55bpNSDo5l2O4+HE Kj2ag/N4cKcsjb+bAo7jgap/uN8hJUfyzie39GvIv0MEs0iEr0ivD1F7ZZ2cvHE5 fndUJT3/1eD6+kHOxPohsPSca6N/Edp+/+IHe/J40ej3muiptUaN/qj59P3mXMYw zJk0hppVugmKLU3TWk2tv5hVn3p3q36jUbmLbo2H3vDm2NVWpef+Obxp9R+bw0O3 /7Q+m5pfPa5V5Skskjod+NHNtmu9rWqnZlB4HK8Gtvu2GR3MjWf3Ouz1oDWmncKo MLX10jIymo3G1qmHZFU8qorxPNgvnGWwXtkMr27dXnto6+7GW5cW+3GnHW5Lt9qm s3zbPD8W+o5prktBAa8G4dY53ViTxlJVtP1i0t9Wy8fNNHLaxVt7rLe1SbtW07r5 ufG6G9qbUjjs5pvexIqqDZc84MJN+3HuNNr76HZ1oyon3dsy+2XUbpukW357u33T Sv7BO/caNMq7RuU4qR8wru704vywHJDGjh40e9Jrt5rcdtUml7B5WfcGVuGhMWk1 5pX1Q74wfKrvmp3a40ursJvlCzO7zcyV1pltzov1tPVEJ9aJ1vKbcWs7mna5N25w tVVznkcv0d1zd9ktFGa1fBGPRjcvVq3ebq9LeDl8XS4fdpvebZn4dW+jkeFsUnSO D3cWgy5Yo9wbTW5W5Gn/3M/3jqMW3vi0sNHy7VXgR4V5dDfdbMen58oLX0Zjfran vUKNlIzO3bqnKr8Ndr35hz3tJ3GkKv8BUEsDBBQAAgAIADJPpBwnbB3l/xIAAFVS AAAKAAAAUkVNQUlMLkNQUOU8a3PbOJKfk6r8B4RXjqUx7djZva1ZJ06Nd2zvei/j pOKkZq4sV4oiQQlrCuARoG1Nxv/90HiQIAlSkidTdVvn2ZUooNloNPqFRiP/QWic lQlGb7hICNubv332tG5LGG+1CLLArabOW3zJJ2KZY+5p5yISreY0piLr4OSiwNGi DeptlY2EzjqNSUamrcYoy1is2mRrglNCMfrp+Jd35xen704v0MH+qz9DVzyPCvTd DItLSS2JR0g3pARnSWh+TMs0xcX49bOnt4wkaBEROiJUoKiYxRZGPt9eXVcwdyTH o7Pzd6cSVdV4nCTnNGVnJLN9Cz6DXo3imDJ6noyqMSvUSVK4OD6xk6mBIkkbCOg6 P3klwQrMuQGLJOYvJLH98RzHNykryoXpV8/VEFNW0rii3g6QFmxhnxfLLzRaYPvz MyX3J5HAFYZLTJN/4CwfbfTqs6dcrQECGm9xMWUcH+2rjpV8f/b067OnSP4Zql+7 v/JZ3vhNaMpaDWoUaIgZ5cLg/olRMedX10dfg39GNAhRcIan8PVTVMDXcV7oX0v4 +mcpQTQS/5+EyIIwOC5n8vMS5/LzfSzk5wW7lZ8nOJZoLj6/e/fgpeYkWmpaJFkS /FOJ5efPOIHneSk/zwoCiCNAeQnEtHABFsvvqz/tX6MjFEz2g9dOd3xVq4iv/zsC i+e2CHYFquQDvh/oA5G4+ouXBl5O/3V18Op7L32LpK+LsgRf/ef+dYPctE3udwIv 8gxe/0X9NVBoPe8bII84z+dFxLGCcLswvZUzbY7NssTXTOQEmi1GI65eqWbdwUVR xgIljCeRwF/kk+x6YlrBLiNRwYJGYBoXy1zgRNK9/7puF+wL6H6rlR65v+K58+Pe ec4xxcIoILTlhWxNR8FHvIhIhg72/nqIflzmc1zkJb3h6K4gAqOYJfj5hAZjiylF I1BY9Aa9Guumr7WWWJyfeTTDh6jQqK92b6/lhyLgGr3RrbjYLTkugFdvJbI3Cz57 64zjYju9jxZ5VuNTPHiD5ButFwosyoKahgeYaMX/OF+OrLFSRgYmsXtwPX4t+1++ RNCBWIrEnHBkKazWxE76bTVp+EtZMbo/Onh9/wY6X9/v7IybBuNr8yegkaTI/40C zY1A03J/PUbPj5SxGHdMjl63g9cDuG7XwWNNcBvTgztLA4RevNDjjqtFmNDv0MeS UkJniFD04fTi9BNasAQHY1fOKTC61q1whgWmt6Pg4+lPx+fvTj9+OL68DMYhJ79i ljqA4y4WMAEhqn15AA1BaNx3iAwOaHXelvCgUaMXwkrGl4TxL7IZdG/0InEGMnOz VjREwRYP0VaCtrj63H+VHFYfsjEIkTLbyV4SLVl6h/HNdYgmTX6qzhAZb5PsLeBh 90ACJntLHBWh2BPky5yVRYjU44JQ88Rx3JgwTORXRuWkjTFz5gmrNSJgC1KWYzoK CLiRux0RjMfoqCMEOS4KViioGsfdnGQYjVI5JB/FFUdjYK5ICPVJU5qXClj2VnhS jvHNCKax/y5El6en//Xl8vRT3f/yJRLFEgmGChwlSEVjXDkNNJcNoGgtAWzJnQQC udPAE88UuCgyTL0zkYSqeRyAUD9HKbRDWz0lR029JMDCx/WQFq5SQDle8IkdomCM gPPxGEZyOyEURMdxzEoIdyT5FV9bkEqWnx9BFxqjYWti1USw8EV89efratKCjcct HTeOo1/3WyYFiL4sp//CsVDTUrNaixpw9yGSBP21JgjaOiSpuMAsmwLYPQA3vT3Z 396AyLOCLdanEAhU0auk7y/XbYpUEGMFST4/jqJfdmG1d408eMhqrtvBQWfhelF/ xP9TYi52tccmdLb2KK9erT/KqQ0+DtGHv3/wY3cDlEqmGo6kQqkFIpjjLNe41GKj 335rQ/zj9N0HB8Kvn9VWRG9Cqu2Hu/GwsGrTBmYKoTTOGLc/SpoRelOZwmpO90SM 9t2WxoSMYAg2Rm/RvkOdYFd1X0NkKuMn36cMOZLBCuRdzOqNiCbwilkLwqhaDBQV GPEcxyQlOKmA7zCaMZQxdgNGMpXIxRwbYwlxroBmwW4wRaPDw7F3TkdHaF8byGpt N7CQYKQvcVTEc0uBb3Rjtp0V+gbGuyfOWseIe4T/8DAYCKHaAw3y44yVNBniQxvT t+LGALGbcuexNu6R9m5gyE1s3yPt4MDo69jEIfvoh3zwdAyamoZHH7Y6zWFaLdMC Rzddn+a1e85cNjQINmoDw7XAHLaEQdvzjEb5LK9j2AWf7ckGyL/c9QSyHsm2se2E bhsE20HbuSvrvnswHvLkRgFH8VxSNMMiHlmFO31/toKEUkLH8xDJwcf9nDV+yADV 7XYngultGHz4+wfYJR2BTjobJHdjXKpNlfx/15PbpVi9E11ygRejABZgx24OX6Gd lBUxRjvTSMRz2N8hw1P41sZxfz3LWC/LKTwgfI/jUhiJ6CzQwCJ5hNj5iTOOHzfZ /X+fyXbWvpKSBm4b2lg96hePhqa+zzG1mlpgXmYCpaAKoE7bHiQdpQWFLXYeq7G/ S1vb7rLOeGpl7DhM1bhunqaKCfos/tdeP74mZXoL6NK2uTv//+yaV2xTN96jru+q PY4VovECL9gtViF4liK1+ijD0S3mkDfTJ17dF9ffDg95f9QF7fH1q3Y5SG8J/C6/ th2TCF1AVicmOcFUoBSC3oY6m+MnQkO1ZbM7Nt+GzaP1ThIXyDN5DD9VZoN/Lxik r5SAyMdu8sXFb94BEVTnG3+6bsqAzbW3zI584Yru7FyDBgPjV9sTeOEaWLo93h57 F5T2Jxvso3MSKNgAm3Tqtu42R5EkUWvQyMuByjaW37ANBT+4aSoN7GzaFchzB8S/ JurERs5rcQMnNSN1XNPkcFo5klRv5VXk1wQx8paahI9Kz6osPRNYpxG3+ARO9Dr5 gEY6tSzjHLqb6VR3ldqM841+iN5s8R+2+Fs0aojWFh83aYBkHgr1OW1/sNKLvous nytgcA0LmoLhAlWW0kAqM9MDC7yrAJunupvw6yPOM8j7ruBZY5YhIkn/TLWTwcnu 35ZA3w/thbd88r37i3FRuNi9ZKm4iwo5R3P8BTmLn6M0zTCchE1o62Spfyfk0ffu PqJy96fvz5BH/avtQ9p1Qapve0K3vb09Md0u+pnkKhfTF8dVGbLOZmRoo9IKMoOB vc7KuHxwu7WaS70ODdJnQkQSrT3HQ1AioFixWnzdqo4Wvw1TWq0106sASEl8Qx/X 2aPZTWC8SCCcVmK5e4t2UzB2u6Wxem/0OVQl8NUDWGRlQoftjXeUxwzRSiDrDZbE 6t019cb/7d3SRzgmfNR+wIhliz4jkMAHIxsU3/HGwfWwj1rhn5ziG3elXbPzIRJz EIfnbVu10jX1e/Rv5pSaAtJF22NikX+qQy5mLffSBrzAd3xWsDLnHgf3WL/wWJ8Q +BC8L2YRJb9GOkkPaqTCreWClRzVFuESF7ckxoooZ90ZvN2NR9wBftKps93zk0P0 BqLfvVkk8N5Wov/ToQLg1QfPK06Xm3HEWgm+zdyZPzGG/Eb739LPPfg05+vj0oh+ l/bgBOgrXJk33Pe7sK77qvn4gdnzCa/j8jutlisBw6ocVulzIg3X1OSdF88wEmfL 0u94vnbLH1an5/o2oT4X0+isjxvd08bWYePDhkWqVSEkMQW0SL/TqLCzBWzPnj4x NW/7nfMA/wo20/WiIPhWK5OkBG1v8W29uzJG0NRzgvAdqt4gRIZoW+bz8/HZ2bvT wPFemt495UH7oVq1R8/Naz2kfqb4PscxmCywQIRaavoHMEpp8KKxEyzqLoWII8oE FKnEczhfffLkq2sUzFTkIBmheKR5HaKDV9+rKjKFTHYi6NWM03oKiGSXChVgpqo/ ZlREhHIUaR56z+PtEApCZWR0CxjdJ4Y6+Q3lfUSV9skfOkFhqx+JzlEcbgNbm23I 06ZzGU80bvji0HNUQ+kxnpCdHfP0oL4MWCVysknLcV693LL+Odo5QjZFqqZnX1RB GruDY+0b+AY3zMsCIyK2ucqrFWQ2N2wmVLXkc8VpoKzOYnFdTeCO0ZycZtUoV/qi OfLbb6j6ebg91sJYtdTseZK7HNA80Lkku2Z5+7TbzcZZxj201ERbjpaF0xMwFqGd lnNzcbvoR1ZmiRLilNDEVWRCjY9cU291LSUa1dXyJsnULYivjFTG6AxJWl87P2mr Six1isROL06sGZVvQaAtcJaNKl/YfaNRVgaCMYLqV6gGhWFpowIzNRHFfh1RPFQT cH0kqqv3q6l066M7xebDRcaqFtep6tV7DCf0sx4dMNYRoFNmayVXvTvk3EwpYMqq rYp6JQwKdSLzfK0TmSr6MpcYvDv1OqBJWV9IU4c1IfLgqpxjyjZKHhgPTrrbz4dK NNe4eNG6WUCSxuom00YNOkk6teE0mXbaHBlwy7KdZ5UWr8q0TW3+926FuFFjiT4M tvhLCHscWblTDriufQ1IspdMg0YmNyUFF2A0oRAIZALsYqTTxeDZogyKL5eowDPC BS5sARFJR2iUTCvZUSQ0JGfTg/8fwdGpOuEUcUyh/mUeSQKortw+P0ER52RGcdKK 1Y2cPVdnYcnUWF/FvLVP7OxxW102IxGFihFow9IeiU6wG4krQN4T3NrghzUsAmAf tJoG6pRgDh9uOxojp7FqE2J0hGpQx5IYJkLYo06otAQY6dhscY/hIlakQmezmoG/ loGSZE1R9lSFkKSWR8CzgSVLeRzRFA47ULCVBOEL2l4NipTvfmze0nK5mdl3T4t6 c1SWNyAyQUSBPOrNMbZT4D6e3A3wxCYQ1BrYUVYaV9rJvLvUONtLdWcNJmHvqXVm a8IHCdOKHAZvvLWsc9Mcq23XCuO7spBcS75feu3q6ETfY8wwLJNjSg2iaMe/UF+7 iTewvROq0rBBSBIff3vVvrU5bpgNswKD1wkHmb++3/vDfZ1/K/vVv1V8Z6piy7zy hRA2np+oL5VdcK5TdjHsVsUxbvRMO8b4d/pS6/nQH+H69PyQl4Z13B8a9n8Gf+UD YYj/m27QZhj64xkfw11hOK7jKSMKHunx2FcPCrVJ65RLtA2ogmgqcOe+r0qQ992Z NQq4ge46TkyBzvS1z86Nw9rk1Wcknv1NyfVNt0qf1zCHjlCryYVBGKzp/o0mqdeg pgKyGuH2ehI/00UY9l2PiNJO5NBTCDRbp57DczpnSpRmoaaiqk8yizwQL6crqtp8 BeXpqoL4WV9RlZWUbnVz53JMFXyuCNsGsgO+8ylwk4Fh0+qS27SzZ+y1G/VOfEgT f+fdeqWtrr6yUvTedba5hAHtXX0dunvZekWw9DeYHHi+bvH2qsTM4ImqnOnwmapd ZQn4h1X8dMfwF950rp8OI3IKcWypVReoOiU1R3sorrJ2U2xPehLPeaN+fa3DUw36 iIqXehHgnmfw36wsrAD46QwhX86ZOoKUo9aEqPc/nv54/uH89OITunj/CZ29/3xx MnFBG8Cf5rjA6pKTmBcYxlssGEULwkV0gznYu3iOztE8usWIY0whq2mI46jkhM78 VIg55hXFBd9DSA5lMiaEw8VUVaGpUiaT4PBwEiCWphLski0w3MLlKMcsz7AfPVAM XFFZ6rs5lmj0HSyB7wU8LM1t+hlTVaByPOeGlr6v5cdsOT9lyVJTvUSLaAnX1OmN xgyDS2C1IyeijR3kVfhxEzX3KBZllGVLm0mvR7KcgFMRjBOcgKmQL92RLAMB0C/4 cTtYOI4ZTewiAjbgNVDLUp2kmmaRnIxK50epwEPsiGDzFmWwYlOV3ZJUNeYrBz0H uiKB4ojrFb2bswxXQgxusGcZu+jQqMxtixYXTaxhlsE5DuVgA+IH/+4HkdiiaaYO flIJy2h1U68624VbfzNMJSAsCEgU/LM3d0NirQo4DTskvruokHMwnBdzUjQYL8Hk L57jLPMjnPiLuSfB3qRHv89TtGQlpPkkseoCQV1OYLhz6H/zmKM7IuaIFQmhUbE0 bADBAL2PaMJDFOMCTslqEwDSvmCFtQ17ftww+wXjAqUFzIdaLU9ZAQd0Ws2bl7om gV1yEMTQj1cboEXJlQXERCl6UxYsFiI4ztIQtHuqFBSAih65VoxwjE/juuAeFJSo kfSce1SjscyNiSqUMIShtLNCllg/ZpDSBkafviK/6MiBAa5/1h2SwGTu9TmIZgy6 W/2hz1RJoJ1PykBvuAPRwdg500iHazRCtAlBq/+6U9SBaqNtrbqLTQsFdXi6fj3G RiWCLeSPr9P4bhKh1cWBm1RrNEP3R/yjVgMxu2fP3UlXrhvFbxyow1T0P4+R5SpN FfjKFz1bc3Up364WLLVopdlGbqweyB8uNMTs62U1/8hA/psG82sH9ANBvYqY1VIU 2iCC9Uwwx4XYm0fxDRzz06xVX75BhP+Novzes93N7GDXcg1vvH9/+bOWQr/l+Qal z6vQf5uy5/Ws24alz0pB182Owt1LCb8dOMcDz57+L1BLAwQUAAIACAAyT6QcdkhN EEA/AAAWewAACgAAAFJFTUFJTC5FWEXsvX14U1W2OLyTnHw0/UpLKVBKmn4DLRVB i7QFC7QBVEoETCkITIFAqtByk5MWZ0oJEwdID2Uc8SrO6IwO3hlFri9zxZmCM1pb bRUvDqAioCKCHzseVARtS2lzfmvtc5KmiM69z++P93mf14Oc7I+111577bXXXmvt fXDekmTVdKIiFhJHJOkRvZfIz3T4qyJXbfe4yI88KvLT8//t59A8bYE/uUV9YOKR dKFATQRzPtl5es+DZIfuAeI37yD+gqcJ3aJ6dXozEbqEkwelzf2XnjtfPSvnFq2n 23vE23PKH9dMDqrI2+d9HQbf+V6/eSfZcTrvC2G6y7JFImq3/mWi9mOm67Es11jN 9O1proy/cG9/Pbv4a9coH1QQXu+DUuKJe5mYir9u0AsDoibwgUr4SHPab34CyHiK PPkAyTu5s+3AbZVH0le8/XnfzuPC51cntxXs1LWoX56TdfCxrLx/9l/e65u+JC2p frZ3+oNE4ypt0Hun7yJm15RW1eIX1eRIumv8gbWCeUkapCwH5ryowqIRpXueJnMA 9VzIGBGSQLFbE1iqOkCOpPiTHyb+uN3E2MbHtJaSnW0vbiA5nXrV5C9Z3y8VZkH3 9CiRCrfD363w935Cp6psNH80A7BXvjSHgfwnWbG8w17JCie3CRcP3kBy1Jz3HWI9 1zPh7lg+6uAocugGQj9AOOHCgTuareoj6QfjyKE5JPAuMbeSm4+k+808zEw9aeVY ZiNkfk5atSzTCJkm0qpjGS9kfklaSfaOwztPH3pCdSQ9rQNQZL+WzMPo0sytHCQ3 ykktJBvlpA6SXkx2bAkWZvHcpE9E9QFJeE84U/wRn5njvVXiR7IaXU7RWpXI5dyy VtWgy2leqxLe9nXoxFPF7/GjhdMAiEySdLw+R1qh1ot/yZEq4Wdvx4FSNhEdB83k kJ0U7DS3qOkXUquG2KgxBRXKXcKFLRfs8fbK5BbrSzazcx85mELorFTIPgfZTnLQ ROhNmH0AsicIIKLZkN36wFXIf0sOEo4OZ/kezHOY17L8ZcwbMP/daMgvYvmYgyWE for5dy5BfmLsQS+h77J6zO9n+ddGd1l7G01Q+MdvECgOC/dD4TlCuqxn8XUGXycJ cfpMdP4tvlfVviZOvSnZ+bSJlmLW+bGJTsHEiuVvdAjLuWPnNct1UkOwZeveizZ6 43Tfqxy2aJrfZT2tImKpYD197KywXKc5KU1xDpjoMwgR3cZroRcVGVLLJVBBqdV1 6fYCDyXraYAotnKNrb7pewnh431NJwkf5dQn0P+agtR4idOSQP/tJkjbWrZmfGOj qYBCd88kNkTnhAQ6MwZQYt0lGyVY12L9xEb/YyS0aLFSGz0yAlMM+s4EmsSgm62f HyDw/oS9P4W3VP9FszVwgBw722L/u6ZdAHqbrZRVX5BLn5NLnZMScEbp1hLfq0nO ZQnOJQm0byIg9Vv7o9s8UZh/pRC6FOOk+n422zT+Rqh3ppidhJMLXioAOgH6w3sI /gFA+hjAGGQmRDmrE+jziCOwUCUXxbF2zooE+rtCxMUnyIiKp0Gu5eEHrha3e6Y7 71NKs6fJXM5nXJHLEpSykYyIh67amODRt2AYOhANFXH6ldaflwziHA8T0LL1UYQG saNPILSc/AUk1XNaHn7nEvKlU0+cu5T2f45on9uy9WFsDDJMvyvGcpacrjRedDnU +LdK43siGg9jpP4uRGomdu78kwI443uAfwoB9hUj4D8UwJERgCCU51TI7vBM3DQB YG30P6GJepqK8LHC8v6e2WoL8WgCvqDzvxPk0b7NaIfBFrfzyc5jSuk/Bks9U1Aq 2CKRh7gzERDjxGZEA2pMvJeHAg3isSQNEvcQ+vxwJplI8gTsP7qtfoScNRfL/Hmg R+GPXKyXoXhNoFLlazpHIFGhCsnMiQS6GZdJIOF7MrP2JpSZfoUhiAUkAQb4KQk1 lmAdsca/JNc2Hs8ah+bncNEPzo+vKHJ+niz6wflZUhQ5PxuLfmx+Hspj8xNbdJ35 WSTJ+C5OHcK8j6dewzxxfCTGmTLGF6deB+NrQWQrJBaoQ5wZk0jHTsaJK0l03pRI 4yewpR4E/iU4b02kJybhXEr082G45HOE5UFJvykRfoQGozTb2Gz9YDt3gIixUn0Q 0jZ6GeA56FGKb4yHHwUKQaJQRjpAMaj91g+mSZLneWhD/ziOyQgoPudtiS1bXwId HHMLW4SY9N2MCpxRanHelUjX5coCkuD8ZSItVki7g5Fmdj6SSO+IrB+t1OdjvfPV RHozYsNBHkwNo41yHkmkuQjp/CrR2ZRI4/IjGHApkb57o4zls0QUn4skLGZP3BKe V5DTPxPxF2Eh+tUtPyhE02+JFKK7b/lBIRrOAEM6a/IQwCE668IUthCDYQGYMY4J wKEpgwIQDAnAUklu9PiUa7Sb3OnWKdcRrUHMn49lmH92PcyfBWUUs6awKfCMdV5J pG9NZLtUpOJAKfgWVIYBePpgAtufzxJ+razbof3cKfJ2B1YC3VPINOrjlxWe7MI8 2+LFFCwRlp/RnPTeOs4TE84BzfArWc9gCVYSz7ty42ejWGew/cYzQlqsX9nog3pc /PHDZJAjhSHNUQEarZcunsCktQ/WhlTfRy+PQ9nulffa/GH0aY6RGhqeM2FYJf0K YIyslxTsQNmgsPZmqD2KtWJSRKkdSg9BqYFR4HRA9tlxoU3IuR6yj7EsdOL8OeR2 Yo7hH3kN/vuhdgPijyh7BsruRuzOf0BqwThm3DAF8GsimiXtpnhhmVEqZ8tYD2s0 upIt4oIb2CIOyos4OHQRB2lw/OAifhGQxMlI9hsZjqjKe4z0QgF2paywL4bR1wrY JhGk33JK4plsXHOw4PJH4fKd/SPk/KHgR3VKXSQ5jDX6Svo19lNJZ2WHtiCnNIze OkhVBkwoK1ckE7mVmMSMTSqAPowRLdeBuEGBqEEIOXkqI6Ry5ibRpyfIyuJgHBtl H52PZlrgZ0yajHlDpOk/chVpQslTG8JGHAjWfLW8BrDLnyVV0kdz0Xb6IaH6Re61 QrUe2jhymVCFpMieGylFc1iOseXnADtVzg4Rm2xs72yG2tG5bBUibZ8l0edVSJvz r1ChDjf7vr0pG5fOCwD2fo7v1bj/idj9Lf9HxW7b2H8pdp78oWJXka9I2ya1kpiU qYjdC8n/SuzG5v+o2PXmXkfsNqqZ2P13RljsEofT1/PCVI1kQoU8zhwuy48Z7WIx OVw+RSnX3cjmD5P1lohdrTxPFjF7jCJiF4Yr9tejKiVRkaEYYseGK34O8+VOEHvl PaTFutdGnythQ9OBtpTpSnZuHk5FHBEoaM45ZzgdhmYElr4rjzP45F8zwQUA/Peo gJEMTUJJ2KYfIyzf2zNbt5Xww7DREwyVc+tw+iasTi7wO3KPEbYtqR5k8LiNPg9+ jAE6gjxdjM5DsVXn2Ti5WzQCUc1k+y/HS1ZIeW8p4k3s18Ib2C/xnOmESiI0wZbH 0RO4v2hgDY2XbPSNiQr59GVMLSk+6hklqmZ7p1l4rXdakSemWbu75+TotlJgZaAS u56Ffo04Mkw6N7lN1AjWvcwEnSexMVqLGFd19J6J8sbGWNWWE2LVE8MpRZ0sWHWw tu9Rs0ZvogkqWPuQ9wr/fRcMdqGeu0eNDpGdtmQBB+z0iyxkrj0InJVdJTt1Y02X tQ/92F7Y6RLsaEoz1W3tVfnsfeB09gn23mJrsPETj7bY3u/6MDTFW2GKhSYO/OOf S+g0M//4gRiWdb45nHYPyMYNroTf3iCPRxPwE+fJ4ViUmBny8/j1119gSUjH0DXT F14zfTb67dgfXTOvZskqUF7CULAHXQV5ea8bO0RYVTCSeo7xwUlhTfw8aHN+PJze NMDUz/tQ0he00bMTUEudVHILMphKRfJDSuCr4XQuIhbLYQ4r7wEFNx4AzRZmyHxY IPuM45wNCXJFHu584dwYzNnsdHQBszv6VKSnHK0d2ID7CP9cJf3EjKij5d6fzWUG Rh+6La+GPY/UZPo6VjgnJYcHUdcfHgRMDB0dHgTmWtJDBig/vMXaDzo+GdlzLh3N PGu/aJLBpiHSLms/Ye7ELcl2+k6+bAjSCrNszyuAg/gSEFRGZ0V0SDmCfJOjaMck syzsdhpLkJWdEQK85QJR2UOjmpZML2EjNjVEYqN69GpoVFYvrJt8HNSiZJY5aEFs F4EE2Ppw5TorgeB2C6o+I4OoRWx2umsM/IT6WxCSgaAiA0GZfRPDHW1tAuo/yAtr oZF25/JkujiHbVhQ5/xlMr0Nc4y7CHyDJSQii8VSOxOI52DuYs1MIP47XxaIHCYC WJEyQRYIWIPMNQJpiM1n0hCMkIYg4Z+vpCdSFWnAjh7PDvsYoxlAjN35SDL9ezYu oCjn3mT6F4QQrMEhPFZr7ZVswJO7kXlsyC8n02l92Df9tzSFeli1jxLnW8mo7UYo RI9G7cmh9gz2gfbkvLfke77qhAwRTaizgSVBWKJ/R8Uu5lcyLwIpTRjDtnGok/Nd eczXaJJkhzU0Tv4IDsOTImuwSvpmmqzDnUeTK2kP8q+SvjNa4QCQTX+XdZ3x6VQ4 vj4Ww4NFAzG8eNRRF/QhyXonme7OYvEDOXLE0ZVyR330jXR5J2IGVJCuNisGFCo3 sJpGXUEeSfVGqd7AbPGVZmYNYzXE0fp65WoDs7mtZoZUxyzuqUi9k8I4bkCcgIJZ SRmsGC3nkVhc6TSNoFlyqmQETZFTC0ZQk5x6ZATVyamzI2j/GJbKGUkvyanakZTK qQMj6Rk51TOSviOnZoyih+XU1lG0TU4dHkX/Kqf0KXSfnMpIoX+UU3NS6G459UAK 3SmnjqfQ++VU8mj6czk1azTdIKe2jaZrFMyj6d1y6rPRdMGY76n0/rBK77fR9Eym 0jlZpXNDVTpHvzGzSelnKh0ITKUqhpq+Piq8AFJhuti6NyD70cxGfZk1Fs3slCF1 Nyh1hrHMwMbkxhEh62d5Kp2dIVs/izWKxvoqJnLXuF+F4eqtjShY+5lg7dKGBGtj Kr2VGUaoChpBJlpS6WfdbFmlpMoqUi7/bSqNSmWi1VqSyJZahqpla3+QCdmBbkWK UHZQyAZGMyHDahCyf1eqdUzIPh6tLBEUMlwbOufvUyvp4dFMyAxMyP4xOiRkz4/+ 8YnYnf6j5rFzTORE0LkjFQ6VjgzPwyjZ5ELy/pnK2ET/kIPOw4jBii+Viq05bFyY 7B4eMQOvWeQZOIHWJvJqXTTbwp2GMfQZy+Bk+Kabxlg82laIoQ8TzKYxx84LVs6/ bU6WpDONmdy2DGFQfs6bqljaXvkyhNPrDUIn9GSeLIlxwhlfp1qaArtTVamm11cC BraQig79Z7N9TTpQqGiVvZNTpdUQTS8ccFlcmoAXzsa08XCGsTShSjgKmDaAyPpH +NrjfecuhrCPR1zZ4nClgwX0V/FVAC2cBnN4JtbFy/18JOrkMqUGO00RTnfpVcTX jtvkAnp7REuhPa9LhBOlFcuXtevw+OTArEltgp2D06woMF798WBdgrBVqNh4D8za r4JKoUIH9ZxcNVmuQjvxwPgj6dvLuO1J23mV/w718sGKfKjI336Hajuv3r5IAxVK jSG622OGoHycaYzMb+mROVk4C8Qj0v5PpOQkM/3Vp1T7KY7DMwygDVJysllKHmnG eRj+aVWI7sltNmZG/0livcIU2qAISx6CEkgqJfRXUgcmWfo+KZJ0f4x/0TVEh4pa yZQj6c3tB4iMe0ozcigMGd3dONwXXNykeamS+Aub05rv35G2W7goxvac8QUzNwe6 dM1pkuQvfIi0ShIQrCZKQzv9uyR0hkpaSRlM/JH0B7O9ZJlsfmfYK3VCk9GsF5Yb fFezGhZ7r6pdCwVrjFARF/3GpgQvTm90p3bC7J5TPSd9p0hL/Znz8b/JO95z+Tc9 l7cnWc9Hid9gDpKgFb5rqTjTc0rzVn9FM5dvdHNckahRW7m9577eT/bqBatxxXLh 02XtMQpDZbOn1Uhs++G/ajgIkJa1c1jJzqC2/PnuNGngwMxmK+7hQoVBsKNcqEWt jX4SfDTEHiyGidO8tD0LsEUfh/X1WZqoFtrBLGmLqaqy0Qek1i/SIEcyQTA7QzPq u6BGUwrGz9mBGN80CVqqiaiB6VNpBejk95JwscUahJblA1VVsEjeQ+MPR8ApCJ68 mAYqEhbxnotpsKtDVYeCmU0bD9YiwweTxUnJF9Ps9L3YKjmQCpv7RThVDkCz5Uo7 e6X5tXru1SZD/7HA5f8Y9sblp9Jw3RjCHOnZdneamvC6Vi2xiYkHbh3KFlgsRwYU AsajRdGP7hL4CuIooSmm2ypZeP2r03zWGK5DmGbWQ0LdoesX6o374Ph4eUk2v2z3 I5K1D/W4nYPhNubsjpY2TvL+41KaypO3y/j+xpHelzGdEAm1+bNAhQZyCyW7rqpK qugT9xd38fugxBYqCczQBKZruqzdktRplci+3f564yPRUuOo5scvpU2SfFeH12sC UZpj5wukP/8+85FAgxSI13grJJX4ju/riduaugH2MIhJz+cqa7fYBjUG8RC8OfEA vNXic9410kfi05C2iH8ERzDvOAxWxdvEf3/JQMSYl4xE1L9kIqCHunu6wDiN8kmL eQ4RtFh7IVbZZxOs3dnSZptd3sNwVW/UsABNL2kaicg88eBm0L8Fn4UMx6sffDbQ GWzUBJzqwJ1qSkhgjTpywFvWdEubsdijXlBSxA+PbmuKiaxfsuN9cTTW36VeCnWm BQsja5cuYT2a6JwgdPrgs2zm1LueDSwMBs6rQiS3Spszrd22QYrHxYJ5wCi+pdkq 7X5GRTzjqBZRMJq1rRwcSUDSAEkDMqPNVkl78Wg00DdAL8cEvh2gX8Y0PhbYpULS HlIxKnS0fQBQsBHx41iRai/Mv04RAD3Qn2hs2xi1i8nGriatVNG9+T1deEB6GBFr pgEdEHhgQE7TdQNCfXd09ybNSxAzTxmKsDFZ6adi82cyOFAQuGsAzq7y2vqT9S1N J+Cc/fKz+2Devy5Z7tHCVJr2HSDNR4Xev2je/vqgXpVx+PinhntP7IONK6dkGZ9d MsHzcVFSw4deyJzcN76d/1R99OhrvvcIAAVf93wrvht4jIBYsnECZQqVnf0VjbZr iJv/sHAGevkKe3nz+Kf333Pi4V28ARqYeIMYz36jWPNX94qvDOWDtbi+e5NciW4r MmRzPyuMkQuhRMJ4kgEUudzM19Sv8i3vJ6A9+wPgVUasvKZhEXznP63yvaKRPuZ7 q8SX844f5AjMQ2P5gjsHW1QtgTY3B99ovLGZer+c6BrvHTC6Rni/THBZvAM6l9H7 pcWVDCl3gvc147Fz8h/1u+Jf89q8VzheJ3dQFVghMSXYEZ2Jf75L609TW95Jt1qs FpslKT3ZkmFJtcywbExPzLjJcrvlT5axlgLLQq840ZXhvRpVn+i9Or5B6xX1osYr 5mJJdNEpt76srPdvIJRLr8j6S2evRFUR0mF4a6B/UDE5d+/q7vB6DC8PG9OtUnnO 75IqYhqXlOTxepjn5KBVwvxtQ5rcnNctBIUK4/l5vitZDQXeK2rXuJKJnnu9V0ye 1Qg+aRC8ZCN/Z8lifp7ohq4lSdQyLRqxRPvz2h6F063AQ6RkYpfVaCSeTETx9SAK KDUQwMOVLPZMgAxonxHQ+y76XXCXa//DovHhnjVGzcVhfZ58bHnHYEsG9c/gLveH 4viHez5+ZNvhnnOanmGvPJJ4wjMbYS3XwO4B2BORxAnvPextksAy7DkNe/ZpiAvG QdhJNUZogrhhn3+MmAzSdUjarLZKcMHHdxwZDPveSXlWD2lJcfKSNHeecPrY+S7Y cAgRTsONqPOd28xmSWh/+6w2xSycfvu8f9tY80wEdb37hNm8G3zbHmC0R7clJ9Us DbQSta1Hl2omap7Zu6hu0EpKMdvo/BRwAZ4owDZrQ23yw23y5TbqwTbjoc1obBNh eTHT650eKJQtxxmyUakYja91L+to7qRq0tz+jmnrWUhsPcs9kJtUmrtXdooeJrhB foXCdcEGry9gl7RWHpSkSW2Xnus5NndFR+F27exgxQXPDQvvXACRgHukvF582yoZ 741ANYjFFyoZgarpq5aX7pH0S6qWwpaKSX9TvwD/1etwc02EzTVBQbj5K7pPEgOB dzX++ov7oOJzAJ38hr/ikr8iuL3iOwhwShLbK0XVvkmfgCF90itavFd/5h7W/Idf WHxXR8BmuV3eLN8eH2jSeAdIQ6+vIqgSj2LyS0iqxdcwec7b9F0er9lu/058wbcm +JHIQZ3lBa34Z6yd12MNqmGPgDLDCypxV2CyBkyhQkHrs3Jq74DaDX7efTqQIMDn t/a+oAnUSd4BzvOe39odfC2wEjPuwy9wkrU7cJf0YP7E3dCoYdQL6m1WCMY0HoM7 QEePnT12VtOusvYGJrO2v9tm7QY76oXIuu7ACAn6MAUc0paKIFEBpV8HqqS/QRTs b0b4a3o+oD7daf2ObLdfnXx8u71PplI0/c3YCZoBSuWCR2fP9tfrYFAmwmsLheGQ beJaml6EmYoFqzDK19RNPPqAMwidcQtslc1du20Yn11IL3+brBfs3dHHN2kCl0hg AHsCVC1Nh8DAKpSmzJrlX84BYoj3mAqFESybrKePD+wv2pusX0IfGijs1BIghgDt V1sqDuVd2fZPQFh8bLNaOBb4A2wsujCZyF3cwl6c9EmhXwtXEwPtg/WsE09soTAN wcz6aEmMLkSbjeN2tEV3ebRm/cu8hd41UFzRXa8RKroDvxpsDFmw2TUHdaTyzpbl Ly5cAEslE8xXsDCfISo+CnZ9QGQUwfLjDK06cAgvcYwS6NUAcUKIn0cfb0qgPf05 3mkTPKq5eceaNH77Jczx0c3W70CSk+bnbNf6mi6RJqPSnVRxib7WL/SgtC/vBcsU upymBWeqec1Vb3+dJxahN8NauQRaYLS3fyMcPPQv9iTALJTefruv9pJ6E1YSoqm4 JEtkjKjbb6FN/bcXn9rcDUWl4ILsn0jX9zdbr9K1/YL9EpCZm3c473ROM1cygTeU WEDP5nn0OfvonP65t287fF4P8NP6z12BZGLeqZx9obWnoRP7z12Mfr8pSngT+kgB kMCSfj9zAmTeR4d5L+oVzrfayHjrBY31qxy/VhYv/ezZOV1aMJJGwwq/CCPfn03f ugor3dPrbbpg26Shb1zV+5q+AEEEVYvHJ1/JfoOBFOdm527InZj7+9xncwO5F3O/ y63KNY/tzyVjubEbx2aPe30sHbt2/B725/bcO3OZWwDUoV/fn1wlXCxFt6mS/lcs nq90acAhYQoQfBDhnS1fEHVxu1u/5zECejCqS/cQMaBPGIaw6zS6x1DlC6/DkjBt eYWoXcbi/3brtkHxtQ1Qwz4lVYUaP7oATiOlKsgf+sAiag59bDmoJcqNyYO55NBn lgOlR9ID7ScQ3G44UNZs1TEHxQh6OYY52JzQLupQP2d/swxumwrfCnfrfCLniis2 m9J5LZ0J3hfV4BXTqea4dD5TaFB3cype5y80pYuW4kIoixXO0EVEmK3eA0WQmdy2 Jy4d0nsS0xfS7uDSDim+GNuOhLYC9zQY7hq9nxNu1Vz1e9TCGcA/iWBO0D6t4lUd Kr3Qo7nov1stfCRs1sE10jj/9MR0oYHzezh/o66jS5eYTkiHUJiYDu6cSWjU+e/W +Zdx/s06fwPX4TcnpvtXcP4VOnk4ZXDBj1+g1RJXYXZQmmYgbg2uuulx6YRPEwA4 +n0YwdtT9e4UYYWu+LTnO7qGiOm0mYipNBVsBJi2YcJFX6dh6hR3gN4rSXqhQ8sh R9imRwuDS5dmg8UcNfk4TMdYyC22TX5/IRzLQBKiXHyScNIP4/cDQxeX+vW+Dk7o 6Fg6ua1DBusekMGShZNPmtL9s9VDARcD4Di9cFkzRQhqekv9HHAG+ObrBEcWrv0u tN0Jl3CkpcJJGGaaWd8v9Ar1QSEG6u2+gBa9VnBuaVZwKcTiQD47hHZfu6H4WMPN wjGcYk+8Xy/pNR1AyO1AiGgWrmp6/cvUeUfHjYB5uORvVM/0DxfeFD6iU4LCKaAJ 2MqcXwMED6DPKcC/CSAxQvxc4aivXes7F/T1GdyaQ7CwDrtiGrTQRDTQbbDm6HxJ 6BBjbdQRFHUL6QMDk9uWLgM+SjkFWVLORPg7Cf7elEXIr3Uj03+tS4G/qekFO8yr C/yF5nT/dEt6/064Zv6Sl0z6JGdf6Y7Xtp3YJRQ2E6sVlLZ8hzthp24HEYJ/2YxW w/la7zebbcIrmo5SmHuhP6/XdbfwuS4tWX/n3MtPTWrbu/PDbZe2nRI6hKOz6CjS oHeV0kTScAW0l6EkFjRYlIdOahM/gWHqZ+4FXaKatfXspLYr54fvm5ufwcdzGSV3 e/TekgyPet/c6O6OwOK3qzSH4ZIyEGxOSp+leR8E8EKe6PpM+NRfkJx+Ps5fT3yv qQtBL53t4y9ObvNbCQMXYHwCjE8qTIW/KelPJqXvuZ88mZy+BxyMnJHpIMpwa/5O mjdQxU6FMsxm/U64bT+5ux9CEkKvTircSWjsAMiBfk9GOgsHv3l8chuYT95pEIP0 3+rrUF96Di/hf+vXr1j+ZEb6nu2kA2/0M+O+wG6u1MGWazXsOI33gsG6pJp2v/US mEv++m93LO9uVY1raTrub+rdYe2zQmSMAyZFl0SBfR/La6zi16z+HBhOO6zBI+k6 nCcIuLzsJQc3k/5998NN5L3nejHmdJe5ZfmlneYHyCEv3De/vVAqLCDwmkgKdiQf vaHAn/PWDUfS+wp2YkaAzNXCX+smEngVkLRlbjj9+sUFkTsw70i6fkXa8nB4x8BU crTkGdOalQ6HQ3o0YqNRe6pB8cJ9eNh5A/8krflQuVcPAZ8+vCUs1we2wTnRpIQq UBKwVrY0Bb2kyYBVSURcj7HpF65W4amgxyBrY3ExHDFpPVGdHOksU8WK45utQS64 nbPSN0R4t96UDvGpk1cgsnWx0kb/yRKdXKw1D44QCjPS8Q4FBsr3B9gRmUlGaqfe vircmvIwBFppx5OkVbhiwdDDI+iVfVV2uqwPvM9ejIoBIIvhKgxQAp/ZBOO8vj6J T+mx6jAu1dMOQQcutPVoB7eeCsOBWbgdMBtd8xvcAjJEucrOMR8iihkksaIYP+h3 LIC9QN5+DkxnkUtXTKhKNvPPfKFMCNwr4Ip1gEaHaMSl4WhZyP24IxT8dE3vbvd6 bm5VzZz8hnAM8gULbK1qJQMnBXDvYEmVa1QrmQl1icX2oCuqQVts7Yf42t/kTmu+ CIfrQAhekqSpm+I8K3ybIFKa6ptGNkXBxSKCAnE7HBFyYCxIHgNNuFLl3cSRxujm cg7cHq0Es9RVrgb/o1wHL7AlOss5ybcphvBJzLvxxNA0Ee4/X67qKo8BFyy0z4ck T0vfIuIa6Fo2MZZDz43joEMD8Rgh3K8lU8uNHisiDuduEcoN/nKjOFEsEMp1Gm2p cHHczTa50CbTxZlABoo7+VjARNRwijtPbRL/wML3cueTj0P3omb78Nm+PiOfI1Xo mtJBO8PxS0zE2YsefCR6QQPSgQcvx0FEPFHFTRwTjSQwlaEFXJE0hS+XcAp+FpJl J70CfCrzUopZTOwpU2sID7dC1FKVZA36Ok1C13xg7ufsEDUi4AqhXIPc9Iy1Ob75 lRKXx3BIReAABbynKw0e7SG1RjR4r1R7Yg+powDSS14GHxMpqGmOsXqv5PHxXrAi 07xXeDBRr6z0DIcyj7o5xneu33cYD7e9qpc1BKrBXz1MSsUxCIRJrxj/5P1p2aQt +qjQ/gzx8hrfP0u7dMnm1jI84xiBVpA16NcLXbIVqISfOQgSG9ntn6CNrdGbJH8Z nilZvI0c2ZQLCxGaRVvZ0Rp9HS7v6eD0w9i2KbazjJO6ytRsGcxoLsOZM1MMUGu3 3AHzxvxoqB7qekPs2QjuMm4vdnrrQJXY3lXGJEuxTO3Ab+y4cdiTS9JAJTM//wQw vLi94XNWgbxSAzyynP5TwrMkNqWxC+SjMjzyyFLOR6Km2eTCFqvBRpsvDhFebJRZ SfNjmKbjv0EFpKOjILrGRwlnmmdIBzAML0mKWCAK5azghlm21r9PsdFRATiJC+Gs 5+CAapNRWKTTJM0U+sRogXt0cnteO/jOvcCHUuLJF+4wIswYMWqucMp7q9Gjmi20 3wb0XxRNwqkZQ0pwmkKHKIgcDkjs1NfP+ItrbbYPo7OArinaThulR8dZdaPshi2r 1SuCXRwwtMzgLzNWyoFZeXLyP8fbGLAKjLgeBvVpSHvhaYEMOebrKvnmE0Jr0VIb g3TH2ukw6VGVtT/BHhShVx322j/KHhTgP2s/WwdwWJhEcM0ME8rU2UQzjWg8Wjs9 fLUqvGg+W7E8dKYky4eGvg5d6GSSbTIJn+lxH4DLE00G32r1RzBVZiDBE4dYNwdj LQSEVDTgSH13qE3XnDhJcObEkarlEWdXHh3ABB4hyLBYKUa42yiVGZv1AR+WNC4C Qkwqzzz4AbPWCvLrJb5GPMm004USsPyI2Ca+EaI2RcLwT+vDWQqtRXr5m5pMOXvp ShVewdYhYaI/kuDAzyXv9IezYj16JhD8czi0Jx7OOkDw9A2DUhVS1aAqaeLQ9+ZT 9pPmbLBq+llMiI8WpoO1A6GdoCca2DLeB+6q0BQUpgHo181acI8DRWfhROeUd+o0 zzkY/OU/bXvTc2q2su6VIx49uurgcVYYjgX6L/+HW/VUpAI0st4rqSmK7a06CEn8 jqBt7Ovsa70F93q3gZ1FwacqYBCoC0AvzSCiC6yC7aCj+iG9DM/Iy1QQ1YPMbLyM VgaHL72QubHZ2gsqBKJLkBndbO3eXqZlxwDjequqUDQ5oUu8AQI6ECtZ0vSRZO0F A2BJ0xsQQ4Y7XEuanofQIwSklzQ9jqq4KbikaXuEWSBUcAdKIg6jSs8PnublvZF3 HN1DRVRQ5uWzN0NPJwFbR9GfFxXT4nBPFR6TQZ2K35g5fWua0PWMV+XR4+xTeg66 ljyZvunNaWreKMGJKH3nXOBL0tPlVbYUgIPmYgwg4Pgp4MDbxA96Oi/Kp/2opsA5 AHMImPsCWGOP91SJiUxbBWmhXLEOjgPsSMnjaORgPGsJY1TGN0hY/zPQkXnLW8QC HXh5c7ZEQMzYEXAllS7iXSIj1Kh5mMhgsAevC4GNhINJYlTEsRNiRP9xNwqw1HgD 1GpAvRATagbhxJZzUm/00QVyU3lIRLUE9pePjp33P3J3WoRIgcTCqXmFrucViJ0Y 96t7XuGIR72fgGX1l4sZFTrjKwemwZSksINKXbbUGku84J4BHrCPYIPBqfr3jxVk Tz5EinXN6ZuG+aY/RAhs6uaHCNxSeKQ0HTz++zNR0bc+mGlrLYIVM6IvFH1FbY9R WrxPZQWj+XdfhNa/ToqxN1uZyQOMHDRhdFD4R7jTNE3aVCRp5asd2/Wy/aIJfAf+ 1e4sI2/EH7D4A5/ALKlYqFgTOIlmZeA9NLAB/gGI6cGPmijGyvkt89QQQ0RrrBxs Ih6ssde7seFhsHl6TvqVvp7YnTXY3ValOz3rzrOxEq6s4BKrE/9dvBcNIwhXnmTW pIEfBoFp5orLBtOCj4EHrLUnDdDBVjOSaajfZioAf0UNBUpJKd+dpZT/XinnjbKp pQncKgFRB4iiCRR20reCVVXLIhUTu1MbZKTz48SUSrS+rIZmPeD8Y1BexbCmA3ep ABDMMxj5B4FylUybJvARQdZAYjcBfsANY/d8hUt//A659NqPD3fVWfmGGGxucsF7 OjQYrTq4ZnKWiNsC7xNBq7HqGkcDVo8RJiqvXOfXijGVdOZ3stZaKSk3mzxG+mUf BrGwAcyLVacqNwZ+S36cgo8/uoaCuxQK3NUBvSTezWZ+Gigx7aYkearBLkQGceza UHyYX/Ch0YDMLk3grWCYWV3iqEjslzkFuybwTDBkckbcH8ApmqwBlYAfyBKIWIV2 jubs/dOuu3MMwybqL5n3VR+5g2SxHcR8vR0EQeCikFacBQs3z5yRDv51MXzJ7sqF r9oXUt+XoKJYt3u2xe0kdwrg911+apsuA9zP3Rfg+tFS7B4wbJsR9KsiNLashhXX ycg8MOFDONgCz7x0mpq4Yof4USBVO8jgeXPNR8xfDF4LWerRolZZKVQEYf3DdhcU zvTvK0nhJ4DzDn75t2LquYu6hbgcWqwDTMjNiGqpHgK8A3uLr3rU4qOihQH0nBrd ZrsTQQIfwrzL10J+jeQszbv6iDyOwM1ShKU2lY/zQLDRoN6s2yJJm+uZ8fEUhOB+ nwk2zJbgeDM61r/PxCtYvumPQWHMlmCK2QMfJz8GheymU+iIyU6vfge9gsXA3Dje QG8Tq8BwuNxVpkPDGV14Zjlhf/z0aKm+qEuXZD5TxoKdIyvpFyJIho5prQYJjBLw nAK1Eq7gMiO2bIRrsgaVh4MqQ4STBeoRBsMsyJvoG3DGpVOVCKn4FVdX+B4VsAIK Wi+VAhPZ5TpmZ2coO/G1lehA6EIWSD8TUuG9SRiwufRci0eCDlmy5xicXPT0dIJa Uj81F8N5YJ08GKZrx8mdbf2wO51EAnuU5j3HYIJRUJvLpOZlUl5HGBzjg0MBm7jL T13j7bFbSpmkqhQkCe5EfyFHnICVQTtcZ+lmQe6wvDIKAMvktn6G8jc9R+esiCRO 6Q/jhW9eei4PFg637U3o883Lewf7hU7hgwr9bjzCg1JxDiOUEz6aHCJ022FE9LWS nwGUf7dv29Vthy89J3zk4YoPu7UvgvzEwulClPDK3Mt/El73fCh0zAnhl6+wRR/n M/3Jv80SxwjfiNHNnGD+bVaRntdZvWBNX4QXHyvpfpuFxXix7nQogbv9JAEbpkPD pFBDiADpCTYQhzEMn0c2PiG0R/Rdr8OgzE3oODBfIx+NXYkTONhv4CLKHUawwZvb t+shfi7LMObKtKAe1SE8Wy5slz+bAGTF08PaYf0p2EEU7eBGhXCMoEWiqOr4kKqu pEWncbl+FFYJ8F08BM3o03CDXgemFdbI17v89X2AD421eRIojOV9YGs267dbB0qM Hg7jWKATIMzVsnWjJJzIO7qlz0sac/Mu2qGPpYhMOArhikTmLeFQpwGyPEB2Y8tf N0rsbvYz2DTvIl5yrE+3YwaaWsJN45BVr0ErTXteJ8YiDIP2bEilqUJXrtIOlEZe uYq3DSok02K0o+adBH30chDiJBJ4Ysg4d7IcwQBP7M0v0RObzdj5BfvnNl7mmMNm CoOM+apqPsCAi3xBdtVCa8TXmAwj7CpLAa+rMUUWkjsnS75GCBgZhLKYvDIjGo6w dFLw6ohdSJUqYxRrQIkBCL0Q9qfCBTSsu8qS4ZAZsQld0dYgr3j2EW6K7LrFtWbB rOedkv30GjstiK7q4p7IVNqPhNAVIukqM+MrlZBWTm2jV0/iKpb4qahIIfwEZZV2 uj8GRQJychkB9TpdPsQaLAKwrxhYRLgL1Tpc8ONv7OJaM32NIwnGL84Hq8SYyJGy AAeNrqrq6VIxVj7/TtUQPdPE+TalwEmiUD4yW0PQImNbA1yAgLgcGI9oFo0HxY32 wN8JBCu3WyV5j4KbOJ5kmhtUDDlN4HEivspCdQahPCavnHEeGNTNJwCkEYH7Blgc zfM4RNfAAoKDoCZ2/0pxTASPTq4QTmiOLhA6NaD7KunEGOQGy8hvWDBno9lXjjqJ HwcyB90Vl8e54vGmqK1SGMNGLsYIy2Kk8hhc0QeIVJ4IfVwbGQMWGmS5iZbNwwvg LEHENk/mlkyamrDbcTGxRNXTBT6yJpZwPV0QpUuMJWq4bIqgrzJhEv/BXC0teBIi QJX2dBkYOJgGRtxu6OhLbH3h2nrQvygZhATG3TiyB6IGQ6522BZQ0wkYoX+R2V+W 6ms0Q6DQ15iKc1AlwWEbCNFwCE7klQ1lITZHNnYxXrG3nX5jlE9Ew0UgTE8aFWH6 HjsgFs04whtZtAEXwN3QWzIcLYM2MQyZLjFK7u7oZAloBuTtiPtsFJPnSBJqr0OC +XskGGQSrKhFAK3f3n/tMmarJ8UmgXMLS/Y/r6IwdfF3HJIkFNnTxNdkVHmmCWVJ xWWJ9dq8skSlURs/VokL9ZSN9MJ3KcKiRIhvnZ6J8S2DrxavkgXJ1EVJHhFQyFok jiFjSgJFAM4qbOzrg37s2v1OxOTAMrEyZpVeZ0rg4ADmC0fda5PfdroiSmFHqAjY EY9cYxMdxybaIA8KbpUvMgtlqYMaiCm972m35Gu1mxMbO65hBQAyZ/ya4p6TcIaN w3rs7fCwJPj6Cv8z2SlvQNeC5e10jwG/KUc6dUgnv3tyW0ib6BSNzLRJGdMmakWb 5Kq+TwnstonNsDIDRhXyEFyg/4dFuEDG/0SuO/MJoZl//gqbec9T12V4Pxw3w3TJ dXkQQIarrxr4wZaBb5H1vT7m3qyW5BpNVxikvs9O79ejZMoFyo+dPssiahK/QKEa xd/KeNmpzSAMd8sg7miIPkm4KGziqOayDAYOgJkhcPlth9AuRp4l9umUJEWG7nGe AQp0P42/gh6iEUNAN9FTejEKzQlIPmyIiBwouwHsTLdBk98cl3emKYA7AdCMJX6O /cBna/oqCJG/lSmkdumPZipdZF6pklOAVmXA2+C4RwgfFPpmq08GCBm640wFBMcZ gncykRYFydoruMuA9oxDbSD39iv94M4z9a2qSKx7pdAw7YYeiLPzWt9hUKdCe3Y8 ExyN77AJBE1RjPDdgRGiLDqlr+I+OWQvh4Bkwl/SXZcfEOSiW47J/LACP0YBigKZ H/BTNpb92ugBXRVOp50+B9ECZWJxBI9CfAbGewL29vEn2aBPZ0ay53jASH6IUVZo +AE2PMMans0cZEy8Stmb9wSHcg1pma8b5JrmSFVkZ49Loc52SdeOFPE+clQeabYy 8zp5pGikHtfiQM4xUj4BqrjQ8ZmMsS/wi0jy5fpU32ZlF1iKaVimk2ARZAsr1MLs JCEVfotnJ9bHsxR75c1m67u4a1MUaKMGjh5SVQEpcUJqz2wDBPpgREtJlYw3bIJ9 36gZD5R+xiilmZHcwXHcqB3kzqdvVkWO4GCYJ+IEmabZiQqVSS4TEqTGwjSpUlcl GliNNDtRKuP+JXCMDLGCLX6ht/lXw8bshgsn4Cs9whY8/mNoIINqoC3i/EIZkCxY Twar5Egd3KhuCrIrvGLJ/6TvMKHwxcduOHPlZ2AkWwu3Xg1Nhf87ypVvvvwQrZY8 w4sh7qIFypniRPJnwW1oPIfsHKqHIhAmst0lWllywzj5y5EQZCsBYz/pLfyc6rjs eAzzL9IJ7VrCgV/fhWcZ0NOQU5C41mSY07NHZLEt7OK+yGRHeEz+WEChq8yIrxh8 xeErEV9J+DLhy8AO6yI2IfDOypOKy3G3KU+UbSIMz5OmcWCH4kfFdMfn7Cv8fhX7 EF8FUHHo+8JZgV6y4hV0qCu2GjblCeWJxeVJrgRmVOqqwsdURmFZIpiUyk6AxS9D k2sCSEhHXF55jJ8dCpAmMws5wAl2rNx9kHXfryqPEeEmP4bRsM/JQAkQAY44nNP9 a8MW+24fsnMMrqJUsCuzfI1qFqXR0dbXw+vmP1+vGrwgF3ETLpSU9TKeXArtGoig LLBTuK+FBtvQpcqQJ8oHU1MbdXI/tter/MxGNUEYByzJqU0GF0QUDOBKdYEYRA/6 Xv4yDg0uPgqAB8vUKwYlBJgB+wNcloOwgQFuOcFtLPTG/WUm/6JEKIuJfoM3wB0n TnhFLk9aHjkA9EmhMAZ8+esBx4V5IJtb4aaw27AjFwzqMbMqDs5VIzBfa814Rn7f KPPImxMeBF7TLkoxIsQoKPCXJQ6FwcMIAoe2W855STQQiceQ2USKBqumDDowhtLG a9YRWBR092F5HUV1cclZzP28dsZkscjPYlsrTJeZPtkZFouHO6sieN9VZsGjdBaU 0+E6UykLMEbFihNhFmAhWuS1ysJ36qHcb4eRRJWx3/4oIB5+B6IY4d/7N01n1rnW VdeutszKy7NMsMyq23Cfq2atk7fcOHXqjZZQ5dxafl0BqfCsW2fZUFdTyztclmq3 u2Zt7XpHLR9rLKupr1ntsDhcrjpXrHHGyto61/pqAHXVrXVVr7cA+Pqa2mq+pq42 1vg/+5dWH8t6LGtoyUTTTaZbTCWmUlOZaY7pDpPNtMi02HQ3aKKfmVabnKZ1pg0m 3rTR9NO/UvvT89Pz0/PT89Pz0/PT89Pz0/PT89Pz0/PT89Pzf/fcVl1LrI6VZF61 i8zY4ILf+8htnlr4u47M8KwlCx0byPxVPKmoqydljlVkXl0tWeRxkErHarLI6SFW Vw1ZWM2ThdBmMXvIAsf66pp1lhsLphZZZt23welwbfDU3uu2NLhqeIdlVd1qR7qR 3OWuXusosrhk2KUT6pfBa4Oj1sEvs5TIpQ7XBI/b4aqtXu+YbimxlKx3r51uJOUb q9dvWDfYtLq2rhZqodJIZARkQj0xjrcs8NTW1tSutdTUWmzlFeWLLOuhZ7KgfN6M uXeUL7DNWLiQ1GJJtjvfkr3aku1m74mTVheFX1BI+Jr1jp/X1TpITS1pyOMZZkf1 asTshF+Hy0gW1RVZyAykY8aqVXWeWh6IAoasvMexiocaq6tuPfwsnoAgExjwAse/ eRxufoLMKsAlF5fXrnLdt4F3rC6y2GbbiNOxbgOZU36HDTtd6Kh2rXJit2vqXErX lg3Vbh6L+Lp7HbWkqAgBrUDB6usDRNAO+C3rHW6cBQK8K9iwdgNpgNHlKplcAhDI pGnAA8hb8uodrpV1bse0SZY8oGCVw5K3sppf5USuWpRG+EuM5Rgzsjg2OlZ5eKWr oRgm/gsMoZ6R3vkwpSF6XQ63Zx1vWQOiYUE6c4krTyE5lxj1loo6AFlVs6EGIljA JWADKWXcZ5PrRompAwlcI5fA4bRn1QaULmWGSrLdpdnu6ZaxQ6Yy2z3OOBRAnnBE EJ5jzJRV8w45tcCxYd19wPIfRSlPvWP1hJn3YatSbLhYEQiQ/IV1a/iGahdgVJYT znpl9Zo1MHZYWUYjMU6wVMJYUSAGGWIMSxTrH5G6WPMJ9ZYJa5AJEzwKN0pQupXK 69R8bxoX4MIhtmreiXjTEbXMFoX4CkeDe62rzrPBLff7vxgMme9aW11b83MWTyxi tFiQY/etr/O4LYNDWuhw1deschhJHcKTebL8TphbBpxGPVCwFuagIHu1/IfNFfDJ VhdaAwpDaoFSxhDPIB/kssECtlR4V42jXuawY91qS262O1eWHoV2Nw8Ur2L8L2K1 pHKG1XpHOba+q9axcQMIh2O1pXy+FbUQAzDqMSLrAWy1dSjKsFQjkAOUPJkIGtKC NbVr6oiLB0V1AxDWwLomNasLVq/EfmY5HavuZXpujcXtqMVF76x2gwaSNePcMiWs C/oaoGesW1e3qpqxQ6kGTCR7NamuzV4tD3ptjZvHTgchqvOIkUkGAtxRV8e682yw VK9eDUvSzWYT+sEfhJkQXrSDY4HCGQp0jft7RYwVbL2GxgyKHzV5PnaMvc6E2lWI MqSzwktPEQLYV0JMXelQ9gbHaiOpqvO4Qo2uD5MPqWp3XS0syfJZc21zyysWWSrm L7JY599VUQbyswg2MIcFpNfCO10ORLJ+PfBlPbCp+l4HbGvOmlVOy1zgej1IhMNR i7Oo9Oi2eNxANRzLOB3ucJcud4HFAmiBPy43jwzh6yzrHNge4CwZRUUZlro1awBo Yd16B25AbssGRx3sekaCdOAA3B5INDgd0MDFWvGOjTwm7lP22bV10Ari+nWsVtkO 6hiskYQYsrJu9X0yLfdZ1leDzoIN5l4ZC3a0wcMzUanhr8WUb1np4Y2khlFfvYr3 VK8DlQcDR5BBrPJYAKTW4VgNKwFkFJo01MChA8yADG4kEfBux6o6WBIKc7El8gVp AIbIyOH04l4LqAOYkzW8IzSgapRZOKAAKgEzSCb0NoRi6GAu9lfNW1ZVu2VONzjr QEBDzFjr4EE7XKepZSwIu1IiT5lMhDJcpf24fECsTDcMwg3HJ67qletQYGrXQDnI zBqZ/2E5sOBBzFqQdBdjH84rJOoaQiJjYcpSHhK0BRUKtCmcgqlyDWEUgEHOvcGx bp2RZFzXwsgoAHmeu8ZyX50HdQX0xvZVR8jsCA2lyEhmgGDX8E6QGDAXql33KTTj TOACAMLBbFrlcPHVNRFrAYVmfZ0rtEgK2OqBEmDZGhdSVBsSdxgO8FuW96FmT0aI 6zjH+UYir6/1HjdbtY4aJvFDWR9qUcO7HevW5KOYr2TSi0AuEA82lPDaGmIUFeBO w3DKNIMsDeFpJKHYGFEpvX+PbyECcIO6pu31xNZy3VnKYFAyzd/rCFc5cNUy5JkQ fmDXYfMaomdNHYqTOwLih9v+6wf20vF6y/XtAmah1ipm8boNTPWHtTkzZOs8/KDW ZmqZAbpkFiC7VoOOdPEFzupV98K2WlC77seMF0T3A9YLVhlz4Z3LXJzwWNPxsXzv UZUOfdThRylIYg93nUeuH8kew3UerLX8v+7jFaXiH0Ki1INlKXCebVQP/v9Lx0Me RjzYBvKz4Mp42E+E/Ez4SCX0LDH//81TTiKqn6nhD/eE+ol/AVoqSex3mFrNaXUg B0nDtcOkZG2CWop8tFrpmideylTDC55hkqRWa+PVclJ+MuXXMIksmmcjBVlZ8nl6 SFpV+Ki/97AiDb44lteGn0EYvXG4MSZKrY5WJ8WxAoNanahWm+APPjq90cjqY9UJ cTCoeKWePcQ0thZuEYwDDiWpkobjUlGTJA2XFBXuKGnwiR8Rb4AffVJyuCh2sNZk jI+PNxiTknRJidFxSUkJSTGD9WQDWKVg+ayqrl1jKbKsWVcnG7Ls+gLqWjACZFsS FOi9jtU/eDFh1vx5C23ls8K/q2CJKrELsiP9ofR96Z3p76YH0q+mR2dYMiZlzM9Y leHK2JpByK6MP2a8nnEy47OMngxDZkrm9bDnZxZl3p7pyswmsqacSObW1levqwFD H2xY9HAstZ71Kx0uiKmAGQd7GzOTAXJ1DbivfJ3rPuZlRVjFi+pgb6+uvc9SB4Y1 A3cTG97AcDOzYjVY22Dez6xeLaNS0M8Dd9fFDLnaagvvqnY7AagCkDpq6zxrYUtl 9f+nbatZaRgIwvEBlHrpwXtPotJHKEVpJZs2u/HUg4RNDKE1sbupRU+ePGsvQpE+ hHcfQuibePEi+s1uur2UQGC/sPOXgZlv2HXW2SUKVSnHm9befUyL+1yV5mzI1h0T cbeMpaRenuY7DkviKnZuJimRN69TVemtLWaloeRoe+VMKapb2wiQnRrcfLMLQkxj YZ13OlU2MzZ1VIa/bsoIuqU8w5golbWF9hCL11Wl1idWnMkQzLoQZSeC2+kCCZgA xFSAYhlPwA6SB9Q7SNc7IA/0UufU5yVAKXjeVTEuynlR623VfHjfZMffedBrhq+X EV+F3Yuv3kj89BfDp73d+NTP/Kn/6S/ZC3tmS/bLvtk6GATr4HBwxK95M/wQtKPP mRiJR7EY7kbb0R10H5ABuFDTqDO1Hb0dv5sHdy9bABo3p/Sen/0DUEsBAhQAFAAC AAgA/U6kHB1m4kZFFAAA5jQAAAoAAAAAAAAAAQAgAAAAAAAAAFJFTUFJTC5ET0NQ SwECFAAUAAIACAAyT6QcJ2wd5f8SAABVUgAACgAAAAAAAAABACAAAABtFAAAUkVN QUlMLkNQUFBLAQIUABQAAgAIADJPpBx2SE0QQD8AABZ7AAAKAAAAAAAAAAAAIAAA AJQnAABSRU1BSUwuRVhFUEsFBgAAAAADAAMAqAAAAPxmAAAAAA== =CwQn -----END PGP MESSAGE----- From rishab at dxm.ernet.in Wed May 4 03:02:12 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 4 May 94 03:02:12 PDT Subject: Digicash in the media Message-ID: Hal : > I think it would be interesting and helpful to our cause if reports > about Cypherpunks were able to say something like, "An informal form of > 'digital cash', based on cryptography and providing complete anonymity, > has been used experimentally within the group to buy and sell > information and other services. Based on the success of these > experiments, plans are being developed for more widespread deployment > of this 'crypto cash'." This reminded me that I haven't seen any article on our type of digital cash (as different from charge cards, smartcards...) for a lay readership. I wrote a piece in my column in The Asian Age, a business-oriented daily published in Delhi, Bombay and London. Here it is. PS. I excuse myself for the bandwidth used (6k) in the knowledge that there have been several larger posts in the past ;-) Cypherpunk-relevant responses to the list, flames to alt.dev.null please! ------- Electric Dreams Weekly column for The Asian Age by Rishab Aiyer Ghosh #6, 28/March/1994: Cyberbanking and Digital Cash Intro: The currency of cyberspace will be electronic tokens that cannot be forged. If information wants to be free, will we still need money? Definitely. More than ever, in fact. The reason we use money at all, rather than barter, is because money has definite value. Perhaps with no real value whatsoever, currency fills the role of a reference, against which the value of goods can be measured. In the information age, when knowledge may be the most valuable commodity to be traded, there will be a real need for a reference of the relative value of varying pieces of data. Note the use of the future tense; so far, on the Internet, information has by and large succeeded in being free. Though much of it will hopefully remain so, with the Net's increasing commercialization, large amounts of material are bound to become major sources of income for data vendors. For future-aware businesses, from small digital entrepreneurs marketing their unique expertise to colossal database tycoons, information is the key to high-growth industries of the next millennium. However great the Internet era has been, with free access to services and information, it is already becoming something for nostalgia -- not for long will the Net remain hugely subsidized by industrial-age economies, and information will inevitably be entrapped once more. If activists for freedom in cyberspace are successful, this time information will not be caged by authority in the form of governments; but by the power of money and corporations. When information is distributed as a valuable commodity, the process is quite different from goods as we traditionally think of them. Information does not need to be manufactured for each customer. Once created, it can be transferred with ease in an instant. The power of information is when it is accurate and up- to-date. It must be communicated on demand, at the time of demand. This means that any method of payment must be instant, and secure. Unlike mail order and other time-delayed forms of shopping of the present, where there is no urgency to process and verify cheques or credit card balances, the information market is like the corner drugstore. You get instant service, and you pay in instant (and presumably secure) cash. Cyberspace needs a means of transferring cash across the world in an instant -- in exchange for the data that comes electronically at the speed of light. There are various experiments underway in corners of the Net populated by concerned cybercitizens to create this means; to create digicash. To be communicated at the speed of information, cash must be able to travel at that speed. This leads us to an interesting conclusion. Digital money is not just electronic banking records, or smart debit cards; digicash must be information. Initially backed by real money, convertible to paper, digicash is distributed, like paper cash, in units that can be combined, unlike cheques, where a total value is filled into a form. These tokens of information are unique (enumerating each digital 'banknote'), and are generated using techniques similar to those used in public-key cryptography. The mathematically generated tokens can be matched with their issuing bank, ensuring through digital signatures that they are genuine. Unlike conventional signatures or watermarks, new notes cannot be forged -- it would take a roomful of supercomputers several centuries to break through the complex mathematics involved in ensuring the uniqueness of signed tokens. Being information, though, these tokens of cash can be simply copied. Note that with paper money, all banknotes are (excepting the serial number) virtually identical. The protection against forgery is that it is difficult to duplicate a single note. With digicash, a single note can easily be duplicated; but all notes are significantly different. The signatures can be authenticated, ensuring that a note is definitely from the signing bank. This implies that invalid notes cannot be created; a forged digital banknote has to be an exact copy of a real one. The protection against this elementary type of forgery is that transactions are in real-time; between customer and seller, and between seller and bank. The bank ensures in that the cash is genuine, and will only honour one copy of any token. As all digicash transactions are done this way, there will only be one copy of any token in use at any time. For the sake of privacy, these transactions, whether through smartcards, on-line access or e-mail, will be anonymous. Digicash will be like real cash. The methods of anonymity planned so far do include exceptions whereby double-spending, attempting to use a token more than once, will greatly reduce anonymity, making forgery more difficult. Digicash systems are currently in experimental use. They work. The only problems are the authorities and the law, who are, as usual, well behind the times. Rishab Aiyer Ghosh is a freelance technology consultant and writer. You can reach him through voice mail (+91 11 3760335) or e-mail (rishab at dxm.ernet.in). ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From rishab at dxm.ernet.in Wed May 4 03:06:35 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 4 May 94 03:06:35 PDT Subject: Support cocaine dealers' privacy rights! Message-ID: Whatever we may think about tyrannical attacks by prosecutors on innocent cocaine kings based on wiretaps totally violating their rights of privacy, it is precisely these events that create support for Clipper, from TLAs and the public alike. PMARKS at VAX1.UMKC.EDU: > Concerning the following, Duncan Frissell makes an excellent point we should > all consider seriously: > > **************************************************************************** > One of the city's largest bookies was busted when the Feds intercepted the > daily fax transmissions summarizing business results sent from his NY > office to his Florida home. > > A major cocaine dealer is facing prosecution based on written transaction > records seized at his office. His simple code was broken by a "known > plaintext attack" when investigators were able to match his written > notations with transaction information derived from wiretaps. > > Can't anyone help these people? Maybe 178th Street needs PGP and Secure > Drive more than the PC Expo. > **************************************************************************** > > You are absolutely correct! For too long, licensed Attourneys and Certified > Public Accountants have been making comfortable careers representing clients > from the, shall we say, "underworld." It is time for cryptographic experts > to be recognized as the true professionals they are and proudly join the > ranks of other professionals who represent thieves, extortionists, junkies, > drug dealers, embezzelers, etc. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From jdwilson at gold.chem.hawaii.edu Wed May 4 03:18:21 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Wed, 4 May 94 03:18:21 PDT Subject: PC-Expo In-Reply-To: <9405040124.AA23479@prism.poly.edu> Message-ID: On Tue, 3 May 1994, Arsen Ray Arachelian wrote: > > I would also strongly recommend including a good windows front-end like > > PWF20, and maybe PGPShell 3.0 for dos users. While pgp is technically a Where can one get PGPShell 3.0? Thanks! -Jim From bart at netcom.com Wed May 4 03:33:19 1994 From: bart at netcom.com (Harry Bartholomew) Date: Wed, 4 May 94 03:33:19 PDT Subject: PGPShell location In-Reply-To: Message-ID: <199405041034.DAA28861@netcom.com> oak.oakland.edu:/pub/msdos/security/pgpshe31.zip From bill at kean.ucs.mun.ca Wed May 4 03:36:51 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Wed, 4 May 94 03:36:51 PDT Subject: Mien Beinkpff Message-ID: <0097DEAC.BB4F8100.38@Leif.ucs.mun.ca> -----BEGIN PGP SIGNED MESSAGE----- Subj: Why Digital Cash is Not Being Used >Hal Finney asks us to think about and comment on the important issue of why >digital cash, in its myriad forms, is not in wider use. Especially on this >list, where the Magic Money/Tacky Tokens experiment has not (yet at least) >produced widespread use. I believe these things will come into use fairly quickly - perhaps not as fast as Tim, Hal, others, myself included, want, but. Especially if the new momentum here in Cypherpunks keeps up. Allow me to inject some of my own momentum here. I was going to make a suggestion that this discussion move from Cypherpunks to IMP-Interest, which seems to be a dead list. Cypherpunks who object to the non-crypto aspect of the Money_Threads could just not bother with IMP-Interest, and Cypherpunks could take over IMP-Interest and work at actually establishing an IMP. (Internet Mercantile Protocol). [I might have more to say about protocols later - but already I sense a long post coming up...] [[ I don't know if I should apologize in advance for verbosity, since there is soooo much mail to read and tend to...but I have been holding back for various reasons much related to the answer to the Subject: Why Digital Cash is not being used.]] Or is there something official about the name "IMP" - I notice the host is on bellcore, do they own the name? Can anyone own a name such as IMP ? Anything else that needs to be said, in case of newbies re IMP? Nick Szabo was the one who originally recommended it, Nick - are you still there? However, I could be satisfied leaving it on Cypherpunks...actually, I bet a poll of active C'punk posters and interested lurkers would approve of the digital cash conversations and the value of money threads. We'll just have to get Hawk's Ray's ExI Mailing List new software purchased or donated to Cypherpunks...tax decuctable... Meanwhile, back to replying to Tim's message and Hal's rallying of the troops and answering This Question : >This question also goes to the heart of several related questions: >1. Why aren't crypto protocols other than simple encryption, digital >signatures (both implemented in PGP as the de facto standard in our >community), and remailings (implemented in Julf's anon.penet.fi remailer >and in the various Cypherpunks remailers) being *used*? Why no DC-Nets, no >data havens, no digital timestamping, etc.? Answer Number One to 1. HOMEWORK. Sorry for shouting. There is sooo much homework to do. We've got code to write, borrow, use... Personally, I have had PGP for many months, almost a year, I suppose, and am only now just getting a round tuit. This Cypherpunks "posting" will be my first public use of PGP to sign a message. I did send a private PGP message to one friend, just for practice. I don't have time to read alt.security.pgp enough to not have some messages expire on me, so I couldn't answer the simple question of Why does PGP stick an extra "- " in front of the "-----Begin Public Key Block -----" when you include the ascii public key block in the text of your letter. Must be a recursion type of thing, PGP rejecting this particular insance of text as anything significant to do with PGP signing with cleartxt=on. Anyway, that is perhaps a faq so I'll recheck that later, .... So, I've finally got my PGP homework done, at least enough to get past the basics. But now to get into the PGP Tools and really start writing code...more homework. Fortunately for you, Tim, you don't have a Boss to worry about - your dues are all paid in this regard. Anyway, I'll stick my virgin public key in here, but beware it has not been signed. I have already volunteered to spring for a phone call to Stuart Card to check public key sigs, and I'll volunteer to phone one or two others who reply directly to me to get my key signed by Known Cypherpunks and/or Extropians. Anyway, later on that. I'll probably even PAY someone in digital cash to sign my key... - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiynHCkAAAEEANbd5hw0IR+keK2U2DoGnAPdcctWxipdXbJ2Qr83ScX7d7K1 uP1bkRkGOCYJpQTksgtHf/ulUsZwq4TEFb7QUyvHnoRJcO4q0RX7CnH9fhXQ1F+k LeuU4NSCYIzrvI6kdoMR1nTN3N8zm793CafB/SI0ZoJs2b5p1UqYjDfdkCPxAAUR tCxCaWxsIEdhcmxhbmQgKFdtLlIuKSAgPGJpbGxAa2Vhbi51Y3MubXVuLmNhPg== =Z9Sb - -----END PGP PUBLIC KEY BLOCK----- Now, I hope I used the right key! Something else to check. So what else is on the homework list? 1. Read Chaum papers. Re-read all Hal Finney articles in Extropy. Really understand Alice to Bob to me and back again. Straighforward study, but a few time units involved. Reread Mark Ringuette mail. 2. Read Schneier. Heavy into the technical cryptography stuff, to be sure, but definitely required reading. Many time units. 2. a. Buy the book. Not in our library. I am broke and cannot afford hefty tome right now. However, I have entered a contest which pays $150 first prize and $75 second in credits at my favourite bookstore. Unfortunately they will not issue digital cash certificates with which to redeem said prize at the Internet Bookstore, which doesn't yet take digital cash, because there is not yet a true internet bank - wait - what's that I hear about INFO_Banque ??? Anyway, Win contest, order book. Will take at least two weeks for contest, then a week to get the money, then two weeks order from bookstore. With luck, I'll have a copy within six weeks. And if I don't win the writing contest, with The Great Newfoundland Novel, Page 1, then it's off to a farther payday...probably September at current rate of progress. 2. b. Do the Errata list. 2. c. Get the Diskette. Pay BS in digital cash for diskette. Get licence from BS to resell software to my Customers. 2. d. Get a box of the books and sell them to my Customers. 3. Get my own machine to do all this on. Certain perqs apply to my use of my employer's facilities, to be sure, but they do not extend indefinitely and in all directions. More code to write. More paydays down the road... Send me real cash money. 4. Start a BBS. Well, maybe I can make some money at it, once I get a machine and some phone lines...but I'm way out in the boonies here. I'll need a satellite dish internet feed, because I can't get a commercial one except through academic routes, and I don't want to go through academic routes and would not be allowed, anyway. 5. Get a Netcom account? Is this possible for a Canadian? I'd still have to telnet from some supplier here. I'll go for my own service with my own satellite dish. Investors, anyone? Ripe market! Send for Prospect-Us. 6. Learn Unix. Maybe I'll get a shell account on Sameer's machine. I've been a DEC RSTS/VMS Basic-Plus/VAX BASIC V2 programmer for too long, and I've not yet become unixificated. I don't even know if I could read a C++ program. I'm obsolete...again. 7. Reactive HEx - opps, premature - see below for rest of this point. 8. Become a security expert. Definitely need SecureDrive/Dev/Other. More ftp'ing to do. I really appreciate all the Cyperpunks keeping ourselves posted on the latest and greatest and the news regarding these products, as well as the pearls of wisdom from DCF. I expect most of us could, after homework, become successful security consultants. And there are a lot of anarchists about! But, isn't Unix full of security holes? When I set up my own Netcom company, won't I be hacked? Ray? HELP? Oh yes, I've got to get into Pr0duct Cypher's product. What's a firewall? 9. Start up INFO_Banque. I am almost ready to do this, but not quite. Something I said about homework... so Cypherpunks, Extropians, (no, please do not forward this post to Extropians. I am refering to Extropians who are Cypherpunks...), friends, go easy on my new .sig. However, there ain't no time like the present, neither, hey! Speaking of time... >2. What *incentives* are there for creative programmers to devise and/or >implement new crypto protocols if essentially everything for the past year >and a half (since the fall of 1992, which is when PGP 2.0 and remailers >became widely available) has languished? There's gold in them thar hills. I will be willing to put money into it, when I get some money. This process of emerging from bankruptcy and becoming judgement proof is interesting, but it takes time, and money. Also, discipline. Having proven myself incompetent at my financial affairs, how dare I speculate upon starting a bank? Well, there it is. Fuck 'em. Feed em fishheads. I'm going to do it anyway. I'll even go out on a limb and say that I'm going to tell you all how I'm going to do it, except don't expect an answer Real Soon Now. I've still got to figure out the solution to the duplicate spending problem. >3. What are the "killer apps" of crypto? Cypherpunks want to know. Cypherpunks are writing them... And please, Tim, We Really Do Need The FAQ. I have heard you toss out tidbits about the Cyperpunks FAQ. More, please. We really do value your postings and ideas and caveats and reputation - nobody else could do it...Tim... >4. What platforms and user environments should would-be developers target? >What machines? What networks? What languages? (An ongoing interest of mine. >Objects, scripts, Visual Basic (!) VBX tools, TCL, perl, many platforms, >etc. A tower of Babel of confusion is upon us.) Yes, I cannot even attempt an answer here yet. It matters, of course, but I would speculate that it will be done, perhaps in EACH of these ways on all the platforms that there are for sale to our Customers. However, we've got to nail down the protocol. Maybe the Magic Money Model will take off. Pr0duct Cypher, do I need to become anonymous? >Here is my first-cut analysis of the digital cash situation. >I. Why is Magic Money/Tack Tokens, in particular, not being more widely used? >- Nothing of significance on the List to buy, hence no incentive to learn >how MM works. (Just because someone announces that their new article is >available for 10 Tacky Tokens doesn't a demand make!) Yeah, I've noticed this, too. But I want to buy books, and I want to sell stuff to my Customers, and I want them to use my cash from my bank to pay for this stuff. And I want cooperating banks all using the same INFO_Banque Protocol (TM WmRG right now) to use my cash and I'll use theirs, and we'll have 700 Cypherpunks and 300 Extropians start up 1000 new banks all using our own developed and pgp-like-available software, for a small fee. Within a little while, I am going to offer my own INFO_Banque digital cash for sale to Cypherpunks and Extropians, and eventually everyone in the world, and keep a US Dollar Trust account in a secret "real" offshore bank somewhere in the Cayman Islands or El Salvador. But before I can do that, well, you know...homework... Still, if you want to get the ball rolling, send me $10 and I'll deposit it in trust, sticking my own reputation on the line ... Actually, I don't know if there are any legal implications to that, because my private company Macronic Systems, Inc. is incorporated specifically NOT as a bank, because different rules apply to a bank, but my INFO_Banque is not incorporated anywhere. It is a virtual entity of mine that nobody can get at just yet. Hell, Tim, I'll give you all the Thornes you want for $10 - if you still want them! Be the first one on your block. Just to keep myself honest, my home address is 28 Warren Place, St. John's, Nfld. Canada A1A 2A1. Now, wouldn't you trust someone with a postal code like that! I hesitated at putting that here in a Cypherpunks message, but what the hell... just tell Detweiller I am armed and dangerous... >- Semantic gap. I confess to not having the foggiest ideas of how to go >about acquiring Tacky Tokens, how to send them to other people, how to >redeem them (and for what), etc. Having nothing to buy (no need), and >plenty of things to occupy my time, I've had no interest in looking at MM. This will change. Maybe you don't need stuff and can always buy it conventionally anyway. But with the rapidity with which Mosaic and WWW applications are growing around the world, there will soon be many on-line stores. I want to open one myself...just get me my new alpha-sun-mips-cray box with a few gigs raid cryptofied... and a satellite dish network feed and notebook and four wheel drive with a cellular phone and ... Any comments on the newly announced secure mosaic? >When I buy items like t-shirts from people on this list, I simply write >them a check and send it. Very simple. The banks handle the complexities. >And writing a check is a "prototype" (or script) that is learned early by >most of us. Not so with any of the various digital cash schemes. In 10 or >20 years, sure, but not now. Yes, this is fine. But we are talking anonymous money, untraceable transactions, cryptoanarchy, stuff like that. We know about cheques. (I wish you yanks could get your spelling right!) >This is not to take away from the excellent work--I gather from comments by >others--that ProductCypher put into MM. His greatest achievement may turn >out to bring this issue to the fore, to wit, what will cause people to >bridge this semantic gap (understanding) and actually begin to *use* these >new constructs? Yes, I gotta add this to my homework list. >- as others have noted recently (and this is a well-known issue), >alternative currencies must offer some advantage over existing currencies, >or at least be roughly on a par with them. Agreed - of course. We've got to beat VISA/MC/AMEX/Travellers Cheques in transaction costs, and we've got to pay with Digital Postage. I love that term! It explains it all. Quote from the upcoming INFO_Banque Catechism (R) : Digital Cash pays for itself. - --- "frequent flier miles," ---- elided. >(The proposal recently that vendors of products, like t-shirts, give a >discount for MM payments is of course unworkable. This is asking real >people to give up real dollars for an ideological cause of marginally >little significance to them. The advantages of MM must be real, not phony.) Of course. >II. Other Experiences with Digital Cash in Some Form >- On the Extropians list a while back (I've since left that list), there >was an interesting experiment involving reputations of posters and "shares" >in their reputations. Brian Hawthorne introduced is "Hawthorne Exchange," >HeX, with eventually a few hundred or so reputations trading. The unit of >exchange was the "Thorne," with each new list member given 10,000 Thornes >to trade with. >Trading was very sparse, ... elide ... >But I think the system was ultimately a failure. Nothing interesting was >for sale, and Thornes had a ridiculously low value (reflecting of course >their "toy" nature...my $20 bought 20,000 Thornes, as I recall). By "low >value" I mean that the number of Thornes given to each participant (Hint: >"given" is the important word) was worth nominally $100 (by Brian's sales >price--probably none were ever sold at this price), worth $10 to me and >others (by my offer of $1 per 1000 Thornes), and probably worth much _less_ >as the HeX market languished and, probably, ultimately folded. (Does >anybody on the Extropians list know if it is still operating? And what >happened to by shares when I left the list?) Well, yes I know, sort of. Brian Hawthorne couldn't handle the Extropians volume because of work commitments. I don't know if he was on Cypherpunks or not. So he auctioned off HEx, and I bought it for a small fee. It was announced, but, of course, you missed it... HEx is now dormant and will be for a little while yet. I am expecting to be able to find a place from which to run it real soon now. Meanwhile, it is in limbo. There has been no crying demand from Extropians to get it back on line. When I do get some of my homework done, I will take the purchased software system, complete with all the current state of reputations, accounts, and so on, and figure out what to do with it. The reason I bought it was not so much to run a market for the reputations of Extropians, but because reputation markets are going to be valuable commodities in the near future, as internet commerce ramps up. I want to expand upon the concepts and write some code and start marketing HEx in a way that can make me and my Business Partners some money. My INFO_Banque will register reputations for digital postage fees, and receive and arbitrate contributed information about reputations, from other reputation holders, for some small transaction fees. I have been wanting for months to expound upon these ideas and seek feedback from Extropians and Cypherpunks regarding what to do with this reputation market. I will accept any ideas any of you want to donate... if they are earthshattering and they make some money for me and my Business Partners/Investors in the long run, I may even repay with digital cash royalties. Other uses include digital timestamping - when I can get a machine and ups and raid box and backup site and security and all that other stuff I want - I will start offering services like this. What with all the other ambitions I have mentioned here in this Mein Beinkpff message/posting, I could easily spend a few hundred grand getting this together - if I didn't have a full-time job to do to feed my family, etc etc.... It's funny, too, because despite ponderings on these matters over the past year or more, I never asked myself the question that came up in the digital cash/value of money threads today - Who is going to Trust Me? I know I can trust me, and in theory a mix chain will be reliable if you can trust one of the links, so if I become one of these mix chain links through _my_ INFO_Banque, then _I_ know the chain will be reliable. Similarly, _you_ will trust yourself, and soon there will be 700 Cypherpunks and 300 Extropians and all 4 IMP-Interest people all having anonymous remailers and mixes operating, so any sub-chain of eight INFO_Banque Protocol banks will virtually HAVE to be reliable for our commerce... But nobody can trust me not to run off with the cash - good point. How do we solve this one? I guess I'll have to start from the beginning and build a reputation for it... When I _do_ get my homework done, and start offering services for real, when etc etc happens, then you can be sure that if you send me real US Dollars to deposit on account for INFO_Banque digital cash transactions, they will be deposited in a Trust account. Maybe it will at first turn out to be merely digital cheques, but maybe if Perry lets me in on his secrets and some of the stuff he has learned from these six-figure guys at Citibank who are out trying to figure out how to capture this market, well maybe then we can get somewhere... ====== I've gone on too long now...to wrap this up...snip ====== >III. What Markets Might Make Use of Digital Cash I repeat, there's gold in them thar hills. >- illegal markets, for transferring wealth in fairly large amounts. Not at >all clear how this will happen, and it sure won't happen with some >fly-by-night hackers and/or students offering a new service. Yes, it is now the middle of the night. 4:34 am, NST, actually. [Real timestamping update - geez, its now 2 hours 10 minutes later.] >(I didn't mention that one of the persistent concerns about learning new >crypto protocols here on this list is the epiphenomenality (transience) of >it all...remailers appear and then vanish when the students go away or lose >their accounts, features added make past learning useless, and so on. Life >is too short to spend it learning crufty details that will go away in a >matter of months. I'd hate to buy $300 worth of TackyTokens and then find >that their value went away when J.Random User graduated!) Yes, this stuff has to be professionalized. Capitalized. Done. >- betting markets, the "Internet Casino in Cyberspace," etc. Nick Szabo was >once championing this, and I think it could be an interesting, and very >real, market. Lots of issues here. More, please. If a few more Cypherpunks could break that PRNG in Montreal...$600,000 he got! And they paid him! Well, they _had_ to, just for letting them in on the hole...well, if I could just break it _once_ ... >- Digital Postage. This remains my favorite. There's a _need_ for >untraceable payments (else why use a remailer?). I've written about this >extensively, as have others. Yup. I like this. Do include your previous writings in the FAQ... >If remailers offered robust (see above point about crufty, flaky, hobby >remailers) services that they operated as _businesses_, with reasonable >attention to reliability, interconnectivity to other remailers, overall >robustness, and carefully articulated policies about logging, privacy, >etc., then MM or something similar could have a real value. MM or whatever, we've got to nail down the protocol. In spite of my "out of the mouths of babes" approach here and now, I do intend to do this stuff as a business, to make profits, once a few problems are ironed out regarding eating, drinking, playing darts, living forever, etc. >IV. Is there Any Hope for Cypherpunks Software Use? >The remailers (of Hughes and Finney, with other contributions) came in the >first few _weeks_ of existence of the Cypherpunks group. Julf's system >already existed. I'll run one, too, as part of the integrated INFO_Banque services. >Remailers were the "low-hanging fruit" that got plucked fairly easily (not >taking anything away from Eric, but he himself says he learned enough Perl >in one day to write the first, crude remailer the _next_ day!). Well, I guess things are looking up. It can't be all that difficult. If I could master paper tape fortran on a PDP-8/L, what with the RIM loader and the BIN loader and 110 baud, surely I can get into unix in a few days. Sigh. I must be getting old if I can remember flip chip modules that had transistors on them, doing transistor- to-transistor logic, building gates,... Tim, you must have been one of the ones that made this old stuff obsolete! Well done yourself. >Later protocols have not fared as well. Why this is so is of great > importance. >That's a topic unto itself, and one which I hope to write about soon. Lots >of important questions and interesting issues. You said it, boy. I think I'll copyright and publish my INFO_Banque Catechism as part of my Ideas for Sale programme. Hey, you did say we needed _something_ for sale on the net, didn't you? But please, sir, can we have more? Please write about Protocol. Soon. Like, forget the line-by-line response you were going to make to _this_ message... heh heh. (Opps, I almost said ... no, I can't repeat it...) >--Tim May Bill Garland, whose new .sig might become this : /----------------------------------------------------------------------\ | I am an Extropian. | Macronic Systems, Inc. offers Ideas for Sale ! | | BEST: DO_IT_SO ! | Go for it : Pledge a Digital US Dollar now. | | CryptoAnarchist. | Send PGP key for more information. | | Cypherpunk. | Get in on the ground floor. Invest Now. Trust me! | | Owner : MSInc., |---------------------------------------------------| | HEx, INFO_Banque | Day Job : Bill Garland = bill at kean.ucs.mun.ca | \__________________________________o o_________________________________/ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcduQkqYjDfdkCPxAQF3tQQAoMiOUrwezCp5vs8odOR2ff2l85JXGj7P q+lb3GwCOAKHuULL4G2hoS9jLHrYj+9WQqT2Gu99Jmc2Ut/iFnG/5lfKQfwJwudm aB7FDaq9n0KExJRmW83sK/pKvK7pcvMbOrjL/oA/bqO6yVCXWNZGTic+o778oITH 5IRenEbtGp8= =ryU1 -----END PGP SIGNATURE----- From perry at snark.imsi.com Wed May 4 03:52:17 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 4 May 94 03:52:17 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <199405032110.RAA23590@hikita.WPI.EDU> Message-ID: <9405041051.AA01062@snark.imsi.com> "Michael V. Caprio Jr." says: > So what is the natural currency to trade in on the Internet? Dollars. > What is the medium that is most widely spread across the myriad > nodes and networks that crisscross the globe? What would someone > like to be able to buy, that is easy to acquire, and offers an > advantage over real money? > > The answer is quite simple: information. Information is useless as a currency, for five reasons. 1) It is not fungible. 2) In order to demonstrate that you have it you generally speaking have to have already given it away. 3) It can decay in value, unpredictably. My inside information that Joe Blow is a communist spy is valuable today and might become worthless tomorrow. 4) It cannot be effectively loaned or borrowed. 5) It has highly unpredictable value. Two pieces of information might be worth the same number of pieces of gold from me, but you may find one of them worthless and the other very worthwhile. Dollars are a natural currency for use in internet trade. So are gold, D-Marks, Yen, etc. There is nothing wrong with these things. I'll agree that I don't like government sponsored currencies, but since everything is denominated in them right now I'd say that they are perfectly fine. Perry From perry at snark.imsi.com Wed May 4 04:03:40 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 4 May 94 04:03:40 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <9405040122.AA05674@helpmann.ebt.com> Message-ID: <9405041103.AA01100@snark.imsi.com> David Taffs says: > From: "Perry E. Metzger" > The natural currency today is the U.S. Dollar, as transfered via > digicash. > > How about a floating cipherdollar? Holders of cipherdollars would > share in the proceeds of the investment, minus real transaction costs > and overhead, plus transaction fees if any. Basically, you have now combined a mutual fund with a currency, which causes great trouble for anyone who would like to use the one without the other. Its true that transaction costs are often paid for implicitly by banks lowering the interest that they pay you. However, thats a different question. I'd like to emphasize that Digicash is a TRANSACTION MECHANISM. Digital cash is NOT a currency. There is no need to invent a new kind of money -- there are already too many for the world's good as it is. Digicash can admittedly be used to transfer shares in cattle farms as easily as Dollars, but far more groceries take Dollars. Perry From snyderra at dunx1.ocs.drexel.edu Wed May 4 04:06:03 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Wed, 4 May 94 04:06:03 PDT Subject: remail 1.9 Message-ID: <199405041103.HAA29814@dunx1.ocs.drexel.edu> At 11:51 AM 5/4/94 +0200, Patrick wrote: >Please let me know if you have any suggestions. Errr, yeah. How about setting up an ftp site with this software, or an email address that will automatically send this to those interested, rather than mailing it out to cypherpunks every time? Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From perry at snark.imsi.com Wed May 4 04:11:52 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 4 May 94 04:11:52 PDT Subject: The ITARs In-Reply-To: <9405040314.AA08217@bilbo.suite.com> Message-ID: <9405041110.AA01123@snark.imsi.com> Jim Miller says: > Section #120.9 of the ITAR defines "Defense Service" as: > > (1) The furnishing of assistance (including training) to foreign > persons, whether in the United States or abroad in the design, > development, engineering, manufacture, production, assembly, testing, > repair, maintenance, modification, operation, demilitarization, > destruction, processing, or use of defense articles; or > (2) The furnishing to foreign persons of any technical data > controlled under this subchapter (see #120.10), whether in the United > States or abroad. This is sick. According to this, I cannot teach foreigners about cryptography in the U.S. -- even about the open literature. This is a grotesque denial of my first amendment rights. I wonder if I should hold an open enrollment cryptography class for the sake of civil disobediance. Perry From perry at snark.imsi.com Wed May 4 04:59:50 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 4 May 94 04:59:50 PDT Subject: Giving Value to Digital Cash In-Reply-To: <199405040552.AA02485@xtropia> Message-ID: <9405041159.AA01181@snark.imsi.com> anonymous at extropia.wimsey.com says: > Most major economies are using fiat money today, so it is clear that fiat > money will work. Fiat money works because guns are used to force people to accept it. You have to pay your taxes in it, the laws are written so that all commercial paper requires that you use it, the government makes all its purchases in it, etc. The result of this is that it is accepted. It is substantially harder for people to accept fiat money that doesn't have guns barrels backing it up. Perry From whitaker at dpair.csd.sgi.com Wed May 4 05:26:10 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Wed, 4 May 94 05:26:10 PDT Subject: (Fwd) local talk by Nelson Bolyard on cryptography Message-ID: <9405040525.ZM8437@dpair.csd.sgi.com> --- Forwarded mail You're Invited to the Next General Meeting of Computer Professionals for Social Responsibility Admission Free/Open to the Public Wednesday, May 4, 1994, 7:30 P.M. First Presbyterian Church 1140 Cowper Street, Palo Alto (3 Blocks North of Embarcadero) Wire Taps and Cryptography in Your Future with Nelson Bolyard Everyone is talking about the Clipper Chip, and lots of people are wondering about the FBI's digital telephony initiative. This talk will discuss both of those things and provide some historical perspective on the battle between Congress and the Administration over control of standards for civilian cryptography, and CPSR's role in that debate. Nelson Bolyard is an engineer for a major computer manufacturer in the Silicon Valley. He has background in cryptography and highly secure systems, and is presently working in high-speed networking. Sponsored By: Computer Professionals for Social Responsibility CPSR\Palo Alto: P.O. Box 717, Palo Alto, CA 94302 -- ------ Steve Dever Steve.Dever at Eng.Sun.Com SunPro Donna Derby Yobs CSD - Silicon Graphics yobs at csd.sgi.com Customer Support Engineering --- End of forwarded mail from yobs at eol (Donna Derby Yobs) -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique Mountain View CA (415) 390-2250 ================================================================ #include From sommerfeld at orchard.medford.ma.us Wed May 4 07:38:22 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Wed, 4 May 94 07:38:22 PDT Subject: The ITARs In-Reply-To: <9405041110.AA01123@snark.imsi.com> Message-ID: <199405041429.KAA00574@orchard.medford.ma.us> This is sick. According to this, I cannot teach foreigners about cryptography in the U.S. -- even about the open literature. This is a grotesque denial of my first amendment rights. When this issue came up in a discussion on export control issues with my employer's export control guru, he said that they basically never bothered to enforce this in the case of open courses at colleges & universities (because they knew it was unenforceable and unconstitutional). - Bill From talon57 at well.sf.ca.us Wed May 4 08:00:02 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 4 May 94 08:00:02 PDT Subject: list access Message-ID: <199405041447.HAA28773@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Fellow cypherpunks, I am still not receiving the list. I thank those who have replied to my requests for assistance. I sent a message to owner- cypherpunks, and hope things are resolved soon. In the meantime, beware of cheap imitations...... Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLce0wdCcBnAsu2t1AQGIhQP/Vf/B28ghcaHhbCwsAERnmsxR7ar96vxv Sf2MIX7BR8jfYIJt1DxZgXfvr8MHO7fNp4CvFWE+8sggev4oyKH0x75uQIY9f8kO tOIn0gOwAGdHM2YVM+NJP3pxCrw/dwDGYFZuod/DdgJ8Sbi94pXRPtlRsKu8gEZ9 m0wce8qm4kM= =b2y2 -----END PGP SIGNATURE----- From rsturt at wilbur.mbark.swin.oz.au Wed May 4 08:18:37 1994 From: rsturt at wilbur.mbark.swin.oz.au (Ice-Fox (aka Robert Sturtz)) Date: Wed, 4 May 94 08:18:37 PDT Subject: The ITARs In-Reply-To: <199405041429.KAA00574@orchard.medford.ma.us> Message-ID: On Wed, 4 May 1994, Bill Sommerfeld wrote: > This is sick. According to this, I cannot teach foreigners about > cryptography in the U.S. -- even about the open literature. This is a > grotesque denial of my first amendment rights. does that also mean that an american cannot use his/her knowledge overseas? (btw im australian and therefore know nothing about american law) > > When this issue came up in a discussion on export control issues with > my employer's export control guru, he said that they basically never > bothered to enforce this in the case of open courses at colleges & > universities (because they knew it was unenforceable and > unconstitutional). > good for him > - Bill Yours in SYNC. Robert Sturtz __ __ __/// rsturt at wilbur.mbark.swin.oz.au (Ice-Fox on irc) __/// \XX/ Vice-President of Eastern Wargamers And Roleplayers Club \XX/ -------------------------BEGIN SPOOK FODDER------------------------- kill, bomb, maim, plot, c4, sex, murder, assassinate, gun, nuke, plan --------------------------END SPOOK FODDER-------------------------- From Carl_Ellison at vos.stratus.com Wed May 4 08:30:24 1994 From: Carl_Ellison at vos.stratus.com (Carl_Ellison at vos.stratus.com) Date: Wed, 4 May 94 08:30:24 PDT Subject: TLAs, etc. Message-ID: <199405041527.LAA03247@transfer.stratus.com> > > Jim Miller says: > > > > My hypothesis: The TLAs could shut down the cypherpunks mailing list > > (as it now exists) by dragging all the U.S. list members into court. > > The TLAs would probably lose the case, but they would still do a lot > > of damage to the lives of the U.S. list members. > > > > > > > ::Gulp:: Don't give 'em any ideas.. > > -- Jane Doe, subscriber, Cypherpunks List :) ;) ..one solution to a heavy mailing list... :-) Actually, we might try inviting such prosecution -- e.g., with each of us posting source code for some algorithm to the list. This is so clearly publication (ala newsletters on paper) that the case would never hold but it wouldn't hurt to have a court rule. From habs at warwick.com Wed May 4 08:37:29 1994 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 4 May 94 08:37:29 PDT Subject: Valid MacPGP?? Message-ID: <9405041803.AA14155@cmyk.warwick.com> Hi, I am trying to verify the current version of MacPGP I am using. I haven't found the binary file to be signed in anyway. Is MagPGP signed? If so how do I check and/or where do I look? Next question: Who has signed it? /hawk From hugh at ecotone.toad.com Wed May 4 08:42:38 1994 From: hugh at ecotone.toad.com (Hugh Daniel) Date: Wed, 4 May 94 08:42:38 PDT Subject: Well users loose for now Message-ID: <9405041537.AA23675@ ecotone.toad.com> The Well has two IP feeds into the internet, due to political/biz_profit/sysadmin problems the two feeds do NOT back each other up, and the one that can be seen from toad.com has been down for a few days, thus blocking your email. If the feed comes up today, well.com based subscribers to cypherpunks should get all of the list traffic in one big burst, if it stays down much longer then the toad.com mailer will start trashing the older mail (and bug us about each lost message). This points to an interesting problem, TCP/IP is very good at getting data from point A to point B, so good that a month of bombing by the Department of War does not destroy network conductivity. Yet here in the (so very rich) USA we have lots lots of outages to parts of the net because TCP/IP does not solve the problem of PAYING for getting packets where they belong. This is a protocol issue on two levels, the first is that the idea of accounting for packets/bandwidth/capacity (in some unknown manner) was left out of TCP/IP in the first place. The second is that it is going to be a very large amount of work to replace the current plant of TCP/IP hardware and software as none of these protocols are negotiated, just presumed to be the only way to do things. If we build systems like these, then they will be 'brittle' and might inspire a few folks but not be usable by most, and some other (large) organization will build what it wants on top of our dreams rubble. There is little chance that I will ever use a monetary system that is so brittle that it fails if one link is down or one cypher unuseable due to it's being cracked by some unscrupulous agency. This important subject of protocols is the topic of the next San Francisco Bay Area Cypherpunks meeting. ||ugh Daniel Sometimes Postmaster hugh at toad.com From dmandl at lehman.com Wed May 4 08:58:26 1994 From: dmandl at lehman.com (David Mandl) Date: Wed, 4 May 94 08:58:26 PDT Subject: Why Digital Cash is Not Being Used Message-ID: <9405041314.AA24944@disvnm2.lehman.com> From: "Michael V. Caprio Jr." > > So what is the natural currency to trade in on the Internet? What is the > medium that is most widely spread across the myriad nodes and networks that > crisscross the globe? Hot air? --Dave. From juola at bruno.cs.colorado.edu Wed May 4 09:23:11 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Wed, 4 May 94 09:23:11 PDT Subject: TLAs, etc. Message-ID: <199405041619.KAA22249@bruno.cs.colorado.edu> Actually, we might try inviting such prosecution -- e.g., with each of us posting source code for some algorithm to the list. This is so clearly publication (ala newsletters on paper) that the case would never hold but it wouldn't hurt to have a court rule. I wish I had your faith in the court system -- or perhaps I'm glad I don't. Either way, the fact that you and I and everyone on cypherpunks thinks that posting code to a private mailing list is "publication" means exactly nothing in court, any more than it would be if I made a huge conference call to everyone on cypherpunks to conspire to evade the ITAR regulations. - kitten From mikecap at WPI.EDU Wed May 4 09:23:30 1994 From: mikecap at WPI.EDU (Michael V. Caprio Jr.) Date: Wed, 4 May 94 09:23:30 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <9405041051.AA01062@snark.imsi.com> Message-ID: <199405041620.MAA04197@coyote.WPI.EDU> Perry writes: > Information is useless as a currency, for five reasons. > > 1) It is not fungible. > 2) In order to demonstrate that you have it you generally speaking > have to have already given it away. > 3) It can decay in value, unpredictably. My inside information that > Joe Blow is a communist spy is valuable today and might become > worthless tomorrow. > 4) It cannot be effectively loaned or borrowed. > 5) It has highly unpredictable value. Two pieces of information might > be worth the same number of pieces of gold from me, but you may > find one of them worthless and the other very worthwhile. Hmm. It seems to me that a bunch of these characteristics you've described seem very similar to a stock market situation. I would use the analogy of information as shares... It also seems that number two is a typical zero knowledge situation - plus the fact that if I tell you I have a piece of code that does x - you want the code, and knowing what it does has no real value to you, if you just want it for its functionality. BTW, what is fungible? I've seen this term used several times, but have no idea what it means. > Dollars are a natural currency for use in internet trade. So are gold, > D-Marks, Yen, etc. There is nothing wrong with these things. > I'll agree that I don't like government sponsored currencies, but > since everything is denominated in them right now I'd say that they > are perfectly fine. I think this is a key point - there has to be a common sponsoring agency, a "data bank" or something that holds all the keys, and has all the info. Making a currency isn't really the hard part here - someone could just encrypt a textfile that says "This is a five point cyphermark". All that's important is the key authentication at the bank, who will be the party who trades it around ultimately - it's getting people to agree on it, and give it value that's the issue... Zen, philosopher-at-large From sandfort at crl.com Wed May 4 09:24:48 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 4 May 94 09:24:48 PDT Subject: The Value of Money In-Reply-To: <9405040700.AA09737@netmail2.microsoft.com> Message-ID: C'punks, On Tue, 3 May 1994, Blanc Weber wrote: > One bill makes you larger, two bills make you small, and the ones that > Uncle gives you aren't worth anything utall....... This is brilliant. I love it! But . . . > . . . How did the gov. decide how much to "create" (print) and > then assign a "value" to, from their gold reserve (back when it meant > something). The idea is to create a unit of currency whose value is convenient for typical transactions. Some amount that is easily grasped by the average person. Originally the US dollar was 1/20th of an ounce of gold. That amount of gold, today, has the buying power of US$18, or so. A bag of groceries more or less. The amount of gold determines the total value of the money supply, but the number of people and transactions in which it must take part determines the number and denomination of bills and coins to be printed and minted. > Too much or too little currency in circulation, and you have either > inflation or deflation; No, no, no. This is a common falacy. It is the *change* in the amount of money in circulation that constitutes inflation or deflation. If there were only one ounce of gold in the whole world, it could easily back any amount of economic activity. Just the ratio of gold to currency would change. > The act of assigning abstract numbers to a concrete substance like > gold: someone made the initial associations and established an > understanding among the intended users. . . There is nothing anymore abstract here than, say, using different systems of weights to measure your gold. 1 troy oz. = 31.103+ gms. Just like saying, "US$1 is defined as 1/20th troy oz. of gold." Nothing too abstract about that. > . . . > I understand this much: there is some gold and other actual metal > located in a vault, sitting there as a symbolic standard of wealth, > worth, value. Nothing symbolic about it. Gold has value because people value it. Just like potato chips and romance novels. > Everyone stakes a claim to it, and they exchange that > claim to others in substitution for something else (dog, rifle, gas in > the car, baby-sitting). No, the owners own it. The owners may exchange certificates of ownership for other property. > These claims can circulate as fast as a > computer can calcualte & transfer them, and that is all that circulates > while the standard continues to sit in the vault, not being used for > anything by anybody. Not being used? I thought the gold was supporting commerce. > As long as you hold a claim to this lump of > stuff, you're Somebody - a force to contend with in the Market Place. Or other lumps of "stuff." Property is wealth. But in the Market Place of Ideas, for instance, other "currencies" are paramount, and so it goes. S a n d y From mikecap at WPI.EDU Wed May 4 09:31:38 1994 From: mikecap at WPI.EDU (Michael V. Caprio Jr.) Date: Wed, 4 May 94 09:31:38 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <9405041314.AA24944@disvnm2.lehman.com> Message-ID: <199405041629.MAA08249@bigwpi.WPI.EDU> > From: "Michael V. Caprio Jr." > > So what is the natural currency to trade in on the Internet? What is the > > medium that is most widely spread across the myriad nodes and networks that > > crisscross the globe? Dave sez: > Hot air? Nope... ego... :) Zen, philosopher-at-large From Carl_Ellison at vos.stratus.com Wed May 4 09:34:44 1994 From: Carl_Ellison at vos.stratus.com (Carl_Ellison at vos.stratus.com) Date: Wed, 4 May 94 09:34:44 PDT Subject: The ITARs Message-ID: <199405041632.MAA07580@transfer.stratus.com> >> This is sick. According to this, I cannot teach foreigners about >> cryptography in the U.S. >does that also mean that an american cannot use his/her knowledge overseas? That's what Stratus' export control lawyers tell us. However, this whole thing is totally screwy. I know at least one American who consults as a cryptanalyst for foreign companies and governments -- with no mention of export licenses. From perry at snark.imsi.com Wed May 4 09:37:46 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 4 May 94 09:37:46 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <199405041620.MAA04197@coyote.WPI.EDU> Message-ID: <9405041635.AA02723@snark.imsi.com> "Michael V. Caprio Jr." says: > > > 2) In order to demonstrate that you have it you generally speaking > > have to have already given it away. > > I would use the analogy of information as shares... It also seems > that number two is a typical zero knowledge situation - No its not. Its easy to conduct a zero knowledge interactive theorem proof for things that are mathematically expressable, like "I know a Hamiltonial circuit of this graph", but it won't work for anything that can't be expressed that way. Example: construct a zero knowledge proof for the proposition "I know something interesting about George Bush that you would be willing to pay $100 to know". > BTW, what is fungible? A fungible thing, sometimes called "a commodity", is one for which the all are oblivious to substitution. As an example, when you request a dollar bill from me, you don't care WHICH dollar bill you get. When you ask for a one kilo gold ingot, which ingot from the space of all ingots doesn't matter to you. Only fungibles can be traded in securities markets or deposited in accounts. I can trade shares of IBM because you have no care which 100 shares of IBM you get. I can trade futures contracts for West Texas Intermediate Crude because thats a very well specified substance. Currency is ALWAYS fungible. That which is not fungible cannot be used as a currency. In particular, "information" is not fungible. It is not a commodity. Two pieces of information are not indistinguishable. Perry From dat at spock.ebt.com Wed May 4 09:43:03 1994 From: dat at spock.ebt.com (David Taffs) Date: Wed, 4 May 94 09:43:03 PDT Subject: TLAs, etc. In-Reply-To: <199405041527.LAA03247@transfer.stratus.com> Message-ID: <9405041640.AA06509@helpmann.ebt.com> From: Carl_Ellison at vos.stratus.com > > Jim Miller says: > > > > My hypothesis: The TLAs could shut down the cypherpunks mailing list > > (as it now exists) by dragging all the U.S. list members into court. > > The TLAs would probably lose the case, but they would still do a lot > > of damage to the lives of the U.S. list members. > > > ... Actually, we might try inviting such prosecution -- e.g., with each of us posting source code for some algorithm to the list. This is so clearly publication (ala newsletters on paper) that the case would never hold but it wouldn't hurt to have a court rule. It might be interesting for a group to publish crypto code (or other potentially illegal bit strings) using something like DC-NET, where each person contributes to each bit of information. For example, maybe 100 people publish random bit strings, and when XOR'ed all together you get some bitstring which might be illegal to export, such as crypto source code. They couldn't possibly prosecute any subset of the 100 people, because it might be the case that the 100'th person is the one who XOR'ed all the other strings with the source code and published that. Thus, the only possibility would be to prosecute all 100 people at once, and each could point the finger at any one of the other 99. It is hard to believe that a jury would convict under these circumstances, at least without more evidence of an actual conspiracy. To help the situation, each of the 100 could publish another bit string, which when XOR'ed to the first, produced some nice GIF, which of course might have been their intent in the first place. People could publish both halves in either order, marked A or B, and so it could appear to be pure happenstance :-) that all 100 B halves, when XOR'ed together, produce compilable source code. At any rate, tracing to a particular person would be impossible, and a large subset of the group could actually be completely unaware of the final product. Any one of the 100, if aware ahead of time of what the other 99 would publish (or aware of what the XOR of the 99 would be), could slip in the real source code in the middle of the message stream. But, in the famous words attributed by the late RMN to himself, "but it would be wrong"... From wcs at anchor.ho.att.com Wed May 4 09:47:48 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 4 May 94 09:47:48 PDT Subject: Giving Value to Digital Cash Message-ID: <9405041644.AA22031@anchor.ho.att.com> Perry writes: > > Most major economies are using fiat money today, so it is clear that > > fiat money will work. > > Fiat money works because guns are used to force people to accept it. > You have to pay your taxes in it, the laws are written so that all > commercial paper requires that you use it, the government makes all > its purchases in it, etc. The result of this is that it is accepted. > It is substantially harder for people to accept fiat money that > doesn't have guns barrels backing it up. Fiat money works because people can get other people to accept it, though guns are a popular way of making that happen. Most major economies use it because it's a good deal for guys with guns. You don't have to pay taxes in fiat money in the US; they'll accept real gold or silver money if you want to use it instead of the cheap paper. It's still legal _payment_ for debts, as opposed to mere tender like greenbacks. But bad money does drive out good, so people spend fiat money. Green stamps were fiat money, but somewhat useful once. US postage stamps are fiat money, and they do use guns to prevent other people from offering competing mail service, but people will often accept them as money for small purchases; it used to be a popular way of sending small payments by mail before checking accounts became nearly universal. Bill From dave at marvin.jta.edd.ca.gov Wed May 4 09:52:13 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto (the Wizard of TOTOSoft)) Date: Wed, 4 May 94 09:52:13 PDT Subject: TLAs, etc. In-Reply-To: <199405041527.LAA03247@transfer.stratus.com> Message-ID: <9405041649.AA26453@marvin.jta.edd.ca.gov> > Jim Miller says: > > > > My hypothesis: The TLAs could shut down the cypherpunks mailing list > > (as it now exists) by dragging all the U.S. list members into court. > > The TLAs would probably lose the case, but they would still do a lot > > of damage to the lives of the U.S. list members. > > Carl continues with: > Actually, we might try inviting such prosecution -- e.g., with each of us > posting source code for some algorithm to the list. This is so clearly > publication (ala newsletters on paper) that the case would never hold but > it wouldn't hurt to have a court rule. Perhaps by being more charitable to non-hardcore crypto discussions (Perry), the list could attract more members. Large groups are much more difficult to prosecute (persecute) than small ones (yes I know, it's not how big it is, it's how you use it). Personally, I find the social dynamics on this list *HIGHLY* entertaining and quite informative. dave From eagle at deeptht.armory.com Wed May 4 10:10:29 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Wed, 4 May 94 10:10:29 PDT Subject: Varian Synopsis Message-ID: <9405041007.aa22236@deeptht.armory.com> ---------- Forwarded message ---------- Distributed to TAP-INFO, a free Internet Distribution List (subscription requests to listserver at essential.org) TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE May 3, 1994 This is a note about an important issue: the future pricing of Internet services. Please repost freely. - University of Michigan Economist Hal Varian says the Internet is likely to face some type of usage based pricing in the future. - Varian says increasing demands on Internet by multimedia applications and commercial bypass of telephone networks will lead to significant increases in demands on Internet resources, and create pressures for usage based pricing models. - Varian proposes a system of congestion based pricing, that will allow free off-peak usage, but speculates that other outcomes are possible, and - Predicts eventual demise of CIX model of flat rate (no settlements) pricing for Network Service Providers. NOTES ON PROFESSOR HAL VARIAN'S APRIL 21 TALK ON INTERNET ECONOMICS by James Love (love at essential.org) May 3, 1994 On April 21, the Telecommunications Policy Roundtable (TPR) held its first workshop on the future of democratic discourse on the Internet. Hal Varian, a professor of economics and finance from the University of Michigan, presented "Economic FAQs about the Internet," a paper co-authored with Jeffery K. Mackie-Mason. The Workshop was held at the Carnegie Institution in Washington, DC, and attended by about 60 persons. There was considerable interest in the topic. TAP had received more than 400 requests for copies of the paper (including about 350 requests by electronic mail). The paper is available for anonymous ftp, gopher, or World Wide Web at gopher.econ.lsa.umich.edu, or by sending an email message to ndaly at essential.org. Professor Varian's prepared talk followed the paper fairly closely, with a number of facts and antidotes thrown in to illustrate his main points. Among economists Varian is known as a superb expositor, and his presentation was as clear and accessible as the paper. Varian spent the first part of his talk describing such topics as who "owns" various components of the Internet (backbones, midlevel networks, etc), technical aspects of Internet routing, and the growth of traffic on the Internet. I won't bother to go over all the points which are explained in the paper, but a few items are worth mentioning. Varian disclosed that Internet data packets contain an unused "priority bit," that was originally designed to allow Military brass to assign priorities in data routing. The costs of routers (workstations) had fallen much faster than the long distance transport costs, and the long distance backbone facilities were often the bottleneck. Varian also spent a good amount of time explaining how Internet usage is changing, and that while electronic mail is the service most widely used, it constitutes only about 8 percent of the bits sent over the network. New applications, such as the multimedia Mosaic, Internet Fax, and Internet radio are rapidly becoming large users of Internet resources, and these new uses of the Internet are creating huge pressures to change the way Internet services are priced. To illustrate his point, Varian talked about the new Power PCs, which will allow a single user (a college student talking to his parents) to hook up a video camera, and send about 1 megabyte of data per second to the Internet, nearly tying up an entire T-1 line. Varian indicated that the power of workstations connected to the Internet is increasing much faster than the capacity of the Internet to carry traffic. Moveover, a number of commercial users of the Internet are rapidly finding ways to bypass the higher priced telephone networks, both domestically and internationally. Varian was focused largely on the increased congestion cause by the new demands on the Internet. Interestingly, his own research indicated that peak demands shifted from day to day, and peak and off-peak usage could not be easily predicted by the time-of-day, as it is for telephone service. In the United States the Internet is unregulated, and there are no internal prices for Internet usage. Network service providers typically buy bandwidth, or capacity, and face zero marginal costs for usage. End users face a variety of charges, depending upon how their service providers resell access to the network. Some foreign countries, such as New Zealand and Chile, charge Internet users for traffic, as measured by bits. Different uses for Internet services have different requirements in terms of routing priorities. Electronic mail generally does not require an immediate claim on network bandwidth, and can be managed to travel "off peak." On the other hand, some services, such as video conferencing, Internet "talk," or running Mosaic, generally allow the user to command bandwidth at a particular time. Varian was quite clear that he believes that the problem of congestion on the Internet will become a much larger problem as the Internet becomes used for a more diverse set of applications (and the growing power of desktop computers to generate data). Varian said that he believes there will eventually be prices for Internet usage, and the only real uncertainty will be which pricing system is used. A very difficult problem will be the development of accounting systems and other mechanisms to facilitate billing for Internet usage. Generally speaking, it is not simple to determine if data packets contain electronic mail, fax transmissions, video, or other data, making content based pricing problematic. There are also a number of complex issues relating to when or where traffic would be "charged" for internet usage, since users gain access to the Internet from a highly decentralized network of workstations and networks. Varian also talked about problems in determining if senders or receivers would pay for data transmissions, which he illustrated by talking about ftp or gopher servers (who was the "sender" of the data, the person sending the query, or the file server which returns data?). According to Varian, a number of persons are working on these problems, and many important decisions will be determined by engineers working on technical issues. He singled out the Internet Society's Internet Engineering Task Force as the most important forum for groups sorting these issues out. Varian said that any scheme to charge for internet usage would also involved non-trivial costs in terms of metering or accounting, and possibly significant changes in the culture of the Internet (the question on many persons minds is the future of the Internet Listserves), although on a more optimistic note, he said the costs of routing and backbone services should be low, if calculated on a per user basis. Varian said little about the Commercial Internet Exchange (CIX) in his prepared remarks, but in response to questions, he said that he did not believe the CIX pricing model (a flat fee for connectivity) was sustainable, and he thought that the new Network Access Point (NAP) providers (Ameritech, Pac Bell, Sprint, and MFS) would employ a usage based pricing approach. Varian also talked at some length about work underway to create mechanisms for charging for other types of transactions, using a variety of schemes to create "virtual cash" for use on the Internet, such as the services recently announced by Commerce Net using technology developed under NSF funded R&D. Varian said that government R&D in this area was welcomed, because it provided neutral non-proprietary systems that couldn't be controlled or manipulated by a single firm. Varian described the new Internet architecture, which is based upon four NAPs, each controlled by a telephone company, which Varian described as the new "cloverleaves" for the Internet (connecting various backbones and networks), and the new vBNS high speed backbone. Varian said the high interest in the vBNS contract was due largely to its strategic role in the development of new Internet technologies, including accounting and payment mechanisms, which may eventually be deployed to the entire Internet. (MCI "won" the recent NSF contract for the vBNS, but the award is being contested by Sprint. AT&T was also rumored to have been an unsuccesful bidder on the vBNS). Varian's own preference for Internet pricing is a system that only charges for priority routing. As described in several papers (written with MacKie-Mason), Varian would employ a system whereby users would "bid" for access when congestion was a problem, and routers would give priority to packets that had the highest willingness to pay. Users would pay the lowest price that was accepted in this routing "auction," so everyone would have an incentive to reveal their true willingness to pay. Under Varian's scheme, all Internet traffic which did not claim priority status would travel for free. Thus, for example, a large Internet mailing list such as Humanist, PACS-L or CPSR- Announce could mail for "free," with an off peak priority. For Varian's scheme to work, it would be necessary to have routers compare "bids" by packets, priority bidders would have to "pay" for access to someone, and there would have to be a high degree of consensus, so the priority packets would not face bottlenecks or delays anywhere on the Internet. Varian acknowledged that it was possible that the Varian (and MacKie- Mason) system of pricing might not be adopted, and some less elegant system, such as pricing by the bit, may be coming. A number of persons wanted to know who would decide these issues, and Varian was not too specific. The message (the "guess") seemed to be that the companies which controlled the NAPs and a critical mass of the backbones would have a lot to say about what was eventually adopted. Varian was asked to speculate about future telco investments in Internet providers, such as purchases of companies like PSI or UUNET, but he was reluctant to predict much, other than to emphasize the importance of competitive free entry into the market for Internet services, which would undermine monopolist practices. Varian was asked if it was possible that a coalition of Internet providers would have the power to implement a pricing scheme that would have an adverse impact on the future of Internet listserves (many of which "send" more than 100,000 messages per day), but he was reluctant to be very specific in his predictions, other than to say that many outcomes were possible. Note: On April 29, a follow-up workshop was held with Dr. Steve Wolff of NSF, Professor David Farber, and PSI CEO William Schrader. Notes from that workshop and other information regarding Internet pricing will be posted to tap-info. --------------------------------------------------------------------- TAP-INFO is an Internet Distribution List provided by the Taxpayer Assets Project (TAP). TAP was founded by Ralph Nader to monitor the management of government property, including information systems and data, government funded R&D, spectrum allocation and other government assets. TAP-INFO reports on TAP activities relating to federal information policy. tap-info is archived at ftp.cpsr.org; gopher.cpsr.org and wais.cpsr.org Subscription requests to tap-info to listserver at essential.org with the message: subscribe tap-info your name --------------------------------------------------------------------- Taxpayer Assets Project; P.O. Box 19367, Washington, DC 20036 v. 202/387-8030; f. 202/234-5176; internet: tap at essential.org --------------------------------------------------------------------- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From frissell at panix.com Wed May 4 10:32:55 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 4 May 94 10:32:55 PDT Subject: Valid MacPGP?? In-Reply-To: <9405041803.AA14155@cmyk.warwick.com> Message-ID: On Wed, 4 May 1994, Harry S. Hawk wrote: > Is MagPGP signed? > > If so how do I check and/or where do I look? > > Next question: Who has signed it? > > /hawk > And I am trying to distribute MACPGP copies (on DOS disks). What is the best version of MACPGP to hand out. (Give me the full MAC name.) Thanks DCF From deeb at meceng.coe.neu.edu Wed May 4 10:40:20 1994 From: deeb at meceng.coe.neu.edu (Stephen Humble) Date: Wed, 4 May 94 10:40:20 PDT Subject: Lobbying/Politics/etc. In-Reply-To: Message-ID: <9405041548.AA04593@meceng.coe.neu.edu> Ed Carp sez: > Consider a successful terrorist attack against a significant > group of innocents (the larger the number killed, the greater the horror > and shock value). The terrorists were using PGP-encrypted email to plan > out the thing. > > Now, how long do you think it would take before ALL crypto was outlawed? > Who would benefit from such a thing? Consider that it's child's play to > finance, arm, and train a group of people to conduct a terrorist attack > and (conveniently) they all get killed in their attack. No one's going > to complain too loudly - after all, they *are* terrorists, right? I suspect significant problems implementing a law that criminalizes crypto. The government currently spends $billions per year trying to eliminate illegal drugs, to very little effect. Drugs should be easier to eliminate than crypto since phys-obs can't be copied ad infinitum as bits can. There's also the matter of recognizing crypto in use. A program that transforms its input so that the output can be converted back to the input but has maximum entropy is a good compression program and might also be an encryption program. If a TLA taps my phone and finds a mysterious bit sequence, how can they distinguish reliably and cheaply between an encrypted conversation and a download of emacs-19.22.tar.gz? I don't claim *they* can't try to outlaw crypto, and I certainly don't claim they can't kill millions in the effort, but I *do* claim that eliminating crypto is a very hard problem. Inspired by my recently-arrived "Cypherpunk Criminal" t-shirt, Stephen From pcw at access.digex.net Wed May 4 11:02:26 1994 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 4 May 94 11:02:26 PDT Subject: Double betting and money laundering... Message-ID: <199405041802.AA01734@access2.digex.net> This is a corollary to the debate on using financial markets for laundering by placing bets on both directions. Apparently, casinos are now on the lookout for people who are teaming up to play both halves of a bet. One casino kicked out two guys who apparently were betting on pass and don't pass on the craps table. Why were they bothering? Was it laundering? Nope. It turns out that casinos hand out free "comps" based on the amount of betting that you do. This is called being "rated." They notice that you're betting $10 chips and figure that the math shows that you'll probably lose x dollars per hour. Then they give you free room and food to show their appreciation. The casinos have elaborate computer tracking systems that would scare privacy activists. They watch you're trading and try to give you free amenities worth up to some fixed percentage of what the odds say you'll lose. The article that I dug this out of said the percentage was often 30%. (I think it was in this morning's NYT.) So these guys were betting like crazy to make it seem like they were high rollers who were entitled to big comps. -Peter From lefty at apple.com Wed May 4 11:03:28 1994 From: lefty at apple.com (Lefty) Date: Wed, 4 May 94 11:03:28 PDT Subject: Lobbying/Politics/etc. Message-ID: <9405041802.AA15050@internal.apple.com> >I suspect significant problems implementing a law that criminalizes >crypto. The government currently spends $billions per year trying to >eliminate illegal drugs, to very little effect. Drugs should be >easier to eliminate than crypto since phys-obs can't be copied ad >infinitum as bits can. I agree entirely. Personally, I'd be thrilled to see 'em try, purely for the fun of watching 'em going broke and looking foolish... -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From ecarp at netcom.com Wed May 4 11:07:56 1994 From: ecarp at netcom.com (Ed Carp) Date: Wed, 4 May 94 11:07:56 PDT Subject: Lobbying/Politics/etc. In-Reply-To: <9405041548.AA04593@meceng.coe.neu.edu> Message-ID: On Wed, 4 May 1994, Stephen Humble wrote: > Ed Carp sez: > > Consider a successful terrorist attack against a significant > > group of innocents (the larger the number killed, the greater the horror > > and shock value). The terrorists were using PGP-encrypted email to plan > > out the thing. > > > > Now, how long do you think it would take before ALL crypto was outlawed? > > Who would benefit from such a thing? Consider that it's child's play to > > finance, arm, and train a group of people to conduct a terrorist attack > > and (conveniently) they all get killed in their attack. No one's going > > to complain too loudly - after all, they *are* terrorists, right? > > I suspect significant problems implementing a law that criminalizes > crypto. The government currently spends $billions per year trying to > eliminate illegal drugs, to very little effect. Drugs should be > easier to eliminate than crypto since phys-obs can't be copied ad > infinitum as bits can. > > There's also the matter of recognizing crypto in use. A program that > transforms its input so that the output can be converted back to the > input but has maximum entropy is a good compression program and might > also be an encryption program. If a TLA taps my phone and finds a > mysterious bit sequence, how can they distinguish reliably and cheaply > between an encrypted conversation and a download of > emacs-19.22.tar.gz? Unless you use some sort of stego software, most encrypted stuff is pretty easy to figure out that it *is* encrypted. grep " BEGIN PGP " message is a pretty good way to detect PGP traffic, magic numbers will tell you if it's a compressed file or not, etc. It might not be necessary to prove what you were using to encrypt, merely proving that you *were* encrypting might be sufficient. It's like the FCC: if they catch a ham sending out packets, and the FCC can't read them, they issue you a pink slip. Doesn't matter what you're using, the meaning is obscured, and that's enough for them. From tcmay at netcom.com Wed May 4 11:10:51 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 4 May 94 11:10:51 PDT Subject: Visual Basic (yes, Basic!), and "VBX" tools In-Reply-To: <0097DEAC.BB4F8100.38@Leif.ucs.mun.ca> Message-ID: <199405041811.LAA09467@netcom.com> Buried deep in Bill Garland's message, I found the following: > 6. Learn Unix. Maybe I'll get a shell account on Sameer's machine. > I've been a DEC RSTS/VMS Basic-Plus/VAX BASIC V2 programmer for > too long, and I've not yet become unixificated. I don't even > know if I could read a C++ program. I'm obsolete...again. Maybe not. The tide may be shifting a bit. "Visual Basic," from Microsoft, is coming on like gangbusters for Windows programmers. And Windows is a _huge_ market. Further, by the time you you plausibly complete any crypto product, the connectivity to the Net will be there (cf. any recent issues of "Byte" for a mind-numbing discussion of the multitudinous standards for objects, OLE 2, Distributed Objects Everywhere, OpenDoc, etc.) Visual Basic is rapidly growing in popularity because of Microsoft's weight, Bill Gates' fondness for Basic (I speculate), and the fortuitous decision to incoporate Windows "foundation classes" (a C++ notion, of course) into Visual Basic in an easy to use way, via the aforementioned "VBX" extensions. These act as tools, pallettes, widgets, and are growing rapidly in popularity. In reading and rereading the "Byte" article "Componentware," May 1994, Jon Udell, and in seeing an entire shelf of Visual Basic books at several of my local bookstores, I realized that things have changed. Here's just one quote. Think of "crypto" when you read about these VBX tools: "The fact that VBXes (Visual Basic custom controls) today best exemplify the decades-old notion of reusable software has been a surprise for everyone, including Microsoft. VBXes aren't just for 3-D buttons, guages, and scrollable grids. National Instruments (Austin, TX) will sell you a VBX that controls GPIB (general-purpose interface bus) instruments. Cimflex Teknowledge (Palo Alto, CA) offers a VBX-based expert system. Distinct (Saratoga, CA) packages its TCP/IP programming kit into a VBX...." (more examples) Now part of this could be over-enthusiasm by the "Byte" author...we've seen that plenty of times (in all of us). But my point is that anyone already versed in Basic might want to take a serious look at Visual Basic, and/or Visual C++ (which Microsoft has introduced to also exploit VBXes). Granted, Visual Basic is barely similer to the "old" Basics, such as RSTS Basic (does DEC even support that anymore?). The whole world is most definitely *not* going to Sparcstations, BSD, and C++. Windows, Macs, and such are outselling Unix boxes by a vast margin, and both Pentium- and PowerPC-based "personal computers" are essentially workstations. Granted, most are not "on the Net" in the same way the "toad" machine is, but this will change in time. It could change soon. (And I'm sure some Windows, Windows NT, OS/2, and Macintosh System 7 machines are already on the Net. Also, there's more to the crypto future and needed software than just being on the Net.) --Tim May > And please, Tim, We Really Do Need The FAQ. I have heard > you toss out tidbits about the Cyperpunks FAQ. More, please. > We really do value your postings and ideas and caveats and > reputation - nobody else could do it...Tim... Yes, it's coming. Real Soon Now. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From johnsonr at spot.Colorado.EDU Wed May 4 11:15:39 1994 From: johnsonr at spot.Colorado.EDU (Richard Johnson) Date: Wed, 4 May 94 11:15:39 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: Message-ID: <199405041815.MAA01813@spot.Colorado.EDU> From the keyboard of: "Michael V. Caprio Jr." > BTW, what is fungible? I've seen this term used several times, but have no > idea what it means. When I don't know what a word means, I grab for a dictionary. :-) If we're going to implement digital cash, we need to understand at least the basics of monetary systems, and the terms involved. Accordingly, the American Heritage Dictionary brings you: fungible (fun-jih-bull) adj. 1. Law. Returnable or negotiable in kind or by substitution, as a quantity of grain for an equal amount of the same kind of grain. 2. Interchangeable. fungible (fun-jih-bull) n. Something that is exchangeable or substitutable. Often used in the plural. [Medieval Latin fungibilis, from Latin fungh (vice), to perform (in place of).] - fungibility n. Richard From 75260.1646 at CompuServe.COM Wed May 4 11:41:29 1994 From: 75260.1646 at CompuServe.COM (Bruce C. Dovala) Date: Wed, 4 May 94 11:41:29 PDT Subject: PKP licensing of RSA Message-ID: <940504183613_75260.1646_CHL78-1@CompuServe.COM> Hi all, Just what may be a stupid question concerning licensing of the RSA algorithm from PKP. I have friends who would like to use freeware PGP but are hesitant to do so because of _possible_ patent infringement against PKP. On the other hand, they aren't crazy about paying $100 for the ViaCrypt version. (And that price will increase shortly, I believe. Does anyone know if PKP will directly license RSA for single-user use? (In other words, get the freeware version of PGP and then get a license from PKP to use it "legally"). I would imagine the license would cost less than $100 if available (why do I doubt that ViaCrypt is in this for their health?). Yes, I realize that this would mean there would be a record of licensees. And if the government chose to make "non-Clipper" encryption illegal in the future, they would have a list of people to investigate. A LONG list. Included on which would be all cypherpunks and everyone who bought a copy of ViaCrypt PGP. So what are they going to do about it? I think it is well out of their control. It would be politically unsound to investigate all registered ViaCrypt users. Obviously, this question is for the benefit of those who, for whatever reason, must remain "strictly legal". But who don't care to pay $100 for ViaCrypt's version. People who are willing to use the unlicensed freeware version (not like _I_ ever would ;) ), could continue to do so. Maybe I'm way off-base here. Don't flame me, just correct my thinking. (Though I am wearing my Nomex suit!) Thanks for any intelligent replies, Bruce From tcmay at netcom.com Wed May 4 11:46:49 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 4 May 94 11:46:49 PDT Subject: Brittleness and Our Crypto Future In-Reply-To: <9405041537.AA23675@ ecotone.toad.com> Message-ID: <199405041848.LAA12917@netcom.com> Hugh Daniel writes: > This is a protocol issue on two levels, the first is that the idea > of accounting for packets/bandwidth/capacity (in some unknown manner) > was left out of TCP/IP in the first place. The second is that it is > going to be a very large amount of work to replace the current plant > of TCP/IP hardware and software as none of these protocols are > negotiated, just presumed to be the only way to do things. > > If we build systems like these, then they will be 'brittle' and > might inspire a few folks but not be usable by most, and some other > (large) organization will build what it wants on top of our dreams > rubble. > There is little chance that I will ever use a monetary system that > is so brittle that it fails if one link is down or one cypher > unuseable due to it's being cracked by some unscrupulous agency. Indeed. "Brittleness" is what's making the creakiness of the Net all the more apparent and critical every day. (Some things it does very well, and I'm amazed that it works as well as it does...a lot of clever people out there making patches.) Software has been compared to building a Boeing 747, except that flipping one little switch accidentally can make the wing fall off. We see islands of relative stability (word processors, apps, etc.) separated by flaky, error-prone (human, mostly) networks, with little interoperability. We mainly do "encryption" and "remailing" with our wonderful crypto tools--and we *don't* do much of the other neat stuff that is possible--for a simple reason: the only thing all of our myriad mail systems, newsreaders, various platforms, and communication systems can reliably communicate to each other is the _simple text message_! Although much more complicated objects are in principle intercommunicable (and Mosaic can do images, etc., so things are changing), the basic object of communication is the text block. It can be encrypted/decrypted, signed, and remailed, with people at the receiving end knowing how to handle it....that's why PGP and remailers work. The other protocols rely more on complicated objects, signals sent back and forth, and are much less interoperable and semantically more ambiguous. > This important subject of protocols is the topic of the next San > Francisco Bay Area Cypherpunks meeting. I agree. If the meeting is still on the 14th, the normal "second Saturday," I'll be there. If it's been moved to the 21st, as was being talked about, I'll be down in Los Angeles (where I'd still like to meet with any LA-area Cypherpunks who wish to meet). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From habs at warwick.com Wed May 4 11:49:26 1994 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 4 May 94 11:49:26 PDT Subject: TLAs, etc. In-Reply-To: <9405041649.AA26453@marvin.jta.edd.ca.gov> Message-ID: <9405042121.AA15277@cmyk.warwick.com> Dave wrote: > Perhaps by being more charitable to non-hardcore crypto discussions (Perry), > the list could attract more members. Large groups are much more difficult > to prosecute (persecute) than small ones (yes I know, it's not how big it While Perry would be the first to agree his style can be a bit rough at times, I have to feel it is warrented. This group is over 700 people. The goal of this list is to CODE, not to Get as many people to join as possible. By forcefully asserting his option Perry creates many effects; one of those being that we are still working on CODE. An other effect is to helping to keep the S/N ratio high. Any other ill effects are minor compared to the positive effects I mention. Sure it would be nice if Perry interacted differently but then he wouldn't be Perry... I would suggest rather then trying to change Perry you start your own list for the purpose of discussion you indicate. From phantom at u.washington.edu Wed May 4 12:03:28 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Wed, 4 May 94 12:03:28 PDT Subject: ghostmark trading, etc. Message-ID: I've had quite a few messages requesting ghostmarks, and I'm responding to each of them. For the first few days (at least) I'll be sending a few (less than 4) ghostmarks to whomever wants them (and starts up their "electronic wallet" -- the client software). send me mail with your clients' key to redeem my startup offer. Remember, if you want to bet on the sonics/nuggets game, the deadline is 3pm PST. Stakes: 20gm. (you need not have a client key already generated to enter this drawing) if you have any questions about how to use my bank or where to get the software, feel free to mail. That's what I'm here for. mt Matt Thomlinson Public Relations The Phantom Exchange Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From lassie!jim%lassie at netcom.com Wed May 4 12:05:45 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Wed, 4 May 94 12:05:45 PDT Subject: digital cash Message-ID: <168@lassie.lassie.uucp> -----BEGIN PGP SIGNED MESSAGE----- X-date: 5/3/94 X-pay-to: Cypherpunks subscription X-amount: 36.25 -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcftKVfzDU5jV4uhAQHV4wQAhaLeXcGW2vAbkh5nA39oOc+/OK39C9V8 5W/bmOVFfxtheZ+BKRYqJ3hewmBPIKW1epJ4+C8eh+1Jy6XllYAkFZmG8HbtsBAl kP80Fz7uTloANQahfdMajbQQum0PDuasXNX4rMkBYoQG93k2JloRJfWNBWcBPpeU djXEXYngy1M= =whUr -----END PGP SIGNATURE----- Make sure that you run this thru the bank server so I get a copy of my canceled check back and my mounthley reconciliation is updated. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From a2 at ah.com Wed May 4 12:06:36 1994 From: a2 at ah.com (Arthur Abraham) Date: Wed, 4 May 94 12:06:36 PDT Subject: The ITARs [support your CRYPT-IN rights!] In-Reply-To: Message-ID: <9405041904.AA01806@ah.com> > Jim Miller says: > > Section #120.9 of the ITAR defines "Defense Service" as: > > > > (1) The furnishing of assistance (including training) to foreign > > persons, whether in the United States or abroad in the design, > > development, engineering, manufacture, production, assembly, testing, > > repair, maintenance, modification, operation, demilitarization, > > destruction, processing, or use of defense articles; or > > (2) The furnishing to foreign persons of any technical data > > controlled under this subchapter (see #120.10), whether in the United > > States or abroad. > Perry E. Metzger responds: > This is sick. According to this, I cannot teach foreigners about > cryptography in the U.S. -- even about the open literature. This is a > grotesque denial of my first amendment rights. > > I wonder if I should hold an open enrollment cryptography class for > the sake of civil disobediance. > > > This is exactly the sort of issue the Cypherpunks were formed to address. CALL TO ACTION: I suggest that those of us who are able to do so immediately lay plans to offer such courses. These courses should only contain open information, and they be specifically advertised to foriegn nationals living in the US. To the extent possible we should coordinate these courses, perhaps to content, certainly to date and notification of the interested authorities. The should happen in every corner of the land. The time for the CRYPT-INs has come! [No one who supports with the government's right to suppress publically available information should participate.] -a2 From ecarp at netcom.com Wed May 4 12:38:18 1994 From: ecarp at netcom.com (Ed Carp) Date: Wed, 4 May 94 12:38:18 PDT Subject: PKP licensing of RSA In-Reply-To: <940504183613_75260.1646_CHL78-1@CompuServe.COM> Message-ID: On 4 May 1994, Bruce C. Dovala wrote: > I have friends who would like to use freeware PGP but are hesitant to do > so because of _possible_ patent infringement against PKP. On the other > hand, they aren't crazy about paying $100 for the ViaCrypt version. (And > that price will increase shortly, I believe. As long as the use is for experimental, research, or educational purposes, I don't think Jim Bidzos is going to care much - those are permitted uses, under US patent law. > Does anyone know if PKP will directly license RSA for single-user use? (In > other words, get the freeware version of PGP and then get a license from > PKP to use it "legally"). I would imagine the license would cost less > than $100 if available (why do I doubt that ViaCrypt is in this for their > health?). Why go to the trouble? ftp to rsa.com - if you are a US citizen, get the README from /rsaref. It details, quite simply, how to get rsaref and the ripem stuff, and the licensing docs are in there. > Obviously, this question is for the benefit of those who, for whatever > reason, must remain "strictly legal". But who don't care to pay $100 for > ViaCrypt's version. People who are willing to use the unlicensed freeware > version (not like _I_ ever would ;) ), could continue to do so. Like I said, it's a non-issue, unless you plan on using it for commercial use. Here's the text of the licensing stuff that I found in the latest version of ripem: From ecarp at netcom.com Wed May 4 12:38:33 1994 From: ecarp at netcom.com (Ed Carp) Date: Wed, 4 May 94 12:38:33 PDT Subject: secure rlogin? Message-ID: In the licensing agreement that comes with RIPEM, there is mention of a secure rlogin using D-H key exchange. Does anyone know if this is publically available? Thanks! Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From tcmay at netcom.com Wed May 4 12:44:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 4 May 94 12:44:47 PDT Subject: DigiCash can use whatever currencies are valued Message-ID: <199405041945.MAA08668@netcom.netcom.com> As Perry and Eric and others have noted, schemes for digital cash are primarily a transaction mechanism, and not a new currency unto themselves. Transfers, accounts, payments, all the usual stuff. However, the strong crypto used allows more flexibility in bypassing normal currency rules and can allow users to mutually agree on whatever currency they wish. (This is in large part already possible, for some folks, in the international markets, the Eurodollar markets, etc. It's one of the things that keeps countries in line. Duncan Frissell and others have elaborated on this market mechanism.) Just as in Havana, the U.S. dollar is the de facto hard currency unit, so too could future digicash transactions be based on the Latvian luble, the Qatarese marq, or the Cyberian cyphertaler. Or on a market basket of such currencies. Or on uranium futures. Whatever the parties to a transaction agree on. (Obviously the usual Cypherpunkish issues of market forces, trust, reputation, escrow, etc., enter in here. How the dollar comes to have a "value" that is worth, say, 5 pounds of bananas to some merchant, while the officially supported Cuban peso is worth, say, half a banana peel, is a complicated and "emergent" thing. It's complicated, but was understandable to Saddam's ancestors in the markets of Babylon thousands of years ago. Enough said.) The prospects for breaking open these financial markets even further is breathtaking. Of course, it won't be easy. More than some casual programming will be needed. I don't expect folks on this list to pull this off all by themselves. Some may. --Tim May .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From wisner at well.sf.ca.us Wed May 4 12:45:25 1994 From: wisner at well.sf.ca.us (William Rodham Wisner) Date: Wed, 4 May 94 12:45:25 PDT Subject: Well users loose for now In-Reply-To: <9405041537.AA23675@ ecotone.toad.com> Message-ID: <9405041244.ZM24349@well.sf.ca.us> On May 4, 8:37am, Hugh Daniel wrote: > The Well has two IP feeds into the internet, due to > political/biz_profit/sysadmin problems the two feeds do NOT back each > other up, and the one that can be seen from toad.com has been down for > a few days, thus blocking your email. This is not quite accurate. The WELL has one IP feed into the Internet, through BARRNET. The WELL also has a private T1 line to a TLG customer, and traffic between the WELL and TLG is routed through this link. No packets to the rest of the Internet are sent through TLG. At least, that was the case. I just updated our routing tables to send TLG traffic through BARRNET like everything else, since that TLG link is down right now. From talon57 at well.sf.ca.us Wed May 4 12:46:20 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 4 May 94 12:46:20 PDT Subject: one time pad plus Message-ID: <199405041946.MAA24810@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- While I'm waiting for IP (internet politics) to re-establish the link between the WELL and toad.com, I thought I'd pass along an idea for a product I call "One Time Pad Plus." Basically it would work like this; Thelma is looking to pass a message to Louise, so she XOR's plaintext file A against random byte file B producing ciphertext file C. Now since Thelma works for an unethical company that like to read it's employee's E-mail, she's in need of some "plausible deniability." Enter "One Time Pad Plus." Thelma now XOR's ciphertext file C with "Safetext" file D (any typically company approved useless memo) producing "pseudorandom" file E. She now copies random file B to disc and sends it to Louise via secure sneakernet. Then she performs a military grade wipe on A and B. Now she can send ciphertext file C via company E-mail. If her message is intercepted, she has deniability, she can claim she has read of hackers, cypherpunks, and other evils equipped with packet sniffers, and being concerned about security is using encryption. She can then produce "random" file E and decrypt ciphertext file C which will yield not A but D the company approved useless memo. She is commended for her forsight and gets a handsome bonus (yeah right!) Questions? Comments? Criticism? Replies to private E-mail till I'm back Online. Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcf60dCcBnAsu2t1AQG4jwQAihPVSYiOIdepnyC5bxnFGTEaTeUQCagU E+IaW6dmMy9pamXmpTp17yu7+f9K7fL5uiSg/U08mN/rau6o6D86AoVxnzCV/byl IODUL35MBaXil5yVktReu3Vj8o+HNpYWQSBC0Ji9f14YQ4Da5t79kCmg/EFBZhmN 2SK+wYVBu80= =GORp -----END PGP SIGNATURE----- From talon57 at well.sf.ca.us Wed May 4 12:51:46 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 4 May 94 12:51:46 PDT Subject: he's back!! Message-ID: <199405041951.MAA26638@well.sf.ca.us> They seem to have fixed the problem, I just got a load of mail! Brian Williams From unicorn at access.digex.net Wed May 4 12:58:36 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 4 May 94 12:58:36 PDT Subject: Valid MacPGP?? Message-ID: <199405041958.AA13978@access1.digex.net> On Wed, 4 May 1994, Harry S. Hawk wrote: > Is MagPGP signed? > > If so how do I check and/or where do I look? > > Next question: Who has signed it? > > /hawk > And I am trying to distribute MACPGP copies (on DOS disks). What is the best version of MACPGP to hand out. (Give me the full MAC name.) Thanks DCF <- Mr. Hawk: Which version do you have? Mr. Frissell: The most recent version is MacPGP2.3.hqx.cpt Do NOT distribute MacPGP2.3 V1.1 as the source code is not "out there." I will be happy to send you a copy if you like. -uni- (Dark) From habs at warwick.com Wed May 4 12:59:16 1994 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 4 May 94 12:59:16 PDT Subject: Valid MacPGP?? In-Reply-To: <199405041840.MAA06702@spot.Colorado.EDU> Message-ID: <9405042206.AA15515@cmyk.warwick.com> > > Distribute "MacPGP 2.3 (1.0.5)" > > There is a 'newer' one out (1.1?), from someone in Germany, but the > source has not been made available (!). Is is signed and if so my who? If not how do we know it isn't cracked?? /hawk From frissell at panix.com Wed May 4 13:18:54 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 4 May 94 13:18:54 PDT Subject: Valid MacPGP?? In-Reply-To: <199405041958.AA13978@access1.digex.net> Message-ID: On Wed, 4 May 1994, Black Unicorn wrote: > The most recent version is MacPGP2.3.hqx.cpt > > Do NOT distribute MacPGP2.3 V1.1 as the source code is not "out there." > > I will be happy to send you a copy if you like. > > -uni- (Dark) I got the following from csn.org in MPJ's directory: 500741 May 4 11:33 MacPGP_2.3a_V1.1.sea.hqx It has a recent date. and I got the following from ftp.demon.co.uk 422851 May 4 10:22 MacPGP2.3.cpt.hqx 606458 May 4 10:24 MacPGP_2.3a_V1.1___en.cpt.hqx The latter had a recent date. DCF From bill at kean.ucs.mun.ca Wed May 4 13:29:48 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Wed, 4 May 94 13:29:48 PDT Subject: My skepticism/promises WAS Re: Mien Beinkpff Message-ID: <0097DEFF.94021420.58@Leif.ucs.mun.ca> Subj: My skepticism/promises WAS Re: Mien Beinkpff From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Discussing what >>On May 4, 8:04am, Bill Garland wrote: > >> So what else is on the homework list? >> >> 2. Read Schneier. Heavy into the technical cryptography stuff, to >> be sure, but definitely required reading. Many time units. >> >> 2. b. Do the Errata list. >> > >This last subtask is very important. I remember seeing the first set of >errata, and hearing reports of Bruce's (understandable) dismay at the >publisher's cavalier treatment of the typography of mathematical formulae. > >I've only recently gotten a round tuit myself, having perused the first section >of a housemate's copy, and am convinced I need my own. I'll have my own Friday >afternoon (Stacey's sells it locally), and am wondering if the most recent set >of errata are still available from Bruce. I was on a distribution from Bruce >for these, and am wondering if the mailing list still exists. I seem to remember getting a second Errata List posted here. ... >> 5. Get a Netcom account? Is this possible for a Canadian? I'd >> still have to telnet from some supplier here. I'll go for my >> own service with my own satellite dish. Investors, anyone? >> Ripe market! Send for Prospect-Us. > >Netcom? Only if you're a masochist. If you try dialing in, that is. Or doing >anything involving finger daemons. Or... I guess I don't know much about the _actual_ Netcom... it's just that so many people have addresses at netcom.com. Perpaps I was misusing it as a generic commercial account provider. >> But, isn't Unix full of security holes? When I set up my own >> Netcom company, won't I be hacked? Ray? HELP? Oh yes, I've >> got to get into Pr0duct Cypher's product. What's a firewall? >> > >Um, your own "Netcom company"? Netcom is certainly not the best business model >for an Internet service provider. Look at the load problems! Their pricing >model is very, very poor. You get what you pay for. I have 2 accounts on >Netcom (one business, one personal). Dialing into Netcom is useless, so all my >mail to those accounts is .forward'd to elsewhere. Thanks for this feedback. And this: >If you're seriously contemplating a Netcom-like service, ignore the whiners >("But your service costs too much!") and implement a rational pricing model, >rather than an all-you-can-eat-for-one-low-price dialup policy. ==== >> There's gold in them thar hills ... >> > >I don't know who you are, but it certainly makes it very difficult for anyone >to give you the benefit of the doubt when you publicly admit such a cavalier >attitude toward your own finances. Read what you've written above, and ask >yourself if it inspires confidence. You are certainly correct here. Cavalier, eh! Without wanting to get into this too far as to get off topic and into areas better left alone, this is just me trying to cure a very long case of bad attitude (self transformation into a dynamic optimist, as it were...) and not having succeeded yet. I am cavalier about it because it is public knowledge, even though I don't have to go spreading it around myself - but if the truth were known, I have benefitted from the experience. I think also I must have had a case of the "don't care's" when I injected just a little too much personal stuff into this effort. Folks have been asking for action, and where my personal style has not yet matured enough to be 100% totally professional all the time... I sometimes open my mouth too far, whereby I insert not only my foot, but the whole damn leg as well... >You say, "Fuck 'em... I'm going to do it anyway..." Well, OK. But talk like >that, while a fine display of your Cajones, doesn't inspire me. Perhaps this is a culture thing... >> And please, Tim, We Really Do Need The FAQ. ... >> >I, too, value Tim's postings. Yes, and if I sounded too cavalier in using Tim's name in my harangue, sorry - although I was replying to his post. I'm sure he will let me know if I said anything to offend him. > At the Extro-1 conference this last weekend, in >a discussion on "The Extropians Virtual Community", it was noted (not a new >point) that good posts never draw the responses that objectionable posts do. > Herein lie very large and serious issues of incentive engineering, which will >not be solved anytime soon. Well, never say never. I have seen threads I started (which were't objectionable) go on for weeks long past any input from myself. But, I guess it is true most of the time. I really wish I could have attended Extro 1. ..... snip ..... >If you want this - or anything (desirability aside) - you're going to have to >*convince* the rest of us - part of your potential market - why we should want >it too. Agreed. Absolutely. The single harangue we are discussing now was not this convincing that you and everyone needs. It was not meant to be. It was part dreaming part actual planning part just announcing some goals part training and part just thinking into the keyboard. Part of a Just Do It motivation that seems to have crept into my somewhat defective b-class module cpu-brain (possibly damaged) thing here behind these eyeballs. Having gone out on this limb, however, there remains this task I have set myself to explain all this...which will not be completed before I get some sleep. >> before I can do that, well, you know...homework... >> >> Still, if you want to get the ball rolling, send me $10 and I'll >> deposit it in trust, sticking my own reputation on the line ... > >Who are you? Seriously. Do you have a reputation? With whom? Is this >reputation salable? Well, I guess if I did, it's gone now... Oh well. Not meaning to be flip - you are right, My reputation has definitely taken some well deserved hits, and I don't consider it saleable. In deference to those who dislike smileys, and because I prefer it that way, I have tried to give up using them. >> Actually, I don't know if there are any legal implications to >> that, because my private company Macronic Systems, Inc. is incorporated >> specifically NOT as a bank, because different rules apply to a bank, > >You don't know, yet you make a solicitation of funds? Well, I suppose it really was a solicitation, if taken word for word. I may be a fool in many ways, but I really did have tongue in cheek here. Sorry if I misled or if my lingering depression coloured the tone of my voice - I for one refuse to go seek out prozac, for reasons I won't get into. >Oh, yes: different rules >*do* apply to banks. You really do need to read into North American banking >law. Correct. >> but my INFO_Banque is not incorporated anywhere. It is a virtual >> entity of mine that nobody can get at just yet. > >Do the authorities know where you sleep? This "virtual entity" is *you*. Are >you judgement proof? Well, yes, I think. At least I am well on the way to becoming so... >"Virtual" is such a fashionable buzzword these days. > What do you mean by it? No. Skip that one. I didn't say '"virtual entity"', I said 'virtual entity', using the word virtual in it's normal, non-buzzword meaning. It is not real, yet. It is a set of ideas. Now, I know that ideas are real, but this is too much to quibble over when there is so much else to do... ... >Well, I guess I've answered at least part of my own question... they *do* know >where you sleep. Yeah. I did worry about that, but They Already Know Anyway. I actually thought about encrypting the entire message and only sending it to Customers, because I really should allow some paranoia back into my life...but nobody would have bought it! And wouldn't you know it, just after posting, I got the detweiller mail bomb and the message from Tim updating newbies on that perversion. When Cypherpunks get Extropian/Hawk/Ray code, tmp will be ::exclude'able. >> Yes, this is fine. But we are talking anonymous money, untraceable >> transactions, cryptoanarchy, stuff like that. We know about cheques. >> (I wish you yanks could get your spelling right!) >> > >That's Yanques to you, bub. Sure t'ing, by. Whatever you wants. >> Agreed - of course. We've got to beat VISA/MC/AMEX/Travellers Cheques >> in transaction costs, > >Have fun trying. Do you mean "cost to credit company" or "cost to end user"? I mean in the game of making money, making this workable, profitable, doable. Costs to Customers. Delivering products and services of value to them. >> HEx is now dormant and will be for a little while yet. >> I am expecting to be able to find a place from which to run it >> real soon now. > >The playing field seems to have shifted ... > >Just *which* business do you plan to focus on? Which one is the one you are >chartered as a corporate entity to pursue? If I were a potential investor, I >wouldn't put my money onto a raft of promises. I have had ths very valid criticism before, and I thank you. I am not actually seeking investment capital here through anything I may have said with tongue in cheek. And if a $10 cheque _does_ arrive in the snail, I will do what I said, which is deposit it in trust and honour the fact that it does not belong to me. Of if it looks like the horizons are too far away - Tim says 10 to 20 years? - I will return it. >I'm not trying to squelch your enthusiasm, Whew! > but it's damned difficult for a >smart and energetic polymath (you sound like one; many of us are) to viscerally >accept the necessity of narrow specification and ruthless pursuit of a single >goal. You need to do one thing very well, and see if it flies. Otherwise, you >will accrete a reputation as a dabbler. What can I say - of course ! Focusing on narrow ruthless pursuits has been one of the ongoing problems I have with a sometimes overactive sometimes lethargic b-class module cpu-brain (possibly damaged). This concept of polymath - are you referring to something from a John Brunner novel of many years ago? Is this a word for which I need more clarification ? ... >> run, I may even repay with digital cash royalties. > >Royalties which will buy me how much petrol? Probably some fraction of some small number of litres for each digital dollar you are paid. Or whatever the going rate is. > How many pairs of trousers? How >many copies of the *Economist* or *Playboy*? How many scoops of Baskin >Robbins? Ditto. Actually, the idea of using Girl Guide cookies as exchange medium sounded neat. I order them once a year from my girls, so those of you with INFO_Banque digital cash you want redeemed, get me your order of cookies by, say, the end of January, and you'll have your cookies in April. $2.50 Canadian per box, converted to US dollars. But then again, my girls are soon to be women, so I'll have to switch to bottles of Barleygreen or something. >It has to be cash with backing. Calling it something cool doesn't convince. > There need to be fundamentals in place. Agreed, of course. The plan is to have my digital dollars, if and when etc etc, backed by good ole yanqui dollars. >> Other uses include digital timestamping - when I can get a >> machine and ups and raid box and backup site and security and >> all that other stuff I want - I will start offering services >> like this. What with all the other ambitions I have mentioned >> here in this Mein Beinkpff message/posting, I could easily spend >> a few hundred grand getting this together - if I didn't have >> a full-time job to do to feed my family, etc etc.... > >You've said this a number of times. Are you simply expressing your belief that >you'll never really do anything? No. I do not have this belief, despite whatever attitude I may have projected by thinking out loud. Just some practical realities. >Then why post at all? Why not! Action, jackson. >Do you have that low >an opinion of your own abilities? Do something. Don't complain. Your life is >your own. I will be impressed when you *do* something. First it is noted that I have too high an opinion of myself in that I have claimed many things I want to do and see happen and accomplish along my new-found-land, and now I have too low an opinion of myself because I cannot go out and spend the investment capital I don't have to do what needs to be done to prevent some things from recurring that I ought not to have allowed occur in the first place... Well, perhaps I am a confused individual. I well recognize the fact that I am a scatterbrain and that I mix and match my ideas with those I discover from others, but I am an integrated scatterbrain. B-class probe modules are self-repairing. >> yourself, and soon there will be 700 Cypherpunks and 300 Extropians >> and all 4 IMP-Interest people all having anonymous remailers and mixes >> operating, so any sub-chain of eight INFO_Banque Protocol banks >> will virtually HAVE to be reliable for our commerce... > >You make some interesting assumptions here. Why? Why should all of the people >you list above do these things? They won't, of course. Some might, assuming some of those interesting assumptions, for example that some ber of Cypherpunks and or Extropians and or other people in the world want thave digital cash available on the Internet and trustable chaumian mixes and anonymous transactions and so on. >> account. Maybe it will at first turn out to be merely digital >> cheques, but maybe if Perry lets me in on his secrets and some >> of the stuff he has learned from these six-figure guys at >> Citibank who are out trying to figure out how to capture this >> market, well maybe then we can get somewhere... >Are you willing to pay Perry large amounts of money for consulting? He *might* >consider it, if it's cash up front. (Right, Perry?) Well, yes. Willing and able are not the same. Of course I wouldn't expect someone as astute and knowledgeable as he to simply give away this valuable knowledge. I expect Perry himself is one of these six-figure guys he has warned us about. And he has hinted once in a while that he is working on new business. He is much more adept than most people (read me) at keeping his mouth shut when it really should be kept shut, and is, as far as I can tell, one who knows the difference. Not to mention... >I suggest you simply dive in and start learning basic economics. Start with >Hazlitt's *Economics in One Lesson*, Bastiat's *Economic Sophisms*, anything by >Hayek, Mises, and David (the younger) Friedman, for starters. Don't expect >someone like Perry to open up to you with "revealed knowledge" which will make >it all clear for you. If you're as serious about your Homework as you keep >repeating, learn the fundamentals of how the world works. Yes, this is what it is all about, eh. >You will then have at least some of the tools to acquire more tools. >> But please, sir, can we have more? Please write about Protocol. >> Soon. Like, forget the line-by-line response you were going to >> make to _this_ message... heh heh. (Opps, I almost said ... >> no, I can't repeat it...) And finally, >One of Tim's many graces is that he rarely makes a practice of the line-by-line >response. I know that. He is probably rolling his eyes upwards and groaning at this entire response. He has straightened out some goofy ideas I have harangued about in the past, and, again, not wishing to put words into the mouth of someone who is so eloquent by himself, he has expressed the same skepticism of my scatterbrained overambitious non-focused ideas before. But I have got some of the homework done, and more is in progress. > I wish I could say the same of myself. I also wish I could say the same of yourself - oops, sorry...heh heh, of course I meant my self. >Russell Earl Whitaker whitaker at sgi.com >Silicon Graphics Inc. >Technical Assistance Center / Centre D'Assistance Technique Thanks for your feedback and help. I know.... But, friends, I am smiling. I may even draft a new version of the Cypherpunks Quick Code on my next break. There was an interuption in our feed around about that time - I don't really know if it ever got through. And regarding my overambitious, somewhat bubbly stuff about all the miracles my INFO_Banque will accomplish and my other businesses will achieve - I refuse to put limits on what I can do. I've been there and done that and it didn't work. Focus, sure, but limits? That would be non-EC! You want action, so hang on a minute. Meanwhile another few dozen messages have come in...Perhaps I should retire now before sleep deprivation starts a perversion... and keep asbestos pajamas on when I get up. /----------------------------------------------------------------------\ | I am an Extropian. | Macronic Systems, Inc. offers Ideas for Sale ! | | BEST: DO_IT_SO ! | Go for it : Pledge a Digital US Dollar now. | | CryptoAnarchist. | Send PGP key for more information. | | Cypherpunk. | Get in on the ground floor. Invest Now. Trust me! | | Owner : MSInc., |---------------------------------------------------| | HEx, INFO_Banque | Day Job : Bill Garland = bill at kean.ucs.mun.ca | \__________________________________o o_________________________________/ From hughes at ah.com Wed May 4 13:38:45 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 4 May 94 13:38:45 PDT Subject: Visual Basic (yes, Basic!), and "VBX" tools In-Reply-To: <199405041811.LAA09467@netcom.com> Message-ID: <9405042036.AA02039@ah.com> >[...] the >fortuitous decision to incoporate Windows "foundation classes" (a C++ >notion, of course) into Visual Basic Classes are C++. Foundation classes are Microsoft Foundation Classes, are just a large library that Microsoft wrote which is also included in the C++ compiler products. Eric From samman at CS.YALE.EDU Wed May 4 13:39:40 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Wed, 4 May 94 13:39:40 PDT Subject: one time pad plus In-Reply-To: <199405041946.MAA24810@well.sf.ca.us> Message-ID: > Basically it would work like this; Thelma is looking to pass a > message to Louise, so she XOR's plaintext file A against random > byte file B producing ciphertext file C. Now since Thelma works for > an unethical company that like to read it's employee's E-mail, > she's in need of some "plausible deniability." > > Enter "One Time Pad Plus." Thelma now XOR's ciphertext file C with > "Safetext" file D (any typically company approved useless memo) > producing "pseudorandom" file E. She now copies random file B to > disc and sends it to Louise via secure sneakernet. Then she > performs a military grade wipe on A and B. Now she can send > ciphertext file C via company E-mail. > > If her message is intercepted, she has deniability, she can claim > she has read of hackers, cypherpunks, and other evils equipped with > packet sniffers, and being concerned about security is using > encryption. She can then produce "random" file E and decrypt > ciphertext file C which will yield not A but D the company approved > useless memo. Ok, I'm new to this crypto bit so I probably will have more mistakes here than correct answers. Anyways I'm going to give a shot. 1)If you have the secure channel(sneakernet) that you have to re-init each time you use th eone time pad, then this will be most likely a novelty, since Lousie could have slipped Thelma the plaintext when she slipped her the pad. 2)If you're using a pad like this, if I'm not mistaken isn't this what Kahn calls a 'book cipher' where it would be simpler to crack than a true one time pad that is truly random. 3)Thelma could have used stenographic technology to send the same information, she could have used faxes that when decoded could yield a message(kinda like the old punch cards) Anyways, this is just the view of a complete rank amateur. Give me feedback y'all. Ben. ____ Renegade academician. They're a dangerous breed when they go feral. -James P. Blaylock in "Lord Kelvin's Machine" From hughes at ah.com Wed May 4 13:40:46 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 4 May 94 13:40:46 PDT Subject: PKP licensing of RSA In-Reply-To: <940504183613_75260.1646_CHL78-1@CompuServe.COM> Message-ID: <9405042038.AA02056@ah.com> >Does anyone know if PKP will directly license RSA for single-user use? The cost to negotiate an individual license for a sum of less than $100 is prohibitive for RSADSI. Don't expect it. Eric From jim at bilbo.suite.com Wed May 4 13:45:01 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 4 May 94 13:45:01 PDT Subject: Hacking the ITARs Message-ID: <9405042041.AA24799@bilbo.suite.com> > This is sick. According to this, I cannot teach > foreigners about cryptography in the U.S. -- even about > the open literature. This is a grotesque denial of my > first amendment rights. > > I wonder if I should hold an open enrollment cryptography > class for the sake of civil disobediance. > > Perry It not as bad as that. Well, actually, it's hard to say just how bad it is because the ITAR regulations regarding cryptography are contradictory. It might depends on whether the class teaches only from a book, or actually lets the foreign students write and exchanged programs. Here are the relevant paragraphs from the ITAR: (the terms to keep track of are - defense article, defense service, technical data, and information) ---------------------------------------------- #120.5 Relation to regulations of other agencies. If an article or service is covered by the U.S. Munitions List, its export is regulated by the Department of State... #120.6 Defense article. Defense article means any item or technical data designated in #121.1 of this subchapter. The policy described in #120.3 is applicable to designations of additional items. This term includes technical data recorded or stored in any physical form, models, mockups or other items that reveal technical data directly relating to items designed in #121.1 of this subchapter. It does not include basic marketing information on function or purpose or general system descriptions. #120.9 Defense service. (already posted this) (1) The furnishing of assistance (including training) to foreign persons, whether in the United States or abroad in the design, development, engineering, manufacture, production, assembly, testing, repair, maintenance, modification, operation, demilitarization, destruction, processing, or use of defense articles; or (2) The furnishing to foreign persons of any technical data controlled under this subchapter (see #120.10), whether in the United States or abroad. #120.10 Technical data. (1) Information, other than software as defined in #120.10(4), which is required for the design development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles, This includes information in the form of blueprints, drawings, photographs, plans, instructions and documentation. (2) Classified information relating to defense articles and defense services; (3) Information covered by an invention secrecy order; (4) Software as defined in #121.8(f) of this subchapter directly related to defense articles; (5) [** deferred, see below **] #121.8 (f) Software includes but is not limited to the system functional design, logic flow, algorithms, application programs, operating systems and support software for design, implementation, test, operation, diagnosis and repair. #121.1 General. The United States munitions list. (a) The following articles, services and related technical data are designated as defense articles and defense services pursuant to sections 38 and 47(7) of the Arms Export Control Act. . . . Category XIII -- Auxiliary Military Equipment . . (1) Cryptographic [ ] systems [ ] or software with the capability of maintaining secrecy or confidentiality of information or information systems, except cryptographic equipment and software as follows: . . . (v) Limited to access control, such as...or similar data to prevent unauthorized access to facilities but does not allow for encryption of files or text, except as directly related to the password or PIN protection. (vi) Limited to data authentication which calculates a Message Authentication Code (MAC) or similar result to ensure no alteration of text has taken place, or to authenticate users, but does not allow for encryption of data, text or other media other than that needed for the authentication. ---------------------------------------------- The ITAR sections I just quoted seems to state quite clearly that cryptographic information and software systems are export controlled. However...the section I deferred. ---------------------------------------------- #120.10 Technical data. ... (5) This definition does not include information concerning general scientific, mathematical or engineering principals commonly taught in schools, colleges and universities or information in the public domain as defined in #120.11. #121.11 Public domain. Public domain means information which is published and which is generally accessible or available to the public: (1) Through sales at newsstands and bookstores; (2) Through subscriptions which are available without restriction to any individual who desires to obtain or purchase the published information; (3) Through second class mailing privileges granted by the U.S. Government; (4) At libraries open to the public or from which the public can obtain documents; (5) Through patents available at any patent office; (6) Through unlimited distribution at a conference, meeting, seminar, trade show or exhibition, generally accessible to the public, in the United States; (7) Through public release (i.e., unlimited distribution) in any form (e.g., not necessarily in published form) after approval by the cognizant U.S. government department or agency (see also #125.4(b){13} of this subchapter); (8) Through fundamental research in science and engineering at accredited institutions of higher learning in the U.S., where the resulting information is ordinarily published and shared broadly in the scientific community. Fundamental research is defined to mean basic and applied research in science and engineering where the resulting information is ordinarily published and shared broadly in the scientific community, as distinguished from research the results of which are restricted for proprietary reasons or specific U.S. Government access and dissemination controls. University research will not be considered fundamental research if: (i) The University or its researchers accept other restrictions on publication of scientific and technical information resulting from the project or activity, or (ii) The research is funded by the U.S. Government and specific access and dissemination controls protecting information resulting from the research are applicable. ----------- These sections seem to state that it is ok to teach about cryptography, and distribute information about cryptography, even to foreign persons, as long as the information is in the public domain. However, these sections do not seem to allow people to freely distribute cryptographic software, even if that software is in the public domain. Why? The ITAR defines software as *technical data*, but not *information*. Only *information* can be in the public domain, according to my interpretation of the ITAR. However, according to section #121.8 (f), the term *software* includes system functional design, logic flow, algorithms, application programs, operating systems and support software for design, implementation, test, operation, diagnosis and repair. I can understand using the term *software* for application programs, operating systems and support software. But it seems ludicrous to define system functional design, logic flow, and algorithms as *software* and not *information*. Actually, it seems ludicrous to treat software on a disk as technical data subject to export regulations, but treat software printed in a book as information in the public domain. So, can you teach a cryptography class and let your foreign students write cryptographic software? Yes, but only on the first Tuesday following the second full moon after the summer solstice, unless its a leap year, in which case they can only program in BASIC every other Saturday, or until you annoy someone at the State Department, whichever comes first. Jim_Miller at suite.com From f_griffith at ccsvax.sfasu.edu Wed May 4 13:50:10 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Wed, 4 May 94 13:50:10 PDT Subject: The Value of Money Message-ID: <9405042050.AA03767@toad.com> > >I understand this much: there is some gold and other actual metal >located in a vault, sitting there as a symbolic standard of wealth, >worth, value. Everyone stakes a claim to it, and they exchange that >claim to others in substitution for something else (dog, rifle, gas in >the car, baby-sitting). >Blanc > Actually, there is no connection between the gold and our money. I.e. you cannot take US $ to Fort Knox (or any other government location) and get gold for it. This is why some posters have referred to "fiat money" - the $ is money because the government says it is. Reynolds From samman at CS.YALE.EDU Wed May 4 14:25:53 1994 From: samman at CS.YALE.EDU (Llywelyn) Date: Wed, 4 May 94 14:25:53 PDT Subject: The Value of Money In-Reply-To: <9405042050.AA03767@toad.com> Message-ID: On Wed, 4 May 1994 f_griffith at ccsvax.sfasu.edu wrote: > Actually, there is no connection between the gold and our money. I.e. > you cannot take US $ to Fort Knox (or any other government location) and > get gold for it. > > This is why some posters have referred to "fiat money" - the $ is money > because the government says it is. > > Reynolds Unless of course you have a $ bill that is a specie note. I have a few ten dollar bills that state that they are redeemable for specie. Ben. From lefty at apple.com Wed May 4 14:38:46 1994 From: lefty at apple.com (Lefty) Date: Wed, 4 May 94 14:38:46 PDT Subject: The Value of Money Message-ID: <9405042137.AA18064@internal.apple.com> >On Wed, 4 May 1994 f_griffith at ccsvax.sfasu.edu wrote: > >> Actually, there is no connection between the gold and our money. I.e. >> you cannot take US $ to Fort Knox (or any other government location) and >> get gold for it. >> >> This is why some posters have referred to "fiat money" - the $ is money >> because the government says it is. > >Unless of course you have a $ bill that is a specie note. I have a few ten >dollar bills that state that they are redeemable for specie. You'll have much better luck taking them to a numismatist than to Fort Knox. Specie notes are, to the best of my knowledge, no longer redeemable in specie. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From sander at ankh-morpork.hacktic.nl Wed May 4 14:56:38 1994 From: sander at ankh-morpork.hacktic.nl (Sander Plomp) Date: Wed, 4 May 94 14:56:38 PDT Subject: Hiding data in gzip files (forwarded) Message-ID: <050494202613Rnf0.78@ankh-morpork.hacktic.nl> kafka at desert.hacktic.nl (-=[ Patrick Oonk ]=-) writes: >The attached patches will allow you to hide information inside GZIP >compressed files. [...] >HOW IT'S DONE > >gzip uses LZ77 which compresses data by storing length/offset pairs >that refer back in the uncompressed data stream to previous >occurrences of the information being compressed. gzip considers a >length of 3 to be the shortest acceptable length. We allow gzip to >find the length/offset pairs and then do the following. > >If the length is at least 5 then we subtract 1 and set bit 0 to the >value of the bit that we need to hide. We have now hidden information >in the length without pushing it beyond a valid value. Drawbacks are >a slight decrease in compression (very slight) since we have to ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >disallow lengths of 4 and some of our meddling will decrease the >actual matched length by 1. The hidden file is totally invisible to >the normal operation of gzip, gunzip et al and (if encrypted) will >only be visible to those in the know. When the "-s" flag is not used >gzip performs as normal. Doesn't this mean everyone can detect that data is hidden by decompressing and recompressing? If the recompressed file is smaller, you know data was hidden and it can be extracted using gunzip -s. In contrast, data hidden in the LSB of sound samples or pictures cannot be detected. The reason seems to be that gzip compression is non-lossy, while most stego-tricks work by introducing a sight amount of noise-like `damage' to the data used as hiding place. You need to loose a bit information to make room for the secret data. So it's a nice idea but it doesn't really work.... From d7urban at dtek.chalmers.se Wed May 4 16:34:11 1994 From: d7urban at dtek.chalmers.se (Urban Nilsson) Date: Wed, 4 May 94 16:34:11 PDT Subject: Blum-Blum-Shub source? Message-ID: <199405042333.BAA28966@hacke18.dtek.chalmers.se> Timothy C. May said something along the lines of: > > Of course, only Americans are allowed to use these random number > generators, and even they face fines of $500,000 and imprisonment for > up to 5 years for inappopriate use of random numbers. What inappropriate use is that? Inhaling? And what could possibly happen to me as a non-American? If some guys in black suits comes looking for me, I would be very surprised. Perhaps not for long, but never the less surprised... Urban Nilsson | Use 'finger' for PGP2.3a public key. d7urban at dtek.chalmers.se |------------------------------------- Chalmers University of Technology |A person is just as big as the things Gothenburg, Sweden |that makes him angry. From gnu Wed May 4 16:41:27 1994 From: gnu (gnu) Date: Wed, 4 May 94 16:41:27 PDT Subject: DOJ Clipper documents scheduled for summer release under FOIA Message-ID: <9405042341.AA06996@toad.com> As you know, there has been much debate about the Clipper Chip initiative, but relatively little hard information. John Gilmore, member of the board of directors of the Electronic Frontier Foundation, filed FOIA requests to numerous government agencies last April after the Clipper plan was announced. In June 1993, he filed a FOIA lawsuit against the Justice Department ("DOJ") and the Federal Bureau of Investigation ("FBI"). Gilmore v. FBI, et al, C-93-2117, U.S. District Judge Charles Legge, Northern District of California. As a result of this lawsuit, the Justice Department has agreed to a staggered release of some documents about Clipper and Digital Telephony. The Justice Department and Gilmore signed a joint stipulation and agreement on Friday, April 29, 1994, in which the Justice Department and several other federal agencies agreed to release documents over the next several months: a) DOJ's Office of Information and Privacy ("OIP") will transmit all documents recovered in its search for responsive documents that it has identified as requiring referrals or consultations to the appropriate agencies or DOJ components by May 31, 1994. OIP will complete processing of all documents that it has identified as not requiring referrals or consultations to other agencies or DOJ components by June 20, 1994. b) DOJ's Justice Management Division ("JMD") will complete processing of all documents recovered in its search for responsive documents, excluding documents which have been referred for processing to other agencies, by July 30, 1994. c) The Office of Management and Budget ("OMB") will respond to all DOJ consultation requests which OMB had received as of April 20, 1994 by May 20, 1994. d) The National Security Agency ("NSA") will respond to all DOJ consultation requests which it had received as of April 20, 1994 by July 18, 1994. NSA will complete processing of all documents which had been referred to it by DOJ as of April 20, 1994 for direct response to plaintiff by July 18, 1994. e) The National Security Council ("NSC") will respond to all DOJ consultation requests which NBC had received as of April 20, 1994 by July 29, 1994. f) The Department of Commerce and National Institute of Standards and Technology (collectively "Commerce") will respond to all DOJ consultation requests which Commerce had received as of April 20, 1994 by August 7, 1994. Commerce will complete processing of all documents which had been referred to it by DOJ as of April 20, 1994 for direct response to plaintiff by August 7, 1994. The documents being processed by the NSC include the Presidential Review Directive and Presidential Decision Directive which started the Clipper initiative. We have been informed that NSC is processing the two final versions as well as 68 draft versions. We have also been informed that documents produced in the course of the OMB legislative clearance process for the Digital Telephony Bill are being processed. This should provide insight into how the government decided to proceed with this bill. We have also been informed that there are approximately 25 documents produced in the course of the government's solicitation of industry views on Clipper. Obviously, we do not know how much useful information will be released. It is probable that the documents will be heavily redacted. Given the recent directives from the President and the Attorney General that all possible discretionary disclosures of information should be made, we hope, optimistically, that these disclosures will prove illuminating. Unfortunately, the FBI is not a party to this agreement. We are in the process of attempting to obtain the release of about 3000 pages of FBI records. FBI has told the Court that it will be approximately 2 years and 8 months before it will even begin processing Gilmore's request, and that actual processing will take about a year, if not more. We believe that this delay is unlawful and cannot be countenanced. The FBI offered to complete its processing a year from when we sign an agreement; we believe they should process these documents in a maximum of six months (which would be a year and a half from our original FOIA request). Note that this processing time only includes their initial response to us; they will undoubtedly withhold many documents and parts of documents which we will contest the withholding of. This will take additional time, probably years. Because we and the FBI have been unable to agree, we have presented this controversy to the Court, and Judge Legge will decide what deadlines to impose on the FBI. The agreement mentioned above does not include NSA except to the extent that NSA is reviewing documents submitted to it by the Department of Justice. We also filed a FOIA request with NSA for all of its documents on Clipper, and have received no response after a year. We have an existing lawsuit against NSA's pattern and practice of delay in responding to FOIA requests. Depending on how that suit develops, we will take some kind of legal action to force them to respond. Lee Tien (Attorney for John Gilmore) and John Gilmore tien at well.sf.ca.us gnu at toad.com PLEASE REDISTRIBUTE IF YOU LIKE. From mg5n+ at andrew.cmu.edu Wed May 4 17:21:44 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Wed, 4 May 94 17:21:44 PDT Subject: Hiding data in gzip files (forwarded) In-Reply-To: <050494202613Rnf0.78@ankh-morpork.hacktic.nl> Message-ID: sander at ankh-morpork.hacktic.nl (Sander Plomp) wrote: > Doesn't this mean everyone can detect that data is hidden by > decompressing and recompressing? If the recompressed file is smaller, > you know data was hidden and it can be extracted using gunzip -s. > > In contrast, data hidden in the LSB of sound samples or pictures > cannot be detected. The reason seems to be that gzip compression is > non-lossy, while most stego-tricks work by introducing a sight > amount of noise-like `damage' to the data used as hiding place. You > need to loose a bit information to make room for the secret data. > > So it's a nice idea but it doesn't really work.... Actually it's not quite so simple to detect. gzip lets you specify the level of compression that you want to use. So simply uncompressing and recompressing it won't necessarily give you the same size file unless you happened to specify the same compression level. Compression levels might also be affected depending on what version was used to compress it. You could probably detect it by looking for nonuniform compression in the file, but you'd have to write a special program to do that. In any case, it's not so simple as just decompressing and recompressing. A better method of hiding data would be this: In normal compression, when a duplicate string is found in the data, it is replaced with a pointer to the last occurance. However, if there is a string with two pervious occurances, within a short enough distance, the offset could be set to point to either one. As long as the offsets aren't too far apart, using one doesn't take any more space than using the other. In this way, data can be hidden without making the compressed file any larger. Of course, it could still be detected because gzip doesn't normally compress that way, but the person looking for the data would need special software to do it. From mech at eff.org Wed May 4 17:51:09 1994 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 May 94 17:51:09 PDT Subject: DOJ Clipper documents scheduled for summer release under FOIA Message-ID: <199405050050.UAA20209@eff.org> Forwarded message: Date: Wed, 4 May 1994 08:00:28 -0700 From: Lee Tien Subject: DOJ Clipper documents scheduled for summer release under FOIA As you know, there has been much debate about the Clipper Chip initiative, but relatively little hard information. John Gilmore, member of the board of directors of the Electronic Frontier Foundation, filed FOIA requests to numerous government agencies last April after the Clipper plan was announced. In June 1993, he filed a FOIA lawsuit against the Justice Department ("DOJ") and the Federal Bureau of Investigation ("FBI"). Gilmore v. FBI, et al, C-93-2117, U.S. District Judge Charles Legge, Northern District of California. As a result of this lawsuit, the Justice Department has agreed to a staggered release of some documents about Clipper and Digital Telephony. The Justice Department and Gilmore signed a joint stipulation and agreement on Friday, April 29, 1994, in which the Justice Department and several other federal agencies agreed to release documents over the next several months: a) DOJ's Office of Information and Privacy ("OIP") will transmit all documents recovered in its search for responsive documents that it has identified as requiring referrals or consultations to the appropriate agencies or DOJ components by May 31, 1994. OIP will complete processing of all documents that it has identified as not requiring referrals or consultations to other agencies or DOJ components by June 20, 1994. b) DOJ's Justice Management Division ("JMD") will complete processing of all documents recovered in its search for responsive documents, excluding documents which have been referred for processing to other agencies, by July 30, 1994. 0) The Office of Management and Budget ("OMB") will respond to all DOJ consultation requests which OMB had received as of April 20, 1994 by May 20, 1994. d) The National Security Agency ("NSA") will respond to all DOJ consultation requests which it had received as of April 20, 1994 by July 18, 1994. NSA will complete processing of all documents which had been referred to it by DOJ as of April 20, 1994 for direct response to plaintiff by July 18, 1994. e) The National Security Council ("NSC") will respond to all DOJ consultation requests which NBC had received as of April 20, 1994 by July 29, 1994. f) The Department of Commerce and National Institute of Standards and Technology (collectively "Commerce") will respond to all DOJ consultation requests which Commerce had received as of April 20, 1994 by August 7, 1994. Commerce will complete processing of all documents which had been referred to it by DOJ as of April 20, 1994 for direct response to plaintiff by August 7, 1994. The documents being processed by the NSC include the Presidential Review Directive and Presidential Decision Directive which started the Clipper initiative. We have been informed that NSC is processing the two final versions as well as 68 draft versions. We have also been informed that documents produced in the course of the OMB legislative clearance process for the Digital Telephony Bill are being processed. This should provide insight into how the government decided to proceed with this bill. We have also been informed that there are approximately 25 documents produced in the course of the government's solicitation of industry views on Clipper. Obviously, we do not know how much useful information will be released. It is probable that the documents will be heavily redacted. Given the recent directives from the President and the Attorney General that all possible discretionary disclosures of information should be made, we hope, optimistically, that these disclosures will prove illuminating. Unfortunately, the FBI is not a party to this agreement. We are in the process of attempting to obtain the release of about 3000 pages of FBI records. FBI has told the Court that it will be approximately 2 years and 8 months before it will even begin processing Gilmore's request, and that actual processing will take about a year, if not more. We believe that this delay is unlawful and cannot be countenanced. Lee Tien Attorney for John Gilmore tien at well.sf.ca.us PLEASE REDISTRIBUTE IF YOU THINK IT'S WORTH IT. (feel free to edit any obvious typos, too) -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From dwomack at runner.utsa.edu Wed May 4 17:57:24 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Wed, 4 May 94 17:57:24 PDT Subject: message to pr0duct cypher Message-ID: <9405050057.AA02912@runner.utsa.edu> -----BEGIN PGP MESSAGE----- Version: 2.3a hIwCwagUhZdVih0BA/9MGRSKjSiihG5nUbFGYdliC6KB+t4P0gTBBm/THVKd5eqK xYF2W/zh0rBkpSc+RVSW/PC7ZIGGZgymUkXoUVHLrj+xdyBWKLA6QO6kDf/RMDaN YCTBWE7lELkKG+bNr+wr68pnaGuRv6RBMbsIOYvi/1D7OnsTa0hIAPlUfWUSLaYA AAFngjQ798MIQkNXiLn3+YxolGDdifXoM2WgBvX2Lz80GC67ZScqSJD+eRij6iTF EDIZTQ4ddejpir63fWKGOJ4n+JKHohoBM5wWmwFJUD7LL+YnPVrz8RxnJbv3EoHv aTPl17hsBKovUyYXIBgfVChzQ+Yf7rpZea+HwwQcFge9ShKtroQJwQKha073rc/9 2fT75nYZYlu8JHsZmfxY0sx4iHQJUl6Zwk+e7+rnrzWPLsA2akWtMla4JawUZfNP pKjtA2CCvPoIJMaFHyLrvAjXRRd4UQK6x7sMDcUugnmJoAqwnidn+5A2NJsfj+rG n1lgxmZzBBFqsd8AN9lJBpLoe15G1JGFcWKistPHeAolqvyr4pBsm0qW4N5XveQV He2bva3zEUP3MK36dslaZqG2WXkERDDqra7PhKeJoPaF0NKMHReohe45Uo1OD69u E+TyMI7JYgfersecgaO15nduN+ILfN5oiCg= =vY3g -----END PGP MESSAGE----- From bal at martigny.ai.mit.edu Wed May 4 21:10:32 1994 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Wed, 4 May 94 21:10:32 PDT Subject: Keyserver service outage Message-ID: <9405050410.AA11082@toad.com> The public keyserver running on martigny.ai.mit.edu will be unavailable starting Thursday, May 5, 1994 at approximately 9am EDT. During the coming week, the Massachusetts Institute of Technology will begin formally distributing PGP 2.5, a new version of PGP that is based on the RSAREF 2.0 cryptographic toolkit, under license from RSA Data Security, Inc., dated March 16, 1994. When that distribution becomes available, the keyserver will return running PGP 2.5. At that time, the keyserver will no longer accept keys that are identified as having been created by versions of PGP lower than 2.4. (PGP 2.4 is Viacrypt PGP.) --Brian LaMacchia public-key-server-request at martigny.ai.mit.edu From mech at eff.org Wed May 4 21:21:28 1994 From: mech at eff.org (Stanton McCandlish) Date: Wed, 4 May 94 21:21:28 PDT Subject: EFF Summary of May 3 1994 Clipper and Digital Telephony Hearings Message-ID: <199405050419.AAA24882@eff.org> EFF SUMMARIES ============= May 4, 1994 __________________________ Contents: * Senate Subcommittee on Technology and the Law holds Clipper Hearing * House Subcommittee on Technology, Environment and Aviation holds hearing on Clipper and Digital Telephony proposals; EFF's Executive Director Jerry Berman and Board Member David Farber testify __________________________ SENATE SUBCOMMITTEE HOLDS CLIPPER HEARING ----------------------------------------- The Senate Judiciary Subcommittee on Technology and the Law held a hearing on Tuesday (5/3) to examine the Administration's "Clipper Chip" Key Escrow Encryption proposal. Witnesses included Asst. Atty. Gen. Jo Ann Harris (Criminal Justice Division), NIST Deputy Director Raymond Kammer, Whitfield Diffie (of Sun Microsystems), Stephen Walker (President, Trusted Information Systems), and NSA director Vice Adm. J. M. McConnell. The discussion touched on a number of key issues, including the necessity of the Clipper proposal for law enforcement; the privacy interests of network users; the costs associated with implementing the Clipper scheme; export controls; and whether those intending to use communications networks to break the law would actually use Clipper as opposed to other encryption schemes. Although a variety of views were offered, few new developments emerged in this controversial debate. Assistant Attorney General Harris and NIST's Ray Kammer both stated that the Clipper Scheme and Key Escrow system would not provide law enforcement with any new surveillance abilities. Rather, Harris argued, Clipper is analogous to a translator. Harris stated, "All Clipper does is, after a court has authorized interceptions of communications, is that we get the ability to understand the content of legitimately intercepted communications". The Administration continues to maintain that the market would accept the Clipper standard based on the assumption that it is the strongest encryption scheme, regardless of who holds the keys. When pressed by Sen. Leahy on this issue, as well as on the question of whether criminals or terrorist organizations would be willing to use the Clipper standards, neither witness offered any assurances, and admitted that this is still an open question. Senator Leahy expressed skepticism: "I have serious questions about whether any sophisticated criminal or terrorist organization is going to use the one code endorsed by the U.S. Government and for which U.S. Government agents hold the decoding keys. There are a multitude of alternative encryption methods commercially available. If Clipper Chip does become the standard encryption method used by Americans, criminals may be forced to use Clipper to communicate with legitimate outsiders. But this is a big 'IF' ". In what may prove to be a significant development, NIST's Kammer conceded that additional fiscal authorization may be needed to fund the implementation of the Clipper proposal. If this is the case, Congress would be required to consider legislation to authorize funding, and at this point passage of such legislation is at best uncertain. EFF will continue to closely monitor this development, and will pass along information as it develops. Sun Microsystems Diffie urged a slow and careful approach to the Clipper issue, cautioning that a rush to implement Clipper may create a bureaucracy that would be difficult to dislodge at a later time. Diffie stressed the need for international for information security, and cautioned against attempts to use the power of technology to increase the power of government. Diffie added, "Integrity of political speech is the root of legitimate laws in a democratic society. We are in a position where if we do not make it a national priority to make privacy available", this integrity may be compromised. Steve Walker, of Trusted Information Systems, stressed the need for the removal of export control restrictions. He also countered the Administration's contention that very few foreign encryption alternatives exist; noting that his company had found over 340. Walker displayed several of these applications, and noted that because of export controls U.S. manufactures of encryption technology face a significant disadvantage on the world market. Although the Senate Hearing did not produce many new developments, it is significant to note that no members of the Subcommittee expressed outright support for the Clipper Chip proposal. Chairman Leahy, the most vocal panel member at Tuesday's hearing, was also the most skeptical, and as such the fate Clipper proposal is still very much in doubt. *** ------------------------------ HOUSE PANEL CONSIDERS CLIPPER AND DIGITAL TELEPHONY PROPOSALS ------------------------------------------------------------- Tuesday proved to be a busy day for Clipper on the Hill, as the House Science, Space and Technology Subcommittee on Technology, Environment and Aviation also considered the Clipper and Digital Telephony proposals. Witnesses on the panel included James Kallstrom of the FBI, NSA's Clinton Brooks, NIST Deputy Director Ray Kammer, Dr. Dorothy Denning, Dr. David Faber, EFF Executive Director Jerry Berman (on behalf of DPSWG), and Chmn. Willis Ware of the Congress/NIST System Security and Privacy Advisory Board. The discussion centered mainly on the Clipper issue. Unlike the Senate panel, there seemed to be some support for the Clipper proposal on the House Subcommittee. Rep. Dan Glickman (D-KS), Chairman of the House Intelligence Committee, declared his "cautious support", for the proposal, and stressed law enforcement's need for strong surveillance abilities. Subcommittee Chairman Valentine (D-NC), as well as Reps. Morella (R-MD) and Rohrabacher (R-CA) all expressed reservations. James Kallstrom urged full support of both the Clipper and Digital Telephony proposals on behalf of all law enforcement, citing the need to counter the increasing sophistication of digital communications technologies. Kallstrom painted a picture of a network populated by criminals, terrorists, and drug dealers which would pose a great danger to public safety, unless law enforcement is given the ability to intercept illegal communications. EFF's Jerry Berman countered this assertion by arguing that Clipper would only solve law enforcement's problems if criminals use it. The only way to do this, Berman added, would be to mandate the Clipper standard, something which the Administration does not claim to want to do. The only solution is for Congress to deny appropriation for Clipper and send the Administration back to the drawing board, Berman argued. Dr. Farber, appearing as an expert witness, stated that solutions to the Clipper issue will not come easily and will not come in one big step. Rather, a carefully considered and open approach is required. While stressing the need for encryption standards on communications networks, Dr. Farber cautioned against "smoke-filled-room standards" of encryption which are, in his view, likely to bead mistrust. Dr. Farber also argued for the removal of export controls on encryption technology. NSA's Clinton Brooks expressed support for Congressional Consideration of the Clipper issue. He argued that Clipper is a sound technological solution to a legitimate law enforcement and National Security dilemma, and that a public debate on its merits would eventually remove the misinformation and mistrust of government, and would prove Clipper to be in the public interest. Dr. Farber offered a strong caution to this, expressing the concern that a future administration may find it necessary to mandate the Clipper standard. Dr. Farber suggested that at the very least Congress weld into law a guarantee that Clipper remain voluntary, that the Judiciary be an escrow holder. He cautioned, in the words of Benjamin Franklin, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" ************** Written testimony & documents from the hearings are available as: ftp.eff.org, /pub/EFF/Policy/Crypto/Clipper/[filename] gopher.eff.org, 1/EFF/Policy/Crypto/Clipper, [filename] gopher://gopher.eff.org/11/EFF/Policy/Crypto/Clipper, [filename] http://www.eff.org/pub/EFF/Policy/Crypto/Clipper/[filename] where [filename] is: berman_eff_clip-dt.testimony - House testimony of Jerry Berman (EFF) brooks_nsa_clip-dt.testimony - House testimony of Clint Brooks (NSA) denning_clip-dt.testimony - House testimony of Dorothy Denning farber_clip-dt.testimony - House testimony of David Farber kallstrom_fbi_clip-dt.testimony - House testimony of James Kallstrom (FBI) kammer_nist_clip-dt.testimony - House testimony of Ray Kammer (NIST) ware_csspab_clip-dt.testimony - House testimony of Willis Ware (CSSPAB) clip-dt_hearings.docs - charter, witness list, diagrams. * Senate testimony and spoken testimony from both hearings will be made available from in the same directory when obtained. This material will also be available from the EFF BBS within a day or so, at +1 202 638 6120. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From nobody at shell.portal.com Wed May 4 21:22:38 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 4 May 94 21:22:38 PDT Subject: Anonymous Mail via Port 25 Message-ID: <199405050423.VAA23479@jobe.shell.portal.com> Awhile ago, someone mentioned that at some colleges & universities, the dialup lines don't require you to log in immediately. Rather, they let you specify which system to telnet to, and then you log in there. Telnets are usually limited to machines in the University's domain, but they often don't restrict what ports you can telnet to. So you can telnet to port 25 and send an anonymous mail which would be very difficult to trace. Does anyone know of any such systems? Anywhere in the U.S. or Canada? I'm thinking of using such mail ports for a new anonymous remailer I'm working on, and I want to make tracing the mail as difficult as possible. Please post modem numbers... From mg5n+ at andrew.cmu.edu Wed May 4 21:38:19 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Wed, 4 May 94 21:38:19 PDT Subject: Keyserver service outage In-Reply-To: <9405050410.AA11082@toad.com> Message-ID: > The public keyserver running on martigny.ai.mit.edu will be > unavailable starting Thursday, May 5, 1994 at approximately 9am EDT. > > During the coming week, the Massachusetts Institute of Technology > will begin formally distributing PGP 2.5, a new version of PGP > that is based on the RSAREF 2.0 cryptographic toolkit, under > license from RSA Data Security, Inc., dated March 16, 1994. When > that distribution becomes available, the keyserver will return > running PGP 2.5. At that time, the keyserver will no longer accept > keys that are identified as having been created by versions of PGP > lower than 2.4. (PGP 2.4 is Viacrypt PGP.) Whoa... why not??? PGP 2.4 output is identical to 2.3a! Is PGP 2.5 somehow incompatible with 2.3a? Besides, if you take a PGP 2.3 key and change the version number to 2.4, the software can't tell the difference... Let's not play stupid games. Either it's compatible with 2.3 AND 2.4 or it isn't. Anyway, PGP 2.5 is news to me... Does it have any new features? Limitations? From schirado at lab.cc.wmich.edu Wed May 4 21:42:42 1994 From: schirado at lab.cc.wmich.edu (Schirado) Date: Wed, 4 May 94 21:42:42 PDT Subject: Keyserver service outage Message-ID: <9405050442.AA23076@lab.cc.wmich.edu> >During the coming week, the Massachusetts Institute of Technology will >begin formally distributing PGP 2.5, a new version of PGP that is >based on the RSAREF 2.0 cryptographic toolkit, under license from RSA >Data Security, Inc., dated March 16, 1994. When that distribution >becomes available, the keyserver will return running PGP 2.5. At that >time, the keyserver will no longer accept keys that are identified as >having been created by versions of PGP lower than 2.4. (PGP 2.4 is >Viacrypt PGP.) Questions: 1) What involvement, if any, does Phil Zimmermann have in the creation of this "new version of PGP"? 2) Will "PGP 2.5" continue to be freeware; i.e., has RSA changed its stance on licensing? 3) If the answer to 2 is "yes", has the strength of the encryption been compromised in any fashion? 4) Isn't this some sort of transparent "back door" grab by some unknown person(s) as a method of encouraging people to switch by fostering the belief that versions of PGP lower than 2.4 are somehow illegal or otherwise illegitimate? (The last is only semi-sarcastic.) Basically, I think I speak for a hefty chunk of list subscribers when I say: I want to know who's behind this. From hughes at ah.com Wed May 4 21:56:16 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 4 May 94 21:56:16 PDT Subject: ANNOUNCEMENT: Preliminary announcement of May physical meeting Message-ID: <9405050454.AA02761@ah.com> PRELIMINARY ANNOUNCEMENT ======================== Different Date: The May cypherpunks meeting will be May 21, the _third_ Saturday of the month, for various scheduling reasons. New Location: We will now be meeting at Silicon Graphics, not at Cygnus Support as previously. Thanks to Katy Kislitzin for arranging this. Audio Available: We will be doing MBONE. SGI is already all set up for it. Theme: The theme is "Protocols". Contributions are encouraged. If you have original work, great. If you want to digest and present a paper from the literature, good. In either case, prearrangement is highly desirable. Mail hughes at ah.com. See you then. Eric it's like PGP 2.3 and 2.4 (modulo maintenance tweaks) but uses RSAREF for its crypto. Thus it is entirely U.S.-legal. I wonder what Sternlight will say to this. Eli ebrandt at hmc.edu "Users of PGP 2.5 should be aware that if copies are found outside of the U.S. and Canada, they could be charged with contributing to a conspiracy to export munitions to a foreign national." From unicorn at access.digex.net Wed May 4 22:19:28 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 4 May 94 22:19:28 PDT Subject: Keyserver service outRAGE In-Reply-To: <9405050410.AA11082@toad.com> Message-ID: <199405050519.AA14979@access1.digex.net> > > The public keyserver running on martigny.ai.mit.edu will be unavailable > starting Thursday, May 5, 1994 at approximately 9am EDT. > > During the coming week, the Massachusetts Institute of Technology will > begin formally distributing PGP 2.5, a new version of PGP that is > based on the RSAREF 2.0 cryptographic toolkit, under license from RSA > Data Security, Inc., dated March 16, 1994. When that distribution > becomes available, the keyserver will return running PGP 2.5. At that > time, the keyserver will no longer accept keys that are identified as > having been created by versions of PGP lower than 2.4. (PGP 2.4 is > Viacrypt PGP.) > > --Brian LaMacchia > public-key-server-request at martigny.ai.mit.edu > This is silly. Why a server would want to use licensed code is understandable. Why a server would try to restrict keys generated by versions other than 2.4 & the mysterious 2.5 is moronic. I will not use this server regardless of which version I have and use, and I urge others to resist the use of this server as well. This policy only serves to create suspicion and drain confidence in versions of PGP over 2.3a. I ask the following questions: Will source code be available for PGP2.5? Who was responsible for the modifications that make PGP2.5, version 2.5? and on the topic of PGP security generally: Why is MacPGP2.3 not signed? Why is MacPGP2.3 v1.1 not accompanied by a source code? When is the new version of PGP by Phil Z. going to be released? Or is 2.5 it? Can we expect similar tactics from the future versions of PGP? Perhaps some tag bits somewhere in messages to identify versions more quietly? I ask the operators of the remaining servers to remove the MIT server from their automatic mirror update list and to avoid a policy of excluding keys generated by any "non-conforming" software in their own operations. I ask users of PGP not to add future keys to the offending server. I call on cypherpunks to estlablish less formal key servers and develop more stealthy and secure methods of key distribution. -uni- (Dark) From grendel at netaxs.com Wed May 4 22:29:19 1994 From: grendel at netaxs.com (Michael Brandt Handler) Date: Wed, 4 May 94 22:29:19 PDT Subject: Keyserver service outage In-Reply-To: <9405050410.AA11082@toad.com> Message-ID: <199405050529.BAA10603@access.netaxs.com> > During the coming week, the Massachusetts Institute of Technology will > begin formally distributing PGP 2.5, a new version of PGP that is > based on the RSAREF 2.0 cryptographic toolkit, under license from RSA > Data Security, Inc., dated March 16, 1994. When that distribution > becomes available, the keyserver will return running PGP 2.5. At that > time, the keyserver will no longer accept keys that are identified as > having been created by versions of PGP lower than 2.4. (PGP 2.4 is > Viacrypt PGP.) When will this supposed new version of PGP be released? Is it available on any FTP sites yet? I'm sure most of the people on this list would like someone to get a copy and check out the validity of it... PS Why didn't we hear this from Phil or one of the other coders first? -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server or mail | ========================================================================== From hayden at krypton.mankato.msus.edu Wed May 4 22:42:45 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 4 May 94 22:42:45 PDT Subject: Keyserver service outage In-Reply-To: <9405050442.AA23076@lab.cc.wmich.edu> Message-ID: On Thu, 5 May 1994, Schirado wrote: > Basically, I think I speak for a hefty chunk of list subscribers when > I say: > > I want to know who's behind this. Actually, my first instinct was 'What the fuck?', but you put it a little more diplomatically than I :-) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hfinney at shell.portal.com Wed May 4 22:53:15 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 4 May 94 22:53:15 PDT Subject: Keyserver service outRAGE Message-ID: <199405050554.WAA28965@jobe.shell.portal.com> Let's not fly off the handle. This _could_ be a very promising development. IF source code is available, this would be, at last, a U.S.-legal, free version of PGP. Let's wait and see what Phil Zimmermann has to say. Hal From GRABOW_GEOFFREY at tandem.com Wed May 4 23:06:57 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Wed, 4 May 94 23:06:57 PDT Subject: The Value of Money Message-ID: <199405042310.AA9529@comm.Tandem.COM> blancw at microsoft.com writes: >I understand this much: there is some gold and other actual metal >located in a vault, sitting there as a symbolic standard of wealth, >worth, value. Everyone stakes a claim to it, and they exchange that >claim to others in substitution for something else (dog, rifle, gas in >the car, baby-sitting). These claims can circulate as fast as a >computer can calcualte & transfer them, and that is all that circulates >while the standard continues to sit in the vault, not being used for >anything by anybody. As long as you hold a claim to this lump of >stuff, you're Somebody - a force to contend with in the Market Place. Didn't Nixon take the U.S. off of the gold standard? G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From GRABOW_GEOFFREY at tandem.com Wed May 4 23:07:02 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Wed, 4 May 94 23:07:02 PDT Subject: Visual Basic (yes, Basic!), and "VBX" tools Message-ID: <199405042311.AA24889@comm.Tandem.COM> Tim May writes... >Buried deep in Bill Garland's message, I found the following: > >> 6. Learn Unix. Maybe I'll get a shell account on Sameer's machine. >> I've been a DEC RSTS/VMS Basic-Plus/VAX BASIC V2 programmer for >> too long, and I've not yet become unixificated. I don't even >> know if I could read a C++ program. I'm obsolete...again. > >Maybe not. The tide may be shifting a bit. "Visual Basic," from >Microsoft, is coming on like gangbusters for Windows programmers. I agree 100%! Just check out some of the ZIP files of Windows programs on the FTP sites. Many of them include VBRUNxxx.DLL and VBX files. These are the telltale signs that the product was written in VBASIC. Even WinPGP was written using it! G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From GRABOW_GEOFFREY at tandem.com Wed May 4 23:07:10 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Wed, 4 May 94 23:07:10 PDT Subject: Anonymous phone calls. Message-ID: <199405042311.AA10041@comm.Tandem.COM> I asked this a while ago, but my mail system has some problems and I don't know what the responses were, if any.... Is there any way to make a phone call anonymously? Caller ID can be blocked somewhat with one of those *## numbers dialed before the call is made. Is there a way to route a call through a series of phone-type remailer systems? This would allow one to make a call that would be as hard to trace as anonymous mail. Any ideas? G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From unicorn at access.digex.net Wed May 4 23:17:41 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 4 May 94 23:17:41 PDT Subject: Anonymous phone calls. Message-ID: <199405050617.AA16608@access1.digex.net> Is there any way to make a phone call anonymously? Caller ID can be blocked somewhat with one of those *## numbers dialed before the call is made. Is there a way to route a call through a series of phone-type remailer systems? This would allow one to make a call that would be as hard to trace as anonymous mail. Any ideas? < G.C.G. - <- There's a 1-900 number that is supposed to do this. Which I could remember what it was. From nobody at shell.portal.com Wed May 4 23:23:08 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 4 May 94 23:23:08 PDT Subject: Advertisement Message-ID: <199405050624.XAA01250@jobe.shell.portal.com> I realize that one-time pads are sort of outri these days, but what do you use when there are no computers around? I've written three programs in C which [1] construct a TeX-printable sheet of pads with pseudo-random numbers (use your own rand() function), [2] automatically encrypt a message using modular summing rather than XOR (easier to do if you don't have a computer handy), and [3] decrypt the message. They aren't the best examples of C coding, but they work. The first program is included below, conventionally encrypted with PGP. For a total of just 12 [TWELVE] Tacky Tokens I'll release the password. Please send your COIN.DAT contributions by encrypting with the PGP key below and posting to alt.test with the subject: IGNORE - NEON. Cast your bread upon the waters. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCVAi2/ZzEAAAEEOQGMwT6H90aJMTmkf3bLdMVyJ3hyBDoh8ruQfa2x/8tTEPhs 0dyOMroWwMMFQHY5Gdc7etULE6G3W8Q8CGotwFIEUMCXEc9UBeePv3WaU3ovZ/Dz bdvnTeH8KYpQhV68bi1jvX3ahM2tk5jRwK8zP9+YHv5ZpbQlubVI6pRIYxGNuGfP zntP48UABRG0CG5lb24gPEA+ =CTOG -----END PGP PUBLIC KEY BLOCK----- Since I don't know how to do a zero-knowledge (0-k) proof, I post part of the documentation below, as proof that it exists: PAD CONSTRUCTION ---------------- Cut each pad out seperately as shown, and staple together. A hot-melt glue gun can also be used for binding. The figure "EAF45" is a random value generated as a lable for each pad (see line #12 of OTP.C).    18 12 25 04 18 13 15 19 15 12    15 10 12 08 27 29 18 24 19 20   S  24 20 17 06 25 21 12 04 00 11   T  21 16 24 08 24 28 16 20 25 04   A  02 17 11 25 12 25 02 16 16 28   P  24 12 15 10 14 08 18 00 25 29   L  10 23 07 05 07 15 08 10 18 24   E  18 02 02 22 03 25 20 25 03 14    13 14 26 09 25 11 00 16 03 10    12 18 23 20 20 17 10 02 19 23    EAF45 Page 3   (etc.) -----BEGIN PGP MESSAGE----- Version: 2.3a pgAADYzOLESSLoz1Lddh5LT3bg8J5abD8CJL16I4c+9ws8KIMpnTgJjCRWysFpfn 70huIgY6tPzmRA2P7B9/foTcQ8oMNao/FAiOw8m5Hym1SKk1OdMNL+ryWRa4okTH dtBJgAg+JNFVnM5IuKy2XGnIaDwUxuF5wsgqMzXVWr0aOMFj307IYrISubo4JarG y48cRn6UOXLIFb72+Ua1aJIwTnskfEqxvPSFUOutZEPXrRUocyTWu0udD7Jdzhu1 Iq1doB1HeG1Mm0+yppwFEevCvHZKVzueWDfCZTo/b/ia2eyUZAkq6Q4BaLW4HW1j /V4R1+zxLK/MW8jeb8OMDMpzI3iEjHM/G0fm1JCfIRa3zlbOetWthxZSDlikfKaH fhUa8usOqmXlvAl/vP2thejeGfTZFQnqiLnhtj2jmJa1EKe0RAqL8ffak7/tXJHh 188oKIOuFRyKoe2lAk2oRzhvG7L99B9OZHD05L8dZD7JsVUkat6ryV2HNNlWcHuD BgT3ukYemnLKc8FQjzcqFF5gYS7grlxH5J5uFXlhdlVEsvE+hNebr8wfMmeno+Dg e4JK6RJuIxtb+YUf2oduQ7aIyw+YgWbRGVXP5rnmrQtpxZDRgfhvCYPr5IocKo79 AOkGAIjG6iihc4RektOWBc5FfwWkrSvhZ45/kxuuABnrBlQ+568c3KZybGfk8MtL n3PwKZwTaJ8O3jwYwFZceuVsgtdvKTxJvf/rH7MbwojudEwgZLg421bgCXuLUYIC AW5Qf3Lbv3SYlL+ZRjJ1GE4OUl0M3//gBvbezJphkyMVQXmmuh9Kkwisouv/Dov5 FkBvvYCAeNM/QtwwNi9HkawoOVhfO9tRFFYXVXphOx+bNBjRzWSJ4Q9ONXa3S/XG +J0vN4CA9YwzORh4e5Z45C08MmYxltfB0hVDNFEKTw0UZGFV7vlX12z5eCeoUs0K BBtWBqwxjxWRcF/HRy0d+oYG7aSbHSeJfnhXiRYuF8Z0+b7ZJLg/tjwec3K9KZ2d le4lU25pQXMLNGaBQRrwesofIWD9pwY8ZRNtEZOGZlfLWr0qqf1qITM6gTBjJBPj dhGXa8YClLqETO9gQUWI4NAZXfV+nxrBbrUYz/Ky2DD1A6SAwUm2fR/yIZDDo1+8 M9lD8EgqXAx3h02tGQ7/mj3P3c94GNturdRXzxHaXgZ+mHIj0yIaMpXRujTCs/f6 W3FTzJJMbY+bZNWE0D1eVGiwzzc5tILFDWbqGppC7YuMvYc2MA3VUoEeUa0dW9Al +JMvMvd2FP97VkQyYTLz1IBmyWBcLE6qf840Gn6qL7G7C7d1THG2PBer0TgDZm/w i6xS/hvKD4cK9yU1YBNV7apchFDs2sdyCQk/xbNckhZcbPsCSwmA7SY0sJsP3UNO CsAJ9UZbtpdZ20sakvx0Fw3CHHedJUYIU+HdGEsHUNuRVTvrR94chjEmvfhlFhPt 6+g4BTCMACz6orefPhR4vC8b3CFkvRWZvsBLP+31HvXwHMzyzNXYLtMNw/H3T+Ti LUu1iMr0ZuqDmVlmoCsegrgEbBm2c2pcZt6t3tEkcG46dEWe4i6FSs1RJAp6YM3b k1V+VOUl2pqv34JoFOIbllsSPH373PNrdW6s/DVhtre0eogMT/5tGEvQEOm59qe2 h/4DTzfzK3QbUMFTrIL43YeQVn3rAYI9+rtaaPQonnS0adzPmZ8VWDYKEsierutm M8nw1X0+zz5Gc1bsbcEuPxTVI7LSrtc6YB6HWZFFPpSAk1v4fnsjgfpq3eymUvIg uaeFfdv5xaBI7qu4lROxt8NyJqLSrcUOz1LhwwIpGhY1GNFLtj9el/VeYZ8iGqk1 7CilWSPO6mmI4k/yYM/qLWVTfVltdwnehVIlUyqf2ZTLPIYdRPJB6/pOmwf8xuMY xYVgvOHEwpSaH2yiP9yl1OHS7gOyWPMgfMb5yK56SssNt0x2FFTJKJMbWwADYPDU msvuZ2+g5BP1bOD0gt3DFV8/ShO6zqIMnsHVz57JqchBppuMT9egckkAjn+ReW9T 8+dRVrmYj7t8FMxcVAtyKL1x80Zmxt22IN4UBFCjW9SoTey3hMzzgBQPyw0nbpBJ ncNmflBEB4ROpXqgfr80WU2mmPFuNKkgQw2fOqbFtZ0sLs8b6UjBCPUZyiE0teJ6 Abs6VL2IOTHOIe6/n5tmTwZU4Ey3N+fbmQaFx9ilyROcJKD3kIaOCBAjygwQxg/g Xnfo4q2P/v90y//KavuiSeXklSzuQ6aHuSXNeSHw754E8kFRhRhQFS7TktcC0g+t CLtqQviUrxQQOzF4CbQPehONtajrGNdopST1Xvok2QVTPlK7YebEeEMEZvtSIKQo /D+9OIWUwnob11gM5rJFgwyj2zTsqlgAnlSm9PumHdSpqVzlMz3EJ47QXVhNfb3i fhvZHgjbtnPd9sGFgurwmentdJg00j8X1vfFaPMXiE/oEMF41GtQQGGI+sJTcq98 z/F0XQaoK/ilRWQ7nPVpch9knvHc8NIHQIrvYpJPneo3gw53VJ2wCTqLr45g2IVU 3N4I6B41ooaSUk4FqL1sh9BWvOxGbn6u1MUa3WjBtPIxwYB38AQJWtkKYBExckUI 7Lua0lSpeddiqB1skB9KmsqoGzVJJxFVEEaeFM2WZQyvOJtnWqqkWNMEP210mgmB 26Lgbebr/Inmn0TEXw4zfIcEFsUZ/yu2xV6KFxK7HDZiKZKv0HBgsG30KPxI2bGd 8pOVuXJu/u2L6EHPWJxZKEb6fVifbuxPJDSz4PwO8rUhW2sUSeXWfyJQXGcJhaU9 5D0zXPaZ/ZBmAZSCXEs278D06uYEcpSw29KquRSH4F2DLy17WrXMtj74U+1eub/C U5+Mt89D3yR8x0OJbLkJMi5mB2YKv3Mv2OZdr+cIQAC6qs/Mg45jl78kBXMqg3w0 +bho9omOYqv2aXeLzYD1aXX99MoBw5tP+fcguchKxWHxVgwTdwE87eGsbnRSWry2 myaVLImpBcaMfWwzaeoEknnanqJAaGJ9sjHyEaoPPSPUMOqGKN7xGsSBF4cyyM5D Jt2YDjU2aYqjlxLTTchv/YYJhXaY/6jDQOygXjMBqjZji8GRZ9IGNFIezXX3+0bC KqUlPRmuOPMj3cZVidvaEwMejKOsr/8QjaseStICPiTuJO6RlcP8Dx9AQTLxj5q/ 8WVgKiTyd68t6Aq/50EUZRYRU+64lAQ7/WIr6dNkAd4dz20aIA5ZG5NF91Rfhylo pa8VA54y8t6xNMmojBzMrHu9bJuS9C9tN84AccXgRutlsOH7XnWlIfo6kV98Q39b WOS7EIBIdt/1tQZf9TPrm8lvD3Ne/WK/ghAzjxPWTj9Bmnfuv5QlzH8rahYPQsT9 ajxLIRpIkc07A1aQUMTGqCeH+nGU1RW04pfni2JJgUTlgxNymkwP5/NBNG6NWXp7 YtfENuHVIVlszASOuEAqqA9QLktI0oAgThiICvfLsSZqf0dFElevlKUllZSCqBZU ctt6+A6g4iaLFcUO16nZQtpGDPy3ufQwEI+YpeQWO/X0O59TXECME/bmaXacIwwa 8lKJ3yNivnMzN7sl+vdQRg50b7uAAO2e9C18WM19dizqdMgGY9zWx2bc9UsTbV23 5SIDiL2szeeqqnqAild39EMMHvAzdHn6ze+iMwQnLk3Yng1VWsf2AtadzVrnCV+K AS/fw/CnLUOX3xQBsnskT1Sj9udu+TsGZ96d5F8yBX1e1y4lhq1NFXBl92qQnIps xLa71IwgA/YexiZXpNO9rthSEfmiOUFLLkHbI8FGJbWBRv///mFdz3Kjsb4hTuD4 FqfJxxQ2eRgHskShUkgI539hOe9uqRIoZ/qG8idtoi9JFp2PflzwSVrre0vqlRt6 +0gfnAvBWDMbH4Zj6lByuMPE6jljxPt+42yMmRPB0WtkaNAnw1/6XjVn0a2p1bLe 3qvMup0P9NPSPfqA1fRvK2y4OzEAB8xDHLh8b05pDwiMD9GE9553PtEkfL+4IhT2 HhXKeT14Zii8e3VA85u2ymNeqmq6EReNi7XSTuX/nWneL07FiPhKlW4RVvSYb5e8 g+2ZgG8Fd37aoPlVuCCXPv2Z/yNzu0Z4E9ft5FqnbdXMsQUt91NrAS+3h2hMdDa7 qZgzhtOscDhCTVoa0lg0Zgr4ggVnS/uajDBybOYn+qd4QWZpPH51Ayc9J5iLADNQ 8x98OAnXtelSqHm5ptCSvwIvzdP/mEOC0F100J/4OVJj69GFn85t0NaPmNoaZFpy +E39PNNJ2G33YvcXQebc5Id/dv+cPlITeHY9CBX4qyvU+WkhK0K29MU1stpU+q47 X00VnG3SempqkKDni+a1W5p6sftZ7eUN6vPCNY2chNP0vurHkFCctWU8k8FKkBwc 4PxteGtcsIW8YDF6fHxkZNqZPSFkddoxmleZ+C6lBV60278bjpUGXmWGzjOvfCdq RIYu1iZmv2srvVMVJeL0WJL7PFyKr3sS6/3feGZNoBTC/1ju1sN/mWvBR0xL0zAf Kxcra9o/xLmaUIZ3X+j0k6vXafv52Vm0BvvB62F6wanZFSdqBAx8xZ3A/KvYbRV8 4pOY+QFSJqOYv7gERx44ODw= =GuJh -----END PGP MESSAGE----- From grendel at netaxs.com Wed May 4 23:23:45 1994 From: grendel at netaxs.com (Michael Brandt Handler) Date: Wed, 4 May 94 23:23:45 PDT Subject: Keyserver service outRAGE In-Reply-To: <199405050554.WAA28965@jobe.shell.portal.com> Message-ID: <199405050623.CAA11961@access.netaxs.com> > Let's not fly off the handle. > > This _could_ be a very promising development. IF source code is available, > this would be, at last, a U.S.-legal, free version of PGP. > > Let's wait and see what Phil Zimmermann has to say. Wait. Didn't the Voice PGP people say he was out of the country? Does anybody know where he is right now? (Then again, he was "snowed under with work" for a while. This might be the result...) -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server or mail | ========================================================================== From unicorn at access.digex.net Wed May 4 23:44:49 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 4 May 94 23:44:49 PDT Subject: Advertisement Message-ID: <199405050644.AA17543@access1.digex.net> -> The first program is included below, conventionally encrypted with PGP. For a total of just 12 [TWELVE] Tacky Tokens I'll release the password. Please send your COIN.DAT contributions by encrypting with the PGP key below and posting to alt.test with the subject: IGNORE - NEON. <- Is there a mac version? From warlord at ATHENA.MIT.EDU Wed May 4 23:51:37 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Wed, 4 May 94 23:51:37 PDT Subject: Keyserver service outRAGE??? In-Reply-To: <199405050623.CAA11961@access.netaxs.com> Message-ID: <199405050651.CAA09779@charon.MIT.EDU> Sigh... You know, when things are on a delicate balance, a single message sent too soon can really screw things up. I can tell you for certain that your questions *will* be answered in due time, please wait for the final arrangements to be made. No, PGP 2.5 is *NOT* available (this second). Yes, there is one in the works, and I expect it Real Soon Now. Also, please do not condemn Bal or his keyserver for not accepting keys from versions of PGP before 2.4 -- as I understand it, that was part of the agreement in order to make 2.5 happen, but I really don't know all the details. In the immortal words of a famous vulcan, the needs of the many outweigh the wants of the few. in other words, this is for a greater good that this has been done. You may not like it right now, but you can feel free to use any keyserver you want. However in the long run, this will greatly increase the usage of PGP. Just imaging, a freeware version of PGP that is *LEGAL* in the United States!!! Just think of all the people who have said that they refuse to use it because of the patent question; when that question is resolved, when 2.5 is released, all these people will start using PGP freely and openly and greatly increase the population of PGP users! As for the security of PGP 2.5, well, I haven't seen the code personally, so I cannot comment. FYI: Phil was in the US last weekend, and unless he has left the country within the last 5 days, he is still here. please await more information as it get released...... -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From unicorn at access.digex.net Thu May 5 00:08:49 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 5 May 94 00:08:49 PDT Subject: Server clusterfuck Message-ID: <199405050708.AA18444@access1.digex.net> -> From: Derek Atkins Sigh... You know, when things are on a delicate balance, a single message sent too soon can really screw things up. I can tell you for certain that your questions *will* be answered in due time, please wait for the final arrangements to be made. No, PGP 2.5 is *NOT* available (this second). Yes, there is one in the works, and I expect it Real Soon Now. Also, please do not condemn Bal or his keyserver for not accepting keys from versions of PGP before 2.4 -- as I understand it, that was part of the agreement in order to make 2.5 happen, but I really don't know all the details. <- Then this should have be stated in the "press release" message he sent. As should have the details, what were available, of the PGP 2.5 release. The fact that the limitations on the keyserver were imposed only makes me wonder more. I hope the code of 2.5 is looked at real carefully. -uni- (Dark) From barrett at daisy.ee.und.ac.za Thu May 5 00:21:53 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Thu, 5 May 94 00:21:53 PDT Subject: Keyserver service outage In-Reply-To: <9405050410.AA11082@toad.com> Message-ID: > At that time, the keyserver will no longer accept keys that are > identified as having been created by versions of PGP lower than 2.4. > (PGP 2.4 is Viacrypt PGP.) It is my understanding that folk outside the USA can legally run PGP versions from 2.0 to 2.3a, but cannot legally run Viacrypt 2.4 or the RSAREF-based version 2.5, because they contain code that cannot be exported from the USA. Thus, it appears that the keyserver will not accept any legally created keys from outside the USA. I think that this is a bad thing. --apb (Alan Barrett) From warlord at ATHENA.MIT.EDU Thu May 5 00:23:12 1994 From: warlord at ATHENA.MIT.EDU (Derek Atkins) Date: Thu, 5 May 94 00:23:12 PDT Subject: Server clusterfuck In-Reply-To: <199405050708.AA18444@access1.digex.net> Message-ID: <199405050723.DAA10301@charon.MIT.EDU> > Then this should have be stated in the "press release" message he sent. > As should have the details, what were available, of the PGP 2.5 release. > The fact that the limitations on the keyserver were imposed only makes > me wonder more. My point is that this was not an official "press release", and IMHO the message should *NOT* have been sent untl an official PGP 2.5 press release is made. At this point in time, it is still unclear when PGP 2.5 is going to be released (although I suspect that it will be released RSN). As I said, I do know that the limitation son the keyserver were part of the bargain to get a legal non-infringing freeware version of PGP... Take that any way you want. Onoce I see the code and can peruse it, I will probably trust 2.5 as much as I have trusted other versions of the code. > I hope the code of 2.5 is looked at real carefully. Trust me, it will be! -derek From unicorn at access.digex.net Thu May 5 00:25:52 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 5 May 94 00:25:52 PDT Subject: Server clusterfuck Message-ID: <199405050725.AA19530@access1.digex.net> -> As I said, I do know that the limitation son the keyserver were part of the bargain to get a legal non-infringing freeware version of PGP... Take that any way you want. Onoce I see the code and can peruse it, I will probably trust 2.5 as much as I have trusted other versions of the code. > I hope the code of 2.5 is looked at real carefully. Trust me, it will be! -derek <- Fair enough Mr. Atkins. And thanks! -uni- From scheida at earlham.edu Thu May 5 00:30:14 1994 From: scheida at earlham.edu (David Scheidt) Date: Thu, 5 May 94 00:30:14 PDT Subject: Anonymous phone calls. Message-ID: <0097DF47.10FD12BC.59@earlham.edu> > I asked this a while ago, but my mail system has some problems and >I don't know what the responses were, if any.... > > Is there any way to make a phone call anonymously? Caller ID can be >blocked somewhat with one of those *## numbers dialed before the call >is made. Is there a way to route a call through a series of phone-type >remailer systems? This would allow one to make a call that would be as >hard to trace as anonymous mail. > > Any ideas? > I know that the PBX my school is behind shows up in the outside world as one of a limited set of trunk numbers. This means that calls to the real world will show up as a number other than the one you are calling from, and also that it is not likely to be the same number on any given pair of calls. A friend discovered this when dealing with an AT&T long-distance relay operator. They have an 800 number you call, and then they will bill the number that their ANI pulls off. I should think that AT&T of all people would have a good enough system that if it were possible to get the number they would manage it. The Operator, whom my friend knew, commented that the number was odd, and this led to some expirmentation which confirmed the number was not his, and a couple of other similiar things. I would suspect that there are many other PBX's which operate in a similiar manner. david -------------------------------------------------------------------------------- David Scheidt scheida at yang.earlham.edu "If we don't remember what we do, how will we know who we are?" -Ronald Reagan From barrett at daisy.ee.und.ac.za Thu May 5 00:56:00 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Thu, 5 May 94 00:56:00 PDT Subject: Server clusterfuck In-Reply-To: <199405050723.DAA10301@charon.MIT.EDU> Message-ID: > As I said, I do know that the limitation son the keyserver were part > of the bargain to get a legal non-infringing freeware version of > PGP... Take that any way you want. Let's see if I understand this correctly. There is some deal, between parties as yet unnamed, but presumably including PKP/RSADSI as one of the parties. This deal licences RSAREF for use in a new version of PGP, and requires one particular keyserver to be crippled in such a way that it ceases to accept keys that appear to have been created by certain versions of PGP. Right? I wonder what advantage PKP/RSADSI sees in crippling this one keyserver, since everybody can simply continue to use non crippled keyservers. --apb (Alan Barrett) From ebrandt at jarthur.cs.hmc.edu Thu May 5 01:36:37 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Thu, 5 May 94 01:36:37 PDT Subject: Keyserver service outage In-Reply-To: Message-ID: <9405050836.AA13734@toad.com> > It is my understanding that folk outside the USA can legally run PGP > versions from 2.0 to 2.3a, but cannot legally run Viacrypt 2.4 or the > RSAREF-based version 2.5, because they contain code that cannot be > exported from the USA. Think about this. Under whose law would your running PGP 2.5 be illegal? Your country's perhaps, I don't know. But the U.S. has no law against foreigners (who aren't under its jurisdiction, anyway) using encryption. Now, it's illegal under the ITAR for someone in the U.S. to export any version of PGP, or almost any crypto software. This is for National Security reasons, natch. And most U.S. use of pre-2.4 versions probably infringes on RSA's patent on the math behind PGP. But once it's over the border, none of this matters (until GATT extends the miracle of uniform software patents to its signatories). Eli ebrandt at hmc.edu From bart at netcom.com Thu May 5 03:55:44 1994 From: bart at netcom.com (Harry Bartholomew) Date: Thu, 5 May 94 03:55:44 PDT Subject: Toolkits, Bugs, and Interfaces Message-ID: <199405051056.DAA08550@netcom.com> Ten days ago Tim May ended a post on Toolkits: "For digital money to succeed, there had better not be flaws and loopholes that allow attackers to drain your money away or to cause confusion and doubt amongst your customers!..." I think near certainty of correct function is needed for all cryptographic software to find acceptance with the general public. Of the the aspects needed, algorithmic correctness has received most attention here thusfar. I want to second Tim's call for a Toolkit in particular relation to two other needs: a facile user interface and freedom from bugs. These are necessary so that when Alice Anyone feels the need for crypto, she can get software, easily used, that prevents foolish misuse, and is both free of bugs and weakness to attack. At the state of the art, we cannot guarantee these any more than we can assert the future security of our algorithms. But our best approach is to get working tools into the hands of testers and critical users to begin the process of debugging and revision. I would suggest that cypherpunks both write and test code. I recommend two books to stimulate thought on debugging and interface design, both of which I enjoyed reading. "Digital Woes: Why we should not depend on software" by Lauren Ruth Weiner is a new, (First printing - Sept.93) work about bugs. In 209 pages, backed by 365 citations to the literature (often comp.risks), it offers a view of the range of software failures that have occurred. Perhaps we can attend to history and not need to repeat it. Donald Norman's "Design of veryday Things" is an outstanding work on interface design. An excerpt that I read in Dr. Dobbs one morning made me rush to a bookshop and buy it before noon! HOW TO DO THINGS WRONG If you set out to make something difficult to use, you could probably do no better than to copy the designers of modern computer systems....: * Make things invisible. Widen the Gulf of Execution: give no hints to the operations expected. Establish a Gulf of Evaluation: give no feedback, no visible results of the actions just taken. Exploit the tyranny of the blank screen. ... * Be inconsistent: change the rules. Let something be done one way in one mode and another way in another mode. This is especially effective where it is necessary to go back and forth between these modes. ... * Make operations dangerous. Allow a single erroneous action to destroy invaluable work. Make it easy to do disastrous things. But put warnings in the manual; then when people complain, you can ask, "But didn't you read the manual?" From MWayne at eworld.com Thu May 5 04:11:41 1994 From: MWayne at eworld.com (MWayne at eworld.com) Date: Thu, 5 May 94 04:11:41 PDT Subject: MacPGP Help Needed Message-ID: <9405050411.tn30743@eworld.com> -----BEGIN PGP SIGNED MESSAGE----- Greetings-- I am trying to add a key to my public ring..when I indicate which text file to read, I get an ewrror message...as follows: > No keys found in 'Spectrum:Desktop Folder:Untitled 1'. > Keyring add error. > For a usage summary, type: pgp -h > For more detailed help, consult the PGP User's Guide. I am using MacPGP 2.3 (v1.05), the file is a text file, the key was generated with the ViaCrypt version of PGP Thanks in advance - --Mitch -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLcgc1TIAcJ9oIU2VAQF1PwP+MpLtaa/+Qn2FV4UtobQSve4L0Sg+daGK vYxbvzdtBlk83LYH8Lm1zE1xXmet5mqND0uvaJVZvXI9iFKcNOZ8vBmg/GKCdGOe reoACv8cgIdl5uWo/yP5LwWAdVsDawelOl+fnw7/KIl8+IUmL4eJ99QagI0QynHm Kve9LHuJIb4= =RyJ+ -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi2eV7AAAAEEAM2RhjhZynZHT7jCXVFTuJLsoq0OIiEgI/bSsPyrkZK8Y4Lt YZRSimv1Z3sX+pswbMuIIzxxUjAtlm3ICEHxXlNDhULphLqYCoMnodtwJNqxYZ9V qmSyndYs8CHuoTjBSjvQjmEgtrgC+RTzRI07p+EXOPSD9Ba3JDIAcJ9oIU2VABEB AAG0H01pdGNoIFdheW5lIDxNV2F5bmVAZVdvcmxkLmNvbT6JAJUCBRAtvgRS/O3L BWk4oUkBAesLA/0bB9RaUb1FWpi2wFZBnT/Ee/mpHPAlEU7KaqXppPYmdt592TN6 J5S95iXKBCz4YXw4mvaBQX6xB9aeFotKNlxDrUOO9EIEnyeLxRHNy7rVT/VPfCVt 8GZo8O3JFdmphqpoBhWdxtatbE1MJxj1AI0DSvd0viZeQqf3Qvbg3cyhMIkAlQIF EC2372oyAHCfaCFNlQEBRGoEAIeL9+jJiVCtMpbS0jXfJdGG9HcFXBnkOklg3XYc cHNwo+z4BbbxmBzRLToztmtfHIfZ9urebu4kbCUG3F3kkXawSbd4fn/bsYpyfBaO sUfaRSeBtK2yPh4LlW0yVdDZhDzAjpX51Lu5SF+vbs9yC0vHlGJ1ArurzRCvowUa xOATtCdNaXRjaCBXYXluZSA8NzEyNDEuMzUzNEBjb21wdXNlcnZlLmNvbT60HU1p dGNoIFdheW5lIDxNSFdheW5lQGFvbC5jb20+ =m2yi -----END PGP PUBLIC KEY BLOCK----- From MWayne at eworld.com Thu May 5 04:32:31 1994 From: MWayne at eworld.com (MWayne at eworld.com) Date: Thu, 5 May 94 04:32:31 PDT Subject: Keyserver service outage Message-ID: <9405050432.tn30763@eworld.com> -----BEGIN PGP SIGNED MESSAGE----- OK--so what about those of us who use MacPGP 2.3? Is there a new version 2.5 for Mac? If so where do I get it if I can't ftp to a site (sorry folks...don't hate me 'cause I don't have full Net access (yet!!))... - --Mitch -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLciSCzIAcJ9oIU2VAQEOGwP/bnX4Y/E2mPkPJdGmE1RXDMrLObrEtS19 XtrPVoAb3cZyqXE2IK9wWpBe65TwuMD8SxSk//hEe6Mw2j+mWoDOfOCwYAII+F86 wpuHdTLnDxThS109H5VyvH++g1/+n6xpAcAZFs4KILnLjXwcJMBabrnGDTjuS/Ld D76Ny9wKPiQ= =VYWy -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAi2eV7AAAAEEAM2RhjhZynZHT7jCXVFTuJLsoq0OIiEgI/bSsPyrkZK8Y4Lt YZRSimv1Z3sX+pswbMuIIzxxUjAtlm3ICEHxXlNDhULphLqYCoMnodtwJNqxYZ9V qmSyndYs8CHuoTjBSjvQjmEgtrgC+RTzRI07p+EXOPSD9Ba3JDIAcJ9oIU2VABEB AAG0H01pdGNoIFdheW5lIDxNV2F5bmVAZVdvcmxkLmNvbT6JAJUCBRAtvgRS/O3L BWk4oUkBAesLA/0bB9RaUb1FWpi2wFZBnT/Ee/mpHPAlEU7KaqXppPYmdt592TN6 J5S95iXKBCz4YXw4mvaBQX6xB9aeFotKNlxDrUOO9EIEnyeLxRHNy7rVT/VPfCVt 8GZo8O3JFdmphqpoBhWdxtatbE1MJxj1AI0DSvd0viZeQqf3Qvbg3cyhMIkAlQIF EC2372oyAHCfaCFNlQEBRGoEAIeL9+jJiVCtMpbS0jXfJdGG9HcFXBnkOklg3XYc cHNwo+z4BbbxmBzRLToztmtfHIfZ9urebu4kbCUG3F3kkXawSbd4fn/bsYpyfBaO sUfaRSeBtK2yPh4LlW0yVdDZhDzAjpX51Lu5SF+vbs9yC0vHlGJ1ArurzRCvowUa xOATtCdNaXRjaCBXYXluZSA8NzEyNDEuMzUzNEBjb21wdXNlcnZlLmNvbT60HU1p dGNoIFdheW5lIDxNSFdheW5lQGFvbC5jb20+ =m2yi -----END PGP PUBLIC KEY BLOCK----- From jims at Central.KeyWest.MPGN.COM Thu May 5 04:36:00 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 5 May 94 04:36:00 PDT Subject: Clipper and Congress In-Reply-To: <199405050419.AAA24882@eff.org> Message-ID: <9405051117.AA16933@Central.KeyWest.MPGN.COM> > Unlike the Senate panel, there seemed to be some support for the Clipper > proposal on the House Subcommittee. Rep. Dan Glickman (D-KS), I wonder if these Representatives (and Senators for that matter) would be so supportive of Clipper if they were reminded that for it to be effective even THEY would have to have the chip on THEIR HOME PHONES, THEIR OFFICE PHONES, THEIR CELLULAR PHONES... I doubt many Congressional members are "clean" enough to support a chip with such a threat over their lives. "Hey, Rep. Joe Smith, did you know that if someone wanted to make a few dollars they could get the key from escrow and blackmail you about that affair you've been having!?" Just a thought Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From gtoal at an-teallach.com Thu May 5 04:40:28 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 5 May 94 04:40:28 PDT Subject: Keyserver service outRAGE Message-ID: <199405051140.MAA22082@an-teallach.com> : From: Black Unicorn : This is silly. : Why a server would want to use licensed code is understandable. : Why a server would try to restrict keys generated by versions other : than 2.4 & the mysterious 2.5 is moronic. They were told to as part of the deal to get the license. : I will not use this server regardless of which version I have and use, : and I urge others to resist the use of this server as well. : This policy only serves to create suspicion and drain confidence in : versions of PGP over 2.3a. No no, you missed the point! 2.5 will be made *public*! It's not another private viacrypt job. : I ask the following questions: : Will source code be available for PGP2.5? Of course. : Who was responsible for the modifications that make PGP2.5, version 2.5? : I ask the operators of the remaining servers to remove the MIT server : from their automatic mirror update list and to avoid a policy of excluding : keys generated by any "non-conforming" software in their own operations. I don't think they'll listen. They understand the politics better than you do. : I ask users of PGP not to add future keys to the offending server. Why? Add it to any one and it'll end up there. : I call on cypherpunks to estlablish less formal key servers and develop : more stealthy and secure methods of key distribution. Now you're just talking crap. Uni, hush now, shut up, and listen. You've entirely missed the point here. This is a major tactical strike for pgp. We finally have an entirely legal pgp, thanks to some excellent net.politics from the guys at MIT. The restriction on what new keys they accept was part of the deal, but stop and think what it really means - is it going to affect *anybody*? And what's to stop you fetching 2.5 and loading/re-dumping your old key from that version? This is *good news*, and we don't need any half-cocked wallies spreading FUD over what is the best thing to happen to pgp ever. G From greg at ideath.goldenbear.com Thu May 5 05:00:16 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 5 May 94 05:00:16 PDT Subject: Anonymous phone calls. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >> Is there any way to make a phone call anonymously? Caller ID can be >> blocked somewhat with one of those *## numbers dialed before the call >> is made. Is there a way to route a call through a series of phone-type >> remailer systems? This would allow one to make a call that would be as >> hard to trace as anonymous mail. > There's a 1-900 number that is supposed to do this. > Which I could remember what it was. I think it's 1-900-STOPPER. Not sure, use it at your own risk. Routing calls through many locations is possible if you aren't wound up about toll fraud; once upon a time it was SOP, back when MCI and the rest all had 7-digit local dialups which gave you another dialtone; folks who wanted to make tracing a call tougher could call a local dialup, use a "k0de" and call a dialup across the country, use a "k0de" to call a third dialup, and so forth; finally use another "k0de" to call the real target. Signal quality decreases with each hop. I imagine that folks still do this with PBX's and the like, though my impression is that there isn't much left for a phreak to do these days. Don't forget our friend Mister Payphone. Not stylish, but still relatively anonymous. Also useful may be the pre-paid calling cards; Pat Townson (sp?), the Telecom Digest moderator, was selling them for awhile. I understand they're also available in truck stops and on college campuses, but can't remember seeing them. (Haven't gone looking, though). I've got a few of the ones that Pat was selling left, if anyone wants to pony up some Tacky Tokens. The ones I've seen involve an 800 number, so somebody knows you made the call - but if it's a peculiar little reseller connected to an aggregator who buys time from whoever's got it cheapest, it may be hard to track them down to make them talk. And, of course, there are any number of ways to "borrow" a phone with varying degrees of legality/morality - lots of places around town here have "courtesy phones" where you can make a local call; just ask a salesperson in a department store, or look around at a university. If you've got a lineman's set - or a cheap $10 phone with alligator clips instead of an RJ-11, any phone line can be yours, for a few minutes. I guess the short answer is that the really anonymous ways aren't convenient or legal, if it's a long-distance call. Remember, blocking caller ID means that the called party doesn't know who called, but the phone company still does. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcjbqX3YhjZY3fMNAQHszQP/VFbx/H7wIHTgo0q1cs7KtWL7BDaaNCMH TF5xjGCYnnvJiCblw4uPjiMsHMwq01fO8duqD6H5+9KtBtAG8dEAD9IMUTITS+/3 mE2mGNRYI9xpIyzCLevTC5llTRIMhHhx/XweWtuJyf3vJzlwkRH7s8VHAdSeoO08 73Vj8XCcszU= =YjOb -----END PGP SIGNATURE----- From cdodhner at indirect.com Thu May 5 05:05:07 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Thu, 5 May 94 05:05:07 PDT Subject: Anonymous phone calls. In-Reply-To: <199405042311.AA10041@comm.Tandem.COM> Message-ID: On 4 May 1994 GRABOW_GEOFFREY at tandem.com wrote: > I asked this a while ago, but my mail system has some problems and > I don't know what the responses were, if any.... > > Is there any way to make a phone call anonymously? Caller ID can be > blocked somewhat with one of those *## numbers dialed before the call > is made. Is there a way to route a call through a series of phone-type > remailer systems? This would allow one to make a call that would be as > hard to trace as anonymous mail. Yes, there are many ways to make nearly imposible to trace phone calls. Unfortunately, all that I know of involve stealing telephone service / toll fraud of some sort or another (in other words, if you are evading the trace functions for increased privacy, you are also evading the billing mechanisms...) For more info I suggest you moniter alt.2600, #hack, and #phreak. Also look into buying some back issues of 2600 magazine as well as retrieving all the back issues of things like PHRACK magazine and CuD. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From cdodhner at indirect.com Thu May 5 05:07:15 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Thu, 5 May 94 05:07:15 PDT Subject: Anonymous phone calls. In-Reply-To: <199405050617.AA16608@access1.digex.net> Message-ID: On Thu, 5 May 1994, Black Unicorn wrote: > > Is there any way to make a phone call anonymously? Caller ID can be [quoted text deleted] > There's a 1-900 number that is supposed to do this. Don't *ever* trust something like that for anything important. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From daily%cbpi.UUCP at DMC.COM Thu May 5 05:17:43 1994 From: daily%cbpi.UUCP at DMC.COM (daily%cbpi.UUCP at DMC.COM) Date: Thu, 5 May 94 05:17:43 PDT Subject: Anonymous phone calls. Message-ID: <0097DF774D0E63C0.00003A54@cbpi.UUCP> > Is there any way to make a phone call anonymously? Caller ID can be >blocked somewhat with one of those *## numbers dialed before the call >is made. Is there a way to route a call through a series of phone-type >remailer systems? This would allow one to make a call that would be as >hard to trace as anonymous mail. > Any ideas? < G.C.G. The best way to make a truly anonymous call is to hack a pbx. Most of them have a feature(This feature is turned off by default on AT&T pbx) that allows you to call into the pbx from any phone and get a second dial tone. Sometimes there is a code(4-8 digits on AT&T) you must enter to get the second dial tone. Also, you might have to dial the trunk access code (usually 8 or 9) to get an outside dial tone. The first dialtone lets you enter an extension # in the pbx. The reason that this is the best way is because if you are using a 900 service to make the anon call, you get billed at the number you are calling from, so if there were a trap on the line you were calling, they'd have the 900 service provider's number, the 900 service provider would have your number, and you'd no longer be anonymous. With the pbx hack, the likely hood of a trap being on this line is next to nothing. If there were a trap on the number you were making the anon call to, they would only get the number of the trunk that your call left the pbx on, not the number you were calling from. jim at cbpi.com From pfarrell at netcom.com Thu May 5 05:25:33 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 5 May 94 05:25:33 PDT Subject: MFC, was [Visual Basic (yes, Basic!), and "VBX" tools Message-ID: <30154.pfarrell@netcom.com> In message Wed, 4 May 94 13:36:38 -0700, hughes at ah.com (Eric Hughes) writes: >> fortuitous decision to incoporate Windows "foundation classes" (a C++ >> notion, of course) into Visual Basic > > Classes are C++. Foundation classes are Microsoft Foundation Classes, > are just a large library that Microsoft wrote which is also included > in the C++ compiler products. It is correct that MFC is simply a set of C++ classes, which are included (and their source) in the Microsoft Visual C++ environments for Windows and Windows NT. But there are significances to MFC that should be mentioned. (They are also included in the Samatec [sic] compiler products. Probably others RSN) First, MFC (and related parts of MSVC) makes writing Windows applications orders of magnitude easier than using the old SDK approach. Just as with the Borland class suite, no one who has used MFC will ever go back to hand-coding SDK calls, except for the occasional wild hack. Secondly, and IMHO more importantly, MFC 2.5 makes it easy to write OLE 2.0 compliant applications. OLE is the foundation of Microsoft's "component software development" approach (see last month's Byte for a good overview). OLE is how Microsoft expects folks to hook applications together in a seemless way. OLE is used currently in Office to make Word, Excel and Powerpoint interoperate transparently, and its use will grow when Chicago is released (RSN, I know) With little work, a programmer should be able to make an OLE server that allows users to drop Word, Excel, or other documents into an "encryption server" or write an OLE client that uses the server. Most of this can also be done with Visual Basic, which is a cool tool. But Visual C++ is still C, so it makes grabing parts of PGP or PGPTools and building them into the servers and clients is much more "native" Thirdly, MFC effectively isolates the programmer from the OS. As a long time assembly hacker, I wasn't too keen on this. But MFC makes porting trivial for most Windows and Windows for Workstations (aka NT) apps, and RSN we are supposed to get MFC for the Macintosh. This will cover some huge portion of the desktop computing universe. Once you are above 95% of the market, I don't care about arguing the last percent or two. For those on this list that like to "write code" and speak some C or C++ I strongly recommend looking at Visual C++ and MFC. At $129 for the "competitive upgrade" it is even pretty cheap. Please followup off list if you need more info, like recommended configurations, etc. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From werner at mc.ab.com Thu May 5 05:27:49 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Thu, 5 May 94 05:27:49 PDT Subject: The Value of Money Message-ID: <9405051228.AA16196@werner.mc.ab.com> >Date: Wed, 4 May 1994 17:24:13 -0400 (EDT) >From: Llywelyn > >Unless of course you have a $ bill that is a specie note. I have a few ten >dollar bills that state that they are redeemable for specie. I have some funny money, myself. I have several of the original federal reserve notes, that came out after the U.S. went off the silver standard. They look just like a silver certificate, except they say they are redeemable in "lawful money" instead of "silver". A couple of years later, once the fuss had died down, they changed them to say that they ARE "lawful money". Of course, if you took one of the original federal reserve notes to a federal reserve bank to redeem it, they just gave you another one, but the impression they gave the public was that you COULD get silver (i.e., what the public considered to be "lawful money") if you really wanted it. I had an interesting experience in the late '70s with a torn $50 bill. A friend's pit bull had chewed it, but it was mostly still there. Neither of us had a bank account, as we were trying to pretend we were bigshots (no paper trails, etc.). Since I was travelling occasionally to Wash, DC, I told him I could take it to the treasury department and get a good one. They took the bill away from me, and gave me a check for $50! I had to get my girlfriend to cash it. tw From pcw at access.digex.net Thu May 5 05:33:24 1994 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 5 May 94 05:33:24 PDT Subject: EFF Summary of May 3 1994 Clipper and Digital Telephony Hearings Message-ID: <199405051233.AA29084@access1.digex.net> Dr. Farber suggested that at >the very least Congress weld into law a guarantee that Clipper remain >voluntary, that the Judiciary be an escrow holder. He cautioned, in the >words of Benjamin Franklin, "They that can give up essential liberty to >obtain a little temporary safety deserve neither liberty nor safety" Ben Franklin also said, "Three can keep a secret if two are dead." From pcw at access.digex.net Thu May 5 05:35:57 1994 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 5 May 94 05:35:57 PDT Subject: Clipper and Congress Message-ID: <199405051233.AA29098@access1.digex.net> > > >> Unlike the Senate panel, there seemed to be some support for the Clipper >> proposal on the House Subcommittee. Rep. Dan Glickman (D-KS), > > I wonder if these Representatives (and Senators for that matter) would be > so supportive of Clipper if they were reminded that for it to be effective > even THEY would have to have the chip on THEIR HOME PHONES, THEIR OFFICE > PHONES, THEIR CELLULAR PHONES... > > I doubt many Congressional members are "clean" enough to support a chip > with such a threat over their lives. > > "Hey, Rep. Joe Smith, did you know that if someone wanted to make a few > dollars they could get the key from escrow and blackmail you about that > affair you've been having!?" > > Just a thought > Jim > At one of the earlier CSSPAB board meetings, a bunch of law enforcement officers came to speak about Clipper. They pointed out that 13 states do not allow their state and local police to use wiretaps. Some officers surmised that this was because wiretaps are really valuable in cases of bribery and corruption. I.e. where crimes can be committed through talking. >-- > Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ > P.O. Box 2310 Programmer Internet: jims at mpgn.com > Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 > (305)293-8100 PGP via email on request. > 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From joshua at cae.retix.com Thu May 5 05:41:39 1994 From: joshua at cae.retix.com (joshua geller) Date: Thu, 5 May 94 05:41:39 PDT Subject: The Value of Money Message-ID: <199405051241.FAA06726@sleepy.retix.com> > The idea is to create a unit of currency whose value is convenient for > typical transactions. Some amount that is easily grasped by the average > person. Originally the US dollar was 1/20th of an ounce of gold. That > amount of gold, today, has the buying power of US$18, or so. A bag of > groceries more or less. The amount of gold determines the total value of > the money supply, but the number of people and transactions in which it > must take part determines the number and denomination of bills and coins > to be printed and minted. in 1875 you could get a colt .45 for a $20 gold piece. you still can. I am sort of confused by all these folks talking about precious metals as if they still have something directly to do with currency. I thought they hadn't for some decades. josh From joshua at cae.retix.com Thu May 5 05:49:45 1994 From: joshua at cae.retix.com (joshua geller) Date: Thu, 5 May 94 05:49:45 PDT Subject: EFF Summary of May 3 1994 Clipper and Digital Telephony Hearings Message-ID: <199405051248.FAA06730@sleepy.retix.com> > The Administration continues to maintain > that the market would accept the Clipper standard based on the > assumption that it is the strongest encryption scheme, regardless of who > holds the keys. but that is just an assumption if the algorithms are not available for study. > NSA's Clinton Brooks expressed support for Congressional Consideration > of the Clipper issue. He argued that Clipper is a sound technological > solution to a legitimate law enforcement and National Security dilemma, > and that a public debate on its merits would eventually remove the > misinformation and mistrust of government, and would prove Clipper to be > in the public interest. and 'a public debate on its merits' is difficult when details are secret. josh From rah at TIAC.net Thu May 5 05:59:29 1994 From: rah at TIAC.net (Robert Hettinga, Shipwright Development Corp.) Date: Thu, 5 May 94 05:59:29 PDT Subject: The Value of Money Message-ID: <199405051258.IAA18871@zork.tiac.net> GRABOW_GEOFFREY at tandem.com asked: >Didn't Nixon take the U.S. off of the gold standard? > Sort of. The market made him do it. Any real bankers out there can answer this better than I can. The way I remember it, the Bretton Woods agreement made the "dollar as good as gold", which was intended to stabilize the postwar economy and back up the Marshall plan, I think. In the late '60s and early '70s, the european economy was good enough that people (Charles DeGaulle's government in France, among them) started to call the US Treasury's bluff, and cash in dollars for gold. I believe Nixon made two changes. First, he decoupled the dollar from the price of gold, thus making the dollar more explicitly a part of the floating exchange rate mechanism (or more so, anyway). Second, he started making it legal for americans to own gold again, something FDR outlawed during the depression. Moving it more towards crypto here. . . IMO, someday there *will* be a strictly digital, anonymous, liquid medium of exchange, a currency, simply because computer transmissions are just another means to transmit promises, like metal and paper. However, the next real step in that direction is to develop "securities" like money market instruments, which are denominated in an existing currency, but are "traded" not by institutions, but by people and/or business on the internet, in order to meet very real needs, like selling software, information, entertainment, etc. I guess that's why I subscribed to this list, and why I'm somewhere in the middle of the stream cypher section of Schneier's book. :-). Bob ----------------- Robert Hettinga "There is no difference between someone Shipwright Development Corporation eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02313 USA snakes." -- Bertrand Russell (617) 323-7923 From frissell at panix.com Thu May 5 06:08:47 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 5 May 94 06:08:47 PDT Subject: Anonymous phone calls. In-Reply-To: Message-ID: On Thu, 5 May 1994, Greg Broiles wrote: > Don't forget our friend Mister Payphone. Not stylish, but still > relatively anonymous. Also useful may be the pre-paid calling cards; > Pat Townson (sp?), the Telecom Digest moderator, was selling them > for awhile. I understand they're also available in truck stops and > on college campuses, but can't remember seeing them. (Haven't gone > looking, though). I've got a few of the ones that Pat was selling Any place that handles Western Union Money Transfers (one in every town at least) will also sell the new Western Union Phone card ($5-$50 denominations). Call an 800# punch the codes on the card in and get a dial tone. Costs about 60 cents a minute but worth it if you need it. DCF "Why did William Jefferson Blythe Clinton accept a Rhodes scholarship when women (and non Commonwealth citizens) were excluded from same? Sounds like a racist, sexist, bigoted, and (for all we know) homophobic act to me." From adam at bwh.harvard.edu Thu May 5 07:07:48 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 5 May 94 07:07:48 PDT Subject: Keyserver service outage In-Reply-To: Message-ID: <199405051406.KAA24364@duke.bwh.harvard.edu> | It is my understanding that folk outside the USA can legally run PGP | versions from 2.0 to 2.3a, but cannot legally run Viacrypt 2.4 or the | RSAREF-based version 2.5, because they contain code that cannot be | exported from the USA. Thus, it appears that the keyserver will not | accept any legally created keys from outside the USA. I think that this | is a bad thing. I think folks outside the US can legally run 2.4 or 2.5, as there are no restrictions in their countries on using that software. The difficulty is getting it outside of the US without getting anyone in trouble. Perhaps this would be a time to try the 'exporting code on paper' thing that was discussed as a way to get the AC source out of the USA legally. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From hughes at ah.com Thu May 5 07:13:28 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 5 May 94 07:13:28 PDT Subject: The Value of Money In-Reply-To: <199405051258.IAA18871@zork.tiac.net> Message-ID: <9405051411.AA04117@ah.com> >However, the >next real step in that direction is to develop "securities" like money >market instruments, which are denominated in an existing currency, but are >"traded" not by institutions, but by people and/or business on the >internet, in order to meet very real needs, like selling software, >information, entertainment, etc. Your Fidelity Mutual Fund account is denominated in dollars, held in stocks, and clears through the ACH system. Sounds pretty close to me. Right now Fidelity nominally sells your stock when you withdraw and buys more when you deposit (in practice they net their customers against each other, I'm sure). Suppose you write a 'check' (it's not _really_ a check, just very close to one) on your Fidelity account and someone else deposits it to their Fidelity account. Fidelity can do an "on-us" clearing of the check and it never leaves Fidelity's hands. Only some accounting records have changed reflecting a change in the distribution in funds. Make this kind of transfer fully electronic and you have the beginnings of a fully private currency. Eric From m1tca00 at FRB.GOV Thu May 5 07:33:25 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Thu, 5 May 94 07:33:25 PDT Subject: Keyserver service outRAGE Message-ID: <9405051430.AA10487@mass6.FRB.GOV> -----BEGIN PGP SIGNED MESSAGE----- gtoal at an-teallach.com (Graham Toal) sez: [...] > The restriction on what new keys they accept was part of the deal, but > stop and think what it really means - is it going to affect *anybody*? Yes, it will effect those not in the U.S. Or did you forget about them? > And what's to stop you fetching 2.5 and loading/re-dumping your old > key from that version? ITAR. [...] rgds-- TA (tallard at frb.gov) I don't speak for the Federal Reserve Board, they don't speak for me. pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcjYyKAudFplx0TNAQH+cgP9EG7/jn0XdD1ZmCZTK4mk+VEjie13LXwH V927mWRLLgSu11Tj+6SsdNg9g9R2xIpXt47mMGetr3n6A6hB35UshaGAxyMPNI4V bBetgRTZUx2wzKbd2V3Gyi8hxw6Kf64FuCZnUZNe5Ds6Jg2w8Do8a4AYCbV5Ua/M 1s/MtSUY9Dk= =1vax -----END PGP SIGNATURE----- From jdwilson at gold.chem.hawaii.edu Thu May 5 07:52:08 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 5 May 94 07:52:08 PDT Subject: Visual Basic (yes, Basic!), and "VBX" tools In-Reply-To: <199405042311.AA24889@comm.Tandem.COM> Message-ID: On 4 May 1994 GRABOW_GEOFFREY at tandem.com wrote: > I agree 100%! Just check out some of the ZIP files of Windows programs > on the FTP sites. Many of them include VBRUNxxx.DLL and VBX files. > These are the telltale signs that the product was written in VBASIC. > Even WinPGP was written using it! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > G.C.G. > Where can I find WinPGP? 'Thanx! -Jim -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From trestrab at GVSU.EDU Thu May 5 07:57:14 1994 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Thu, 5 May 94 07:57:14 PDT Subject: The Value of Money Message-ID: <9404057681.AA768160604@GVSU.EDU> Robert Hettinga writes: > GRABOW_GEOFFREY at tandem.com asked: > >>Didn't Nixon take the U.S. off of the gold standard? >> >I believe Nixon made two changes. First, he decoupled the dollar from >the price of gold, thus making the dollar more explicitly a >part of the floating exchange rate mechanism (or more so, >anyway). Second, he started making it legal for americans >to own gold again, something FDR outlawed during the >depression. The US$ was devalued from $35 to $38 /oz gold and the Treasury stopped redeeming dollars from anyone other than central banks in '69. This created a two tier market. The US devalued again in '70 (0r '71) to $45 /oz, and then threw in the towel and stopped backing the currency with anything other than "the full faith and credit of the US government" [:)]. US citizens were permitted to own gold bullion again as of Jan '75, under Ford. Jeff trestrab at gvsu.edu From talon57 at well.sf.ca.us Thu May 5 08:07:40 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Thu, 5 May 94 08:07:40 PDT Subject: one time pad plus Message-ID: <199405051458.HAA19929@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Ben replies; >Ok, I'm new to this crypto bit so I probably will have more >mistakes here than correct answers. Anyways I'm going to give a >shot. >1)If you have the secure channel(sneakernet) that you have to >re-init each time you use th eone time pad, then this will be most >likely a novelty, since Lousie could have slipped Thelma the >plaintext when she slipped her the pad. >2)If you're using a pad like this, if I'm not mistaken isn't this >what Kahn calls a 'book cipher' where it would be simpler to crack >than a true one time pad that is truly random. >3)Thelma could have used stenographic technology to send the same >information, she could have used faxes that when decoded could >yield a message(kinda like the old punch cards) >Anyways, this is just the view of a complete rank amateur. Give >me feedback y'all. Thanks for your comments Ben. Yes this does suffer from all the same problems of a classic one time pad. (pad exchange etc) Obviously Thelma and Louise should have exchanged mutiple pads well in advance,(and are co-conspirators) and the "pseudorandom pad" E would be exchanged through an alternate path (intercompany mail,sneakernet,messenger,etc). The part I find fun is that assuming random file B is truly random, say from an RS232 "crypto-dongle" (if anyone builds them, count me in!) then ciphertext file C is unbreakable, It dosen't matter if E is random or not, C is still unbreakable, and using E to decrypt will only produce D. This was not intended as a cure all, just an interesting application of cryptography that has interesting effects in the world of corporate politics as well. One small step for cypherpunks..... Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced comunication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLckIjNCcBnAsu2t1AQEubAP7B3t3cIiUkZXESOA53OMcXbpdLnu7qZXf Z+Q7tFC9kzYL9+weGXHVC2aEnjsjDUbxEYHgz4vw+T9fBdFr2g2RcQqM36+dKee+ BfuOtwKY4UCKtjw8W/BETaUpK2aNjeO2pXBdrzVpZHXu6xyM2n2QFmm4GiUDYPO9 xdzq0JcVH4U= =oPn1 -----END PGP SIGNATURE----- From dmandl at lehman.com Thu May 5 08:22:29 1994 From: dmandl at lehman.com (David Mandl) Date: Thu, 5 May 94 08:22:29 PDT Subject: Anonymous phone calls. Message-ID: <9405051522.AA21066@disvnm2.lehman.com> From: Duncan Frissell > "Why did William Jefferson Blythe Clinton accept a Rhodes scholarship when > women (and non Commonwealth citizens) were excluded from same? Sounds like a > racist, sexist, bigoted, and (for all we know) homophobic act to me." Current theory here in Brooklyn: Freemasonic/Trilateral/Illuminati connections (you know about Cecil Rhodes, right?). Looks like Willy was groomed for his present assignment from an early age. This is as good a time as any to post the following, which is not much less relevant to cypherpunk issues than a lot of other recent threads. And it's hilarious. As mentioned above, though, our current theory is slightly different. Enjoy. --Dave. ---------------------------------------------------------------------- Impeach Clinton --------------- by Rev. P. Lamborn-Wilson, M.O.C., U.L.C., etc., etc., The Deanery, Chatsworth, NJ Feb. 14, 1994 (no copyright--please reproduce freely) Clinton first came to the attention of the ILLUMINATI when he saved the asses of Grand Master Oliver North & Past Master G. Bush (the Freemasonic Messiah) by quashing the investigation into Mena Airport in Arkansas. We can use this cracker, they thought. Another Southern Democrat whose name starts with "C." The Konspiracy may have to lay low for four years & this yuppie redneck'll fill the Bill. Sure enough, Bush loses it--bigtime--openly proclaims the Novus Ordo Seclorum--bombs Babylon in a vain attempt to destroy Illuminati archives--etc., etc. The CFR/Bilderbergers declare:--Bush must "lose." The Pres. of Japan (an inner-circle member) dons his special Medici-ring & sits next to Bush at sushi-time:--the whole world gawks as Bush pukes in the lap of this unsmiling samurai--Who's losing face? Who's losing _lunch_? ///// Lloyd Bensen (32-degree) takes hick Clinton to Bilderberg Konklave in Baden-Baden 6 months before the "election." Ushered into the inner sanctum Clinton hears the Offer from a hooded figure mit a Cherman accent und Harvard manners. "Look, Bill, all zis can be yours: real estate, blow-chobs, Sviss bank account, revenche, your name in 'History.' All you haff to do is serve Us for four years. Betray 'Liberalism' for four years. Stab in the back all those minorities who will vote you in:--Blacks, queers, women, the poor. Always you vill say 'compromise'--but holding a dagger in your schleeve. Betray Haiti. Betray homosexuals (and alienate the military!), betray Christians & burn their children, betray peace-lovers--bomb Iraq _again_! (we'll think of some lame excuse); betray women--transform them into their own oppressors. As for the poor, I have a great plan, Bill:--you will fund poverty programs by _taxing food stamps_. Hilarious, eh? Environmentalists? Talk green, dump chemicals in the wetlands. We will spread rumors about your use of 'pot,' Bill, so all the drug-fiends will vote for you--then we'll _intensify_ the 'War on Drugs.' You see? Beautiful concept, _nein_? In four years they will _beg_ us to return to power. The 'Liberals' themselves will vote for Quayle & Noriega in '96! Ha ha ha! Und zen, ve shall enchoy anuzzer tvelf years of Undiluted Power! Perhaps a war in Mexico? Hmm, let me think. Here, Bill, here's a million dollars for your 'election' campaign fund--that's just for starters, Bill. Now, sit here on this throne while this naked starlet sucks your crank, Bill. Promise them anything! I know! I've got it! Promise them _health-care_. Outlaw all herbs, vitamins, everything like that--we can't allow the unwashed swine to prescribe for themselves, can we now? Tsk tsk dear me no. Promise them health-care--& then raise their taxes! Give them SHIT, Bill. Eh? How do you like it? That wife of yours (sorry, Bill)--she can pose as an angel of mercy ... while you--tinpot JFK--pure simulation--first 'virtual' president--bumble toward Armageddon like some sinister clown. Power--the great aphrodisiac, eh Governor? Or should I say ... _Mr. President_???" From f_griffith at ccsvax.sfasu.edu Thu May 5 08:26:40 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Thu, 5 May 94 08:26:40 PDT Subject: The Value of Money Message-ID: <9405051526.AA20554@toad.com> >>Unless of course you have a $ bill that is a specie note. I have a few ten >>dollar bills that state that they are redeemable for specie. > >You'll have much better luck taking them to a numismatist than to Fort >Knox. Specie notes are, to the best of my knowledge, no longer redeemable >in specie. > >-- >Lefty (lefty at apple.com) >C:.M:.C:., D:.O:.D:. Right! All redemption promises were repudiated. Gold in 1933, silver somewhat later. From nobody at shell.portal.com Thu May 5 08:38:25 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 5 May 94 08:38:25 PDT Subject: theories about lack of crypto Message-ID: <199405051539.IAA01684@jobe.shell.portal.com> sorry if this appears twice; I sent a copy through one of the new anonymous remailers last night and it looks like it didn't make it. Or I messed up somehow ;) -----BEGIN PGP SIGNED MESSAGE----- Tim May brings up some interesting and valid points about crypto protocols. I think there are several reasons surrounding the slow pace of crypto protocol (particularly software) development; rather than list them let me explain the difficulties in setting up a "data haven" (as far as I can see): I - Difficulties 1. The usual stuff like finding the time to code and maintain software, including getting access to a workstation (or whatever, some net connected computer given that my home computer is a PC running MSDOS). 2. Say all this code gets written. To really be able to run a data haven, I'd need to own the machine it runs on, to have the power to call all the shots. Yes, maybe my internet provider charges $x per megabyte, but I seriously doubt I'd be allowed to use up 100 Megs of disk space, even if I payed (and charged a bit more for storeage to cover my expenses). Now I can get a SLIP account for about $50 a month where I live, and so if I had a spare computer to devote, I'd be set, sort of. I'd definitely need the machine to be available on a network, otherwise it would be too inconvenient and nobody would use it. Of course, I'd also need an easy to use digital cash system to accept payments. Same thing with top-notch anonymous remailers; to be able to turn off logging, and be in control of a hundred details, I need to own the machine. Same thing with digital banks. Who would use a bank that runs off of an account from an internet provider? Besides, I'd need to own the machine to setup the appropriate security measures, etc. 3. Legal issues. This is the biggest problem. By running a data haven (and this applies to many other cryptographic protocols, particularly ones that guarentee anonymity, etc.) I pretty much open myself up to a legal can of worms. All it takes is one person to store pirated software, one person to send death threats through my "strong" anonymous remailer, one person to forward Clarinet posts to usenet, and I'm potentially in for a battle. Craig Neidorf (phrack) went to court and racked up a legal bill of $100,000, all for the government to drop its case. Consider if somebody posted anonymous soliciting pirated software. Let's say in a year, I set up an anonymous remailer and digital bank, and it really is anonymous. Somebody posts, soliciting the source code for Chicago (just an example), offering $10 million dollars. Some anonymous person sends it off, and receives payment. Neither party is traceable, and both are very happy. Except me. How screwed do you think I'd be facing the legal department of Microsoft? Yeah, the solution is to relocate off-shore; this is not feasible for me. This is only the tip of it since a large number of the more interesting and useful protocols are patented. Sure, maybe the concept of software patents suck, but the fact it, it's legal until a court overturns it. And I don't have the money to mount a legal battle. There is a balance to be struck between offering totally anonymous remailing (for example) and keeping enough logs to keep out of potential legal trouble. The problem is that the balance falls closer to the logging side, which would scare off potential users/customers. II - Incentives Really, what are the incentives for running these services? None as far as I can tell, other than the satisfaction of doing it. Johan Helsingus (Julf of anon.penet.fi) spends hours a day maintaining his site, responding to complaints, etc. He provides a valuable service, which obviously is very popular... all the same, I'll bet when he asked for a donation of $5 per account to help defray costs, he got almost no response. III - Usage Why aren't people using DC-Nets, data havens, etc.? Because I don't think there is a reason to. I'm not saying that it's a waste of time to develop this software; it's just for now it'll be confined to experimental usage, research purposes, or just as a challenge to surmount. I mean, I know what a DC-Net is, but I can't think of a single reason I'd actually use one, other than for the heck of it. IV - Platforms Well, for me, it would be MS-DOS. I love UNIX too, but my home computer is 10 times more convenient to develop for. >it all...remailers appear and then vanish when the students go away or lose >their accounts, features added make past learning useless, and so on. Life All I can say is for the near future, I don't see any of this stuff being done by anybody other than "hobbyists". "The Internet Casino" This sounds great, in fact, I've thought of writing a crypto version of roulette or blackjack... something that would use a bit-committment protocol to committ to a shuffle or sequence of random number, and play you. Afterwards, you could check logs to verify you weren't cheated. Maybe I'll actually find some time this summer to write it, > Later protocols have not fared as well. Why this is so is of great > importance. I'm interested in hearing your theories about this, Tim. I too wish things were different, but I just can't do much about it. I still think we are in a "ease of use" phase. Most people on this list don't even pgp sign their messages, largely because it isn't convenient. It isn't surprising later protocols aren't faring well. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLchxHIOA7OpLWtYzAQGP1QP9HbB+1eHhF5otXP9ShcC7mu5vSDVTeIf2 SNr4u28WOgRRHFP4MQcsvYp7VM0ELNhIdMXpCiThgl2kVj0oomLNboCpW0HNW9jn 4dux0K0hGJqsoxeZhqvNEybIQiVPHg0VFdkwI6q79V+oHynlOOaNZyJXad6ZFwsv xxUlGjLdmK8= =AAzE -----END PGP SIGNATURE----- From habs at warwick.com Thu May 5 08:41:13 1994 From: habs at warwick.com (Harry S. Hawk) Date: Thu, 5 May 94 08:41:13 PDT Subject: Valid MacPGP?? In-Reply-To: <199405041958.AA13978@access1.digex.net> Message-ID: <9405051817.AA19334@cmyk.warwick.com> > > Mr. Hawk: > > Which version do you have? Mod date Fri July 2, 1993 5:48 pm 2.3 ver 1.0.5 /hawk From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Thu May 5 09:18:56 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Thu, 5 May 94 09:18:56 PDT Subject: Anonymous phone calls... Message-ID: <9405051618.AA21440@toad.com> One of the problems of using the pre-paid cards was brought to light recently in the Olympic incident of Harding/Kerrigan. Harding's husband bought one of the cards to make phone calls and they traced the calls back to him via the card, since you have to present valid ID to purchase those. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlowd at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable & slower: harlow at mqg1.usmc.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 PGP Public key available upon request "The views expressed are my own, and always will be..." From wcs at anchor.ho.att.com Thu May 5 09:36:09 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 5 May 94 09:36:09 PDT Subject: Keyserver service outage Message-ID: <9405051631.AA13478@anchor.ho.att.com> Adam Shostack writes: > I think folks outside the US can legally run 2.4 or 2.5, as > there are no restrictions in their countries on using that software. > The difficulty is getting it outside of the US without getting anyone Not true. The problem is copyright, which is honored by Berne Convention signers even if they don't have software patents or patent-after-publishing rules like the US. This includes Europe, the U.S., and many other places. ViaCrypt 2.4 is copyrighted by ViaCrypt, and RSAREF is copyrighted by RSA, so you won't be able to use 2.5 source outside the US either; not sure about binaries. There's an easy cure for this, though - if some non-North-American wants to write an RSAREF-compatible software package in C and distribute it as freeware, then it can be used in non-US versions of things that require RSAREF. An interesting question is whether PGP 2.5 will include any restrictions on the non-RSAREF portions of the source code, like not talking to earlier PGPs, or the RSAREF interface glue not being exportable or whatever. But we'll see real soon. Bill From m5 at vail.tivoli.com Thu May 5 09:41:24 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 5 May 94 09:41:24 PDT Subject: Anonymous phone calls... In-Reply-To: <9405051618.AA21440@toad.com> Message-ID: <9405051641.AA16891@vail.tivoli.com> SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil writes: > One of the problems of using the pre-paid cards was brought to light > recently in the Olympic incident of Harding/Kerrigan. Harding's husband > bought one of the cards to make phone calls and they traced the calls back to > him via the card, since you have to present valid ID to purchase those. Maybe in Norway you do, but not here. The Orange Cards were completely anonymous, I think, and there's certainly no reason that a card system couldn't be set up that is anonymous if those weren't. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From wcs at anchor.ho.att.com Thu May 5 09:42:10 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 5 May 94 09:42:10 PDT Subject: Lobbying/Politics/etc. Message-ID: <9405051640.AA13580@anchor.ho.att.com> > I suspect serious problems implenmenting a law that criminalizes crypto It wouldn't be that hard to get rid of lots of it, as long as they made exceptions to let the big corporate customers stay happy (e.g. banks). The key would be using the civil forfeiture abuse to let them confiscate computers that *appear* to be using illegal crypto; you can hire a lawyer to help you get your box back if they suspect it's got UnAmerican Software. Your goverment crypto license will let you use Clipper if you obey the rules; just think of it as your driver's license on the information superhighway.... The Feds could enforce the 55mph speed limits better if they used confiscation as well. Drowning in bad metaphors, .... Bill From beckman at smeagol.cs.hope.edu Thu May 5 09:50:46 1994 From: beckman at smeagol.cs.hope.edu (Peter Beckman) Date: Thu, 5 May 94 09:50:46 PDT Subject: Forwarded mail... Message-ID: <9405051650.AA12371@smeagol.hope.edu> > Return-Path: > From: beckman at sauron.cs.hope.edu (Peter Beckman) > Subject: Well... now how about this? > To: owner-cypherpunks at toad.com > Date: Mon, 2 May 1994 14:30:24 -0400 (EDT) > X-Mailer: ELM [version 2.4 PL17] > Mime-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > Content-Length: 1176 > > > I've been reading up and down about all this clipper crap. Is it pheasable/possible to let the gov't do their little happy encryption scheme, > > BUT > > encrypt our conversation before the gov't encrypts it, so then it's double encrypted, so if the gov't decrypts our "conversation, information, etc.." all they get is crap anyway since that's just the way it is? THen the gov't will be happy, programmers will get great jobs from big companies to install neato different encryption schemes into their phone/pbx/fax/computers so the gov't can't watch them and then let the gov't watch the bad guys (at least the little ones who can't afford to pay our big fees) and lock them up just like they say they will... > > TO SUMMARIZE.... > > Let the gov't do the clipper. Pre-encrypt all data transmission before the clipper, so they can't read/see/hear/smell/touch it. What do you people think... > > Farmer Pete, once again, the Devil's Advocate > > PS--may as well get an arguement going.. By the way, does anyone have just a big ole text file on how to get free games on video games(with out 1,000,000 tokens, smashing electrical things, or using a string and a hook)... thanks. > > From cknight at crl.com Thu May 5 10:09:19 1994 From: cknight at crl.com (Chris Knight) Date: Thu, 5 May 94 10:09:19 PDT Subject: Anonymous phone calls. In-Reply-To: <199405042311.AA10041@comm.Tandem.COM> Message-ID: On 4 May 1994 GRABOW_GEOFFREY at tandem.com wrote: > I asked this a while ago, but my mail system has some problems and > I don't know what the responses were, if any.... > > Is there any way to make a phone call anonymously? Caller ID can be > blocked somewhat with one of those *## numbers dialed before the call > is made. Is there a way to route a call through a series of phone-type > remailer systems? This would allow one to make a call that would be as > hard to trace as anonymous mail. > > Any ideas? > Buy a cellular phone, and put call forwarding on it. Set the phone to forward to your destination, then call your phone. This will block caller ID, and make other forms of tracing more difficult. And, in you live in Chicago, it can be used to make free phone calls... Details on that if you ask nicely... -ck From frissell at panix.com Thu May 5 10:19:37 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 5 May 94 10:19:37 PDT Subject: Anonymous phone calls... In-Reply-To: <9405051618.AA21440@toad.com> Message-ID: On Thu, 5 May 1994 SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil wrote: > bought one of the cards to make phone calls and they traced the calls back to > him via the card, since you have to present valid ID to purchase those. > > Sgt Darren Harlow - Computer Security Hesitating to correct the USMC... Some of the cards (there are now more than a dozen issuers) may be bought in circumstances where your ID is linked but Western Union doesn't ask and those who bought the Hallmark Cards with a $6 Sprint Phone Card inside were not "carded" at many cardshop checkout counters. DCF Don't ask me what my grandfather Col Duncan Phillip Frissell USA Quartermaster Corps used to say about the Marines... From autarchist at aol.com Thu May 5 10:43:55 1994 From: autarchist at aol.com (autarchist at aol.com) Date: Thu, 5 May 94 10:43:55 PDT Subject: Anonymous phone calls... Message-ID: <9405051343.tn183618@aol.com> >One of the problems of using the pre-paid cards was brought to light >recently in the Olympic incident of Harding/Kerrigan. Harding's husband >bought one of the cards to make phone calls and they traced the calls back to >him via the card, since you have to present valid ID to purchase those. I have bought these cards without having to present any kind of ID. Most truck stops sell them (at least in the southeast). However, there could be other ways for them to figure out who you are, such as interrogating all the people whom you used the card to call. From strick at versant.com Thu May 5 11:03:46 1994 From: strick at versant.com (strick -- henry strickland) Date: Thu, 5 May 94 11:03:46 PDT Subject: Anonymous phone calls... In-Reply-To: Message-ID: <199405051806.LAA27321@gwarn.versant.com> > > bought one of the cards to make phone calls and they traced the calls back to > > him via the card, since you have to present valid ID to purchase those. I bought a $10 "U.S. Telecard, Inc." Pre-Paid Phone Card from a vending machine in the Atlanta Airport two weeks ago. It has a PIN on the card, and uses AT&T long distance network. It's from some company in the Atlanta Area. It seems like they had three different companies named in the recording when you call the 800 customer assistance number -- a real entrepeneur! There were some flyers at the vending machine, touting the card's features: mainly, 1. it's easy to use 2. it uses AT&T long dist network. Privacy or Anonymity was totally unmentioned. Of course, privacy and anonymity are not thought of as features with european phone cards, either. People buy them because they want to use the phone. Of course, I blew my anonymity when I tested it, calling my own voicemail. So give it a try. Call 1-800-827-9860, PIN 480-500-0400. For international calls, dial 011-county-city-number. Cool computer voices. It has $9.96 left on it. You can't use "#" on your voicemail, because that's how you make a new call. "For additional time or Customer Assistance call 1-800-819-6111". p.s. these instructions (C) 1994 I.M.C. (US), INC. Copied without permission. also. this card is pretty bland, black on grey. if they put pretty pictures of atlanta and 1996 olympic themes on them, they may have something. From tcmay at netcom.com Thu May 5 11:04:26 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 5 May 94 11:04:26 PDT Subject: (fwd) Join our Betting Systems Re-development Project... Message-ID: <199405051805.LAA09904@netcom.com> I'm attaching a job offer here for a couple of reasons: - it mentions a new betting system programming job in Hong Kong (shades of the "Internet Casino"? Actually, no, not in this case...but it _could_ be...) - the focus on object-oriented methods to rewrite their transaction-processing system has echoes of the "protocol" problem we're talking about here - expect very similar projects, someday, for projects in the cypherspace --Tim Newsgroups: comp.object From: gu_jc5 at uxmail.ust.hk (Steven Wong) Subject: Join our Betting Systems Re-development Project Reengineering team Message-ID: <1994May4.062924.2984 at uxmail.ust.hk> Sender: usenet at uxmail.ust.hk (usenet account) Organization: Hong Kong University of Science and Technology Date: Wed, 4 May 1994 06:29:24 GMT Technology Architect Join our Betting Systems Re-development Project Re- engineering team The Royal Hong Kong Jockey Club is evolving into a sophisticated user of high volume transaction processing technology for one of the largest wagering systems in the world which handles over US$100 million each race meeting. To meet our user demands of tomorrow - for example design for real-time support of horse racing events around the globe - we now face the enormous challenge of re-developing the total technology base and infrastructure of these betting systems which will reach the end of their life by the end of the millennium. We are re-engineering with an objective to implement an up-to- date Open Distributed Systems and Object Orientation approach, in order to create flexible systems capable of supporting the demanding needs of the Hong Kong market place and to position us for absorbing change well into the next century. We are replacing systems at the client, network and senior levels. The re-development of our network includes the metropolitan area branch offices, two racetracks and a 1,600 workstation Telebet Auditorium. As Technology Architect working with the Application Architect and other members of the technical team you will undertake the task of developing benchmarks and supporting the Development and Technical Research and Planning teams to develop strategies for system development. With a penchant for problem solving, you must have strong practical experience in our planned technologies, and still be hands on with regard to coding and debugging. Experience with OO, C++ and Unix is essential. A knowledge of both written and spoken Cantonese would also be a distinct advantage. This Hong Kong based position will be on a fixed 2-3 year contract. To attract outstanding people, the packages will be mainly cash remuneration at a level reflecting experience and Hong Kong relocation/living costs. In the first instance, apply with full career details quoting relevant ref. number, by E-mail: mimi at attmail.com, or by writing to The Senior Personnel Manager, The Royal Hong Kong Jockey Club, 2 Sports Road, Happy Valley, Hong Kong. Fax: (852) 576 1987 or (852) 577 2773. From m1tca00 at FRB.GOV Thu May 5 11:13:10 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Thu, 5 May 94 11:13:10 PDT Subject: Keyserver service outage Message-ID: <9405051809.AA18551@mass6.FRB.GOV> -----BEGIN PGP SIGNED MESSAGE----- wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) sez: [...] > There's an easy cure for this, though - if some non-North-American wants to > write an RSAREF-compatible software package in C and distribute it as freeware, > then it can be used in non-US versions of things that require RSAREF. [...] The cure is actually easier than that. Just make ONE change in pgp 2.3a so that it lies about what version it is. pgp 2.3b could simply identify itself as pgp 2.5 and no one would be able to tell the difference. rgds-- TA (tallard at frb.gov) I don't speak for the Federal Reserve Board, they don't speak for me. pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLckMBaAudFplx0TNAQERGAP/W2ZHXjsKsT/0JexSzgZnSKoACjTJDqfu PSXfzE9Jl0ESNChZZjRU7HN50Bw0YPANqrwrRpHkkzBGsh/NeqbomvPLovTXh0KI ioSLCJtT2Q7w8YqrYcFMZxFqwc0elHqjfGUnclGonUZ+9/DY0ey2JIlybcMasglL ywYyyTzG/fw= =t2b7 -----END PGP SIGNATURE----- From sandfort at crl.com Thu May 5 11:30:10 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 5 May 94 11:30:10 PDT Subject: Anonymous phone calls... In-Reply-To: <9405051618.AA21440@toad.com> Message-ID: C'punks, On Thu, 5 May 1994 SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil wrote: > One of the problems of using the pre-paid cards was brought to light > recently in the Olympic incident of Harding/Kerrigan. Harding's husband > bought one of the cards to make phone calls and they traced the calls back to > him via the card, since you have to present valid ID to purchase those. I don't think so. I've bought Western Union calling cards and nobody asked for anything but the money. Every other similar card I've heard about was the same way. Now what could have happened is that they traced the call to the vendor, and *their* records were traced back. Since you call an 800 number to access the system, the ANI (Automatic Number Identification) would have picked up the number from which the call was made. I'm still not convinced, however, because I doubt the vendor companies would keep that information for very long--if at all. S a n d y From strops at netcom.com Thu May 5 11:36:03 1994 From: strops at netcom.com (Joseph Urbanski) Date: Thu, 5 May 94 11:36:03 PDT Subject: Anonymous phone calls. In-Reply-To: <199405042311.AA10041@comm.Tandem.COM> Message-ID: yes, they're called divertors and they give you a dialtone from which you can then dial out from. how can you find one? Good question...the best thing to do is get yourself a copy of toneloc and start scanning exchanges for dialtones. if you find one, they often require you to dial 9, or 99 to get a live dialtone. Is this legal? another good question... it would depend on who owns the line and if they mind you using it, I suppose. :-) -Jay ------------------------------------------------------------------------------- PGP Public Key Available via finger. PGP Fingerprint: 11 43 3F CE 63 3A A6 0A FF 71 6E 02 45 DC F4 C0 Joseph J. Urbanski Jr. ------------------------------------------------------------------------------- On 4 May 1994 GRABOW_GEOFFREY at tandem.com wrote: > I asked this a while ago, but my mail system has some problems and > I don't know what the responses were, if any.... > > Is there any way to make a phone call anonymously? Caller ID can be > blocked somewhat with one of those *## numbers dialed before the call > is made. Is there a way to route a call through a series of phone-type > remailer systems? This would allow one to make a call that would be as > hard to trace as anonymous mail. > > Any ideas? > > G.C.G. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > | Geoffrey C. Grabow | "What we demand are rigidly defined | > | Oyster Bay, New York | areas of doubt and uncertainty!" | > | | -------------------- | > | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | > | | JUST SAY NO!!! | > |----------------------------------------------------------------------| > | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > From cknight at crl.com Thu May 5 11:43:11 1994 From: cknight at crl.com (Chris Knight) Date: Thu, 5 May 94 11:43:11 PDT Subject: Anonymous phone calls. In-Reply-To: <199405050617.AA16608@access1.digex.net> Message-ID: On Thu, 5 May 1994, Black Unicorn wrote: > There's a 1-900 number that is supposed to do this. > > Which I could remember what it was. > Please don't. This service makes it hard on a caller-ID user, but way too easy for the feds. All they would have to do is obtain the billing logs... -ck From bal at martigny.ai.mit.edu Thu May 5 11:52:42 1994 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Thu, 5 May 94 11:52:42 PDT Subject: MIT PGP Announcement Message-ID: <9405051852.AA23907@toad.com> MIT has just officially announced the upcoming availability of PGP 2.5. The announcement was just made at Networld+Interop '94 in Las Vegas by Jeff Schiller, MIT's Network Manager. The text of the actual announcement is available via WWW at http://www.media.org/. Look under "MIT PGP Security Announcement." From jamiel at sybase.com Thu May 5 12:41:34 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 5 May 94 12:41:34 PDT Subject: Valid MacPGP?? Message-ID: <9405051750.AA22513@ralph.sybgate.sybase.com> At 3:58 PM 05/04/94 -0400, Black Unicorn wrote: >Mr. Hawk: > >Which version do you have? > >Mr. Frissell: > >The most recent version is MacPGP2.3.hqx.cpt > >Do NOT distribute MacPGP2.3 V1.1 as the source code is not "out there." > >I will be happy to send you a copy if you like. > >-uni- (Dark) If it is an annoyance, ignore this message, but could you mail me a copy? I have ver. 2.2 and no ftp, and ftpmail won't send to my site a good 3/4 of the time (and the sysadmins here don't think this is a problem...) thanks- -j From nowhere at bsu-cs Thu May 5 12:53:34 1994 From: nowhere at bsu-cs (Anonymous) Date: Thu, 5 May 94 12:53:34 PDT Subject: No Subject Message-ID: <199405051953.OAA20027@bsu-cs.bsu.edu> Can someone re-post the dumpster-dived Mykotronx information that was posted to the list last year? I need it for an article on Clipper that I'm working on. Also, has the government announced which agencies are going to be holding the two pieces of Clipper keys in "escrow"? ...Wally From andreas.elbert at gmd.de Thu May 5 12:56:15 1994 From: andreas.elbert at gmd.de (andreas.elbert at gmd.de) Date: Thu, 5 May 94 12:56:15 PDT Subject: Anonymous phone calls... Message-ID: <9405051955.AB07205@darmstadt.gmd.de> >Maybe in Norway you do, but not here. The Orange Cards were >completely anonymous, I think, and there's certainly no reason that a >card system couldn't be set up that is anonymous if those weren't. > prepaid cards can be set up to work anonymously, sure. Unfortunately, the one making this decision (the network operator) is more concerned with toll fraud and usage statistics. E.g. the german telekoms payphone log the time of a call and the serial number of the prepaid card. (And the only one reading their publications (and complaining) is the CCC, which has not quite the right reputation to raise the newspapers attention) From gtoal at an-teallach.com Thu May 5 13:16:31 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 5 May 94 13:16:31 PDT Subject: Keyserver service outage Message-ID: <199405052012.VAA13561@an-teallach.com> : Not true. The problem is copyright, which is honored by Berne Convention : signers even if they don't have software patents or patent-after-publishing : rules like the US. This includes Europe, the U.S., and many other places. : ViaCrypt 2.4 is copyrighted by ViaCrypt, and RSAREF is copyrighted by RSA, : so you won't be able to use 2.5 source outside the US either; not sure about : binaries. : There's an easy cure for this, though - if some non-North-American wants to : write an RSAREF-compatible software package in C and distribute it as freeware, : then it can be used in non-US versions of things that require RSAREF. You misunderstand what the RSAREF stuff does - it isn't an alternative encryption - it's being used to replace the extended precision etc stuff in pgp to make a 100% compatible version. So the current pgp *is* already 100% compatible, as long as its version number is >= 2.4 (which by an amazing coincidence mines happens to be since I've had to edit a couple of mission-critical comments since I got 2.3a ;-) ) Even if 2.5 checks version numbers or *any* internal details in the pgp packets, as long as it is constrained by being compatible with ViaCrypt 2.4, we can always *guarantee* to be able to make a compatible free pgp based in 2.3a. And since the RSA and IDEA patents aren't valid in Europe, this is 100% kosher. You guys use MIT-PGP and we'll use free pgp 2.5 G From paul at hawksbill.sprintmrn.com Thu May 5 13:36:17 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Thu, 5 May 94 13:36:17 PDT Subject: Exactly. Message-ID: <9405052138.AA29421@hawksbill.sprintmrn.com> Chael, I've noticed that anon messages originating from nowhere recently do not have a "subject" or "organization" in the header. (I tried this by sending a message to myself and it doesn'y use this format anymore.) Has this been changed to something else, such as "x-subject"? - paul From hfinney at shell.portal.com Thu May 5 13:42:30 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 5 May 94 13:42:30 PDT Subject: Text of MIT PGP Announcement Message-ID: <199405052043.NAA27216@jobe.shell.portal.com> > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." Here is what I found there: [IMAGE] MIT PGP ANNOUNCEMENT _________________________________________________________________ These pages constantly under construction _________________________________________________________________ [IMAGE] Jeffrey Schiller _________________________________________________________________ The Massachusetts Institute of Technology announces that it will shortly distribute PGP version 2.5, incorporating the RSAREF 2.0 cryptographic toolkit under license from RSA Data Security, Inc., dated March 16, 1994. In accordance with the terms and limitations of the RSAREF 2.0 license of March 16, 1994, this version of PGP may be used for non-commercial purposes only. PGP 2.5 strictly conforms to the conditions of the RSAREF 2.0 license of March 16, 1994. As permitted under its RSAREF license, MIT's distribution of PGP 2.5 includes an accompanying distribution of the March 16, 1994 release of RSAREF 2.0. Users of PGP 2.5 are directed to consult the RSAREF 2.0 license included with the distribution to understand their obligations under that license. This distribution of PGP 2.5, available in source code form, will be available only to users within the United States of America. Use of PGP 2.5 (and the included RSAREF 2.0) may be subject to export control. Questions concerning possible export restrictions on PGP 2.5 (and RSAREF 2.0) should be directed to the U.S. State Department's Office of Defense Trade Controls. [IMAGE] Return to Cyberstation Home mail commentsto webmaster at media.org From sinclai at ecf.toronto.edu Thu May 5 13:43:10 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Thu, 5 May 94 13:43:10 PDT Subject: PGP 2.3a keys Message-ID: <94May5.164254edt.15439@cannon.ecf.toronto.edu> I know I could just read the source to find this, but... Is the version number on a PGP public key inside the security wrapper or not? If not, it should be possible to write a program that would take a 2.3a key and spit out an identical 2.5 key. The keyserver database could be updated in this manner, and everybody would be happy. From nobody at shell.portal.com Thu May 5 13:43:49 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 5 May 94 13:43:49 PDT Subject: Keyserver service outRAGE In-Reply-To: <9405051430.AA10487@mass6.FRB.GOV> Message-ID: <199405052044.NAA27409@jobe.shell.portal.com> Tom Allard wrote: > gtoal at an-teallach.com (Graham Toal) sez: > > [...] > > > The restriction on what new keys they accept was part of the deal, but > > stop and think what it really means - is it going to affect *anybody*? > > Yes, it will effect those not in the U.S. Or did you forget about them? > > > And what's to stop you fetching 2.5 and loading/re-dumping your old > > key from that version? > > ITAR. So that's it, isn't it? Clipperized PGP. The government has pressured RSA into allowing a new version of PGP, in an attempt to displace the use of freeware PGP, with the hope that they will then be able to control it more. This stinks. From lefty at apple.com Thu May 5 14:09:24 1994 From: lefty at apple.com (Lefty) Date: Thu, 5 May 94 14:09:24 PDT Subject: Keyserver service outRAGE Message-ID: <9405052108.AA05490@internal.apple.com> Some nobody writes: > >So that's it, isn't it? Clipperized PGP. The government has pressured >RSA into allowing a new version of PGP, in an attempt to displace the >use of freeware PGP, with the hope that they will then be able to >control it more. This stinks. Yep, you got it. Dig a hole, crawl inside, and pull it in after you. As soon as you can manage it. Personally, _I_ think the government's out to destroy this list by recruiting a bunch of low-IQ paranoid schizophrenics, denying them their medication, sitting 'em at terminals and giving 'em the Cypherpunks address and the address of an anonymous remailer. The half-wit quotient around here is definitely on the rise. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jamiel at sybase.com Thu May 5 14:19:23 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 5 May 94 14:19:23 PDT Subject: Valid MacPGP?? Message-ID: <9405052119.AA00151@ralph.sybgate.sybase.com> Sorry to everyone on the list about that last message from me. Teach me to watch the headers closer... -j From hughes at ah.com Thu May 5 14:25:15 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 5 May 94 14:25:15 PDT Subject: Keyserver service outage In-Reply-To: <199405052012.VAA13561@an-teallach.com> Message-ID: <9405052123.AA04874@ah.com> >And since the RSA and IDEA patents aren't valid in Europe, this >is 100% kosher. You guys use MIT-PGP and we'll use free pgp 2.5 IDEA is an international patent, from ETH in Switzerland. Eric From hughes at ah.com Thu May 5 14:25:56 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 5 May 94 14:25:56 PDT Subject: No Subject In-Reply-To: <199405051953.OAA20027@bsu-cs.bsu.edu> Message-ID: <9405052124.AA04884@ah.com> >Can someone re-post the dumpster-dived Mykotronx information >that was posted to the list last year? It's on ftp.csua.berkeley.edu:pub/cypherpunks/clipper. Eric From markh at wimsey.bc.ca Thu May 5 14:27:12 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Thu, 5 May 94 14:27:12 PDT Subject: Text of MIT PGP Announcement Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: Text of MIT PGP Announcement > PGP 2.5 strictly conforms to the conditions of the RSAREF 2.0 license > of March 16, 1994. Hmm... This version of the RSAREF 2.0 licence agreement did not have the definition of published interface that was included in later versions. (e.g. April 15, 1994) In particular, if you interpret "published interface" to be "all the routines one can call from an unmodified version of RSAREF 2.0", you would probably be able to build a version of PGP based on these. Here are some extracts from the March 16 1994 licence agreement > d. Prior permission from RSA in writing is required for any > modifications that access the Program through ways other > than the published Program interface or for modifications > to the Program interface. RSA will grant all reasonable > requests for permission to make such modifications. >... > 7. RSAREF is a non-commercial publication of cryptographic > techniques. My bet is that this involves some legal funny stuff with this version of the licence agreement. Another possibility is that PGP 2.5 will use triple DES. All just speculation. I don't have any inside information. Mark -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBVAgUBLcljyWrJdmD9QWqxAQG4ywIAnXtDP6aKPP5VGtPuKxOiSWiKryP7qeHJ 7jfMkXC9QQJttzujStPXNl8UlDFf7CErfeNHleo+CCtOCOpqiz76SA== =aHYn -----END PGP SIGNATURE----- -- Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 low security key fingerprint: EC E7 C3 A9 2C 30 25 C6 F9 E1 25 F3 F5 AF 92 E3 cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto From remailer-admin at chaos.bsu.edu Thu May 5 14:29:33 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Thu, 5 May 94 14:29:33 PDT Subject: Exactly. In-Reply-To: <9405052138.AA29421@hawksbill.sprintmrn.com> Message-ID: <199405052128.QAA00535@chaos.bsu.edu> paul at hawksbill.sprintmrn.com (Paul Ferguson) wrote: > Chael, > > I've noticed that anon messages originating from nowhere > recently do not have a "subject" or "organization" in the header. > (I tried this by sending a message to myself and it doesn'y use > this format anymore.) > > Has this been changed to something else, such as "x-subject"? > > - paul Try: To: remailer at chaos.bsu.edu :: Request-Remailing-To: cypherpunks at toad.com ## Subject: put your subject here Put your message here From lile at netcom.com Thu May 5 14:47:50 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 5 May 94 14:47:50 PDT Subject: Hell's Bells Message-ID: <199405052149.OAA04904@netcom.com> Hi, I am listening to the Hell's BElls broadcast on the MBone that's coming from Interop. I just heard that AT&T wants to control conduit *and* content! It's on the session: Cyberstation:audio feed -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From albright at chaph.usc.edu Thu May 5 14:49:29 1994 From: albright at chaph.usc.edu (Julietta) Date: Thu, 5 May 94 14:49:29 PDT Subject: Keyserver service outRAGE In-Reply-To: <9405052108.AA05490@internal.apple.com> Message-ID: <199405052143.OAA02406@nunki.usc.edu> Someone wrote: > >So that's it, isn't it? Clipperized PGP. The government has pressured > >RSA into allowing a new version of PGP, in an attempt to displace the > >use of freeware PGP, with the hope that they will then be able to > >control it more. This stinks. Lefty replies: > Personally, _I_ think the government's out to destroy this list by > recruiting a bunch of low-IQ paranoid schizophrenics, denying them their > medication, sitting 'em at terminals and giving 'em the Cypherpunks address > and the address of an anonymous remailer. The half-wit quotient around > here is definitely on the rise. > Geez- this is going to make our fight a little harder- now we have to say "Fight Clipper and Clipper-PGP"??? Man- if the masses didn't get it before, they're going to be GREATLY confused now! That's the point though, isn't it..::sigh:: Now What? "Hoping I'm not one of the half-wits" :) -- Julie ______________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at usc.edu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . From lile at netcom.com Thu May 5 14:57:18 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 5 May 94 14:57:18 PDT Subject: Hell's Bells... Message-ID: <199405052158.OAA06696@netcom.com> I just noticed that president at whitehouse.gov is listening in on this channel... -lile From unicorn at access.digex.net Thu May 5 15:00:28 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 5 May 94 15:00:28 PDT Subject: Keyserver service outRAGE Message-ID: <199405052200.AA18087@access1.digex.net> Mr. Toal says: -> Uni, hush now, shut up, and listen. You've entirely missed the point here. This is a major tactical strike for pgp. We finally have an entirely legal pgp, thanks to some excellent net.politics from the guys at MIT. The restriction on what new keys they accept was part of the deal, but stop and think what it really means - is it going to affect *anybody*? And what's to stop you fetching 2.5 and loading/re-dumping your old key from that version? <- No, you've entirely missed the point here. If the MIT brass is so adept at politics why has no one realized that this change is not going to affect *anybody*. Clearly the keys are either indistinguishable from version to version other than the plaintext version number, or this policy will actually accomplish something. Why would those involved give up "so much" (At least they have been fighting so hard for it) for what amounts to NOTHING? If you're not suspicious.... In any case, I hope your right. I hope PGP2.5 is a dream come true. Problems remain. Mac users are out in the cold. In the final analysis the MIT server is trying to compell behavior for no apparent reasons. The fact that this was a requirement for some "DEAL" really makes me wonder who in the administration was at the negotiating table and I really hope they are on the other side of the table in the next negotiation I have to do. OR They are indeed as sly as you say, and it is YOU who does not understand the true depth of the politics. I hope the former, I wonder about the latter. From perry at snark.imsi.com Thu May 5 15:20:00 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 5 May 94 15:20:00 PDT Subject: Keyserver service outRAGE In-Reply-To: <199405052200.AA18087@access1.digex.net> Message-ID: <9405052219.AA00334@snark.imsi.com> Rather than everyone freaking out about 2.5, why not just wait a few hours until the FTP site is announced and look at the thing for ourselves? Myself, I'm running on the assumption that this is a good thing, because now PGP is completely legal in the U.S., and doubtless a PGP thats legal overseas using a library compatible with RSAREF will appear within days of release. Perry From jim at Tadpole.COM Thu May 5 15:23:41 1994 From: jim at Tadpole.COM (Jim Thompson) Date: Thu, 5 May 94 15:23:41 PDT Subject: Hell's Bells... Message-ID: <9405052223.AA24265@tadpole> I think if you look a bit more closely, the host attached to the 'name' is at Arlington National Labs. Jim From paul at hawksbill.sprintmrn.com Thu May 5 15:24:32 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Thu, 5 May 94 15:24:32 PDT Subject: Exactly. In-Reply-To: <199405052128.QAA00535@chaos.bsu.edu> Message-ID: <9405052326.AA29858@hawksbill.sprintmrn.com> > > Try: > > > To: remailer at chaos.bsu.edu > > :: > Request-Remailing-To: cypherpunks at toad.com > > ## > Subject: put your subject here > > Put your message here > It doesn't work anymore, homey. - paul From greg at ideath.goldenbear.com Thu May 5 15:39:00 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 5 May 94 15:39:00 PDT Subject: Cypherpunks change bytes! Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I ought to be studying, but goofing off is more fun. I generated a test key with the binary distribution of PGP 2.3a for DOS. I then changed the byte at offset 2F688 in PGP.EXE from 0x33 (ASCII "3") to 0x34 (ASCII "4"), and the byte at offset 2F689 from 0x61 (ASCII "a") to 0x00 (null). The patched PGP.EXE identifies itself as "Version 2.4" in ASCII armor blocks and otherwise; the key generated with the "2.3a" version extracts as a "2.4" key after the patch. ViaCrypt PGP 2.4 for DOS can successfully read files encrypted with the patched PGP.EXE, and add keys generated under "2.3a" but labelled as "2.4" keys. I haven't done a lot of testing, but spot checks make it look like everything's fine. I don't see the point in forcing everyone to patch their binaries or recompile from source - does anyone else? Bidzos & Co. are certainly smart enough to anticipate this step. What's the catch? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLclzd33YhjZY3fMNAQGiDwP9HjSYfNfn4q/9L/BOqXluH06015x3YmDM gNPfg5T2lWcsYJyyx/tMnVWdtAnFENAFUB7zK5vNq+Y/tquKaE6kEuZeUzZz1o+k sOofUAR1Y+sUii4Fu8R2J7scNCDL2pjl/hIqAAfT0voHiexxOTR9uxCDeiWxz9w0 xpyuvJBLQq8= =G5Oq -----END PGP SIGNATURE----- From johnl at iecc.com Thu May 5 08:59:12 1994 From: johnl at iecc.com (John R Levine) Date: 5 May 1994 15:59:12 GMT Subject: What the IRS is up to Message-ID: Here's some excerpts from a speech by Coleta Brueck, Project Manager, Document Processing system, at the Internal Revenue Service, that she gave at the Computer Press Association Awards luncheon in New York on April 15th. I was at the lunch, but the transcript of the speech just arrived today. The ellipses are mine, but I think I'm not distorting what she said. She started by explaining that their current systems are functionally based on punch card systems from the 1950s, and they want to get more stuff on-line so that when you call with a question, the person at the IRS can retrieve a copy of your records while you're still on the phone. But then: "We should be able to provide you on-line access to that information. ... You will have the availability to know what your current account information is, very much like if most of us who have an American Express Card, you can call -- you don't really know where that 800 number goes, but what you do know is when that person answers your call, they have your complete account information. ... They can give you information on your account, they can update your account, or they can provide you futuristic looks into your account as to where you might be next year, even, for filing tax returns. We've often talked about, and this is the terminology that I used when I was in on a task group, we've talked about the "golden eagle" return. This is the golden -- or gold American Express Card return. At the end of each year, if you have an American Express Card, you get a gold account summary of what you've done for the year. ... Basically, what I say is that if I know what you've made during the year, if I know what your withholding is, if I know what your spending pattern is, I should be able to generate for you a tax return so that I only come to you and tell you, 'This is what I think you should file for the next year, and if you agree to that, then don't bother sending me a piece of paper.' ... But I am an excellent advocate of return-free filing. We know everything about you that we need to know. Your employer tells us everything about you that we need to know. Your activity records on your credit cards tell us everything about you that we need to know. Through interface with Social Security, with the DMV, with your banking institutions, we really have a lot of information, so why would you, at the end of the year or on April 15th, today, do we ask the post office to encumber themselves with massive numbers of people out there, picking up pieves of paper that you are required to file? ... We could literally file a return for you. This is the future that we'd like to go to." Lest there be any doubt, she was entirely serious, and she clearly expected that that we'd all think this is as wonderful as she does. Regards, John Levine, johnl at iecc.com, jlevine at delphi.com, 1037498 at mcimail.com From mg5n+ at andrew.cmu.edu Thu May 5 16:18:41 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 5 May 94 16:18:41 PDT Subject: Keyserver service outRAGE In-Reply-To: <199405052200.AA18087@access1.digex.net> Message-ID: Black Unicorn writes: >Mac users are out in the cold. >In the final analysis the MIT server is trying to compell behavior for >no apparent reasons. > >The fact that this was a requirement for some "DEAL" really makes me >wonder who in the administration was at the negotiating table and >I really hope they are on the other side of the table in the next >negotiation I have to do. > >OR > >They are indeed as sly as you say, and it is YOU who does not understand >the true depth of the politics. I don't see why RSA would waste their time trying to get one keyserver to stop accepting keys from PGP 2.3a, when there are plenty of others availiable. (And most people just put their keys in their finger/plan files and don't bother to put them on the keyservers anyway.) My first guess would be that they wanted to create some incentive to use the newer version of PGP. But that's ridiculous - its legally licensed RSA code is supposed to be the incentive to use it. So playing games with the keyserver is rather ridiculous. However, RSA is well known for irrational thought, such as complaining about PGP, but giving away RIPEM for free. So maybe this is just their twisted way of trying to gain themselves (in their own minds) some publicity or credibility or whatever. However, I suspect RSA is doing this for legal/political reasons too. It's pretty hard for them to claim patent infringement against anyone with all these people "infringing" on their patent by using PGP, and them not doing anything about it. If they can get people to use RSAREF PGP, they don't set as strong a precedent for not defending their patent. It then might be easier for them to claim patent infringement in other cases. But that's just a guess. From sico at aps.hacktic.nl Thu May 5 16:21:31 1994 From: sico at aps.hacktic.nl (Sico Bruins) Date: Thu, 5 May 94 16:21:31 PDT Subject: I'd like to partially correct that.. In-Reply-To: Message-ID: Wednesday May 04 1994 02:12, Matt Thomlinson: MT> From: Matt Thomlinson MT> Subject: I'd like to partially correct that.. MT> Message-Id: MT> Date: Tue, MT> 3 May 1994 17:12:33 -0700 (PDT) [edited] MT> For all of those that could like it, check out MT> csn.org:/pub/mpj/I_will_not_export/crypto_?????/pgp_tools MT> and pick up the files mentioned before: mgmny10e.zip and pgptl10d.zip. So digital cash is only for US residents? :-( CU, Sico (sico at aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico at aps.hacktic.nl) From pfarrell at netcom.com Thu May 5 16:34:35 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Thu, 5 May 94 16:34:35 PDT Subject: Chill out.... was Re: Keyserver service outRAGE Message-ID: <70297.pfarrell@netcom.com> "Perry E. Metzger" writes: > Rather than everyone freaking out about 2.5, why not just wait a few > hours until the FTP site is announced and look at the thing for > ourselves? > > Myself, I'm running on the assumption that this is a good thing, > because now PGP is completely legal in the U.S., and doubtless a PGP > thats legal overseas using a library compatible with RSAREF will > appear within days of release. Amen to this! Wait a week, and this might be a great thing. If not, keep using 2.3a. I know that Jim Bidzos was interested in having a "pgp compatible" program that started with rsaref and was legal and free. I know because I asked him about liscensing last spring. He pointed me to an effort that professor Jeffery Schiller (pgp key 0C4EE1 (jis at mit) on the usual servers) was coordinating. I exchanged a few messages with a student up there, then got lost in GMU work and lost track. I think the student did something else, like crack RSA-129. But there are lots of students at schools like MIT and GMU. I sure hope this can provide a cloud free PGP for broke students. Lets drop this thread for while, ok? Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From MIKEINGLE at delphi.com Thu May 5 16:53:34 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Thu, 5 May 94 16:53:34 PDT Subject: MIT keyserver: don't panic... Message-ID: <01HBZQ7E4BPE94DYH0@delphi.com> Take a look at pgformat.doc, which is included in the source or doc releases of pgp23a. Both the public key and signature packets have only a single-byte version number, which is always equal to 2. So there is no way to tell by looking at your key which minor version (2.xx) it was created by. You can tell which version was used to extract it to ascii armor by looking at the "Version: 2.xx" line in the ascii armored message. So get a text editor. Big deal. You will not have to regenerate your keys and get new signatures on them. If we have a no-doubts legal PGP, with source code, and free, that's good! If something sucks about it, PGP23a is not going to disappear. This can only be a positive development. As for why the keyserver crippling was imposed, RSA can lose its patent rights if it can't show in court that it made an effort to prevent its patents from being infringed. --- Mike From pkm at maths.uq.oz.au Thu May 5 17:11:11 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Thu, 5 May 94 17:11:11 PDT Subject: DefenseServices Message-ID: <9405060010.AA01905@axiom.maths.uq.oz.au> From: "Perry E. Metzger" Sender: owner-cypherpunks at toad.com Precedence: bulk Status: R _______ MESSAGE BEGINS ___________ Jim Miller says: > Section #120.9 of the ITAR defines "Defense Service" as: > > (1) The furnishing of assistance (including training) to foreign > persons, whether in the United States or abroad in the design, > development, engineering, manufacture, production, assembly, testing, > repair, maintenance, modification, operation, demilitarization, > destruction, processing, or use of defense articles; or > (2) The furnishing to foreign persons of any technical data > controlled under this subchapter (see #120.10), whether in the United > States or abroad. This is sick. According to this, I cannot teach foreigners about cryptography in the U.S. -- even about the open literature. This is a grotesque denial of my first amendment rights. I wonder if I should hold an open enrollment cryptography class for the sake of civil disobediance. Perry ______ MESSAGE ENDS _________________________________________ That's interesting..... My cryptology lecturer seems to have an American Mid-West accent (not Canadian - I can generally tell), and seems to be commiting the "heinous" crime of teaching such matters to mainly Australian people. He seems to be on conference somewhere overseas. Well, I hope he doesn't get arrested if he crosses any U.S. border posts. It would certainly piss me off. (For one thing, it would fuck up my syllabus :-[.) Seriously, I don't think it is an offense to teach cryptology to non-NAFTA nationals. All of the stuff is non-classified, and he seems pretty aware of the legal issue of cryptology. That is, he wouldn't do anything that he could be nabbed for (discounting any warped interprepation of the legal statutes...;-( .) ======================================================= | Peter Murphy. . Department of | | Mathematics - University of Queensland, Australia. | ------------------------------------------------------- | "What will you do? What will you do? When a hundred | | thousand Morriseys come rushing over the hill?" | | - Mr. Floppy. | ======================================================= From lile at netcom.com Thu May 5 17:29:45 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 5 May 94 17:29:45 PDT Subject: PGP..... Message-ID: <199405060030.RAA28893@netcom.com> The MBone session "Cyberstation:audio feed" is going to have Jeffrey Schiller talk about the new public PGP V2.5 release.... Cygnus has a mbone connection.... -lile ps. You can also see info at http://www.media.org/pgp.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From remailer at merde.dis.org Thu May 5 18:11:15 1994 From: remailer at merde.dis.org (remailer bogus account) Date: Thu, 5 May 94 18:11:15 PDT Subject: Marked_Money Message-ID: <199405050618.XAA08731@merde.dis.org> Is there a way of marking digital coins, so the depositor can be identified? From lile at netcom.com Thu May 5 18:15:53 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 5 May 94 18:15:53 PDT Subject: MBone - where to get the software... Message-ID: <199405060117.SAA05977@netcom.com> Hi folks, You need to get software to see the MBone encapsulated packets. You will also need a tunnel to your site (and you might already have one). So where to get the software... I am looking for it on a ftp site but have not found it. Some of the program names are sd (for session director) vat wb ( for whiteboarding) nv Hey! I just heard from van Jacobson. He wrote alot of this software... >From van at ee.lbl.gov Thu May 5 18:12 PDT 1994 To: Lile.Elam at Eng (Lile Elam) Subject: Re: mbone software... Date: Thu, 05 May 94 18:13:30 PDT From: Van Jacobson Content-Type: text Content-Length: 218 The audio (vat), whiteboard (wb) & session directory (sd) tools are on ftp.ee.lbl.gov in conferencing/{vat,wb,sd}/*. The most widely used video tool (nv) is available on parcftp.xerox.com in pub/net-research. - Van Cygnus has a tunnel and so does Sun. I wish I could help more. I am still awaiting the PGP - Jeff broadcast. -lile ps. If you do get it up, the session is "Cyberstation: audio feed" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From wex at media.mit.edu Thu May 5 18:36:04 1994 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Thu, 5 May 94 18:36:04 PDT Subject: PC-Expo In-Reply-To: <9405040231.AA25271@prism.poly.edu> Message-ID: <9405060135.AA11556@media.mit.edu> When is this event? I have some disks I can send you, or I'd be willing to kick in a nominal sum of money to support the effort. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 na53607 at anon.penet.fi We are Chaos Boys. We are coming to a paradigm near you. From mg5n+ at andrew.cmu.edu Thu May 5 18:46:06 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 5 May 94 18:46:06 PDT Subject: Marked_Money In-Reply-To: <199405050618.XAA08731@merde.dis.org> Message-ID: > Is there a way of marking digital coins, so the depositor > can be identified? Only if the depositor marks them as such. The depositor generates the coin, and gives it to the bank to sign it. The bank signs it in exchange for another valid signed token. The bank can't alter it in any way, the bank can only sign it. From lile at netcom.com Thu May 5 19:00:35 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 5 May 94 19:00:35 PDT Subject: The MBone talk.... Message-ID: <199405060201.TAA11897@netcom.com> You are not going to beleave this, but I missed it!!!! Argh!!!!!!! I had run down the hall to tell someone about it and once we got it up (which was only a few minutes) Jeff had already spoken... I heard from Van that Jeff Schiller just read the text that the MIT legal gave him and that is the same text that is on the www.media.org web server... So, wonder why there is so much darkness about this release... Why can't they just be up front with what it is and what's goin on? hum......... -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From anonymous at extropia.wimsey.com Thu May 5 19:22:41 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Thu, 5 May 94 19:22:41 PDT Subject: No Subject Message-ID: <199405060210.AA16656@xtropia> Ah, the problems of anonymity. In order to prevent impersonation, I'm passing my public key to the list. Future messages from me will be signed with this key. -Lady Ada -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi2rMQAAAAEEALehNDQG2UpPhFLspypt6dPLFjSB1wnwFW9p8cEftZ+ga/ZU 06mywff21ODSYily2NMwOpw+mxSkxiOTJDdjJ3kenRW4qwpvmBGs96AK+0yv2DDh R3ff9cpOlIu3tUcJhmdTcSj+MXlkYwJwhJoA9o4uCFXahN5W1KXNQdJx1hMZAAUR tBZMYWR5IEFkYSA8bm93aGVyZUBhbGw+ =K9ps -----END PGP PUBLIC KEY BLOCK----- From anonymous at extropia.wimsey.com Thu May 5 19:22:43 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Thu, 5 May 94 19:22:43 PDT Subject: No Subject Message-ID: <199405060210.AA16657@xtropia> -----BEGIN PGP SIGNED MESSAGE----- Hello everyone! This is a preliminary document which I hope will stir discussion. I didn't write it in order to dictate rules to anyone, so please don't flame me. Hopefully the members of the list will supply lots of feedback! -Lady Ada - ---------------------------------------------------------- Introducting The Cypherpunk Standard For Encrypted Phones (CSEP) Purpose: Encryption software is a form of communication tool. Like other communication systems, it is useless without someone to talk to who shares the same protocol. It appears likely that various forms of encrypted phones will spring up in the near future, ranging from PC and SoundBlaster-based software to simple hardware phones. Now is the time for us to agree on protocols, so that all cypherpunk-built phones can talk to each other. Disclaimer: "But," you say, "Phil Z. is already working on VoicePGP. Why not wait until he releases it and let that be the standard?" Well, I'm not trying to undercut Phil, and I certainly hope that we will be incorporating his protocols into a future version. But I don't think we should let a single product drive all future design. Let's think about the future now. Isn't it better to hash out potential problems in a public forum? Basic Standard - -------------- - -- Diffie-Hellman for key exchange - -- Triple DES for data encryption - -- RSA for digital signatures/identity verification Rationale: Unlike encryption protocols designed for email, a phone system will need to exchange public keys bidirectonally at the beginning of every call, and the existance of an insecure two-directional link can be assumed. Diffie-Hellman is perfect for this application. The alternative, RSA, would require either generation of new keypairs at call time, which is very slow, or the long-term association of a keypair with a specific phone, which provides no benefit to the user and opens a possible path of attack (though not a major one) to eavesdroppers. Also, the patent on Diffie-Hellman expires in 1997, well before the 2000 expiration date of RSA. The information available to me appears to indicate that Triple DES is not significantly more vulnerable than IDEA or other popular algorithms, and it has the advantage of not being patented. I would like to see this standard keep possible future commercialization in mind. I suggest that the TDES implementation should use three different independent keys. IDEA might be offered as an option for those who prefer it. Compression - ----------- It's probably wise to standardize on a particular compression scheme. I have no opinions on this subject and welcome input. The most important feature is speed, not efficiency of compression. Other Features Required for Secure Phones - ----------------------------------------- Each phone shall have a button (hard or soft) which can be pressed by the caller at any time. Pressing it will cause a new TDES key to be generated and exchanged. [Should it generate a new n and g for D-H, or just create a new x and demand a new Y?] Paranoid users can press this button every few seconds if they wish. (In my humble opinion, even a single-DES phone is quite secure if it has this feature.) Other possible options - ---------------------- In some cases it may be desirable to confirm that the call recipient is really the person you wish to speak to. This could be implemented by allowing the phone to store RSA private keys (one for each user) and public keys (to test for other users). These signature keys should be independent of the encryption keys. The phone would require the user to enter a code [of what length?] which would act like the passphrase of PGP, preventing anyone from impersonating another user even if the would-be impersonator had access to the victim's key and phone. Control Codes - ------------- A number of control codes are needed for commands passing between the two phones. Not only the definitions of the codes but the values must be agreed upon by all users. Each of these will be associated with a defined packet that contains the appropriate data. GENNEWKEY [send x, request Y] DATA [send actual packet of data, request ACK] DATAACK [acknowledge data packet with checksum] - -------------------------------------------------------- OK, I admit it, this is pretty minimal, but hey, it's a beginning. Please send comments to the list. Phil Z, if you're out there reading this, I'd particularly like your input. -Lady Ada -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLclivqXNQdJx1hMZAQGq2wP/fcq5gp8unZhy/cog3jpdI8wA3hJORzME ul4qdnu5dOP7ON3LmlsWPeymUlagI1oUtJOUxb5LQ9lAlQMWv7u3TJDj3tqftcu3 il8fVmdIxrf8FYDbhs5GppCcfsMaz2/ervsw9cICspFPQJOKTOWzzTMuUYyoqcYa hWH/OJhMmPw= =coxy -----END PGP SIGNATURE----- From rjc at gnu.ai.mit.edu Thu May 5 19:31:55 1994 From: rjc at gnu.ai.mit.edu (rjc at gnu.ai.mit.edu) Date: Thu, 5 May 94 19:31:55 PDT Subject: Anybody else see eye-to-eye with Connie Chung tonight? Message-ID: <9405060231.AA19359@sugar-bombs.gnu.ai.mit.edu> They had a segment on a "digital stalker" on Prodigy. Basically, a guy who kept getting anonymous Prodigy accounts with fake credit cards and then used the accounts to harass people almost like Detweiler. The reporter's attitude was disturbing however. His attitude almost seemed to be that Prodigy should read each and every private message to protect users from harassment. The whole segment is a foreshadow of how society will react when anonymous remailing becomes widespread. One more thing. The narrator seemed to imply that what we know as "flaming" should be controlled. For instance, the phrase "check your thorazine dosage" could be viewed as digital harrasment. It's a brave new world out there. Coming to your local cyberspace soon. -ray From sommerfeld at orchard.medford.ma.us Thu May 5 19:53:47 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Thu, 5 May 94 19:53:47 PDT Subject: Chill out.... was Re: Keyserver service outRAGE In-Reply-To: <70297.pfarrell@netcom.com> Message-ID: <199405060249.WAA00363@orchard.medford.ma.us> professor Jeffery Schiller (pgp key 0C4EE1 (jis at mit)) One (minor) correction: Jeff is the MIT Network Manager; he's not a professor. - Bill From johnsonr at spot.Colorado.EDU Thu May 5 20:22:06 1994 From: johnsonr at spot.Colorado.EDU (Richard Johnson) Date: Thu, 5 May 94 20:22:06 PDT Subject: Cypherpunks change bytes! In-Reply-To: Message-ID: <199405060321.VAA13405@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- From the keyboard of: greg at ideath.goldenbear.com (Greg Broiles) > I don't see the point in forcing everyone to patch their binaries or > recompile from source - does anyone else? Bidzos & Co. are certainly smart > enough to anticipate this step. What's the catch? Maybe the only 'catch' is legal niceties. PKP/RSADSI considers non- RSAREF PGP to be infringing on their patent. If they allow such use to continue, without challenging it as they have been doing, it might cause problems for them in the future. Some judge might go along with a contention that PGP was implicitly licensed (but I'm not a lawyer, thank Grod). By requiring the keyserver to only support legitimately licensed versions of PGP, PKP/RSADSI are only doing what they've always done; enforcing their patent. Perhaps there doesn't have to be any difference in the format of keys (other than the version number) for the legal situation to become more calm. Richard -----BEGIN PGP SIGNATURE----- Version: 2.5 iQBVAgUBLcnFDMJksDcEdQkXAQEDIAIAj83tGXiGaCYQKWmFgOQD2ZPyJzyBS/MR ZD4hTNZg+cHY3o/SebnrwoiL1ndCEGaO21vEaY8ySnIX58AX86Tu+w== =Qo9c -----END PGP SIGNATURE----- PS - For the humor-impaired, no, I don't have MIT PGP version 2.5 yet. From broitman at koala.bu.edu Thu May 5 20:27:29 1994 From: broitman at koala.bu.edu (Jeff Broitman) Date: Thu, 5 May 94 20:27:29 PDT Subject: List Deletion Message-ID: <199405060331.XAA04812@koala.bu.edu> How does one get removed from this mailing list? Please respond privately...so not to clutter up the conf. -jZb From blancw at microsoft.com Thu May 5 21:28:27 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 5 May 94 21:28:27 PDT Subject: Why Digital Cash is Not Being Used Message-ID: <9405060329.AA26086@netmail2.microsoft.com> Just thinking: since it keeps being repeated that it is a mistake to think of digital cash as currency, rather than a mere transaction mechanism, then it should not be called "cash", as this does not describe what it is. Then it would not be so easy to think in those terms. Digital Exchange Digital Transactions Digital Transfers Digital Fungi (bility) Blanc From hfinney at shell.portal.com Thu May 5 22:11:47 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 5 May 94 22:11:47 PDT Subject: Lady Ada's Cryptophone Message-ID: <199405060512.WAA15752@jobe.shell.portal.com> Lady Ada writes: > - -- Diffie-Hellman for key exchange > - -- Triple DES for data encryption > - -- RSA for digital signatures/identity verification > > Rationale: > Unlike encryption protocols designed for email, > a phone system will need to exchange public keys > bidirectonally at the beginning of every call, and > the existance of an insecure two-directional link can > be assumed. Diffie-Hellman is perfect for this application. > The alternative, RSA, would require either generation of > new keypairs at call time, which is very slow, or the Diffie-Hellman can be quite slow as well, depending on the size of the exponents. It involves calculating x**y, twice, where x and y are about 512 to 1024 bits. Some variants have the exponent yl be smaller, around 140 bits, but if strong primes are used for the modulus the exponent will be large like this. And the Chinese Remainder Theorem speedup used by PGP when RSA signing would not be applicable here. So calculating a DH key exchange could take many times longer than an RSA signature by PGP. This takes about fifteen seconds on my old PC; doing a DH key exchange might take a minute. > Each phone shall have a button (hard or soft) > which can be pressed by the caller at any time. Pressing > it will cause a new TDES key to be generated and exchanged. > [Should it generate a new n and g for D-H, or just create > a new x and demand a new Y?] Paranoid users can press > this button every few seconds if they wish. (In my > humble opinion, even a single-DES phone is quite secure > if it has this feature.) It might be possible to compute the DH in the background while the conversation is going on, but if the computer is also compressing, uncompressing, encrypting and decrypting at the same time, that's not going to be easy. From hfinney at shell.portal.com Thu May 5 22:18:40 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 5 May 94 22:18:40 PDT Subject: Marked_Money Message-ID: <199405060519.WAA16083@jobe.shell.portal.com> From: Matthew J Ghio > > Is there a way of marking digital coins, so the depositor > > can be identified? > > Only if the depositor marks them as such. The depositor generates the > coin, and gives it to the bank to sign it. The bank signs it in > exchange for another valid signed token. The bank can't alter it in any > way, the bank can only sign it. It's not the depositor who generates the coin, it's the withdrawer. Generally, he will be able to, in effect, "mark" the coin so that when it is deposited at the bank (by whomever he paid it to) the bank will be able to recognize that cash (because the withdrawer told the bank what the numbers were). However, with digital cash, it may be possible for the depositor to be anonymous and deposit the cash without being identified, so that even though the cash is recognized it does not necessarily reveal the depositor. Hal From nobody at shell.portal.com Thu May 5 22:37:54 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 5 May 94 22:37:54 PDT Subject: otp Message-ID: <199405060539.WAA17133@jobe.shell.portal.com> unicorn at access.digex.net says, Un> Is there a mac version? What is offered is the otp.c source and some documentation. It should compile easily on most computer platforms. The output of the program must be run through the TeX typesetting program, and LaTeX, which are freely available. If you wish to do a Macintosh version, I'll refund half your signed contribution. (Is there enough of a money supply out there, that 12 tokens is a reasonable number? i.e.: 2 each from 6 people or whatever.) Derek Atkins says, DA> In the immortal words of a famous vulcan, the needs of the many DA> outweigh the wants of the few. >From _Mein Kampf_: "the interests of the state outweigh the needs of the individual". .. PGP 2.6 key available on request From phantom at u.washington.edu Thu May 5 23:14:51 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Thu, 5 May 94 23:14:51 PDT Subject: BANK: quite a bit of interest. Message-ID: I've had quite a few people ask for instructions for retreiving the ghostmarks I promised. Good to see that more people are getting involved. I'm more than willing to help people get going using the magic money implementations. I've just paid the winner of the sonics/nuggets pool. I'm offering 15 more ghostmarks to the person most closely guessing the spread of the sonics/nuggets game 5 on saturday. (as a reference, the winner this time was only within 14 points of the spread!) You need not have your client installed to enter the pool. I have a feeling that within the next few weeks we're going to see more and more items available via ghostmarks/tacky tokens/bakuins. Get set up now so you can participate later. Email for info. mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From lassie!jim%lassie at netcom.com Thu May 5 23:32:33 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Thu, 5 May 94 23:32:33 PDT Subject: Bunch of Clueless Idiots Message-ID: <174@lassie.lassie.uucp> I see nobody mentioned the infringment of the second amendment by the assault weapons ban. These weapons cause 8.4% of the mortal wounds in commission of crime. Another piece of the constitution falls. Gee, what article of the constitution protects the right to cryptography? What are you going to do when they take it away from you. Probly nothing. The avereage person is definatly not as cool about cryptoghraphy as you are. But then again they probly are not as clickish as you are. You and your FTP site on Internet. Wow everyone knows about that. If they can not figure it out fuck em'. They are a "NEWBIE". You my friend are the ASSHOlE. To distribute to the masses is strenghth, not hiding behind some discussion of tackey dollars. Personly I think YOU are too stupid (OHHH I can program a computer) and lack the social skills to distribute crypto software to the masses. Any law probly would have a grandfather clause. Oh you say your grandfather died three years ago and you are working on revision X.YYY.Z of your latest greatest crypto software to worry about distribution. YOU PEOPLE ARE FOOLS AND HAVE TO MUCH SELF IMPORTANCE IN YOUR SMALL LITTLE HEADS, NOTHING EXISTS OF OF INTERNET! WRONG THE REAL WORLD DOES!!! BY NOT DISTRIBUTING TO THE MASSES YOU WILL LOSE (oh you can ftp to toilet.flush /urinal/cookies/). WHEN THEY TAKE YOUR PRESIOS CRYPTO AWAY, THEY WILL TAKE AWAY YOUR FIRST AMMENDMENT RIGHTS. (and it serves you right). FUCK IT NEVER MIND -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From nowhere at bsu-cs Thu May 5 23:38:17 1994 From: nowhere at bsu-cs (Anonymous) Date: Thu, 5 May 94 23:38:17 PDT Subject: No Subject Message-ID: <199405060637.BAA27056@bsu-cs.bsu.edu> -----BEGIN PGP SIGNED MESSAGE----- A couple of problems have arisen with my code marketing venture. Which is all to the good, of course, as the point of the exercise is to turn up these problems. Firstly, it seems that the coins I receive will contain something akin to a serial number, so that just recording the byte sequence upon issuance of the coin, and comparing with the bank receipts, would be sufficient to establish the origin of the coin. Since a bank deposit is normally communicated to a real email address, then the depositor can be identified. This being the case, use of a pool for receiving bank statements seems to be the safest way to go. The other problem is conversion from one currency (Ghostmarks) into another (Tacky Tokens). Here is a business opportunity for someone: exchange currencies for profit. Once again, a pool seems to be the best way to issue the exchanged money. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCcAgUBLcnf/Lhnz857T+PFAQFXrwQ2NZTiE9spBf364VRvW37NwW+6aogNLjGi rPR89ve0oJEfBoI0EQl7ubHiTflttI+/6sjD++vHWKO1+FFhOXe0MDomYcbJy1QG olpnDTPC4412s546IXwVZsPiqCg9Dcxs5iz+dXalh9RrF9WwiY2YOjS+898FvoDg x6CgwPSbmiZcRx9G8Ou5 =g9jr -----END PGP SIGNATURE----- From unicorn at access.digex.net Thu May 5 23:41:58 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 5 May 94 23:41:58 PDT Subject: Bunch of Clueless Idiots Message-ID: <199405060641.AA15094@access1.digex.net> -> I see nobody mentioned the infringment of the second amendment by the assault weapons ban. [Dribble and CAPS deleted] YOU PEOPLE ARE FOOLS AND HAVE TO MUCH SELF IMPORTANCE IN YOUR SMALL LITTLE HEADS, NOTHING EXISTS OF OF INTERNET! WRONG THE REAL WORLD DOES!!! BY NOT DISTRIBUTING TO THE MASSES YOU WILL LOSE (oh you can ftp to toilet.flush /urinal/cookies/). WHEN THEY TAKE YOUR PRESIOS CRYPTO AWAY, THEY WILL TAKE AWAY YOUR FIRST AMMENDMENT RIGHTS. (and it serves you right). FUCK IT NEVER MIND <- I'll beat Perry to it. Interesting, but not about crypto, or the politics of crypto. Take it to alt.flame. -uni- (Dark) From jdwilson at gold.chem.hawaii.edu Thu May 5 23:49:31 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 5 May 94 23:49:31 PDT Subject: VMS Version of PGP Message-ID: I have a friend who asked me where to get a copy of PGP for VMS. Is there such a version, and where is it available from? Thanks! -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From GRABOW_GEOFFREY at tandem.com Fri May 6 00:29:25 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Fri, 6 May 94 00:29:25 PDT Subject: WinPGP location. Message-ID: <199405060033.AA23865@comm.Tandem.COM> jdwilson at gold.chem.hawaii.edu writes: > Where can I find WinPGP? You should be able to ftp WinPGP 1.0 from oak.oakland.edu//pub/msdos/windows3/WinPGP10.ZIP you'll love it!!! G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From catalyst-remailer at netcom.com Fri May 6 00:33:15 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Fri, 6 May 94 00:33:15 PDT Subject: (fwd) What the IRS is up to Message-ID: <199405060734.AAA26748@netcom.com> ---------forwarded message--------- From lile at netcom.com Fri May 6 00:54:24 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 6 May 94 00:54:24 PDT Subject: Cypherpunks change bytes! Message-ID: <199405060755.AAA22713@netcom.com> Wouldn't it be great if we could just get rid of software patents? -lile From nobody at shell.portal.com Fri May 6 01:02:04 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 6 May 94 01:02:04 PDT Subject: IRS plans Message-ID: <199405060803.BAA07640@jobe.shell.portal.com> >From: johnl at iecc.com (John R Levine) >Newsgroups: comp.society.privacy >Subject: What the IRS is up to Here's some excerpts from a speech by Coleta Brueck, Project Manager, Document Processing system, at the Internal Revenue Service, that she gave at the Computer Press Association Awards luncheon in New York on April 15th. I was at the lunch, but the transcript of the speech just arrived today. The ellipses are mine, but I think I'm not distorting what she said. She started by explaining that their current systems are functionally based on punch card systems from the 1950s, and they want to get more stuff on-line so that when you call with a question, the person at the IRS can retrieve a copy of your records while you're still on the phone. But then: "We should be able to provide you on-line access to that information. ... You will have the availability to know what your current account information is, very much like if most of us who have an American Express Card, you can call -- you don't really know where that 800 number goes, but what you do know is when that person answers your call, they have your complete account information. ... They can give you information on your account, they can update your account, or they can provide you futuristic looks into your account as to where you might be next year, even, for filing tax returns. We've often talked about, and this is the terminology that I used when I was in on a task group, we've talked about the "golden eagle" return. This is the golden -- or gold American Express Card return. At the end of each year, if you have an American Express Card, you get a gold account summary of what you've done for the year. ... Basically, what I say is that if I know what you've made during the year, if I know what your withholding is, if I know what your spending pattern is, I should be able to generate for you a tax return so that I only come to you and tell you, 'This is what I think you should file for the next year, and if you agree to that, then don't bother sending me a piece of paper.' ... But I am an excellent advocate of return-free filing. We know everything about you that we need to know. Your employer tells us everything about you that we need to know. Your activity records on your credit cards tell us everything about you that we need to know. Through interface with Social Security, with the DMV, with your banking institutions, we really have a lot of information, so why would you, at the end of the year or on April 15th, today, do we ask the post office to encumber themselves with massive numbers of people out there, picking up pieves of paper that you are required to file? ... We could literally file a return for you. This is the future that we'd like to go to." Lest there be any doubt, she was entirely serious, and she clearly expected that that we'd all think this is as wonderful as she does. Regards, John Levine, johnl at iecc.com, jlevine at delphi.com, 1037498 at mcimail.com From lassie!jim%lassie at netcom.com Fri May 6 01:02:20 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:02:20 PDT Subject: Keyserver service outage (fwd) Message-ID: <188@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!ah.com!hughes (Eric Hughes) Date: 05 May 94 Originally To: toad.com!cypherpunks >And since the RSA and IDEA patents aren't valid in Europe, this >is 100% kosher. You guys use MIT-PGP and we'll use free pgp 2.5 IDEA is an international patent, from ETH in Switzerland. Eric What about the idiots that do not know and FTP from STP? -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:02:23 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:02:23 PDT Subject: The Value of Money (fwd) Message-ID: <176@lassie.lassie.uucp> >I have some funny money, myself. I have several of the original Oh you must be investing in the junk bond market. You know that there is over $10,000,000,000 's in the US bond market. Oh, of course you did. You are one of those Internet people that only exists on the net. By the way what type of indicators could I use on a global fund to maximize profit and reduce risk. You computer hackers know everyting, do'nt you? Or do you just play with play money? :{)} -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:02:36 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:02:36 PDT Subject: Keyserver service outRAGE (fwd) Message-ID: <187@lassie.lassie.uucp> Geez- this is going to make our fight a little harder- now we have to say "Fight Clipper and Clipper-PGP"??? Man- if the masses didn't get it before, they're going to be GREATLY confused now! That's the point though, isn't it..::sigh:: Now What? "Hoping I'm not one of the half-wits" :) -- Julie ______________________________________________________________________________ Roll over and play dead! Maybe they will not notice. Distribution is the key to success. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:02:38 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:02:38 PDT Subject: EFF Summary of May 3 1994 Clipper and Digital Telephony Hearings (fwd) Message-ID: <179@lassie.lassie.uucp> > NSA's Clinton Brooks expressed support for Congressional Consideration > of the Clipper issue. He argued that Clipper is a sound technological > solution to a legitimate law enforcement and National Security dilemma, > and that a public debate on its merits would eventually remove the > misinformation and mistrust of government, and would prove Clipper to be > in the public interest. DRIVE 55 AND SAVE LIVES!!!!!!! -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:02:51 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:02:51 PDT Subject: Forwarded mail... (fwd) Message-ID: <183@lassie.lassie.uucp> FORWARDED MAIL ------- > TO SUMMARIZE.... > > Let the gov't do the clipper. Pre-encrypt all data transmission before the clipper, so they can't read/see/hear/smell/touch it. What do you people think... > I thinkl as long as it doesn't have bayonet lugs or an attachment to launch grenades then you are OK. NOT, if they mandate a form of crypto as voluntary, they will with in a few years make it mandatory. Then you will be breaking the law and rocks at the federal prison. Distribute crypto to the masses (You remember? THE DUMN FUCKS THAT DOEN'T KNOW WHAT AN FTP IS) and make them on your side with political announcements in the program ZIP -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:02:55 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:02:55 PDT Subject: Anonymous phone calls. (fwd) Message-ID: <175@lassie.lassie.uucp> > Is there any way to make a phone call anonymously? Caller ID can be >blocked somewhat with one of those *## numbers dialed before the call >is made. Is there a way to route a call through a series of phone-type >remailer systems? This would allow one to make a call that would be as >hard to trace as anonymous mail. > Any ideas? Here is a really STUPID FUCKING IDEA: Use a different public phone for each call and limit your time on the phone to less than two minutes. Hey I bet you wear an overcoat in the summer and molest little girls, or is it boys? :{)} -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:02:55 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:02:55 PDT Subject: MIT PGP Announcement (fwd) Message-ID: <185@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!martigny.ai.mit.edu!bal ("Brian A. LaMacchia") Date: 05 May 94 Originally To: toad.com!cypherpunks MIT has just officially announced the upcoming availability of PGP 2.5. The announcement was just made at Networld+Interop '94 in Las Vegas by Jeff Schiller, MIT's Network Manager. The text of the actual announcement is available via WWW at http://www.media.org/. Look under "MIT PGP Security Announcement." WHAT WAS WRONG WITH 2.2? Damn programers can never do anything right the first time? -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:03:08 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:03:08 PDT Subject: Clipper and Congress (fwd) Message-ID: <178@lassie.lassie.uucp> > I wonder if these Representatives (and Senators for that matter) would be > so supportive of Clipper if they were reminded that for it to be effective > even THEY would have to have the chip on THEIR HOME PHONES, THEIR OFFICE > PHONES, THEIR CELLULAR PHONES... > > I doubt many Congressional members are "clean" enough to support a chip > with such a threat over their lives. > Hve you ever been inside IRONMAN or IRONMAN2. The governments sophistication with secure methods of sending voice and data are SECURE. IF YOU ARE STUPID ENOUGH TO BELIEVE THAT THE CONGRESSMEN OR SENATORS WOULD STOOP TO SOMETHING THAT WASN'T SECURE THEN I HAVE A CLIPPER CHIP WITHOUT A BACK DOOR I WANT TO GIVE YOU. People for cryptography/cryptography for people -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From pleiku!kelly at pleiku.com Fri May 6 01:03:17 1994 From: pleiku!kelly at pleiku.com (kelly@netcom.com) Date: Fri, 6 May 94 01:03:17 PDT Subject: secdev1.2, hp100lx and HP PCMIA card support and security(nonexistant) Message-ID: <199405060744.AAA07234@pleiku.pleiku.com> Well the elimination of a very weak security feature on the HP palmtop line the hp 95lx password option, just a screenlock, in the hp100lx any pretence to privacy is now gone. As a result I initially attempted to load the binaries for the secdev1.2 release and was chagrinned to find out they get divide errors on the lowly 8088 clone of the hp100lx...? any ideas?(I suspect they are compiled for 80386 and up and will disassemble to verify after intial recompilation to 8088 targets.. Has any done this already?? cheers kelly From lassie!jim%lassie at netcom.com Fri May 6 01:03:30 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:03:30 PDT Subject: PC-Expo (fwd) Message-ID: <190@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!media.mit.edu!wex (Miburi-san) Date: 05 May 94 Originally To: prism.poly.edu!rarachel When is this event? I have some disks I can send you, or I'd be willing to kick in a nominal sum of money to support the effort. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 na53607 at anon.penet.fi We are Chaos Boys. We are coming to a paradigm near you. YOU HAVE TO BE KIDDING????!!!!!????? THIS IS LIKE DRIVING COAST TO COAST IN A FUCKING SEMITRUCK AND BUYING A DAMN GALLON OF DIESEL AT EACH FUEL STOP> YOU WILL NEVER NEVER NEVER GET THERE!!!!!!!!!!!!! -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:03:34 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:03:34 PDT Subject: Hell's Bells... (fwd) Message-ID: <186@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!netcom!lile (Lile Elam) Date: 05 May 94 Originally To: toad.com!cypherpunks I just noticed that president at whitehouse.gov is listening in on this channel... -lile HELL, he's and asshole, his wife is a stupid kunt, his daughter is an ugley little brat. But the cat's OK. Health insurance reform 1) Dissallow preexisting clauses and limits in medical policies 2) Pool no hope cases (AIDS, Cancer etc.) in underwriter pool covered by all insurance companies. 3) Shit? no more medical insurance problems. 4) Oh yea, set maximum rates and make them uniform for all insureds. 5) Use public assistance for the remainder of people that fall in the assistance level due to income. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:03:47 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:03:47 PDT Subject: Anonymous phone calls... (fwd) Message-ID: <182@lassie.lassie.uucp> > One of the problems of using the pre-paid cards was brought to light > recently in the Olympic incident of Harding/Kerrigan. Harding's husband > bought one of the cards to make phone calls and they traced the calls back to > him via the card, since you have to present valid ID to purchase those. Wow, FUCKIN' hard to figure out. The little round things you have in your pocket are called coins. If you pick up a phone an ask the operator to call Fort Yukon alaska she will ask you to put some of those round things in the phone. Believe it or not, she will now when the phone has a nuff round things and let your call go thru for three minutes maybe. Be sure to wipe your fingure prints of the round things before depositing them in the phone (This is like doing a file wipe in PGP) -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:03:57 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:03:57 PDT Subject: Keyserver service outage (fwd) Message-ID: <181@lassie.lassie.uucp> / | It is my understanding that folk outside the USA can legally run /PGP | versions from 2.0 to 2.3a, but cannot legally run Viacrypt /2.4 or the | RSAREF-based version 2.5, because they contain code /that cannot be | exported from the USA. Thus, it appears that the /keyserver will not | accept any legally created keys from outside /the USA. I think that this | is a bad thing. / / I think folks outside the US can legally run 2.4 or 2.5, as /there are no restrictions in their countries on using that /software. The difficulty is getting it outside of the US without /getting anyone in trouble. I think if cryptography is illegal it does't mater a FUCK what version the program is. Insure against the inevetable by distributing to the DUMM FUCK CLUELESS COMPUTER USERS THAT ARE NOT AS FUCKIN' COOL AS YOU ARE. Power to the people/power in the people -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:04:08 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:04:08 PDT Subject: The Value of Money (fwd) Message-ID: <180@lassie.lassie.uucp> in 1875 you could get a colt .45 for a $20 gold piece. you still can. I am sort of confused by all these folks talking about precious metals as if they still have something directly to do with currency. I thought they hadn't for some decades. They have'nt, but some people are totally clueless as to some things. That why they stay up all night and stare at their computer screens (a kind of perverse sexual pleasure). I believe Nixon took us of the gold standard in '73. People go to Economics school for 6 years just to get paid $ 60k a year to be wrong with their economic conclussions. By the way in the state of Arizona there is still a law on the books that allow someone completing a full stay in prison to recieve a good horse, $20 gold piece, pistol, rifle and a sadle when released from prison. That is why the state kicks you out one day early, even on a day for day sentance. I know people that have attempted to sue to get their horse etc. but lost. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:04:09 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:04:09 PDT Subject: DefenseServices (fwd) Message-ID: <189@lassie.lassie.uucp> Jim Miller says: > Section #120.9 of the ITAR defines "Defense Service" as: > > (1) The furnishing of assistance (including training) to foreign > persons, whether in the United States or abroad in the design, > development, engineering, manufacture, production, assembly, testing, > repair, maintenance, modification, operation, demilitarization, > destruction, processing, or use of defense articles; or > (2) The furnishing to foreign persons of any technical data > controlled under this subchapter (see #120.10), whether in the United > States or abroad. This is sick. According to this, I cannot teach foreigners about cryptography in the U.S. -- even about the open literature. This is a grotesque denial of my first amendment rights. They just FUCKED OFF a big chunk of your second amendment today but I bet you don't even know about it. Do not worry, when they ban your crypto program they will let you buy another one. What FUCKIN' RIGHTS, I DON'T SEE NO STINKIN' RIGHTS!!!!!! Duh what's a PGP and an FTP? Uh Uh Uh fire's cool! -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:04:23 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:04:23 PDT Subject: EFF Summary of May 3 1994 Clipper and Digital Telephony Hearings (fwd) Message-ID: <177@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!pcw (Peter Wayner) Date: 05 May 94 Originally To: toad.com!cypherpunks, central.cis.upenn.edu!farber Dr. Farber suggested that at >the very least Congress weld into law a guarantee that Clipper remain >voluntary, that the Judiciary be an escrow holder. He cautioned, in the >words of Benjamin Franklin, "They that can give up essential liberty to >obtain a little temporary safety deserve neither liberty nor safety" When are you people going to wake up (NEVER as long as you are not in the real world). The congress and house may legislate what ever they want. Your best insurance against the clipper chip is people having good back-door less freeware cryptography programs that educates them on why Clipper is a bum deal. Screw all the judiciary crap. If Mr and Mrs computer user doesn't have access to it they never will. They DO NOT have a FUCKING CLUE as to what a BBS and FTP or AN ESCROWED KEY account is. Much less being a COMPUTER ILLUMINATTI like you are. The power is with the public. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:11:37 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:11:37 PDT Subject: Lobbying/Politics/etc. (fwd) Message-ID: <184@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!anchor.ho.att.com!wcs (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) Date: 05 May 94 Originally To: meceng.coe.neu.edu!deeb > I suspect serious problems implenmenting a law that criminalizes crypto It wouldn't be that hard to get rid of lots of it, as long as they made exceptions to let the big corporate customers stay happy (e.g. banks). The key would be using the civil forfeiture abuse to let them confiscate computers that *appear* to be using illegal crypto; you can hire a lawyer to help you get your box back if they suspect it's got UnAmerican Software. Your goverment crypto license will let you use Clipper if you obey the rules; just think of it as your driver's license on the information superhighway.... The Feds could enforce the 55mph speed limits better if they used confiscation as well. 1) Any Illegal crypto programs could be removed from Internet in a matter of hours. 2) Any Illegal crypto message sent via Internet could be analyzed as illegal and not delivered. 3) Anybody sending such messages would face fines or jail senteces. 4) Any government branch that took your computer could keep it for no reason (except we are investigating it) for a long time, practicly until your trail and then maybe forfit it. 5) Users of Illegal crypto could be subject to other legal survailance. (telephone, movements, dosscia etc.) 6) In this state even if Illegal crypto was not a Felony you would probly receive probation on first offense, 6 months in county jail on second offense and 1 year on third and subsequent offenses. I have done 11 months in county jail and found it racialy enlightning When everyone that wants a free copy of good private key crypto systems has it then the government is hard pressed to outlaw it. FUCKING ASSHOLES ARE TOO STUPID TO USE FTP. Next time you talk to a cop ask him "What are you going to do when you are ordered to take guns away from law abiding citizens?" -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:29:33 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:29:33 PDT Subject: Bunch of Clueless Idiots (fwd) Message-ID: <193@lassie.lassie.uucp> >Good riddance. Another clueless twit storms off in anger. AH your fuckin' mother is a clueless twitt!! >As it happens, I made my comments about the assault weapon ban on >talk.politics.guns," reporting the 216-214 vote within 3 minutes of >ts happening (I watched the debate live on C-SPAN). As the owner of >so-called assault weapons, lacking any paperwork to "prove" I >bought them, I'm possibly going to face prosecution. Yes, I'm >angry. Yes, I consider the 216 who voted to make me a criminal >pieces of shit. And well you should be, it infringes on your rights > But I don't vent my anger by shitting on 700 other people, as you >just did. You lost it, dude, and now you're gonna pay the price. >Good riddance. I have'nt gone anywhere yet > Strong crypto will not happen if jerks like Nabalandian, who I've >never seen contribue a shred of content to this list, foam at the I just did Yeh obviosly all crypto is week, let's write a new program to replace the new crypto program we write next week. Fuck everybody Knows only cool people on Internet deserve crypto. Everybody else is CLUELESS oh omnipotent one. > --Tim May, fed up with his own clueless posts -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 01:37:02 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:37:02 PDT Subject: Bunch of Clueless Idiots (fwd) Message-ID: <192@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!unicorn (Black Unicorn) Date: 06 May 94 Originally To: toad.com!cypherpunks, netcomsv!lassie!jim%lassie -> I see nobody mentioned the infringment of the second amendment by the assault weapons ban. [Dribble and CAPS deleted] YOU PEOPLE ARE FOOLS AND HAVE TO MUCH SELF IMPORTANCE IN YOUR SMALL LITTLE HEADS, NOTHING EXISTS OF OF INTERNET! WRONG THE REAL WORLD DOES!!! BY NOT DISTRIBUTING TO THE MASSES YOU WILL LOSE (oh you can ftp to toilet.flush /urinal/cookies/). WHEN THEY TAKE YOUR PRESIOS CRYPTO AWAY, THEY WILL TAKE AWAY YOUR FIRST AMMENDMENT RIGHTS. (and it serves you right). FUCK IT NEVER MIND <- I'll beat Perry to it. Interesting, but not about crypto, or the politics of crypto. Take it to alt.flame. -uni- (Darkidiot) Duh, how many takey coins will you give me if I do. You care less about the politics of the first amendment or the effects crypto has on it. The goal should be distribution to the masses of a workable crypto program, shit you could even charge them play money. IF 500 people have good crypto it's easy to legislate against that. IF 500,000 people have good crypto it's hard to legislate against that. If 5,000,000 people have good crypto it is impossible to legislate against that. Talk all you want about digital money and hearings, keyservers and politics but by the people with out the clue (non-internet, non-ftp) having access to the software then you have streangth. Without this you will flounder and your precious crypto-clic will be broken up by the government. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From unicorn at access.digex.net Fri May 6 01:37:38 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 6 May 94 01:37:38 PDT Subject: The Value of Money (fwd) Message-ID: <199405060837.AA18285@access1.digex.net> -> Oh you must be investing in the junk bond market. You know that there is over $10,000,000,000 's in the US bond market. Oh, of course you did. You are one of those Internet people that only exists on the net. By the way what type of indicators could I use on a global fund to maximize profit and reduce risk. You computer hackers know everyting, do'nt you? Or do you just play with play money? :{)} -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- <- It's people like this that make me seriously rethink my anti-gun regulation stance. -uni- (Dark) From lassie!jim%lassie at netcom.com Fri May 6 01:42:59 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 01:42:59 PDT Subject: Bunch of Clueless Idiots (fwd) Message-ID: <195@lassie.lassie.uucp> >Excuse me. Please go to talk.raving.guns or >gun-flamers at whitehouse.gov. (Or don't leave your terminal on like >that.) This is the cypherpunks mailing list, not the gun-flamers >list, though many of us believe strongly in the second amendment >and/or like metal equipment that makes loud noises and has superior >penetration ability. This ain't the place for it. Is it me or is my gramatical skills that lacking? What I meant to say is that by mass distribution of crypto to the computer systems of users that are not shall we say FTP,PGP,INTERNET literate that we make it harder for the government to abrigate the first amendment right,as in freedom of press visa vie the enactment of a standard that alows the government to snoop on your doings. I relize I may have gone overboard with the caps and carlin words but I see (to me) that people are missing the opertunity to get the drop on the government and they are the people that should be at the forfront (anonymous) of any such action. Sorry for the outburst -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From jdwilson at gold.chem.hawaii.edu Fri May 6 01:53:07 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Fri, 6 May 94 01:53:07 PDT Subject: Hell's Bells... In-Reply-To: <199405052158.OAA06696@netcom.com> Message-ID: On Thu, 5 May 1994, Lile Elam wrote: > Date: Thu, 5 May 1994 14:58:34 -0700 > From: Lile Elam > To: cypherpunks at toad.com > Subject: Hell's Bells... > > > > I just noticed that president at whitehouse.gov is listening in on this channel... > > > -lile > > > Great! Finally we are getting their attention!!! -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQBNAi2Ig+EAAAECALImsR18LE9I6NKICf8TVhbV6yJgF95ynGHnWnNo1ERfdqzk Zl3Icl2N5klNM3KQ9zM3uN/z55smi2QOiD3hL80ABRO0L0phbWVzIEQuIFdpbHNv biA8amR3aWxzb25AZ29sZC5jaGVtLmhhd2FpaS5lZHU+ =JTj1 -----END PGP PUBLIC KEY BLOCK----- ................................ . == = = James D. Wilson. . " " " P. O. Box 15432............................. . " " /\ " Honolulu, HI 96830-5432......Fr. Excelsior........ . \" "/ \" jdwilson at gold.chem.hawaii.edu.FRC/FAM/AASR/GWB/OTO. ................................................................... From nobody at soda.berkeley.edu Fri May 6 02:24:35 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Fri, 6 May 94 02:24:35 PDT Subject: router service needed Message-ID: <199405060924.CAA08372@soda.berkeley.edu> respectfully i ask the person who wants mykotronx info to contact me. thank you. anon > /dev/null ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```%AS^P;+]AB?X9TW6\8WR:*P&2&#E66'?22E^27!/;8]RV7Q)U\5U@[+ M*3%!.MML0>RAGW9\)P1>+JET-H9C`VFSY\ #O@<8 ====Encrypted-Sender-End==== From grendel at netaxs.com Fri May 6 02:37:40 1994 From: grendel at netaxs.com (Michael Brandt Handler) Date: Fri, 6 May 94 02:37:40 PDT Subject: Regarding Mr. Nalbandian's Comments Message-ID: <199405060937.FAA08646@access.netaxs.com> Regarding some specific criticisms by Mr. Nalbandian: [1] If Joe ComputerUser does not know how to use his computer for more than word processing and playing games, at this point, he probably doesn't NEED PGP. If he knows enough to realize what little privacy he actually has, he will go looking for security. With luck, he will run into someone who can steer him towards PGP... [2] The purpose of this list is not to insure that everyone has a copy and knows how to use PGP (though most of us would consider that a worthwhile goal). As it has been said more and more often, 'Cypherpunks write CODE!'. This is a discussion group about the practicality and implementation of specific forms of cryptography and cryptographic applications (digital money, key servers, etc). [ This is not to belittle the political content of the group, though. ] Groups like the EFF are interested in helping new users to the Internet learn all about it, and are doing a good job of it so far. If you are that concerned about the masses not knowing about cryptography, try sending a note to the EFF (with the caps lock OFF!) and ask them to include a section on privacy, cryptography and PGP in the next version of the Big Dummy's Guide To The Internet. It's a start. [3] Sending badly composed rants to seven hundred people and then publically posting a response to a private message is not the way to be taken seriously. -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server or mail | ========================================================================== People who use Elm: if you know how to create a killfile for Elm, please send me an email message telling how. Thanks. From albright at scf.usc.edu Fri May 6 03:21:27 1994 From: albright at scf.usc.edu (Julietta) Date: Fri, 6 May 94 03:21:27 PDT Subject: Regarding Mr. Nalbandian's Comments In-Reply-To: <199405060937.FAA08646@access.netaxs.com> Message-ID: <199405061020.DAA12320@nunki.usc.edu> Michael Brandt Handler writes: > goal). As it has been said more and more often, 'Cypherpunks write CODE!'. > You know, I keep hearing this- why is it that you all seem to think that writing code is mutually exclusive from talking the politics of cryptography? Is it so hard to do two things at one time??? I'm sorry, I just don't get it.. -- Julie _____________________________________________________________________________ Julie M. Albright Ph.D Student Department of Sociology University of Southern California albright at usc.edu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . From frissell at panix.com Fri May 6 03:30:14 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 6 May 94 03:30:14 PDT Subject: Lobbying/Politics/etc Message-ID: <199405061030.AA00782@panix.com> L.>1) Any Illegal crypto programs could be removed from Internet in a L.>matter of hours. It might be a little hard to invade Findland, Slovenia, the Republic of China, Italy, etc. all within a few hours. L.>2) Any Illegal crypto message sent via Internet could be analyzed L.>as illegal and not delivered. It might be hard to rewrite the TCP/IP protocols and get everyone to install the changes without anyone noticing. L.>3) Anybody sending such messages would face fines or jail sentences. If they were provably in the jurisdiction and you could tell they did it. L.>4) Any government branch that took your computer could keep it for L.>no reason (except we are investigating it) for a long time, L.>practically until your trail and then maybe forfeit it. If you and your computers were in the (same) jurisdiction. L.>5) Users of Illegal crypto could be subject to other legal L.>surveillance. (telephone, movements, dosscia etc.) If the opposition has unlimited resources. L.>6) In this state even if Illegal crypto was not a Felony you would L.>probly receive probation on first offense, 6 months in county jail L.>on second offense and 1 year on third and subsequent offenses. I L.>have done 11 months in county jail and found it racialy enlightning A real learning experience. Don't panic. DCF Aren't the feds going to be pissed in a few years when the 3D solid "printers" come down in price and I can "print" out a dozen UZIs. --- WinQwk 2.0b#1165 From lassie!jim%lassie at netcom.com Fri May 6 03:37:20 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 03:37:20 PDT Subject: Regarding Mr. Nalbandian's Comments (fwd) Message-ID: <198@lassie.lassie.uucp> [1] If Joe ComputerUser does not know how to use his computer for more than word processing and playing games, at this point, he probably doesn't NEED PGP. If he knows enough to realize what little privacy he actually has, he will go looking for security. With luck, he will run into someone who can steer him towards PGP... Wow, word processer, so i guess that if you are just using a word processer that you don't need PGP? As usual you distance yourself from computer users by placing youself on a pedistal above them. Why is that? Do you feel superior to them? Is it something that was lacking in your childhood? I bet you could code 500 lines a day when you were in grade school. I bet you never have just used a word processer or played games on a computer? Have you? With luck somebody will give me the winning numbers to the lottery next week, too. And with wings pigs can fly. [2] The purpose of this list is not to insure that everyone has a copy and knows how to use PGP (though most of us would consider that a worthwhile goal). As it has been said more and more often, 'Cypherpunks write CODE!'. This is a discussion group about the practicality and implementation of specific forms of cryptography and cryptographic applications (digital money, key servers, etc). [ This is not to belittle the political content of the group, though. ] Groups like the EFF are interested in helping new users to the Internet learn all about it, and are doing a good job of it so far. If you are that concerned about the masses not knowing about cryptography, try sending a note to the EFF (with the caps lock OFF!) and ask them to include a section on privacy, cryptography and PGP in the next version of the Big Dummy's Guide To The Internet. It's a start. Why should I waste my time? You waste your time by writing crypto that WILL be outlawed and take no action to distribute. And as usual people on here can't see farther than Internet. They really can'nt. Must be a pedistal thing. Why write crypto or even purport it's use if you are to deprive the real people that could aid your cause the use use of "PGP" or other sutible non-CLIPPER cryptography. More people are off Internet than on.? [3] Sending badly composed rants to seven hundred people and then publically posting a response to a private message is not the way to be taken seriously. I thought there was only a couple hundred on this list? cool 700! I have no idea what you mean by public post of private message? -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 03:37:21 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 03:37:21 PDT Subject: The Value of Money (fwd) (fwd) Message-ID: <197@lassie.lassie.uucp> It's people like this that make me seriously rethink my anti-gun regulation stance. -uni- (Dark) why what ever do you mean? i think all american's should not have guns or crypto. it would make for a safer society in that the government could make sure there would be no more crime or pesky drug dealers using cyfered messages to transmit their buy and sell orders on international email. right-on ban crypto. of course the way this group is going nobody outside of the internet clique will ever get there hands on pgp or other crypto software. i tried to find pgp on local bbs's in phoenix and had to call 8 of them before i found 1 downloadable zip. the average users do not even know it is available. thru ignorance of the bulk of the populace you will fail in your crypto efforts. that is a shame too. you, and your group may know all there is about crypto and may write the best crypto programs ever written. butttttttttt......... without everyday clueless non-internet/ftp/pgp familiar users, crypto is pointless. the power is in distribution. and distribution breeds familiarity and contempt for the governments brand of escrowed key system. given the choice of one item in a resturant you only eat what is served to you. with multiple items you choose the best. face it, if crypto is outlawed it is too easy to clean out the net so to speak. if nothing is agressivly distributed then the people will not have it. if the people do not have it why waste your time writing it. if it is made illegal you will be an outlaw. if you have distributed in major cities before hand then at least the public has and will have access. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From grendel at netaxs.com Fri May 6 04:01:14 1994 From: grendel at netaxs.com (Michael Brandt Handler) Date: Fri, 6 May 94 04:01:14 PDT Subject: Regarding Mr. Nalbandian's Comments In-Reply-To: <199405061020.DAA12320@nunki.usc.edu> Message-ID: <199405061100.HAA09333@access.netaxs.com> > Michael Brandt Handler writes: > > > goal). As it has been said more and more often, 'Cypherpunks write CODE!'. > > You know, I keep hearing this- why is it that you all seem to think > that writing code is mutually exclusive from talking the politics of > cryptography? Is it so hard to do two things at one time??? I'm sorry, I > just don't get it.. Julie, please reread this portion of my message. GR> This is a discussion group about the practicality and GR> implementation of specific forms of cryptography and cryptographic GR> applications (digital money, key servers, etc). [ This is not to ^^^^^^^^^^^^^^ GR> belittle the political content of the group, though. ] Groups like ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I read and enjoy both the coding discussions as well as the political talk. They're not exclusive in any way. -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server / mail / finger | ========================================================================== From phred at well.sf.ca.us Fri May 6 04:02:12 1994 From: phred at well.sf.ca.us (Fred Heutte) Date: Fri, 6 May 94 04:02:12 PDT Subject: Bunch of Clueless Idiots In-Reply-To: <174@lassie.lassie.uucp> Message-ID: <9405060401.ZM21325@well.sf.ca.us> Aside from the fact that Jim Nalbandian is wrong about the absolutist argument he propounds about gun ownership and the Second Amendment, this is clearly a clueless rant and should be ignored. Heaven forfend that the discussion here get sidetracked onto gun issues, especially in respone to a classic shit-disturber post like this. I'm normally a lurker but definitely *do* read and enjoy and like chewing on the issues and discussion here. But my patience ends with axe-grinding. see you in the future phred "Why make it simple & easy When you can make it complex & wonderful!"  From warlord at MIT.EDU Fri May 6 04:03:19 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 6 May 94 04:03:19 PDT Subject: The Value of Money (fwd) (fwd) In-Reply-To: <197@lassie.lassie.uucp> Message-ID: <9405061103.AA22471@podge.MIT.EDU> > It's people like this that make me seriously rethink my anti-gun > regulation stance. > > -uni- (Dark) > > why what ever do you mean? i think all american's should not have I believe he means that you appear basically out of nowhere, send about 20 messages to the list with very little content, and appear to not have even been reading much of the list. I may be wrong, but it appears to me that you saw the list in a recent publication and joined it sometime in mid-to-late April. However, not to make this a flaming letter, I would like to address your distribution point. And I must agree that the distribution of PGP has been fairly Internet-biased. However one reason, IMHO, that this is the case is that private BBSs were afraid to carry PGP because of the questionable legality w.r.t. the RSA patent. With the advent of PGP 2.5, to be released soon, this problem will go away in the US, and I believe that we will see a great number of distribution sites go online. I don't know if the government is going to ban crypto, but I am going to fight my darndest to try to stop them from doing so. The question about criminals using crypto is a crock -- even if they ban it, the criminals will still use it: that's why they are criminals, they don't follow the law! So banning crypto will basically get the government nowhere (then again, I feel the same way about the outlawing of guns, but see where that went). Another thing is that right now, I don't think that every person and his mother would know what to do if they had PGP. It requires, currently, some base of knowledge to successfully use crypto, and it is really easy to have a false sence of security. For example, Joe Average ComputerUser is using PGP. He is on a shared machine and keeps his private key online, has a 6-character passphrase (his dog's name) and types it over the modem... Yet this person thinks that no one can read his files since they are encrypted using PGP! No, this is not the right way to do it. We need to educate people about the risks of NOT using encryption, and when they understand the risks and start asking how to not be at risk, *then* you can show them PGP and explain how it fills the holes, and what it can and cannot do. That is the way that we will have to do it. And that is what we have (or at least I have) been trying to accomplish. I hope this makes sence to you. -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From perry at snark.imsi.com Fri May 6 04:04:07 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 6 May 94 04:04:07 PDT Subject: Keyserver service outage In-Reply-To: <9405052123.AA04874@ah.com> Message-ID: <9405061103.AA00714@snark.imsi.com> Eric Hughes says: > >And since the RSA and IDEA patents aren't valid in Europe, this > >is 100% kosher. You guys use MIT-PGP and we'll use free pgp 2.5 > > IDEA is an international patent, from ETH in Switzerland. However, I will point out that they typically grant free licenses for non-commercial software. Perry From grendel at netaxs.com Fri May 6 04:05:48 1994 From: grendel at netaxs.com (Michael Brandt Handler) Date: Fri, 6 May 94 04:05:48 PDT Subject: Clipper Key Escrow Details Message-ID: <199405061105.HAA09399@access.netaxs.com> Regarding the Clipper Key Escrow scheme: [1] Who has the ability to submit a warrant and request the key data from the two controlling government agencies? Do you have to be a Federal organization? Local? State? Could the Lower Merion Police Department (from Lower Merion, PA, technically where I live) attempt to obtain my escrowed key parts if they had a valid reason (and the knowledge / equipment to use it)? [2] What is to stop someone, once they have my escrowed key data, from archiving it for later use? Do the federal agencies in charge have any protocols or controls or protections against this? Thanks. -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server / mail / finger | ========================================================================== From phred at well.sf.ca.us Fri May 6 04:08:59 1994 From: phred at well.sf.ca.us (Fred Heutte) Date: Fri, 6 May 94 04:08:59 PDT Subject: Regarding Mr. Nalbandian's Comments In-Reply-To: <199405061020.DAA12320@nunki.usc.edu> Message-ID: <9405060408.ZM21714@well.sf.ca.us> I'm sorry I responded just now to Nalbandian's first spew before noticing that he has stuffed my mailbox with another handful of non-germane babble. Instead of wasting my time handing him good advice about better ways to spend *his* time, I will simply say that the usual treatment here is the correct one: /dev/null phred  From perry at snark.imsi.com Fri May 6 04:15:50 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 6 May 94 04:15:50 PDT Subject: Marked_Money In-Reply-To: Message-ID: <9405061115.AA00728@snark.imsi.com> Matthew J Ghio says: > > Is there a way of marking digital coins, so the depositor > > can be identified? > > Only if the depositor marks them as such. The depositor generates the > coin, and gives it to the bank to sign it. The bank signs it in > exchange for another valid signed token. The bank can't alter it in any > way, the bank can only sign it. You have the protocol reversed. It is the person who withdraws the money who blinds a coin. Depositors can indeed be tracked by collusion between the person minting the coin and the bank, but in practice this would not be a problem. Perry From perry at snark.imsi.com Fri May 6 04:43:15 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 6 May 94 04:43:15 PDT Subject: Keyserver service outage (fwd) In-Reply-To: <188@lassie.lassie.uucp> Message-ID: <9405061143.AA00770@snark.imsi.com> Mr. Nalbandian was only recently released from the hospital, and is still having some small difficulty adjusting to normal society. I suggest we help him along by restricting our expressions of displeasure at his inappropriate public remarks in private email. Perry Jim Nalbandian says: > > FORWARDED MAIL ------- > From: netcomsv.netcom.com!ah.com!hughes (Eric Hughes) > Date: 05 May 94 > Originally To: toad.com!cypherpunks > > >And since the RSA and IDEA patents aren't valid in Europe, this > >is 100% kosher. You guys use MIT-PGP and we'll use free pgp 2.5 > > IDEA is an international patent, from ETH in Switzerland. > > Eric > > > > What about the idiots that do not know and FTP from STP? > > > > -- > * Spelling errors are intentional and international * > Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com > Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA > No free man shall ever be de-barred the use of arms. The strongest > reason for the people to retain there right to keep and bear arms > is as a last resort to protect themselves against tyranny in > government. <-------- Thomas Jefferson -- From smb at research.att.com Fri May 6 04:48:40 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 6 May 94 04:48:40 PDT Subject: Clipper Key Escrow Details Message-ID: <9405061148.AA06293@toad.com> Regarding the Clipper Key Escrow scheme: [1] Who has the ability to submit a warrant and request the key data from the two controlling government agencies? Do you have to be a Federal organization? Local? State? Could the Lower Merion Police Department (from Lower Merion, PA, technically where I live) attempt to obtain my escrowed key parts if they had a valid reason (and the knowledge / equipment to use it)? Anyone who has the right to do a wiretap under both Federal and state law. That would include local police departments in very many states. [2] What is to stop someone, once they have my escrowed key data, from archiving it for later use? Do the federal agencies in charge have any protocols or controls or protections against this? Nothing that I know of, though that's not certain. Decryptions will be done by a magic decode box; in theory, at least, the downloaded key -- which will be Skipjack-encrypted -- could be accompanied by a time-to-live field. Last I heard, the decoder boxes hadn't been completely designed yet. From rsturt at wilbur.mbark.swin.oz.au Fri May 6 05:09:42 1994 From: rsturt at wilbur.mbark.swin.oz.au (Ice-Fox (aka Robert Sturtz)) Date: Fri, 6 May 94 05:09:42 PDT Subject: pgp Message-ID: I live in Australia and i was wandering if there was a legal way to get my hands on pgp (or whatever its called) and if there is a way what is it? Yours in SYNC. Robert Sturtz __ __ __/// rsturt at wilbur.mbark.swin.oz.au (Ice-Fox on irc) __/// \XX/ Vice-President of Eastern Wargamers And Roleplayers Club \XX/ -------------------------BEGIN SPOOK FODDER------------------------- kill, bomb, maim, plot, c4, sex, murder, assassinate, gun, nuke, plan --------------------------END SPOOK FODDER-------------------------- From perry at snark.imsi.com Fri May 6 05:18:17 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 6 May 94 05:18:17 PDT Subject: Regarding Mr. Nalbandian's Comments In-Reply-To: <199405061020.DAA12320@nunki.usc.edu> Message-ID: <9405061217.AA00801@snark.imsi.com> Julietta says: > > goal). As it has been said more and more often, 'Cypherpunks write CODE!'. > > You know, I keep hearing this- why is it that you all seem to think > that writing code is mutually exclusive from talking the politics of > cryptography? Is it so hard to do two things at one time??? I'm sorry, I > just don't get it.. Its a matter of two things. 1) One can make the same political statements over and over (as we do) without much effect. Writing code can change the world. Therefore, writing code is much more worthwhile. 2) There are lots of places to talk about approximately this set of political views. Its not a question of excluding politics -- its really more of a question of giving primacy to action. Perry From nowhere at bsu-cs Fri May 6 05:36:35 1994 From: nowhere at bsu-cs (Anonymous) Date: Fri, 6 May 94 05:36:35 PDT Subject: No Subject Message-ID: <199405061236.HAA18395@bsu-cs.bsu.edu> Can someone be so kind as to shed some light on PGP v2.5? I've heard a couple of comments that it is available? If so, is this a public domain release, where is it available via anon ftp and what enhancements (if any) does it offer over the v2.3 release? Thanx. From werner at mc.ab.com Fri May 6 05:43:02 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Fri, 6 May 94 05:43:02 PDT Subject: Keyserver service outage (fwd) Message-ID: <9405061243.AA16750@werner.mc.ab.com> >Date: Fri, 06 May 1994 07:43:03 -0400 >From: "Perry E. Metzger" > >Mr. Nalbandian was only recently released from the hospital, and is >still having some small difficulty adjusting to normal society. I >suggest we help him along by restricting our expressions of >displeasure at his inappropriate public remarks in private email. As much as I hate to bring this up, are you certain that Nalbandian is not a Detweiler tentacle? From schirado at lab.cc.wmich.edu Fri May 6 06:09:53 1994 From: schirado at lab.cc.wmich.edu (Schirado) Date: Fri, 6 May 94 06:09:53 PDT Subject: Nalbandian Message-ID: <9405061309.AA19266@lab.cc.wmich.edu> Okay. "Writing code" is the activism of choice here, as opposed to speaking out, spreading the word to Joe Sixpack, etc. No problem. First: There have been many non-code discussions over the last few months, many of them begun by respected list members (Tim May, Eric Hughes, etc). Second: If something is posted to the list that you find stupid, you all SAY that we should just ignore them. But of course, you post this itself to the list at large. Which prompts another round of go-between, attack and counter-attack. You say that the "clueless" need to get thicker skins? Pot calls kettle black, film at 11. You accuse the clueless of wasting time and bandwidth, and then perform the same thing (in a far superior fashion, of course, since your spelling and grammar skills show you to be a better person anyway). In a nutshell: If it's not related to the list, DON'T POST IT. Take the crap to e-mail. Frog Farmer, ignoring his own advice for the first (and hopefully last) time. From paul at hawksbill.sprintmrn.com Fri May 6 06:26:02 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 6 May 94 06:26:02 PDT Subject: (fwd) May 4 House Hearing on Clipper, F. Lynn McNulty testimony Message-ID: <9405061427.AA08632@hawksbill.sprintmrn.com> Forwarded message: > > Newsgroups: talk.politics.crypto > From: koontzd at io.lrcs.loral.com (David Koontz ) > Subject: May 4 House Hearing on Clipper, F. Lynn McNulty testimony > Message-ID: <1994May5.010923.17264 at wdl.loral.com> > Originator: koontzd at io > Sender: news at wdl.loral.com > Organization: Loral Rolm Computer Systems > Date: Thu, 5 May 1994 01:09:23 GMT > Lines: 914 > > > > > > > > > > > > > > Security on the Internet > > > > Statement of > F. Lynn McNulty > Associate Director for Computer Security > National Institute of Standards and Technology > U.S. Department of Commerce > > Before the > Subcommittee on Science > Committee on Science, Space, and Technology > U.S. House of Representatives > > March 22, 1994 > > I. INTRODUCTION > > Mr. Chairman and Members of the Committee: > > Thank you for inviting the National Institute of Standards and > Technology (NIST) to speak about security of the Internet and the > role NIST plays in its security. We share your belief in the > importance of security on the Internet. We also believe that > recent events affecting the security of Internet users reinforce > the need for attention and action. I want to address the > specific concerns and issues you have identified and discuss the > role that NIST plays in the security of both the Internet and the > evolving national information infrastructure. > > A. NIST's Computer Security Mission > > First, let me briefly review NIST's role in the computer security > area. Under the Brooks Act (P.L. 89-306), NIST is tasked with > developing Federal Information Processing Standards (FIPS) for > unclassified federal computer systems. Our security activities > in this area were re-enforced by Congress in 1987 when it passed > the Computer Security Act of 1987 (P.L. 100-235). The Act > stipulates that NIST shall "have responsibility within the > Federal Government for developing technical, management, > physical, and administrative standards and guidelines for the > cost-effective security and privacy of sensitive information in > Federal computer systems" (excepting classified systems and those > used to process "Warner Amendment" information covered by 10 > U.S.C. 2315). This role was essentially reiterated in P.L. 102- > 194, the High-performance Computing Act of 1991. > > In essence, then, NIST has the responsibility -- through > standards, guidance, and technology transfer -- for helping > agencies protect their information technology and applications. > It is important to recognize that it remains the responsibility > of agencies, service providers, and users of information > technology to develop, implement, and manage security programs > based on their specific risks and needs. > > > II. THE RECENT INTERNET SECURITY INCIDENT > > Let me now turn briefly to the recent incident that was perhaps > the primary impetus for these hearings. The testimony of the > representative from the Computer Emergency Response Team (CERT) > describes the technical details of the incident. I will try to > put the incident in a context and perspective. Later, I will > address more general Internet and NII security concerns. > > A. The Incident > > The recent incident involved the discovery of "password sniffer" > programs on hundreds of systems throughout the Internet. This > "incident" was really a series of incidents on host systems > around the Internet involving the exploitation of a combination > of vulnerabilities present in the Internet. First, I should note > that over the last few years there have been many security alerts > and incidents involving systems on the Internet. This incident > was different from "routine" or ongoing incidents primarily in > that it developed rapidly into a widespread pattern of similar > attacks and that it resulted in threats to many other systems. > > B. Major Vulnerabilities Exploited > > There were two major types of vulnerability that were exploited > in this incident -- neither, by the way, being actual > vulnerabilities of the Internet itself, but rather problems in > systems connected to the Internet. > > Obtaining Privileged Access - The first step in the password > sniffer attack requires the attacker to obtain privileged status > on a target host system. This can be done by exploiting any of a > wide range of known attacks. This normally can happen only when > that host system has not been properly configured and > administered to prevent unauthorized access. As such, this is > not an Internet vulnerability. Rather, it is a general problem > that all computer system administrators face and must address. > > Access to Passwords - The next steps in the attack involve the > installation of the "sniffer" program to monitor the system's > network interface port and the collection of log-in information, > including passwords. The problem was not the ability of a > properly authorized user to monitor the network port; this is > needed for effective system administration. The vulnerability > here was due to the fact that most computer systems on the > Internet (and other networks) employ re-usable passwords to > authenticate users. There was no exposure for host systems or > user accounts which employed non-reusable passwords or other > advanced methods (such as tokens or "smart cards") for user > authentication. This, again, is not an Internet vulnerability; > Internet protocols do not require host systems to use passwords > for user authentication. It should also be noted that encryption > of network layer information would not have solved this specific > problem, because the monitoring occurs at a point in the > compromised systems where messages are unencrypted anyway. > > In summary, while there were known vulnerabilities exploited in > this incident, they were vulnerabilities in the security > mechanisms of host systems, not the Internet itself. > Nevertheless, there was a serious and widespread impact of the > incident affecting many other systems on the Internet. > > C. Impact > > The serious impact of the recent incident should be recognized; > log-in information (i.e., account numbers and passwords) for > potentially thousands of host system user accounts appear to have > been compromised. It is clear that this incident had a negative > impact on the operational missions of some Government agencies. > Moreover, this should be viewed as ongoing incident, not an > incident that has happend and been dealt with. Indeed, > administrators of systems throughout the Internet were advised, > in turn, to direct their users to change their passwords. This > is, indeed, very significant, and we may be seeing its effects > for some time to come. Not only is it difficult, if not > impossible, to identify and notify every user whose log-in > information might have been compromised, it is unlikely that > everyone, even if notified, will change his or her passwords. > Therefore, we will probably continue to see unauthorized access > to user accounts resulting from the password "sniffing" activity > of this incident. Clearly, we need ways to minimize this kind of > problem in the future. > > D. Alerting and Response to the Incident > > A Success Story - Despite the serious impact of this incident, it > should be viewed as a clear and major success for organized > incident response activities. The existence and cooperation of > several operational security incident response teams was > instrumental in identifying this as more than a "routine" > incident and ensuring rapid response to it. A formal coalition > of response teams, known as FIRST (the Forum of Incident Response > and Security Teams) played an important role in the process. All > of the teams central to the incident are members of FIRST. The > Department of Energy's Computer Incident Advisory Capability > (CIAC) at Lawrence Livermore Laboratory first identified the > incident. CERT led efforts to analyize and assess the emerging > threat and issued initial alert messages to the other security > incident response teams that are members of FIRST (including > NIST). Individual teams then spread the word among their > constituencies. Also of particular note was the DoD Automated > System Security Incident Support Team (ASSIST), which has > coordinated world-wide response efforts for all of DoD. When it > was clear that the incident was particularly wide-spread, notices > were posted on several Internet "bulletin boards" and other > forums. A press release was also issued. (It is important to > note, however, that, because of the specific and inherently > technical nature of most such incidents, press releases are not > normally part of the alert process.) > > E. Lessons Learned > > This incident was the result of known vulnerabilities and > already-hypothesized attack scenarios. Rather than teach us new > lessons, it really re-emphasizes some lessons we've already > learned and simply increases a sense of urgency for advanced > authentication methods and other actions. Additional lessons > learned were: > > Effective incident response teams and alerting mechanisms > can (and, in this case, did) play an important role in > minimizing the impact of such incidents. > > Traditional user authentication by means of re-usable > passwords does not provide strong security in today's > networked environment -- with or without encryption. > > Exploitation techniques (and software which automates such > techniques) are rapidly shared across the network and can be > easily used by otherwise unskilled miscreants. In other > words, you don't have to be smart (or ambitious) enough to > build these "weapons" to be able to obtain them and use them > against others. > > Any host system, if improperly configured or managed, can > become an "unwitting" platform for an attack against other > systems in a network. Therefore, we need to mimimize the > need for reliance on the integrity of individual hosts for > the security of other hosts and users on the Internet. > > System administrators (which, because of the growing > number of workstations on the net, include an increasing > number of relatively unskilled users) need better awareness, > skills, and competence in protecting their systems; > > The importance of security to users of the Internet (and > by extension the evolving national information > infrastructure) can no longer be seen as secondary. If this > valuable national resource is to achieve its full potential, > its users must have confidence in the security of their data > and activities on the network. > > III. IMPROVING SECURITY ON THE INTERNET > > Clearly, much can be done to improve security in the Internet. > The initial, research-oriented Internet and its protocols were > designed for a more "benign" environment than now exists. It > could, perhaps, be described as a collegial environment in which > the users and host computer systems are mutually trusting and > interested in unrestrained sharing of information. The new > environment in which the Internet (and the NII) must operate is > much less collegial and trustworthy. It contains all the > situations, people, and risks that we find in the society as a > whole. Thus, we have begun to reexamine and adjust our "design > requirments" to reflect those new realities. Security is now a > primary concern. The collegial Internet of the past cannot be > the basis for the NII of the future. > > A. A Short History of Internet Security Incidents > > Despite the previous comment, security in the Internet is not > something that has never occurred to its users and operators. It > is important to understand what has taken place and what is > currently underway. > > In recent years, a number of security problems with networks in > general and the Internet in particular have received public > attention. The media have carried stories of high-profile > malicious hacker attacks via the Internet against government, > business, and academic sites. It often seems that hackers roam > the Internet with virtual impunity, masking their tracks while > moving from system to system. > > The Recent Incident Wasn't the First - Perhaps the first and > still most significant major incident involving the Internet was > the so-called Internet Worm, caused by Robert Morris, Jr. in > November of 1988. This incident, in effect, woke up the Internet > community to at least three facts: > > Everyone out there isn't a "good guy"; > > Internet protocols and applications had many inherent or > implementation vulnerabilities that create exposures to > misuse or intrusion; and > > The network community needed better methods of cooperation > to identify and react to network incidents and emergencies. > > The first two of the above factors won't change; the last remains > true, but has been and continues to be addressed. > > And It Won't Be The Last - In the years subsequent to the > Internet Worm, there have been some significant trends: > > Use of the Internet has grown exponentially -- and > continues unabated. With this has come a corresponding > increase in the number of people with a detailed technical > understanding of Internet systems -- and the potential > vulnerabilities of those systems. > > "Security" incidents, such as attempted system access, > actual system intrusions, and other exploitations of various > weaknesses of systems on the Internet, also have grown > dramatically. It is likely that almost every host system on > the Internet already has had at least some sort of security- > related incident. > > The number of unskilled users who must (or should) be > assuming network system administrator functions will > continue to increase -- simply because the number of systems > connected to the Internet is increasing. > > There are now growing organized efforts of Internet user > organizations to identify and deal with intrusions and > unauthorized system use. > > > B. Internet Vulnerabilities vs. Host System Vulnerabilities > > It is important to recognize that the vast majority of security > problems seen "on the Internet" are not really Internet problems > at all. We need to understand a subtle but important distinction > between the Internet and its host systems. > > The Internet is, in essence, a collection of computers, usually > called host systems, which are connected to underlying data > communications networks. These host systems (which may support > one or more human users) communicate with each other by means of > internet protocols. The internet protocols may be thought of as > the standard message formats by which the host systems establish > connections to each other and exchange information -- much like > the use of standard forms and procedures in an office > environment. > > Security vulnerabilities can exist in the underlying > communications network and its nodes, in the internet protocols, > in network administration, or in host systems. To use the > highway analogy, a communications problem might be like a > pothole, a bridge failure, or a closed road. A protocol problem > might be like a mis-marked exit sign or a failure of slower > traffic to stay in the slow lane. A network administration > problem might be the lack of emergency vehicle access or > notification and response procedures for accidents. Last, a host > system problem might be likened to a store proprietor along the > highway leaving the doors open and the store unoccupied. The > problem is not the proximity of the highway, but the carelessness > of the store proprietor (and the fact that not everyone on the > highway is honest). Most "Internet" security problems to date > have been careless -- or unknowlegeable -- proprietors. > > > C. The Role of the Internet in the NII > > The national information infrastructure is not some system that > will be "switched on" at some specified date in the future. The > NII, at least in its initial form, is here now, and like many > other national infrastructures, is made up of many -- often > disjoint -- elements. The issues that we in government and > industry must address are the directions in which we want the NII > to evolve and how to make that happen. In the administration's > guiding document on the development of the NII, The National > Information Infrastructure: Agenda for Action, one of the nine > guiding objectives is to "Ensure Information Security and Network > Reliability". > > One of the important elements in the current NII is the Internet. > The Internet may not, however, be the ultimate model or > technology for the NII. Nevertheless, it serves important roles > in the evolution of the NII. First, it is a working example of > effective global computer networking. Second, it is a possible > model for future network technology. Last -- and perhaps most > importantly -- the Internet serves as a sort of living laboratory > in which we can develop and experiment with technologies, > applications, and concepts of information sharing that will be > useful or necessary in the next century. Again, security > mechanisms are central to the process. > > D. The National Performance Review > > The importance of information technology security in general and > Internet security in particular was recognized in the Vice > President's National Performance Review. In the area of > information technology security, the following primary objectives > were identified: > > Development of cryptographic standards > Development of a set of generally-accepted system security > practices > Establishment of a national crisis response clearinghouse > Improved security awareness > Security of the public switched telecommunications network > Internet security > Coordinated security research and development > > In addition, the NPR report cited specific objectives in the > related area of Privacy: > Establishment of a Privacy Protection Board > Development of a set of Fair Information Handling > Practices > > NIST has the lead responsibility in some of these items and a > role in all of them. Although each has some relevance to > Internet security, two items are of particular relevance. > > Internet Security - This specifically focuses on the Internet. > It involves the development of an overall Internet security plan. > The Federal Networking Council has the lead in this activity, > with the participation of several other organizations, including > NIST. > > National Crisis Response Clearinghouse - This will be, in > essence, the expansion and application of the FIRST concept to > the entire Federal Government. NIST has the lead responsibility > for this item. > > E. A Self-Fulfilling Prophecy > > One of the clear directions of the administration is for agencies > to "get connected". Initially, that means electronic mail, and > to most agencies, that means "on the Internet". This presents us > with an interesting situation. For years, the reason that many > agencies used as a reason not to connect to the Internet was > concern over security -- "We don't want to open ourselves up to > hackers." Now, agencies are likely to rush headlong "onto the > Internet" without careful planning, personnel skills, and > knowledge of the security considerations. The likely result, if > we are not careful, is that we will see significant occurrences > of those security problems that the agencies were always worried > about -- a self-fulfilling prophecy. > > This is not to suggest that we should not be moving forward > agressively on connecting to the Internet; the benefits of this > initiative are clear and compelling. However, it does require > that we undertake this effort with care and intelligence. > > NIST's Computer Systems Security and Privacy Advisory Board > (CSSPAB) will be examining this very issue at their quarterly > meeting on March 23rd and 24th. They will be examining the > several agencies' plans for putting agency mission critical > systems on the Internet. > > F. Security Incident Response Efforts > > The Need - Regardless of the security technology and other > measures we put in place on the Internet -- or any other network > -- we will always have security incidents. We will discover > exploitable vulnerabilities. We will suffer intrusions, attacks, > thefts, fraud, network failures, errors and omissions, and > uncountable other possible risks. Since we will never be able to > anticipate, much less prevent all of these problems, we must have > in place effective mechanisms for dealing with them when they do > occur. This is the role of security incident response efforts. > The recent Internet incident reinforces the need for such > activities and demonstrates their value and effectiveness. > > FIRST - Beginning with the aftermath of the 1988 Internet worm > incident, it was recognized that better methods for incident > response and information sharing were needed. It was also clear > that the establishment of a single team or "hot line" would not > work; it would simply be overwhelmed. Out of this was born the > concept of a coalition of response teams -- each serving its own > constituency, but working with the others to share information, > provide alerts, and provide mutual support in the response to > incidents and potential incidents. That concept was embodied in > FIRST, the Forum of Incident Response and Security Teams. FIRST > has grown from an initial group of eleven, mostly Government, > teams to over thirty teams now. These teams include Government, > industry, computer manufacturers, and academia -- both U.S. and > international. > > Sharing Sensitive Security Incident Information - In discussing > these well-publicized problems, I think it is important to stress > that we at NIST believe that it is not a good idea to just > publicly announce system security weaknesses, in the hope that > such publicity will result in immediate solutions. Some, indeed > most, security weaknesses cannot be fixed overnight -- for > example, it takes time to correct errors in operating systems, > test the new code, distribute the updated code, and install the > code. Inappropriate publicity about some kinds of weaknesses > will merely serve as a call for their exploitation by malicious > hackers. > > The FIRST concept addresses this problem by establishing a means > for developing a level of trust and cooperation among teams that > permits sharing of information. The FIRST "membership" process > involves endorsement from an existing member, thus providing an > initial level of confidence. Further interactions among teams > have build a level of trust and cooperation that probably could > never have existed otherwise. > > We believe we have demonstrated the success of this concept over > the last few years of FIRST's existence. Groups who would have > never discussed security problems outside their own confines have > been able to work together with the confidence that they can gain > from the knowledge and experience of other groups without > exposing their organizations to attack in the process. > > NIST's Role in FIRST - NIST has played a leadership role in FIRST > from the beginning. NIST led efforts to bring together existing > teams, develop an operational framework, and get the activity > underway. NIST continues to serve as the secretariat of FIRST. > In that role, we provide coordination and technical support. For > example, we established and administer the electronic mail > alerting network used by FIRST members. We are currently > developing plans for a much more aggressive expansion of FIRST > membership throughout the Government. To date, the most active > FIRST members in the Government have been teams from the > "traditional" Internet communities -- the DoD and research > agencies. We are anxious to see more active participation on the > part of the rest of the civilian agencies of Government as they > increasingly become "network players". > > Individual Response Teams - The role of the individual response > team cannot be ignored. These teams are the essence of FIRST. > They must establish procedures for managing incidents within > their defined constituencies, and they must be able to > communicate with the other FIRST teams. The major hurdle we have > seen for agencies to become active in incident reponse activities > (aside from the lack of Internet connectivity in many cases) is > the need to develop an incident response "mindset" to complement > the traditional policy and procedures approach of many computer > security programs. To help address this problem, we published in > 1991 a guidance document, NIST Special Publication 800-3, > Establishing a Computer Security Incident Response Capability. > > In summary, we believe that organized, coordinated, and effective > security incident response efforts throughout government (and > beyond) are critical to the security of the Internet (and the > NII) now and in the future. > > > G. Security Technology > > Security technology is important for the effective enforcement of > security policies in any computer system. Such technology is > especially important in a highly distributed, networked > environment -- such as the Internet -- in which physical and > administrative controls are limited. > > Security Services - Five major security services are identified > in International Standard 7498-2. This standard was developed to > specify the security aspects of the Open System Interconnect > (OSI) model of computer networks. The security services (and a > short explanation of each) include: > > Authentication - Verification of the claimed identity of a > computer or computer network user; > > Access Control - Verification and enforcement of the > authorized uses of a computer network by a user subsequent > to authentication; > > Data Integrity - Verification that the contents of a data > item (e.g., message, file, program) have not been > accidentally or intentionally changed in an unauthorized > manner; > > Data Confidentiality - Protection of the information > content of data from unauthorized disclosure; > > Non-repudiation - Protection against denial of sending (or > receiving) a data item by the sender (or receiver). > > These major security services should be augmented by a number of > auxiliary services (audit, availability assurance) and support > services (key management, security maintenance, network > management). An integrated security system must offer all these > services with a number of security mechanisms implemented in a > number of security products. Technology will advance and provide > for newer, cheaper, better products but the overall security > system need not be changed drastically if it is designed > properly. NIST is working with several organizations seeking an > overall security architecture for unclassified information. An > integrated security system can then be designed with > interchangeable and interoperable parts as needed. > > Advanced Authentication - Since reusable passwords are the > weakest security link in the present Internet, better, more > advanced, authentication techniques are needed. A spectrum of > solutions exist ranging from "one-time" passwords to high tech, > biometric identification systems. Token based authentication and > access control systems appear to be a reasonable compromise among > the goals of low cost, high security and system simplicity. NIST > has developed several token based security systems and continues > to evaluate several new alternatives. Most are based on > something a user carries with them, like a "smart card" or "smart > token" or "smart disk." Software modules unique to an individual > will also suffice if good software protection is provided to the > information in the module. > > Public Key Infrastructure - A public key infrastructure (PKI) is > a part of an integrated security system that is needed to support > certain user authentication, data integrity and data > confidentiality services. A PKI is a distributed system > consisting of people and computers that will verify the correct > identity of a person seeking authorization to use a computer > system or network and then associate a public key with that user > in a highly secure manner. The certificate issuer in the PKI > produces an electronic certificate which contains the identity of > a user, the user's public key, some auxiliary information for the > security system and the digital signature of the CERTIFICATE > ISSUER. The PKI should be established so that a secure "chain of > certificates" is established between any pair of users anywhere, > perhaps, in the world. This allows someone to sign a secure > message, funds transfer or electronic contract and then allows > anyone else to verify the source and authenticity of the message, > etc. NIST, along with several other organizations, are seeking > to design, implement and coordinate the requisite security > services of the PKI. > > Obstacles to Deployment and Use of Security Technology in the > Internet - There are several current impediments to widespread > adoption and use of advanced computer security technologies > within the Internet. However, these should be viewed as > obstacles, not barriers. > > Historic Community Culture - The Internet community has > historically emphasized openess in communications. Computer > security has been viewed as interfering with this goal. > > Internet Management Organization - The Internet is a > loosely coupled coalition of organizations and activities > without a central management structure. Minimal rules must > be followed in order to connect to the Internet backbone > communication system, and certain protocols must be followed > in order to communicate with others on the network. There > are few policies or practices which specify acceptable use > or adequate security (even though policies for both of these > have been developed). The National Performance Review (NPR) > has identified a need for such policies. > > Availability of Security Systems - While there are many > individual security products (seeking a small number of > narrow niche markets), there is still a lack of integrated > security systems. An example of such an integrated security > system would be a commercially supported electronic mail > security mechanism (integrating a comprehensive key > management support system, user authentication and > authorization support services, and user message security > services). > > Interoperability - The commercial security products that > solve similar security problems usually are not > interoperable. A given product may have a large number of > features and interfaces, but will not interoperate with > those of other products. Thus, communities of interest may > adopt and use one product, but those users must obtain a > second product in order to communicate with someone in > another community of interest. Lack of interoperable > products often delay a user from selecting and using any > security until either a de facto or de jure standard > emerges. > > Costs - Since there is yet no universal market for > security products fitting into a seamless security system, > the costs of individual security products built to fill > niche markets are currently high. However, costs will go > down as volume and competition increase. > IV. ORGANIZATIONS, ROLES, AND RESPONSIBILITIES > > There are several organizations in the Government and in the > private sector that have roles in the security of the Internet. > It would be difficult to identify them all here. Therefore, I > will describe briefly NIST's activities and our involvement in > other Internet-related organizations or activities. > > NIST computer security activities have both direct and indirect > relevance to security on the Internet. In general, our programs > address information technology security in all environments. > Howerver, since the Internet is such an important element in our > work and of an increasing number of Government agencies, we have > a number of activities directed specifically at the Internet. > > A. NIST's Computer Security Activities > > Overall Program - In carrying out its mission, NIST seeks to > develop cost-effective security standards and guidelines for > federal systems. These are often voluntarily adopted by those > outside the federal community. We are working in many areas to > develop both the technology and standards and technology that > will be needed in the long term, and addressing short term > requirements for better training and awareness. We have issued > guidelines or standards on many facets of computer security, > including: computer security awareness training, cryptographic > standards, password generation, smart card technology, security > of electronic commerce, viruses and other malicious code, risk > management, and PBX security. We have also issued bulletins on > many computer security issues, which may be of interest to > federal agencies and private sector organizations, including a > July 1993 bulletin on security considerations in connecting to > the Internet. NIST works directly with federal computer security > program managers through our Federal Computer Security Program > Managers' Forum. We also participate on many voluntary standards > activities, and participate in various interagency forums. > > While NIST has published guidance in a wide variety of areas, > including Internet-specific topics, NIST's computer security > program is not focused primarily on the Internet -- or any other > specific network or technology. Operational responsibility for > the Internet, and thus specific, operational responsibility for > security, rests outside NIST. Nevertheless, the Internet is > central to much of the information technology activities and > plans of Government agencies, and NIST has a responsibility to > address those needs. > > General Activities Affecting the Internet - Some of the general > research, standards, and guidance activities of NIST that affect > the Internet include the following: > > Smartcard technology development and application > Advanced authentication technology development and > application > Trusted systems criteria and evaluation > Cryptographic methods, interfaces, and applications > > > Specific Activities Affecting the Internet - In addition, NIST > has undertaken a number of activities that focuse directly on > Internet security issues. These include the following: > > CSL Bulletins - guidance on connecting to the Internet > Special Publications - guidance on Incident Response > Capability > FIRST leadership and support > > Firewalls Research - One of the most actively examined methods of > protecting systems or subnetworks connected to the Internet is > the use of "firewalls" -- specially-programmed machines to > control the interface between a subnetwork and the Internet. > NIST has established, with the assistance of the National > Communications System and others, a new Firewalls Research > Laboratory effort to extend and share knowledge in this important > area. > > In addition to these programmatic activities, NIST is involved in > a number of groups and activities that are directly involved in > Internet security. > > B. Information Infrastructure Task Force > > Security is being addressed on several fronts in the Information > Infrastructure Task Force (IITF). There are specific security > efforts in each of the three main committees of the IITF, plus > the Privacy Working Group of the Information Policy Committee. > NIST is involved all of these efforts. > > C. OMB Circular A-130 > > NIST is working with the Office of Management and Budget (OMB) in > the revision of Appendix III of OMB Circular A-130. This > appendix specifically addresses agency information technology > security programs. Although this does not address the Internet > specifically, we expect the new appendix to include the > requirement for agency incident response capabilities. > > D. Federal Networking Council > > The Federal Networking Council (FNC) is an interagency group > which coordinates the computer networking activities of federal > agencies that serve general and specific research communities. > The FNC established a security working group to address various > security needs and seek common security services and mechanisms > meeting these needs. The security working group, under the > leadership of NIST, has initiated the following activities: > > Security Policy for Use of the National Research and Education > Network - a high level security policy which specifies the > principles and goals of security in the NREN and then assigns > responsibilities to six categories of participants in the NREN > (completed and approved by the FNC). > > Security Architecture for the NREN - a comprehensive but generic > categorization of the components of security needed to satisfy > the security requirements of the NREN. This activity has been > initiated but not completed. > > Security Action Plan for the NREN - a first draft of an action > plan for developing and fielding security prototype components > (e.g., smartcards, access control tokens) has been developed; > participants in the user acceptance testing are being solicited. > > > E. Internet Society Security Activities > > The sponsors and supporters of the Internet have conducted > several security activities over the past several years. The > CERT and FIRST activities, previously described, were major > activities to alert users of potential and on-going security > problems and to provide information on what to do about them. > The following are other activities and the roles that NIST has > played in each of them. > > Internet Security Policy - The Internet Engineering Task Force > (IETF) sponsored the development of a policy for secure operation > of the Internet. This policy specified six basic guidelines for > security: > > assure individual accountability; > employ available security mechanisms; > maintain security of host computers; > provide computers that embody security controls; > cooperate in providing security; and > seek technical improvements. > > These guidelines were expanded and clarified in the Security > Policy for Use of the National Research and Education Network. > NIST participated in the development of the Internet security > policy and was a major player in development of the NREN security > policy. > > Privacy Enhanced Mail - The IETF sponsored the development of the > Privacy Enhanced Mail (PEM) system. PEM provides the ability to > protect the integrity and confidentiality (i.e., privacy) of > electronic messages on a user-selected basis. PEM utilizes the > popular Simple Mail Transfer Protocol as the foundation for > private (sometimes also called, trusted or secure) mail. PEM > uses the Federal Data Encryption Standard for confidentiality > protection. Digital signatures are used to assure the integrity > of a message and to verify the source (originator) of the > message. NIST was a participant in the group that developed the > specifications for PEM. It is available both as a free, > unsupported software package and a licensed supported software > system. V. SUMMARY AND RECOMMENDATIONS > > In summary, then, I think that recent Internet security > experiences have taught us -- or have reinforced -- some > important lessons, and there are some obvious actions that should > follow. > > A. Lessons and Conclusions > > The Internet Is a Lightning Rod - The public already knows about > the Internet and understands that the Internet will be a part of > the national information infrastructure. Thus, any security > problems affecting the Internet reflect on the entire NII effort > and could undermine the public's confidence in and willingness to > use that developing infrastructure. > > Internet Security is Not a "Second Tier" Issue - The attention > that security incidents receive in the media and the impact that > recent incidents have had on the operations of some agencies and > other Internet users make it clear that security is now a first > level concern that must be addressed. > > Organized Incident Response Efforts Work - Despite the widespread > impact of recent incident, it is clear that organized, > cooperative incident response efforts -- which we in the Federal > Government had in-place -- were instrumental in identifying and > mitigating its effect. This incident reinforces the importance > and need for such efforts. > > Traditional, Re-Usable Passwords are Inadequate in a Network > Environment - The nature of data communications networks makes > unacceptable the continued reliance on traditional, re-usable > passwords for user authentication. > > Secure Systems Operations Require Skilled Personnel - The highly > powerful and sophisticated workstations that are increasingly > being connected to the Internet are often operated by technically > unskilled users. Further, most systems come "out of the box" > configured for the easiest-to-install-and-use options -- usually > also the most insecure configuration. To be installed, > connected, and operated securely, these systems currently require > the users to be full-fledged system adminstrators, not just > "ordinary users". This is an unreasonable and unrealistic > expectation. > > B. Recommendations for Action > > Implement the NII/NPR Action Items - The recommendations of the > National Performance Review in the area of information technology > security address specifically some of the needs for the Internet. > NIST and the other action agencies will be working to implement > those recommendations. > > Deploy Advanced Authentication Technology - We must move forward > agressively to deploy already-available technology to replace the > traditional re-usable password as the method of choice for user > authentication. Technologies developed at NIST and those > becoming available in the marketplace can make marked > improvements in the near term. In the longer term, we must begin > establishment of sectoral and national certificate > infrastructures to enable more generally available and > interoperable methods of authentication. > > Promote and Expand Incident Response Activities - The concept > works. We must now move actively to ensure that agencies > throughout Government and constituencies nation-wide establish > active and cooperating incident response capabilities. NIST > plans to continue to lead such efforts within the Government and > promote them world-wide through FIRST and similar activities. > > Educate and Train System Administrators - In the long run, we > cannot demand that users of increasingly sophisticated technology > be technical experts, i.e., system administrators. We must find > ways to deliver secure systems "out of the box". In the short > term, however, we must better train system users. If agencies > are going to connect their networks (and thereby their agencies) > to the Internet and other external networks, their technical > personnel must understand the risks involved and be trained and > equipped to manage such connections securely. NIST and others > have published technical guidance to assist in this process and > will be developing additional guidance in the future. Agencies > must take it upon themselves, however, to ensure adequate > technical training of their personnel. > > Use Available Security Technology - Computer users, system > administrators, and service providers should evaluate and, where > cost-effective, employ current security products and technologies > to reduce risks to acceptable levels. > > C. Conclusion > > There are always trade-offs involved in the use of new or complex > technology -- especially in something as potentially universal as > the Internet and the evolving national information > infrastructure. The challenge, of course, is to find the right > balance of risks and costs against the benefits. However, I must > emphasize that even with a complete restructuring and replacement > of the current Internet we would continue to have security > incidents and other problems. Historically, with the > introduction of any new technology, the miscreants and charlatans > are not far behind. Our task is to work as hard as we can to > anticipate and avoid such problems and, we hope, get and stay a > step or two ahead of the game. I would also like to assure you > that NIST -- in concert with the several other key players in the > Internet -- is both aware of the importance of Internet security > in the context of the evolving national information > infrastructure and actively undertaking efforts to meet that > need. > > Mr. Chairman, I want to thank you again for the opportunity to > speak to your committee. We at NIST -- and the other communities > of interest involved in the Internet and the NII -- look forward > to working with your committee and others in the Congress on this > From paul at hawksbill.sprintmrn.com Fri May 6 06:27:24 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 6 May 94 06:27:24 PDT Subject: (fwd) May 4 House Hearing on Clipper, Raymond Kammer testimony Message-ID: <9405061429.AA08641@hawksbill.sprintmrn.com> Forwarded message: > > Newsgroups: talk.politics.crypto > From: koontzd at io.lrcs.loral.com (David Koontz ) > Subject: May 4 House Hearing on Clipper, Raymond Kammer testimony > Message-ID: <1994May5.010435.17066 at wdl.loral.com> > Originator: koontzd at io > Sender: news at wdl.loral.com > Organization: Loral Rolm Computer Systems > Date: Thu, 5 May 1994 01:04:35 GMT > Lines: 667 > > Statement of > Raymond G. Kammer > Deputy Director, National Institute of Standards and > Technology > Before the > > Committee on the Judiciary > U.S. Senate > > and > > House of Representatives > Committee on Science, Space & Technology > Subcommittee on Technology, Environment and Aviation > > May 3, 1994 > > > Introduction > > Good morning. My name is Raymond G. Kammer, Deputy Director of > the Commerce Department's National Institute of Standards and > Technology (NIST). Thank you for inviting me here today to > testify on the Administration's key escrow encryption initiative. > The Computer Security Act of 1987 assigns NIST responsibility for > the development of standards for protecting unclassified > government computer systems, except those commonly known as > "Warner Amendment systems" (as defined in Title 10 U.S.C. 2315). > > In response to the topics in which the Committee expressed an > interest, I would like to focus my remarks on the following: > > 1) the principal encryption policy issue confronting us, > > 2) the importance of encryption technology, > > 3) how voluntary key escrow encryption technically works > and how it ensures privacy and confidentiality, > > 4) alternatives to the voluntary key escrow initiative, > > 5) critical components of the Administration's policy on > encryption technology, > > 6) recent initiative to modify Secure Hash Standard, and > > 7) the effectiveness of the Computer Security Act of 1987. > > 1. The Principal Encryption Policy Issue > > First, I would like to broadly outline an important public policy > and societal issue confronting us today regarding unclassified > government and commercial cryptography. In developing > cryptographic standards, one can not avoid two often competing > interests. On the one hand are the needs of users -- corporate, > government, and individual -- in protecting telecommunications > transmissions of sensitive information. Cryptography can be used > for excellent information protection. On the other hand are the > interests of the national security and law enforcement > communities in being able to monitor electronic communications. > In particular, I am focusing upon their need for continued > ability to keep our society safe from crime and our nation > secure. > > Rapid advances in digital telecommunications have brought this > issue to a head. Some experts have stated that, within ten > years, most digital telecommunications will be encrypted. Unless > we address this issue expeditiously, law enforcement will lose an > important tool in fighting crime--the ability to wiretap--and the > mission of our Intelligence Community will be made more > difficult. The Committee is undoubtedly aware of the benefits > such intelligence brings to the nation. This matter raises broad > societal issues of significant importance. I have personally > been involved in many meetings of a philosophical and wide- > ranging nature to discuss this dilemma. > > Four broad conceptual alternatives emerged: > > Seek a legislative mandate criminalizing the use of > unauthorized cryptography. > > Seek wide adoption of an encryption method with an > unannounced "trap door." This was never seriously > considered. > > Seek wide voluntary adoption of a technology > incorporating a secure "key escrow" scheme. > > Allow technology to evolve without government > intervention; in effect, do nothing. > > None of these options satisfies all interested parties fully. I > doubt such a solution even exists, but the Administration has > chosen the voluntary key escrow technology approach as the most > desirable alternative for protecting voice communications without > impairing the ability of law enforcement agencies to continue to > conduct wiretaps. For data communication the long-standing Data > Encryption Standard has recently been recertified for use. > > It is interesting to note that other countries have faced this > same issue and chosen different solutions. France, for example, > outlaws the use of unregistered cryptographic devices within its > borders. > > 2. The Importance of Encryption Technology > > Encryption provides one of the best ways to guarantee information > integrity and obtain cost-effective information confidentiality. > Encryption transforms intelligible information into an > unintelligible form. This is accomplished by using a > mathematical algorithm and a "key" (or keys) to manipulate the > data in a complex manner. The resulting enciphered data can then > be transmitted without fear of disclosure, provided, of course, > that the implementation is secure and the mathematical-based > algorithm is sound. The original information can then be > understood through a decryption process. As I shall discuss, > knowledge of the particular key utilized for a particular > encryption of information (or, in the case of asymmetric > cryptography, knowledge of the associated key of the key pair) > allows decryption of the information. For this reason, such keys > are highly protected. > > Uses of Cryptography > > Encryption can be used in many applications for assuring > integrity and confidentiality, or both. It can be used to > protect the integrity and/or confidentiality of phone calls, > computer files, electronic mail, electronic medical records, tax > records, corporate proprietary data, credit records, fax > transmissions and many other types of electronic information. It > is expected that cryptographic technologies will be used on a > voluntary basis in the protection of information and services > provided via the National Information Infrastructure. > > Encryption used with these and other types of information > protects the individual privacy of our citizens including, for > example, their records and transactions with government agencies > and financial institutions. Private sector organizations can > also benefit from encryption by securing their product > development and marketing plans, for example. It also can > protect against industrial espionage by making computers more > secure against unauthorized break-ins and, if data is encrypted, > making it useless for those without the necessary key. > > The government has long used cryptography for the protection of > its information -- from that involving highly classified defense > and foreign relations activities to unclassified records, such as > those protected under the Privacy Act. My point here is not to > list all potential applications and benefits but to give you a > feel for the innumerable applications and benefits which > encryption, when securely implemented, can provide. > > Hazards of Cryptography > > Counterbalanced against its benefits, encryption also can present > many substantial drawbacks -- to both the government and other > users. First and foremost, encryption can frustrate legally > authorized criminal investigations by the federal, state, and > local law enforcement agencies. As their representatives can > better explain, lawful electronic surveillance has proven to be > of the utmost benefit in both investigating and prosecuting > serious criminal activity, including violent crime. > Cryptographic technologies can also seriously harm our national > security and intelligence capabilities. As I shall discuss, the > Administration recognizes that the consequences of wide-spread, > high quality encryption upon law enforcement and national > security are considerable. > > Encryption may also prove a potential hazard to other users, such > as private sector firms, particularly as we move into the > Information Age. Private firms, too, are concerned about the > misuses of cryptography by their employees. For example, a rogue > employee may encrypt files and offer the "key" for ransom. This > is often referred to as the "data hostage" issue. Keys can also > be lost or forgotten, resulting in the unavailability of data. > Additionally, users of encryption may gain a false sense of > security by using poorly designed or implemented encryption. To > protect against such hazards, some corporations have expressed > interest in a "corporate" key escrowing capability to minimize > harm to their organizations from internal misuse of cryptography. > As security experts point out, such a false sense of security > can be worse than if no security measures were taken at all. > Encryption is not a "cure-all" to all security problems. > > Let me now turn to the details of the Administration's key escrow > encryption initiative. > > 3. Voluntary Key Escrow Encryption Initiative > > Goals of the Voluntary Key Escrow Encryption Initiative > > I will begin my remarks about the government-developed key escrow > encryption chips (referred to as "chips" herein) by discussing > the goals that we were trying to achieve in developing this > technology for application to voice-grade communication. > > At the outset, we sought to develop a technology which provides > very strong protection for government information requiring > confidentiality protection. Much of the sensitive information > which the government holds, processes, and transmits is personal > and requires strong protection. Tax records and census data are > two such examples. We sought nothing less than excellent > protection for government communications. In order to allow > agencies to easily take advantage of this technology, its > voluntary use (in Federal Information Processing Standards (FIPS) > 185) to protect telephone communications has been approved by the > Secretary of Commerce. > > The chips implementing FIPS 185 efficiently support applications > within the its scope. They far exceed the speed requirements of > commercial modems existing today or envisioned for the near > future. > > In addition to the need for strong information protection, the > increasingly digitized nature of advanced telecommunications is > expected to significantly hamper the ability of domestic law > enforcement to carry out lawfully authorized wiretapping. Their > problem has two dimensions. > > First, the design and complexity of the nation's > telecommunications networks makes locating those communications > which can be lawfully tapped very difficult. This is the digital > telephony issue, which my law enforcement colleague will discuss > today. > > Second, the proliferation of encryption is expected to make law > enforcement's tasks more difficult. If a telephone conversation > is encrypted, resources must be expended for decryption, where > feasible. Such expenditures and technical capabilities are > normally far outside the ability of local law enforcement > organizations and could be quite significant at the federal > level. In seeking to make available a strong encryption > technology, we have sought to take in to account the needs of the > law enforcement community. For example, one of the reasons that > the SKIPJACK algorithm, the formula on which the key escrow chip > is based, is being kept classified is that its release would make > their job much harder were it to be used to hide criminal > activity. > > Misconceptions Concerning the Purpose of the Voluntary Key Escrow > Encryption Initiative > > A number of those opposed to this Administration initiative have > expressed doubt about whether the key escrow encryption > initiative can do anything to solve this nation's crime problem. > Of course, this initiative cannot by itself do so. The basic > intent of the program is the provision of sound security, without > adversely affecting other government interests, including, when > necessary, the protection of society through lawfully authorized > electronic surveillance. > > The voluntary key escrow encryption initiative, first and > foremost, was devised to provide solid, first-rate cryptographic > security for the protection of information held by the government > when government agencies decide such protection is needed for > unclassified government communications -- for example, tax, > social security and proprietary information. (The Escrowed > Encryption Standard (FIPS 185) allows federal agencies to use > this technology for protection of telephone communications.) > This was done, in part, with the realization that the current > government cryptographic technique, the Data Encryption Standard > (which was recently re-approved) is over fifteen years old; while > DES is still sound, its usefulness will not continue > indefinitely. We also recognized that were we to disclose an > even stronger algorithm (with the government's "seal of > approval"), it could be misused to hamper lawful investigations, > particularly electronic surveillance. > > In approving this initiative, we felt it important that > protective measures be taken to prevent its misuse -- a safety > catch, if you will. This will help assure that this powerful > technology is not misused if adopted and used voluntarily by > others. Our method of providing this safety mechanism relies > upon escrowing cryptographic key components so that, if the > technology is misused, lawful investigations will not be > thwarted. Additionally, the algorithm (SKIPJACK) will remain > classified so that its only uses will be consistent with our > safety mechanism, key escrowing. I think it is fair to say that > use of this powerful algorithm without key escrowing could pose a > serious threat to our public safety and our national security. > > Key Escrow Encryption Technology > > The National Security Agency, in consultation with NIST and the > federal law enforcement community, undertook to apply voluntary > key escrow encryption technology to voice-grade communications. > The product of this effort was announced in the April 16, 1993 > White House release concerning the key escrow encryption chip. I > note that we have chosen to discontinue use of the term "Clipper > Chip" to avoid potential confusion with products and services > with similar names. > > The state-of-the-art microcircuit, the key escrow encryption > chip, can be used in new, relatively inexpensive encryption > devices that can be attached to an ordinary telephone. It > scrambles telephone communications using an encryption algorithm > more powerful than many in commercial use today. The SKIPJACK > algorithm, with an 80-bit long cryptographic key,is approximately > 16 million times stronger than DES. For the record, I will > restate my earlier public statements that there is no trapdoor in > the algorithm. > > Each key escrow encryption chip has two basic functions. The > first is an encryption function, which is accomplished by the > SKIPJACK algorithm, developed and rigorously tested by NSA. The > second function is a law enforcement access method. I will > discuss each briefly. > > The SKIPJACK algorithm is a symmetric algorithm (as opposed to > "public-key" algorithms). Basically, this means that the same > cryptographic key (the session key) is used for both encryption > and decryption. The algorithm is so strong that the Department > of Defense will evaluate it for use in protecting selected > classified applications. > > The second basic function of the chip is the provision for law > enforcement access under lawful authorization. To do so, each > chip is programmed with three values: a cryptographic family > key, a device unique key, and a serial number. (The device > unique key is split into two key components which are then > encrypted and are provided to the two current escrow agents, NIST > and the Automated Systems Division of the Department of the > Treasury, for secure storage.) These three values are used in > conjunction with the session key (which itself encrypts the > message) in the creation of the law enforcement access field. > When law enforcement has obtained lawful authorization for > electronic surveillance, the serial number can be obtained > electronically. Law enforcement can then take the serial number > and a certification of their legal authorization to the two > escrow agents. (Detailed procedures for the release of these key > components were issued by the Department of Justice in early > February.) After these certifications are received, the > encrypted components will be transmitted by escrow agent > officials for combination in the decrypt-processor. > > After decryption of the key components within the decrypt > processor, the two key components are then mathematically > combined, yielding the device unique key. This key is used to > obtain another key, the session key, which is used to decrypt and > understand the message. This device unique key may be used by > law enforcement only for the decryption of communications > obtained during the applicable period of time of the lawful > electronic surveillance authorization. It can also only be used > to decrypt communications transmitted or received by the device > in question. > > Security and Privacy Using Key Escrow Encryption > > When the Administration announced the voluntary key escrow > encryption initiative, we anticipated that questions would be > raised about the strength and integrity of the SKIPJACK > algorithm, which is at the heart of the system. We assured the > public that we knew of no weakness in the algorithm and that > there was not an undisclosed point of entry, commonly referred to > as a trapdoor. The algorithm was designed by cryptographic > experts at the National Security Agency and withstood a rigorous > testing and analysis process. > > As a further way to indicate the fundamental strength of > SKIPJACK, we invited a group of independent experts in > cryptography to review the algorithm, under appropriate security > conditions, and make their results publicly known, again, > consistent with the classified nature of the algorithm. This > group consisted of Ernest Brickell (Sandia National > Laboratories), Dorothy Denning (Georgetown University), Stephen > Kent (BBN Communications Corp.), David Maher (AT&T) and Walter > Tuchman (Amperif Corp.). These experts reported that: > > Under an assumption that the cost of processing power > is halved every eighteen months, it will be 36 years > before the cost of breaking SKIPJACK by exhaustive > search will be equal to the cost of breaking DES today; > > > and > > There is no significant risk that SKIPJACK can be > broken through a shortcut method of attack. > > Let me also repeat the reasons why the algorithm must remain > classified. First, we believe it would be irresponsible to > publish the technical details. This would be tantamount to > handing over this strong algorithm to those who may use it to > hide criminal activity. Publishing the algorithm may also reveal > some of the classified design techniques that NSA uses to design > military-strength technology. It would also allow devices to be > built without the key escrowing feature, again allowing criminals > to take advantage of the strength of this very powerful > technology without any safeguard for society. > > With regard to privacy, key escrow encryption can, of course, be > used to protect personal information contained in telephone > communications. Moreover, the voluntary key escrow encryption > initiative does not expand the government's authority for the > conduct of electronic surveillance, as my colleague from the > Federal Bureau of Investigation will discuss. It is important to > understand that the escrow agents will not track the devices by > individual owners; they will simply maintain a database of chip > ID numbers and associated chip unique key components (which > themselves are encrypted). > > > 4. Alternatives to the Voluntary Key Escrow Initiative > > In reaction to industry's concerns about our hardware-only > implementation of key escrow encryption, we announced an > opportunity for industry to work with us on developing secure > software-based key escrow encryption. Unfortunately, initial > industry interest was minimal; our offer, however, remains open. > We are also willing to work on hardware alternatives to key > escrowing as we emphasized in our recent announcements. > > The Administration has been seeking to meet with members of the > computer, software, and telecommunications industries to discuss > the importance of this matter. We are open to other approaches. > > > 5. Key Government Policies on Unclassified/Commercial Encryption > > Encryption is an important tool to protect privacy and > confidentiality. > > As I discussed earlier, encryption is powerful technology that > can protect the confidentiality of data and the privacy of > individuals. The government will continue to rely on this > technology to protect its secrets as well as the personal and > proprietary data it maintains. Use of encryption by federal > agencies is encouraged when it cost-effectively meets their > security requirements. > > No legislation restricting domestic use of cryptography. > > Early in the policy review process, we stated that the > Administration would not be seeking legislation to restrict the > use, manufacture, or sale of encryption products in the U.S. > This was a fear that was expressed in the public comments we > received, and one that continues, despite our repeated assertions > to the contrary. Let me be clear - this Administration does not > seek legislation to prohibit or in any way restrict the domestic > use of cryptography. > > Export Controls on encryption are necessary but administrative > procedures can be streamlined. > > Encryption use worldwide affects our national security. While > this matter cannot be discussed in detail publicly without harm > to this nation's intelligence sources and methods, I can point to > the Vice President's public statement that encryption has "huge > strategic value." The Vice President's description of the > critical importance of encryption is important to bear in mind as > we discuss these issues today. > > In recent months, the Administration has dramatically relaxed > export controls on computer and telecommunications equipment. > However, we have retained export controls on encryption > technology, in both hardware and software. These controls > strongly promote our national security. These export controls > include mass market software implementing the Data Encryption > Standard. The Administration determined, however, that there are > a number of reforms the government can implement to reduce the > burden of these controls on U.S. industry. > > These reforms are part of the Administration's goal to eliminate > unnecessary controls and ensure efficient implementation of those > controls that must remain. For example, fewer licenses will be > required by exporters since manufacturers will be able to ship > their approved products from the U.S. directly to customers > within approved regions without obtaining individual licenses for > each end user. Additionally, the State Department has set a > license review turnaround goal of two working days for most > applications. Moreover, the State Department will no longer > require that U.S. citizens obtain an export license prior to > taking encryption products out of the U.S. temporarily for their > own personal use. Lastly, after a one-time initial technical > review, key escrow encryption products may now be exported to > most end users. These reforms should help to minimize the effect > of export controls on U.S. industry. > > The Government requires a mechanism to deal with continuing > encryption policy issues. > > In recognition of this, the Interagency Working Group on > Encryption and Telecommunications was formed in recognition of > the possibility that the economic significance of our current > encryption policy could change. The Working Group has been > assigned to monitor changes in the balance that the President has > struck with these policy decisions and to recommend changes in > policy as circumstances warrant. The Working Group will work > with industry on technologies like the key escrow encryption chip > and in the development and evaluation of possible alternatives to > the chip. > > The group is co-chaired by the White House Office of Science and > Technology Policy and the National Security Council. It includes > representatives from all departments and agencies which > participated in the policy review and others as appropriate, and > keeps the Information Policy Committee of the Information > Infrastructure Task Force apprised of its activities. > > Flexibility on Encryption Approaches. > > >From the time of the initial White House announcement of this > technology, we have stated that this key escrow encryption > technology provides 1) exceptionally strong protection and 2) a > feature to protect society against those that would seek to > misuse it. I have personally expressed our flexibility in > seeking solutions to these difficult issues. We have offered to > work with industry in developing alternative software and > hardware approaches to key escrowing. We actively seek > additional solutions to these difficult problems. > > We also stand willing to assist the Congressionally-directed > study of these issues by the National Research Council. > > Use of EES is voluntary and limited to telephone systems. > > The Escrowed Encryption Standard, which was approved on February > 3, 1994, is a voluntary standard for use both within and outside > of the federal government. It is applicable for protecting > telephone communications, including voice, fax and modem. No > decisions have been made about applying key escrow encryption > technology to computer-to-computer communications (e.g., e-mail) > for the federal government. > > Government standards should not harm law enforcement/national > security > > This is fairly straightforward, but can be difficult to achieve. > In setting standards, the interests of all the components of the > government should be taken into account. In the case of > encryption, this means not only the user community, but also the > law enforcement and national security communities, particularly > since standards setting activities can have long-term impacts > (which, unfortunately, can sometimes be hard to forecast). > > 6. Secure Hash Standard > > As the Committee may be aware, NIST has recently initiated the > process to issue a technical modification to Federal Information > Processing Standard 180, the Secure Hash Standard. The Secure > Hash Standard uses a cryptographic-type algorithm to produce a > short hash value (also known as a "representation" or "message > digest") of a longer message or file. This hash value is > calculated such that any change to the file or message being > hashed, will, to a very high degree of probability, change the > hash value. This standard can be used alone to protect the > integrity of data files against inadvertent modification. When > used in conjunction with a digital signature, it can be used to > detect any unauthorized modification to data. > > Our intent to modify the standard was announced by NIST after the > National Security Agency informed me that their mathematicians > had discovered a previously unknown weakness in the algorithm. > This meant that the standard, while still very strong, was not as > robust as we had originally intended. This correction will > return the standard to its intended level of strength. > > I think this announcement illustrates two useful issues with > regard to cryptographic-based standards. First, developing sound > cryptographic technology is very difficult. This is also seen > with commercial algorithms, including those used for hashing and > encryption. Secondly, this incident demonstrates the commitment > of NIST, with NSA's technical assistance, to promulgating sound > security standards. In this case, a weakness was found, and is > being quickly corrected. > > > > 7. Effectiveness of the Computer Security Act of 1987 > > Lastly, as requested in your invitation to appear here today, let > me briefly address the effectiveness of the Computer Security Act > of 1987 (P.L. 100-235). I will first briefly comment on what we > learned about the state of computer security in the federal > government during our agency visit process and then turn to > cryptographic-specific issues. > As part of our efforts to increase awareness of the need for > computer security, during 1991-1992, officials from OMB, NIST and > NSA visited 28 federal departments and agencies. Each visit was > designed to increase senior managers' awareness of security > issues and to motivate them to improve security. I believe that > what we learned during those visits remains valid -- and > indicates that we still need to focus on basic computer security > issues in the government. > > Specifically, OMB, NIST and NSA proposed the following steps to > improve security: > > Focus management attention on computer security. > Improve planning for security. > Update security awareness and training programs. > Improve contingency planning and incident response > capabilities. > Improve communication of useful security techniques. > Assess security vulnerabilities in emerging information > technologies. > > Actions are being taken by NIST and other agencies to address > each of these areas. The background and discussion of the need > for these measures is discussed in the summary report prepared by > OMB on "Observations of Agency Computer Security Practices and > Implementation of OMB Bulletin No. 90-08" (February 1993). In > short, the Computer Security Act provides an appropriate > framework for agencies to continue improving the security of > their automated systems -- but much work remains to be done, by > NIST and individual federal agencies. > > One of the questions that the Committee was interested in was > whether there is a need to modify this legislation in response to > the same advancements in technology that led to the key escrow > initiative and digital telephony proposal. First, I would > observe that the Act, as a broad framework, is not tied to a > specific technology. I think it would be unworkable if the Act > were to address specific computer technologies, since this is a > rapidly evolving field. Also, I would note that the Act does not > address digital telephony concerns -- the Administration is > proposing separate legislation in that area. In short, no > modifications to the Act are necessary because of technology > advances. > > Before leaving the subject of the Computer Security Act, however, > let me briefly comment on the Escrowed Encryption Standard. I > strongly believe that NIST and NSA have complied with the spirit > and intent of the Act. At the same time, this issue underscores > the complex issues which arise in the course of developing > computer security standards, particularly cryptographic-based > standards for unclassified systems. > > The Act, as you are aware, authorizes NIST to draw upon computer > security guidelines developed by NSA to the extent that NIST > determines they are consistent with the requirements for > protecting sensitive information in federal computer systems. In > the area of cryptography, we believe that federal agencies have > valid requirements for access to strong encryption (and other > cryptographic-related standards) for the protection of their > information. We were also aware of other requirements of the law > enforcement and national security community. Since NSA is > considered to have the world's foremost cryptographic > capabilities, it only makes sense (from both a technological and > economic point of view) to draw upon their guidelines and skills > as useful inputs to the development of standards. The use of > NSA-designed and -tested algorithms is fully consistent with the > Act. We also work jointly with NSA in many other areas, > including the development of criteria for the security evaluation > of computer systems. They have had more experience than anyone > else in such evaluations. As in the case of cryptography, this > is an area in which NIST can benefit from NSA's expertise. > > Summary > > Key escrow encryption can help protect proprietary information, > protect the privacy of personal phone conversations and prevent > unauthorized release of data transmitted telephonically. Key > escrow encryption is available as a valuable tool for protecting > federal agencies' critical information communicated by telephone. > At the same time, this technology preserves the ability of > federal, state and local law enforcement agencies to intercept > lawfully the phone conversations of criminals. > > Encryption technology will play an increasingly important > security role in future computer applications. Its use for > security must be balanced with the need to protect all Americans > from those who break the law. > > Thank you, Mr. Chairman. I would be pleased to answer your > questions. > > From pcw at access.digex.net Fri May 6 06:42:45 1994 From: pcw at access.digex.net (Peter Wayner) Date: Fri, 6 May 94 06:42:45 PDT Subject: Linear Congruential Random Number Crackers.. Message-ID: <199405061342.AA24254@access3.digex.net> Does anyone have any references on cracking LC random number generators? -Peter Wayner From smb at research.att.com Fri May 6 06:58:41 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 6 May 94 06:58:41 PDT Subject: Linear Congruential Random Number Crackers.. Message-ID: <9405061358.AA07199@toad.com> Does anyone have any references on cracking LC random number generators? -Peter Wayner ``Cracking a Random Number Generator'', Jim Reeds, Cryptologia 1,1, Jan '77. It's also in ``Cryptology: Yesterday, Today, and Tomorrow'', edited by Deavours, Kahn, Kruh, Mellen, and Winkel. From snyderra at dunx1.ocs.drexel.edu Fri May 6 07:07:12 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Fri, 6 May 94 07:07:12 PDT Subject: Keyserver service outRAGE Message-ID: <199405061406.KAA17824@dunx1.ocs.drexel.edu> At 6:00 PM 5/5/94 -0400, Black Unicorn wrote: >Why would those involved give up "so much" (At least they have been >fighting so hard for it) for what amounts to NOTHING? > >If you're not suspicious.... Freedom from having to keep fighting PGP or risk losing their patent? >Mac users are out in the cold. I believe the person who posted about 2.5 stated that source code would be available. Given that, a Mac interface will follow. We know that there is a Mac version of PGP is out there, and I've compiled RSAREF 2.0 on my Mac, so I don't think it should be that difficult... Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From snyderra at dunx1.ocs.drexel.edu Fri May 6 07:07:20 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Fri, 6 May 94 07:07:20 PDT Subject: Regarding Mr. Nalbandian's Comments Message-ID: <199405061406.KAA17830@dunx1.ocs.drexel.edu> At 5:37 AM 5/6/94 -0400, Michael Brandt Handler wrote: >[3] Sending badly composed rants to seven hundred people and then >publically posting a response to a private message is not the way to be >taken seriously. Great way to get dropped in a kill file, though, as he has with my mailer. >People who use Elm: if you know how to create a killfile for Elm, please >send me an email message telling how. Thanks. Do a man filter. If you need more help, mail me. It's fairly simple, but I'm offline reading mail on my Mac, so I don't have access to the directions right now. ObCrypt: I just got my copy of Applied Cryptography. It looks great. Now if only Bruce were in the country so I could mail and get the disks so I don't have to type all the code in. :-) Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From wex at media.mit.edu Fri May 6 07:59:57 1994 From: wex at media.mit.edu (Alan Wexelblat) Date: Fri, 6 May 94 07:59:57 PDT Subject: MIT talk on Cipher breaking In-Reply-To: <199405051408.AA28247@dove.lcs.mit.edu> Message-ID: <9405061459.AA11954@spike.media.mit.edu> [As usual I have no more information than presented here. Contact joanne at theory.lcs.mit.edu for more information. --AW] > MIT TOC SEMINAR > > Thursday, May 12, 1994 > > Refreshments at 4:00pm, Talk at 4:15pm in NE43-518 > > ``How to Break Gifford's Cipher'' > > by Alan T. Sherman* > University of Maryland Baltimore County > >(* Joint work with Thomas R. Cain. Part of this work was carried out >while Sherman was a member of the Institute for Advanced Computer >Studies, University of Maryland College Park.) > > ABSTRACT > >We present and implement a ciphertext-only algorithm to break >Gifford's cipher, a stream cipher designed in 1984 by David Gifford of >MIT and used to encrypt New York Times and Associated Press wire >reports. Applying linear algebra over finite fields, we exploit a >time-space tradeoff to separately determine key segments derived from >the primary rational canonical decomposition of the feedback function >This work, the first proposed attack on Gifford's cipher, illustrates >a powerful attack on stream ciphers and shows that Gifford's cipher is >ill-suited for encrypting broadcast data in the MIT-based {\it Boston >Community Information System (BCIS)}. > >Gifford's cipher is a {\it filter generator}---a linear feedback shift >register with nonlinear output. Our cryptanalytic problem is to >determine the secret 64-bit initial fill, which is changed for each >news article. Our attack runs in $2^{27}$ steps and $2^{18}$ bytes of >memory, which is a significant shortcut over the $2^{64}$ steps >required for a straightforward exhaustive search of all initial fills. >Given ciphertext only from one encrypted article, our prototype >implementation running on a loosely-coupled network of eight >Sparcstations finds the article key within approximately four hours on >average. Exploiting a key-management flaw of the BCIS, we also >compute at no additional cost the corresponding master key, used for >one month to encrypt all article keys in the same news section. In >addition, from the decomposition of $f$, we compute the exact >probability distribution of the leader and cycle lengths of all state >sequences generated by Gifford's cipher. > >Host: Shang Hua-Teng From sandfort at crl.com Fri May 6 08:29:28 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 6 May 94 08:29:28 PDT Subject: Bunch of Clueless Idiots In-Reply-To: <174@lassie.lassie.uucp> Message-ID: C'punks, On Thu, 5 May 1994, Jim Nalbandian ranted: > I see nobody mentioned the infringment of the second amendment by > the assault weapons ban . . . Another piece of the constitution > falls. Gee, what article of the constitution protects the right to > cryptography? What are you going to do when they take it away from > you. Probly nothing. . . clickish . . . You my friend are the ASSHOlE. > . . . Personly I think YOU are too stupid (OHHH I can > program a computer) and lack the social skills to distribute > crypto software to the masses. . . YOU PEOPLE > ARE FOOLS AND HAVE TO MUCH SELF IMPORTANCE IN YOUR SMALL LITTLE > HEADS, NOTHING EXISTS OF OF INTERNET! WRONG THE REAL WORLD DOES!!! > BY NOT DISTRIBUTING TO THE MASSES YOU WILL LOSE (oh you can ftp to > toilet.flush /urinal/cookies/). WHEN THEY TAKE YOUR PRESIOS CRYPTO > AWAY, THEY WILL TAKE AWAY YOUR FIRST AMMENDMENT RIGHTS. (and it > serves you right). FUCK IT NEVER MIND > . . . > No free man shall ever be de-barred the use of arms. The strongest > reason for the people to retain there right to keep and bear arms > is as a last resort to protect themselves against tyranny in > government. <-------- Thomas Jefferson -- I have fought for the Second Amendment for many years, as have many members of this list. This guy is one loon, however, whom I would be sorely tempted to disarm, had I the power. Geez, talk about social skills! [Insert standard quip about compliance with medication regimen.] S a n d y The Left Handed Gun From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Fri May 6 08:59:07 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Fri, 6 May 94 08:59:07 PDT Subject: Bunch of Clueless Idiots Message-ID: <9405061559.AA08163@toad.com> I have been fighting for the 2nd ammendment for many years. Last night my wife, who used to be for gun-control, went off on a several neighbors who felt that it was good that it passed. She has become a huge advocate against gun-control. But this list is for cryptography, talk to the RKBA list if you want to talk about guns. Let's keep it on that subject. Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlowd at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable & slower: harlow at mqg1.usmc.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 PGP 2.3a Public key available upon request ^^^^ "The views expressed are my own, and always will be..." From sandfort at crl.com Fri May 6 09:12:12 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 6 May 94 09:12:12 PDT Subject: Regarding Mr. Nalbandian's Comments (fwd) In-Reply-To: <198@lassie.lassie.uucp> Message-ID: C'punks, An open letter to Jim Nalbandian: Dear Asshole, This will be my last communications to you (unless you apologize to this list, that is). You are not worth any more of my time. You complain that we "elitists" aren't making strong crypto available to the great unwashed. Bullshit. We are and you *aren't*. I have written an article about PGP for Future Sex magazine. I ghosted a similar article and assisted in research on another for a financial privacy newsletter that targets conservative, wealthy doctors and businessmen. I am writing yet another crypto article for Soldier of Fortune. These are in addition to relevant articles I have written for Mondo 2000 and Wired. All these article gave or will give information about how to get PGP on a disk through the mail, in addition to FTP sites. On the other hand, Mr. power-to-the-people jailbird, it looks as though you haven't done diddly squat. Cypherpunks write code and take other actions to promote strong crypto. You want to be a Cypherpunk? Climb down out of the pulpit and lend a hand. Otherwise, shut the fuck up. Kindest regards, S a n d y From mech at eff.org Fri May 6 09:13:55 1994 From: mech at eff.org (Stanton McCandlish) Date: Fri, 6 May 94 09:13:55 PDT Subject: EFF's Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94 Message-ID: <199405061610.MAA06408@eff.org> Testimony of Jerry J. Berman, Executive Director Electronic Frontier Foundation before the Committee on Science, Space and Technology Subcommittee on Technology, Environment and Aviation U.S. House of Representatives Hearing on Communications and Computer Surveillance, Privacy and Security May 3, 1994 Mr. Chairman and Members of the Committee I want to thank you for the opportunity to testify today on communications and computer surveillance, privacy, and security policy. The Electronic Frontier Foundation (EFF) is a public interest membership organization dedicated to achieving the democratic potential of new communications and computer technology and works to protect civil liberties in new digital environments. EFF also coordinates the Digital Privacy and Security Working Group (DPSWG), a coalition of more than 50 computer, communications, and public interest organizations and associations working on communications privacy issues. The Working Group has strongly opposed the Administration's clipper chip and digital telephony proposals. EFF is especially pleased that this subcommittee has taken an interest in these issues. It is our belief that Administration policy developed in this area threatens individual privacy rights, will thwart the development of the information infrastructure, and does not even meet the stated needs of law enforcement and national security agencies. A fresh and comprehensive look at these issues is needed. I. Background on digital privacy and security policy ------------------------------------------------------- From the beginning of the 1992 Presidential campaign, President Clinton and Vice President Gore committed themselves to support the development of the National Information Infrastructure. They recognize that the "development of the NII can unleash an information revolution that will change forever the way people live, work, and interact with each other." They also know that the information infrastructure can only realize its potential if users feel confident about security measures available. If allowed to reach its potential, this information infrastructure will carry vital personal information, such as health care records, private communications among friends and families, and personal financial transactions. The business community will transmit valuable information such as plans for new products, proprietary financial data, and other strategic communications. If communications in the new infrastructure are vulnerable, all of our lives and businesses would be subject to both damaging and costly invasion. In launching its Information Infrastructure Task Force (IITF) the Clinton Administration recognized this when it declared that: The trustworthiness and security of communications channels and networks are essential to the success of the NII.... Electronic information systems can create new vulnerabilities. For example, electronic files can be broken into and copied from remote locations, and cellular phone conversations can be monitored easily. Yet these same systems, if properly designed, can offer greater security than less advanced communications channels. [_Agenda_for_Action_, 9] Cryptography -- technology which allows encoding and decoding of messages -- is an absolutely essential part of the solution to information security and privacy needs in the Information Age. Without strong cryptography, no one will have the confidence to use networks to conduct business, to engage in commercial transactions electronically, or to transmit sensitive personal information. As the Administration foresees, we need network standards and transmission codes that facilitate interconnection and interoperation between networks, and ensure the privacy of persons and the security of information carried.... [_Agenda_for_Action_, 6] While articulating these security and privacy needs, the Administration has also emphasized that the availability of strong encryption poses challenges to law enforcement and national security efforts. Though the vast majority of those who benefit from encryption will be law abiding citizens, some criminals will find ways to hide behind new technologies. II. Current cryptography policy fails to meet the needs of ------------------------------------------------------------ the growing information infrastructure ---------------------------------------------- As a solution to the conflict between the need for user privacy and the desire to ensure law enforcement access, the Administration has proposed that individuals and organizations who use encryption deposit a copy of their private key -- the means to decode any communications they send -- with the federal government. In our view, this is not a balanced solution but one that undermines the need for security and privacy without resolving important law enforcement concerns. It is up to the Congress to send the Administration back to the drawing board. A. Current Export Controls and New Clipper Proposal Stifle Innovation ------------------------------------------------------------------------ Two factors are currently keeping strong encryption out of the reach of United States citizens and corporations. First, general uncertainty about what forms of cryptography will and will not be legal to produce in the future. Second, export controls make it economically impossible for US manufacturers that build products for the global marketplace to incorporate strong encryption for either the domestic or foreign markets. Despite this negative impact on the US market, export controls are decreasingly successful at limiting the foreign availability of strong encryption. A recent survey shows that of the more than 260 foreign encryption products now available globally, over 80 offer encryption which is stronger than what US companies are allowed to export. Export controls do constrain the US market, but the international market appears to be meeting its security needs without help from US industry. The introduction of Clipper fails to address the general uncertainty in the cryptography market. Announcement of a key escrow policy alone is not sufficient to get the stalled US cryptography market back on track. B. The secrecy of the Clipper/Skipjack algorithm reduces public trust ------------------------------------------------------------------------ and casts doubt on the voluntariness of the whole system -------------------------------------------------------------- Many parties have already questioned the need for a secret algorithm, especially given the existence of robust, public-domain encryption techniques. The most common explanation given for use of a secret algorithm is the need to prevent users from bypassing the key escrow system proposed along with the Clipper Chip. Clipper has always been presented by the Administration as a voluntary option. But if the system is truly voluntary, why go to such lengths to ensure compliance with the escrow procedure? C. Current plans for escrow system offer inadequate technical ---------------------------------------------------------------- security and insufficient legal protections for users ----------------------------------------------------------- The implementation of a nationwide key escrow system is clearly a complex task. But preliminary plans available already indicate several areas of serious concern: 1. _No_legal_rights_for_escrow_users_: As currently written, the escrow procedures insulate the government escrow agents from any legal liability for unauthorized or negligent release of an individual's key. This is contrary to the very notion of an escrow system, which ordinarily would provide a legal remedy for the depositor whose deposit is released without authorization. If anything, escrow agents should be subject to strict liability for unauthorized disclosure of keys. 2. _No_stability_in_escrow_rules_: The Administration has specifically declared that it will not seek to have the escrow procedures incorporated into legislation or official regulations. Without formalization of rules, users have no guaranty that subsequent administrations will follow the same rules or offer the users the same degree of protection. This will greatly reduce the trust in the system. 3. _Fixed_Key_: A cardinal rule of computer security is that encryption keys must be changed often. Since the Clipper keys are locked permanently into the chips, the keys can never be changed. This is a major technical weakness of the current proposal. 4. _Less_intrusive,_more_secure_escrow_alternatives_are_available_: The Clipper proposal represents only one of many possible kinds of key escrow systems. More security could be provided by having more than two escrow agents. And, in order to increase public trust, some or all of these agents could be non-governmental agencies, with the traditional fiduciary duties of an escrow agent. D. Escrow Systems Threaten Fundamental Constitutional Values --------------------------------------------------------------- The Administration, Congress, and the public ought to have the opportunity to consider the implications of limitations on cryptography from a constitutional perspective. A delicate balance between constitutional privacy rights and the needs of law enforcement has been crafted over the history of this country. We must act carefully as we face the constitutional challenges posed by new communication technologies. Unraveling the current encryption policy tangle must begin with one threshold question: will there come a day when the federal government controls the domestic use of encryption through mandated key escrow schemes or outright prohibitions against the use of particular encryption technologies? Is Clipper the first step in this direction? A mandatory encryption regime raises profound constitutional questions. In the era where people work for "virtual corporations" and conduct personal and political lives in "cyberspace," the distinction between _communication_ of information and _storage_ of information is increasingly vague. The organization in which one works may constitute a single virtual space, but be physically dispersed. So, the papers and files of the organization or individual may be moved within the organization by means of telecommunications technology. Instantaneous access to encryption keys, without prior notice to the communicating parties, may well constitute a secret search, if the target is a virtual corporation or an individual whose "papers" are physically dispersed. Wiretapping and other electronic surveillance has always been recognized as an exception to the fundamental Fourth Amendment prohibition against secret searches. Even with a valid search warrant, law enforcement agents must "knock and announce" their intent to search a premises before proceeding. Failure to do so violates the Fourth Amendment. Until now, the law of search and seizure has made a sharp distinction between, on the one hand, _seizures_of_papers_ and other items in a person's physical possession, and on the other hand, _wiretapping_of_communications_. Seizure of papers or personal effects must be conducted with the owner's knowledge, upon presentation of a search warrant. Only in the exceptional case of wiretapping, may a person's privacy be invaded by law enforcement without simultaneously informing that person. Proposals to regulate the use of cryptography for the sake of law enforcement efficiency should be viewed carefully in the centuries old tradition of privacy protection. E. Voluntary escrow system will not meet law enforcement needs ----------------------------------------------------------------- Finally, despite all of the troubling aspects of the Clipper proposal, it is by no means clear that it will even solve the problems that law enforcement has identified. The major stated rationale for government intervention in the domestic encryption arena is to ensure that law enforcement has access to criminal communications, even if they are encrypted. Yet, a voluntary scheme seems inadequate to meet this goal. Criminals who seek to avoid interception and decryption of their communications would simply use another system, free from escrow provisions. Unless a government-proposed encryption scheme is mandatory, it would fail to achieve its primary law enforcement purpose. In a voluntary regime, only the law-abiding would use the escrow system. III. Recent policy developments indicate that Administration policy is ----------------------------------------------------------------------- bad for the NII, contrary to the Computer Security Act, and ----------------------------------------------------------------- requires Congressional oversight -------------------------------------- Along with the Clipper Chip proposal, the Administration announced a comprehensive review of cryptography and privacy policy. Almost immediately after the Clipper announcement, the Digital Privacy and Security Working Group began discussions with the Administration on issues raised by the Clipper proposal and by cryptography in general. Unfortunately, this dialogue has been largely one-sided. EFF and many other groups have provided extensive input to the Administration, yet the Administration has not reciprocated -- the promised policy report has not been forthcoming. Moreover, the National Security Agency and the Federal Bureau of Investigation are proceeding unilaterally to implement their own goals in this critical policy area. Allowing these agencies to proceed unilaterally would be a grave mistake. As this subcommittee is well aware, the Computer Security Act of 1987 clearly established that neither military nor law enforcement agencies are the proper protectors of personal privacy. When considering the law, Congress asked, "whether it is proper for a super- secret agency [the NSA] that operates without public scrutiny to involve itself in domestic activities...?" The answer was a clear "no." Recent Administration announcements regarding the Clipper Chip suggest that the principle established in the 1987 Act has been circumvented. As important as the principle of civilian control was in 1987, it is even more critical today. The more individuals around the country come to depend on secure communications to protect their privacy, the more important it is to conduct privacy and security policy dialogues in public, civilian forums. The NII can grow into the kind of critical, national resource which this Administration seeks to promote only if major changes in current cryptography and privacy policy. In the absence of such changes, digital technology will continue to rapidly render our commercial activities and communications -- and, indeed, much of our personal lives -- open to scrutiny by strangers. The Electronic Frontier Foundation believes that Americans must be allowed access to the cryptographic tools necessary to protect their own privacy. We had hoped that the Administration was committed to making these changes, but several recent developments lead us to fear that the effort has been abandoned, leaving individual agencies to pursue their own policy agendas instead of being guided by a comprehensive policy. The following issues concern us: * Delayed Cryptography Policy Report ---------------------------------------- The policy analysis called for along with the April 16, 1993 Presidential Decision Directive has not been released, though it was promised to have been completed by early fall of 1993. We had hoped that this report would be the basis for public dialogue on the important privacy, competitiveness, and law enforcement issues raised by cryptography policy. To date, none of the Administration's policy rationale has been revealed to the public, despite the fact that agencies in the Executive Branch are proceeding with their own plan * Escrowed Encryption Federal Information Processing Standard (FIPS) ------------------------------------------------------------------------ approved against overwhelming weight of public comments ------------------------------------------------------------- The Presidential Decision Directive also called for consideration of a Federal Information Processing Standard (FIPS) for key-escrow encryption systems. This process was to have been one of several forums whereby those concerned about the proposed key-escrow system could voice opinions. EFF, as well as over 225 of our individual members, raised a number of serious concerns about the draft FIPS in September of this 1993. EFF expressed its opposition to government implementation of key-escrow systems as proposed. We continue to oppose the deployment of Skipjack family escrow encryption systems both because they violate fundamental First, Fourth, and Fifth amendment principles, and because they fail to offer users adequate security and flexibility. Despite overwhelming opposition from over 300 commenters, the Department of Commerce recently approved FIPS 185. * Large-Scale Skipjack Deployment Announced ----------------------------------------------- At the December 9, 1993 meeting of the Computer Systems Security and Privacy Advisory Board, an NSA official announced plans to deploy from 10,000 to 70,000 Skipjack devices in the Defense Messaging System in the near future. The exact size of the order was said to be dependent only on budget constraints. The Administration is on record in the national press promising that no large-scale Skipjack deployment would occur until a final report of the Administration Task Force was complete. Ten thousand units was set as the upper limit of initial deployment. Skipjack deployment at the level planned in the Defense Messaging System circumvents both the FIPS notice and comments process which has been left in a state of limbo, as well as the Administration's promise of a comprehensive policy framework. * New FBI Digital Telephony Legislation Proposed ---------------------------------------------------- The FBI recently proposed a new "Digital Telephony" bill. After initial analysis, we strongly oppose the bill, which would require all common carriers to construct their networks to deliver to law enforcement agencies, in real time, both the contents of all communications on their networks and the "signaling" or transactional information. In short, the bill lays the groundwork for turning the National Information Infrastructure into a nation-wide surveillance system, to be used by law enforcement with few technical or legal safeguards. This image is not hyperbole, but a real assessment of the power of the technology and inadequacy of current legal and technical privacy protections for users of communications networks. Although the FBI suggests that the bill is primarily designed to maintain status quo wiretap capability in the face of technological changes, in fact, it seeks vast new surveillance and monitoring tools. Lengthy delays on the promised policy report, along with these unilateral steps toward Clipper/Skipjack deployment, lead us to believe that Administration policy is stalled by the Cold War-era national security concerns that have characterized cryptography policy for the last several decades. EFF believes that it would be a disastrous error to allow national information policy -- now a critical component of domestic policy -- to be dictated solely by backward-looking national-security priorities and unsubstantiated law-enforcement claims. The directions set by this Administration will have a major impact on privacy, information security, and the fundamental relationship between the government and individual autonomy. This is why the Administration must take action-- and do so before the aforementioned agencies proceed further--to ensure that cryptography policy is restructured to serve the interests of privacy and security in the National Information Infrastructure. We still believe the Administration can play the leadership role it was meant to play in shaping this policy. If it does not, the potential of the NII, and of fundamental civil liberties in the information age, will be threatened. IV. Congressional oversight of cryptography & privacy policy is ----------------------------------------------------------------- urgently needed to right the balance between privacy, ----------------------------------------------------------- competitiveness & law enforcement needs --------------------------------------------- All participants in this debate recognize that the need for privacy and security is real, and that new technologies pose real challenges for law enforcement and national security operations. However, the solutions now on the table cripple the NII, pose grave threats to privacy, and fail to even meet law enforcement objectives. In our judgment, the Administration has failed, thus far, to articulate a comprehensive set of policies which will advance the goals upon which we all agree. Congress must act now to ensure that cryptography policy is developed in the context of the broader goal of promoting the development of an advanced, interoperable, secure, information infrastructure. In order to meet the privacy and security needs of the growing infrastructure, Congress should seek a set of public policies which promote the widespread availability of cryptographic systems according to the following criteria: * Use Voluntary Standards to Promote Innovation and Meet ------------------------------------------------------------ Diverse Needs: -------------------- The National Information Infrastructure stretches to encompass devices as diverse as super computers, handheld personal digital assistants and other wireless communications devices, and plain old telephones. Communication will be carried over copper wires, fiber optic cables, and satellite links. The users of the infrastructure will range from elementary school children to federal agencies. Encryption standards must be allowed to develop flexibly to meet the wide-ranging needs all components of the NII. In its IITF Report, the Administration finds that standards also must be compatible with the large installed base of communications technologies, and flexible and adaptable enough to meet user needs at affordable costs. [_AA_, 9] The diverse uses of the NII require that any standard which the government seeks to promote as a broadly deployed solution should be implementable in software as well as hardware and based on widely available algorithms. * Develop Trusted Algorithms and End-to-End Security: --------------------------------------------------------- Assuring current and future users of the NII that their communications are secure and their privacy is protected is a critical task. This means that the underlying algorithms adopted must have a high level of public trust and the overall systems put in place must be secure. * Encourage National and International Interoperability: ------------------------------------------------------------ The promise of the NII is seamless national and international communications of all types. Any cryptographic standard offered for widespread use must allow US corporations and individuals to function as part of the global economy and global communications infrastructure. * Seek Reasonable Cooperation with Law Enforcement and National ------------------------------------------------------------------- Security Needs: --------------------- New technologies pose new challenges to law enforcement and national security surveillance activities. American industry is committed to working with law enforcement to help meet its legitimate surveillance needs, but the development of the NII should not be stalled on this account. * Promote Constitutional Rights of Privacy and Adhere to Traditional ------------------------------------------------------------------------ Fourth Amendment Search and Seizure Rules: ------------------------------------------ New technology can either be a threat or an aid to protection of fundamental privacy rights. Government policy should promote technologies which enable individuals to protect their privacy and be sure that those technologies are governed by laws which respect the long history of constitutional search and seizure restraints. * Maintain Civilian Control over Public Computer and -------------------------------------------------------- Communications Security: ------------------------------ In accordance with the Computer Security Act of 1987, development of security and privacy standards should be directed by the civilian V. Conclusion ---------------- Among the most important roles that the federal government has in NII deployment are setting standards and guaranteeing privacy and security. Without adequate security and privacy, the NII will never realize it economic or social potential. Cryptography policy must, of course, take into account the needs of law enforcement and national security agencies, but cannot be driven by these concerns alone. The Working Group, along with other industry and public interest organizations, is committed to working with the Administration to solving the privacy and security questions raised by the growing NII. This must be done based on the principles of voluntary standards, promotion of innovation, concern for law enforcement needs, and protection of constitutional rights of privacy. *************** From nobody at jarthur.cs.hmc.edu Fri May 6 09:26:27 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Fri, 6 May 94 09:26:27 PDT Subject: i Message-ID: <9405061626.AA08521@toad.com> lassie!jim%lassie at netcom.com (Jim Nalbandian) says: >AH your fuckin' mother is a clueless twitt!! >Yeh obviosly all crypto is week, let's write a new program to >replace the new crypto program we write next week. Fuck everybody >Knows only cool people on Internet deserve crypto. Everybody else >is CLUELESS oh omnipotent one. >I think if cryptography is illegal it does't mater a FUCK what >version the program is. Insure against the inevetable by >distributing to the DUMM FUCK CLUELESS COMPUTER USERS THAT ARE NOT >AS FUCKIN' COOL AS YOU ARE. Power to the people/power in the people should you be interested in congratulating jim nalbandian for his recent well thought out and highly intellectual contributions to the list feel free to contact him personally jim nalbandian (602) 968-4540 his adept and comprehensive instructions on the use of payphones will be educational for those on the list who are too modest to take credit for their constructive feedback and are thus included below >Wow, FUCKIN' hard to figure out. The little round things you have >in your pocket are called coins. If you pick up a phone an ask the >operator to call Fort Yukon alaska she will ask you to put some of >those round things in the phone. Believe it or not, she will now >when the phone has a nuff round things and let your call go thru >for three minutes maybe. Be sure to wipe your fingure prints of >the round things before depositing them in the phone (This is like >doing a file wipe in PGP) or for those more inclined to use the postal services 1241 west university drive tempe, arizona 85281 From hughes at ah.com Fri May 6 09:32:29 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 6 May 94 09:32:29 PDT Subject: Linear Congruential Random Number Crackers.. In-Reply-To: <199405061342.AA24254@access3.digex.net> Message-ID: <9405061630.AA06885@ah.com> >Does anyone have any references on cracking LC random number >generators? Is your ciphertext the stream of numbers itself, or the stream used as a pad? Eric From hughes at ah.com Fri May 6 09:39:02 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 6 May 94 09:39:02 PDT Subject: Regarding Mr. Nalbandian's Comments In-Reply-To: <199405061020.DAA12320@nunki.usc.edu> Message-ID: <9405061637.AA06913@ah.com> > You know, I keep hearing this- why is it that you all seem to think > that writing code is mutually exclusive from talking the politics of > cryptography? Is it so hard to do two things at one time??? I'm sorry, I > just don't get it.. To paraphrase Perry, the cypherpunks list assigns primacy to action. The political discussions are meant to inform the design of the software systems we're working on. They do not stand alone, and as soon as they do stand alone, they become irrelevant. The Usenet newsgroup talk.politics.crypto is for political discussions about cryptography of any sort whatsoever. Eric From phantom at u.washington.edu Fri May 6 09:43:42 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Fri, 6 May 94 09:43:42 PDT Subject: since BAL is down.. Message-ID: what is the finger site that distributes keys? I used BAL's server but it's down (PGP 2.5). mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From gtoal at an-teallach.com Fri May 6 09:43:50 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 6 May 94 09:43:50 PDT Subject: Keyserver service outage (fwd) Message-ID: <199405061643.RAA29553@an-teallach.com> : As much as I hate to bring this up, are you certain that Nalbandian is not : a Detweiler tentacle? More a la alt.syntax.tactical methinks. G From 0005192995 at mcimail.com Fri May 6 09:48:35 1994 From: 0005192995 at mcimail.com (The Computer Doctor) Date: Fri, 6 May 94 09:48:35 PDT Subject: Double betting and money laundering Message-ID: <80940506164608/0005192995NA1EM@mcimail.com> Peter Wayner wrote: >Apparently, casinos are now on the lookout for people who >are teaming up to play both halves of a bet. One casino >kicked out two guys who apparently were betting on pass >and don't pass on the craps table. Why were they bothering? >Was it laundering? Nope. It turns out that casinos hand >out free "comps" based on the amount of betting that you >do. This is called being "rated." They notice that you're >betting $10 chips and figure that the math shows that you'll >probably lose x dollars per hour. Then they give you free >room and food to show their appreciation. Forgive me, but I am skeptical. I worked for a short while as a licensed craps dealer in NJ about 10 years ago. There is no combination of bets on a craps table that will cancell out the house advantage. When I delt, the house welcomed any combination of bets any player wanted to make, let alone worrying about what some confederate on the same table might do. There are strategies for lowering the house advantage. John Scarne describes various betting strategies in his book, "Scarne on Dice," (I think that is the title, it's been a while). One method he described was to make pass line bets, take the full odds, and make "come" bets, and take the full odds on them. Casinos pay true odds on these bets, that is they pay even money on your pass line bet (or come bet), but the true odds on the extra odds bet. So if the shooters point was 4, he would be paid even money on his pass line bet and 2 to 1 on his odds bet. The true odds of rolling a 4 before a 7 is 2 to 1. Thus this is one of the rare bets in the house that is paid the true odds. Note, however, that you had to risk your pass line bet on the come out roll (where 2,3 or 12 loses, but 7 or 11 wins) for at least one roll in order to get the chance to take the odds. You only get to take the odds after a point is established. Scarne mentions, If I remember correctly, that the odds are slightly better (but still in the houses' favor, so I should say"slightly less worse") if you play the don't pass, don't come, and LAY full odds. Wrong betters have to lay the odds. So on the come-out roll, before a point is established, a 2,3 or 12 wins even money on a don't pass bet, a 7 or 11 loses. Once a point is established, say a 4, you must lay 2 to 1 odds for the extra bet. So although the don't pass with full odds method may be slightly less costly over time, you must risk more money per roll. I've seen many players try to hedge their pass line position with a bet on "any 7". Those are the "prop" bets in the center of the table (in front of the dealer with stick). But the odds on these bets are shaved worse than the pass-line bet with full odds. They are one roll bets, and the pay off on rolling a 12 (for example) is 30 to 1. Which sounds great until you realize that the true odds are 35 to 1. The house wants you to make that bet all night. That's why the stick man hawks those bets much like a carnival barker. Any extra bet you make to hedge your pass line bet (or don't pass) is just more money at risk with the percentages in the houses' favor. If they were worried about some confederate canceling your loss by betting on don't pass (which pays when a 7 comes before the point), why would they allow the shooter to play "any 7"? The comps are based on money in play, not on your betting strategy (in craps, anyway), as far as I know. So I would be surprised if the casino was worried about people teaming up to get "free" comps by placing contrary bets. What we WERE warned against is someone trying to past post you on the "don't pass". Once the point is established, a bet on 7 coming before, say a 4 or 10, is a good bet. Many break-in dealers get past posted on the don't pass. A con man will position himself right next to the dealer, just above that portion of the layout where the "don't pass" box is located, and as the dealer responds to a come out roll of 4 or 10 by leaning out to service the layout, the con places checks in the don't pass box and then asks to lay full odds. Regards, Pat Fallon with probably way more information about craps than anyone cared to know. ************************************************************************* * PFallon at MCIMail.com * Current predictions for my future reputation: * * "We're all pawns in * 1. AIDS is not caused by HIV (Duesberg is right)* * the cosmic game of * 2. JFK,RFK,MLK were "hit" by "shadow government"* * chess...but some of * 3. You cannot file an income tax form without * * us are out of all * waiving your 5th amendment rights, therefore * * known lines." * evryone who files does so voluntarily. * ************************************************************************* From hayden at krypton.mankato.msus.edu Fri May 6 09:52:34 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 6 May 94 09:52:34 PDT Subject: Forwarded mail... (fwd) In-Reply-To: <183@lassie.lassie.uucp> Message-ID: [...much petty flamage deleted...] Jim, what's your problem? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From lefty at apple.com Fri May 6 09:53:11 1994 From: lefty at apple.com (Lefty) Date: Fri, 6 May 94 09:53:11 PDT Subject: i Message-ID: <9405061652.AA15641@internal.apple.com> Some nobody writes > >should you be interested in congratulating jim nalbandian for his >recent well thought out and highly intellectual contributions to the list >feel free to contact him personally and then treats us to what he purports to be Mr. Nalbandian's phone number and address. While I would be willing to bet that my opinion of Mr. Nalbandian is not the least bit higher than that of anyone else on the list, I can't say I'm much impressed with the dedication to personal privacy manifested by the above-quoted nobody. "Privacy: it's for everybody. Well, everybody I _agree_ with, who hasn't pissed me off too much recently..." Whoever you are, nobody, you're a hypocrite and a coward. As utterly bereft of intelligence, cluefulness and common decency as Mr. Nalbandian is (and make no mistake: he _is_), in my book you are easily ten times worse. At least Mr. Nalbandian is forthright enough to be clueless in such a way that offended parties can respond to him directly. You, on the other hand, are no better than the sort of hapless fuck who writes the phone numbers of women who have refused to go out with him in men's room toilet stalls, an experience with which I imagine you might have more than a passing familiarity. The same goes for anyone who would attempt to _use_ this information. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From koontzd at lrcs.loral.com Fri May 6 10:03:27 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 6 May 94 10:03:27 PDT Subject: Clipper Key Escrow Details Message-ID: <9405061700.AA23421@io.lrcs.loral.com> >From: grendel at netaxs.com (Michael Brandt Handler) >Posted-Date: Fri, 6 May 1994 07:05:38 -0400 >Regarding the Clipper Key Escrow scheme: > [1] Who has the ability to submit a warrant and request the key data from the two controlling government agencies? Its even worse than that. They have a catch phrase - "other legal authority", where some do not require a warrant. > [2] What is to stop someone, once they have my escrowed key data, >from archiving it for later use? While not having formally answered this, it has been indicated that the unit key is sent encrypted to a decoder box, which can disassemble the LEAF and extract the session key. I believe this decoder is based on a PC, which leaves one to wonder about even the possibility of timelocking the transaction. (the crypto algorithm is contained in a chip on a P.C. board.) From koontzd at lrcs.loral.com Fri May 6 10:04:55 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 6 May 94 10:04:55 PDT Subject: (fwd) May 4 House Hearing on Clipper, F. Lynn McNulty testimony Message-ID: <9405061704.AA23437@io.lrcs.loral.com> Not meaning to ignore any interest from cypherpunks, I figured most would read the two in talk.politics.crypto. Note I screwed up the date. From hayden at krypton.mankato.msus.edu Fri May 6 10:06:33 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 6 May 94 10:06:33 PDT Subject: Regarding Mr. Nalbandian's Comments In-Reply-To: <9405061637.AA06913@ah.com> Message-ID: On Fri, 6 May 1994, Eric Hughes wrote: > To paraphrase Perry, the cypherpunks list assigns primacy to action. But one of the important things is that action is not JUST writing code. There are those of use who are unable to write good code (or, I suppose, any code at all) or do not comprehend the math of cryptography. They are just as needed in the battle as those who compile. Cypherpunks (the list) I believe has sorta become a combination of talk.politics.crypto and sci.crypt, and provides a uniqie opportunity to integrate both the coding adn the political sides into one cohesive fighting force. The small number of (active) participants allows this to be done in a very intimate and (relatively) fast fashion. This is a GOOD thing. > The Usenet newsgroup talk.politics.crypto is for political discussions > about cryptography of any sort whatsoever. That assumes that people can get it... ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From mpj at netcom.com Fri May 6 10:07:27 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Fri, 6 May 94 10:07:27 PDT Subject: Where to get PGP Message-ID: <199405061708.KAA03414@netcom.com> ....................... USA users watch for news from MIT ................. -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 3 May 1994 by Mike Johnson) The latest commercial versions are 2.4 (both Viacrypt and BSAFE versions). The latest freeware Mac version is 2.3 or 2.3aV1.1, depending on the variant. The latest Amiga version is 2.3a2 The latest freeware version for all other platforms is 2.3a If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest information I have from them on compiled versions are: PGP 2.4 for MS-DOS PGP 2.4 for Unix (several different platforms) PGP 2.4 for WinCIM CSNAV Mac version expected late this summer. ViaCrypt David A. Barnhart, Product Manager 2104 West Peoria Avenue Phoenix, Arizona 85029 Tel: (602) 944-0773 Fax: (602) 943-2601 E-Mail: 70304.41 at compuserve.com E-Mail: wk01965 at worldlink.com Credit card orders only. (800)536-2664 (8-5 MST M-F) The freeware version of PGP is intended for noncommercial, experimental, and scholarly use. It is available on thousands of BBSes, commercial information services, and Internet anonymous-ftp archive sites on the planet called Earth. This list cannot be comprehensive, but it should give you plenty of pointers to places to find PGP. Although the latest freeware version of PGP was released from outside the USA (New Zealand), it is not supposed to be exported from the USA under a strange law called the International Traffic in Arms Regulations (ITAR). Because of this, please get PGP from a site outside the USA if you are outside of the USA. This data is subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Thanks to Gary Edstrom and Hugh Miller for providing part of this data. FTP sites: soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) Verified: 21-Dec-93 ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ghost.dsi.unimi.it /pub/crypt Verified: 21-Dec-93 ftp.tu-clausthal.de (139.174.2.10) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) black.ox.ac.uk (129.67.1.165) /src/security/pgp23A.zip (MS-DOS executables & docs) /src/security/pgp23srcA.zip (Unix, MS-DOS, VMS, Amiga sources, docs, info on building PGP into mailers, editors, etc.) /src/security/pgp23A.tar.Z (Same as PGP22SRC.ZIP, in Unix tar format) /src/security/macpgp2.3.cpt.hqx (Macintosh version) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) csn.org /mpj/README.MPJ contains variable directory name -- read this first. /mpj/help explains how to get to hidden directory containing PGP /mpj/I_will_not_export/crypto_???????/pgp/ contains current PGP /mpj/I_will_not_export/crypto_???????/pgptools/ contains related tools /mpj/I_will_not_export/crypto_???????/ contains other crypto info. /mpj/public/pgp/ contains PGP shells, faq documentation, etc. ftp.netcom.com /pub/dcosenza -- PGP for several platforms + some shells and steganography utilities. /pub/gbe/pgpfaq.asc -- frequently asked questions answered. /pub/mpj (see README.MPJ -- similar layout to csn.org//mpj) nic.funet.fi (128.214.6.100) /pub/crypt/pgp23A.zip /pub/crypt/pgp23srcA.zip /pub/crypt/pgp23A.tar.Z van-bc.wimsey.bc.ca (192.48.234.1) /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip ftp.uni-kl.de (131.246.9.95) qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) StealthPGP: The Amiga version can be FTP'ed from the Aminet in /pub/aminet/util/crypt/ as StealthPGP1_0.lha. Also, try an archie search for PGP using the command: archie -s pgp23 (DOS Versions) archie -s pgp2.3 (MAC Versions) ftpmail: For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. BBS sites: Colorado Catacombs BBS (Longmont, CO) Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, etc. v.32bis/v.42bis, speeds up to 14,400 baud 8 data bits, 1 stop, no parity Free access, but only one line. If busy or no answer, try again later. Downloads of crypto software are limited to the USA and Canada, but you can download on the first call if you are qualified and you answer the questions truthfully. Log in with your own name, or if someone else already used that, try a variation on your name or pseudonym. (303) 938-9654 (Boulder, Colorado number forwarded to Longmont number) (303) 678-9939 (Longmont, Colorado number) Verified: 5-2-94 Hieroglyphics Voodoo Machine (Colorado) DOS, OS2, and Mac versions. (303) 443-2457 Verified: 5-2-94 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Carrying RIME, Throbnet, Smartnet, and Usenet Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel PGP 2.3A has been posted to the FidoNet Software Distribution Network and should on most if not all Canadian and U.S. nodes carrying SDN software. It has also been posted on almost all of the major private North American BBS systems, thence to countless smaller boards. Consult a list of your local BBSes; most with a sizeable file inventory should carry the program. If you find a version of the PGP package on a BBS or FTP site and it does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. Here is the result of an archie search for file names containing "pgp" (not case sensitive) on 5/2/94. The search was limited to 300 matches, because, as you can plainly see, lots of people value their privacy. Note that archie will not find all relevant files at some sites, like the one at csn.org//mpj properly, due to the export control nonsense, but it does find the directory where the PGP documentation is kept. Host gipsy.vmars.tuwien.ac.at Location: /pub/misc FILE -rw-r--r-- 209409 May 7 1993 pgp22.zip FILE -rw-r--r-- 451114 Jul 23 1993 pgp23.tar.gz Host swdsrv.edvz.univie.ac.at Location: /network/misc/Mosaic/Unix/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 21:02 pgp-dec FILE -r--r--r-- 530 Apr 11 21:02 pgp-enc Location: /os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host plaza.aarnet.edu.au Location: /micros/amiga/aminet/comm/mail FILE -r--rw-r-- 137861 Jan 26 08:04 PGPMIP.lha FILE -r--rw-r-- 1878 Jan 26 08:04 PGPMIP.readme Location: /micros/amiga/aminet/util/crypt FILE -r--rw-r-- 305056 Dec 26 22:41 PGPAmi23a2_src.lha FILE -r--rw-r-- 5569 Dec 26 22:41 PGPAmi23a2_src.readme FILE -r--rw-r-- 342426 Dec 26 22:41 PGPAmi23a_2.lha FILE -r--rw-r-- 820 Dec 26 22:41 PGPAmi23a_2.readme FILE -r--rw-r-- 96585 Sep 30 1993 PGPAmi23aplus.lha FILE -r--rw-r-- 712 Sep 30 1993 PGPAmi23aplus.readme FILE -r--rw-r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -r--rw-r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -r--rw-r-- 55993 Mar 21 04:41 PGPSendMail2_0.lha FILE -r--rw-r-- 1455 Mar 21 04:41 PGPSendMail2_0.readme FILE -r--rw-r-- 17141 Feb 28 19:23 StealthPGP1_0.lha FILE -r--rw-r-- 1198 Feb 28 19:23 StealthPGP1_0.readme Location: /micros/pc/garbo/pc/crypt FILE -r--r--r-- 209679 Mar 7 1993 pgp22.zip FILE -r--r--r-- 62885 Oct 9 00:00 pgpfront.zip FILE -r--r--r-- 71330 Jan 4 15:00 pgpshe30.zip Location: /micros/pc/garbo/pc/source FILE -r--r--r-- 521820 Mar 7 1993 pgp22src.zip Location: /micros/pc/garbo/windows/util FILE -r--r--r-- 13825 Sep 3 1993 pgpwin11.zip Location: /usenet/FAQs/alt.answers DIRECTORY drwxr-xr-x 512 Apr 18 09:56 pgp-faq Location: /usenet/FAQs DIRECTORY drwxr-xr-x 512 Apr 18 10:09 alt.security.pgp Location: /usenet/FAQs/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 09:45 pgp-faq Host luga.latrobe.edu.au Location: /archive-disk2/os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host sunb.ocs.mq.edu.au Location: /PC/Crypt FILE -r--r--r-- 219951 Sep 14 1993 pgp23.zip Host nic.switch.ch Location: /mirror/Mosaic/Mosaic-source/Mosaic-2.4/auth FILE -rw-rw-r-- 520 Apr 11 23:02 pgp-dec FILE -rw-rw-r-- 530 Apr 11 23:02 pgp-enc Location: /mirror/atari/Utilities FILE -rw-rw-r-- 280576 Apr 15 16:18 pgp23ab.lzh FILE -rw-rw-r-- 29526 Apr 15 16:18 pgpshl06.zip Location: /mirror/os2/all/diskutil FILE -rw-rw-r-- 1946 Mar 16 1993 pgp22.txt Location: /mirror/vms/DECUS/vlt93b/vltextra FILE -rw-rw-r-- 192196 Mar 19 1993 pgp22.zip FILE -rw-rw-r-- 481215 Mar 19 1993 pgp22src.zip Location: /mirror/vms/DECUS/vms92b/hkennedy FILE -rw-rw-r-- 187758 Dec 14 1992 pgp21.zip FILE -rw-rw-r-- 433713 Dec 14 1992 pgp21src.zip Host gatekeeper.dec.com Location: /.0/BSD/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--rw-r-- 478 Jun 24 1993 pgp Location: /.0/BSD/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 16 23:10 pgp Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 13:20 pgp-dec FILE -r--r--r-- 530 Feb 8 13:20 pgp-enc Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 11:38 pgp-dec FILE -r--r--r-- 530 Apr 8 11:38 pgp-enc Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 14:02 pgp-dec FILE -r--r--r-- 530 Apr 11 14:02 pgp-enc Host hpcsos.col.hp.com Location: /mirrors/.hpib1/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 00:10 pgp Host qiclab.scn.rain.com Location: /pub/mail FILE -rw-r--r-- 537455 Jan 18 1993 pgp-2.1.tar.Z Host world.std.com Location: /src/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 8192 Apr 21 02:43 PGP Location: /src/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools/PGP FILE -r--r--r-- 71064 Jan 13 16:57 pgpshe30.zip Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 21:20 pgp-dec FILE -r--r--r-- 530 Feb 8 21:20 pgp-enc Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 18:38 pgp-dec FILE -r--r--r-- 530 Apr 8 18:38 pgp-enc Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 21:02 pgp-dec FILE -r--r--r-- 530 Apr 11 21:02 pgp-enc Host quepasa.cs.tu-berlin.de Location: /.cdrom0/security FILE -r-xr-xr-x 71064 Mar 5 11:51 pgpshe30.zip Host sun.rz.tu-clausthal.de Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 19:56 pgp Location: /pub/atari/misc/pgp FILE -rw-r--r-- 280454 Oct 11 00:00 pgp23ab.lzh Location: /pub/msdos/utils/security FILE -rw-rw-r-- 209679 Jun 21 1993 pgp22.zip Location: /pub/unix/admin/security DIRECTORY drwxrwxr-x 512 Sep 19 1993 pgp Location: /pub/unix/admin/security/pgp FILE -rw-rw-r-- 209409 Mar 12 1993 pgp22.zip FILE -rw-rw-r-- 521550 Mar 12 1993 pgp22src.zip FILE -rw-rw-r-- 219951 Jun 23 1993 pgp23.zip FILE -rw-rw-r-- 680985 Sep 19 1993 pgp23A.tar.Z FILE -rw-rw-r-- 221332 Sep 19 1993 pgp23A.zip FILE -rw-rw-r-- 88070 Sep 19 1993 pgp23docA.zip FILE -rw-rw-r-- 998 Sep 19 1993 pgp23sigA.asc FILE -rw-rw-r-- 547178 Sep 19 1993 pgp23srcA.zip Host hermes.hrz.uni-bielefeld.de Location: /.mnt1/systems/os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host sun1.ruf.uni-freiburg.de Location: /misc FILE -rw-r--r-- 680985 Mar 11 14:15 pgp23A.tar.Z Host rzsun2.informatik.uni-hamburg.de Location: /pub/doc/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 05:15 pgp-faq Location: /pub/security/tools/crypt DIRECTORY drwxr-xr-x 512 Feb 18 22:05 pgp Location: /pub/security/tools/crypt/pgp FILE -r--r--r-- 449455 Jun 21 1993 pgp23.tar.gz FILE -rw-rw-r-- 17798 May 26 1993 pgputils.zip Host askhp.ask.uni-karlsruhe.de Location: /pub/aegee/tmp FILE -rw-rw-r-- 103448 Mar 12 17:18 pgp23A.zip Location: /pub/infosystems/mosaic/Mosaic-source/Mosaic-2.4/auth FILE -rwxr--r-- 520 Apr 11 23:02 pgp-dec FILE -rwxr--r-- 530 Apr 11 23:02 pgp-enc Host ftp.uni-kl.de Location: /pub1/unix/security DIRECTORY drwxrwxr-x 512 Feb 24 1993 pgp Location: /pub1/unix/security/pgp FILE -rw-rw-r-- 536118 Dec 10 1992 pgp21.tar.Z FILE -rw-rw-r-- 187758 Dec 10 1992 pgp21.zip FILE -rw-rw-r-- 436302 Dec 10 1992 pgp21src.zip FILE -rw-rw-r-- 92405 Feb 19 1993 pgprtest.tar.Z FILE -rw-rw-r-- 17798 Feb 5 1993 pgputils.zip Location: /pub3/amiga/aminet/comm/mail FILE -rw-rw-r-- 137861 Jan 26 14:04 PGPMIP.lha FILE -rw-rw-r-- 1878 Jan 26 14:04 PGPMIP.readme Location: /pub3/amiga/aminet/util/crypt FILE -rw-rw-r-- 305056 Dec 27 04:41 PGPAmi23a2_src.lha FILE -rw-rw-r-- 5569 Dec 27 04:41 PGPAmi23a2_src.readme FILE -rw-rw-r-- 342426 Dec 27 04:41 PGPAmi23a_2.lha FILE -rw-rw-r-- 820 Dec 27 04:41 PGPAmi23a_2.readme FILE -rw-rw-r-- 96585 Oct 1 00:00 PGPAmi23aplus.lha FILE -rw-rw-r-- 712 Oct 1 00:00 PGPAmi23aplus.readme FILE -rw-rw-r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -rw-rw-r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -rw-rw-r-- 55993 Mar 21 20:41 PGPSendMail2_0.lha FILE -rw-rw-r-- 1455 Mar 21 20:41 PGPSendMail2_0.readme FILE -rw-rw-r-- 118058 Apr 15 10:20 PGP_german_docs.lha FILE -rw-rw-r-- 234 Apr 15 10:20 PGP_german_docs.readme FILE -rw-rw-r-- 17141 Mar 1 12:23 StealthPGP1_0.lha FILE -rw-rw-r-- 1198 Mar 1 12:23 StealthPGP1_0.readme Host minnie.zdv.uni-mainz.de Location: /pub/amiga/util/aminet/crypt FILE -r--r--r-- 305056 Dec 27 03:41 PGPAmi23a2_src.lha FILE -r--r--r-- 5569 Dec 27 03:41 PGPAmi23a2_src.readme FILE -r--r--r-- 342426 Dec 27 03:41 PGPAmi23a_2.lha FILE -r--r--r-- 820 Dec 27 03:41 PGPAmi23a_2.readme Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 17:56 pgp Location: /pub/atari/misc/pgp FILE -rw-r--r-- 280454 Oct 11 00:00 pgp23ab.lzh Host von-neum.uni-muenster.de Location: /pub/unix FILE -rw-rw---- 449445 Mar 24 13:04 pgp23.tar.gz Host inf.informatik.uni-stuttgart.de Location: /pub/net FILE -r--r--r-- 680985 Aug 5 1993 pgp23A.tar.Z Host net-1.iastate.edu Location: /pub/netbsd/NetBSD-current/src/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 01:10 pgp Host jhunix.hcf.jhu.edu Location: /pub/public_domain_software/NetBSD/usr/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Jun 9 1993 pgp Host mintaka.lcs.mit.edu Location: /pub DIRECTORY drwxr-xr-x 512 Jun 18 1993 pgp Location: /pub/pgp FILE -rw-r--r-- 312726 Mar 22 1993 macpgp2.2.cpt.hqx FILE -rw-r--r-- 209409 Mar 22 1993 pgp22.zip FILE -rw-r--r-- 521550 Mar 22 1993 pgp22src.zip FILE -rw-r--r-- 219951 Jun 18 1993 pgp23.zip FILE -rw-r--r-- 17798 Mar 22 1993 pgputils.zip Host josquin.media.mit.edu Location: /pub FILE -rw-r--r-- 321424 Nov 30 20:27 pgp Host archive.egr.msu.edu Location: /pub DIRECTORY drwxr-xr-x 512 Mar 9 18:58 pgp Host xanth.cs.odu.edu Location: /pub DIRECTORY drwxrwxr-x 512 Apr 27 13:38 pgp Location: /pub/pgp FILE -rw-rw-rw- 221332 Apr 27 13:38 pgp23A.zip Host unixd1.cis.pitt.edu Location: /users/i/n/infidel/.Backup/httpd/support/auth FILE -rwxr-xr-x 1019 Jan 24 16:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 16:42 pgp-enc Location: /users/i/n/infidel/httpd/support/auth FILE -rwxr-xr-x 1019 Jan 24 16:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 16:42 pgp-enc Host arthur.cs.purdue.edu Location: /pub/pcert/tools/unix DIRECTORY drwxr-xr-x 512 Jul 31 1993 pgp Location: /pub/pcert/tools/unix/pgp FILE -r--r--r-- 209409 Mar 7 1993 pgp22.zip FILE -r--r--r-- 521550 Mar 7 1993 pgp22src.zip Location: /pub/pcert/tools/unix/virus/misc FILE -rw-r--r-- 19277 Feb 23 1993 pgputils.zip Host tehran.stanford.edu Location: /www/httpd_1.2/support/auth FILE -rwxr-xr-x 1019 Jan 24 13:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 13:42 pgp-enc Host relay.cs.toronto.edu Location: /pub/usenet/news.answers DIRECTORY drwxr-xr-x 512 Apr 22 04:51 pgp-faq Host uceng.uc.edu Location: /pub/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 8192 Apr 20 22:43 PGP Location: /pub/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools/PGP FILE -r--r--r-- 71064 Jan 13 11:57 pgpshe30.zip Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 16:20 pgp-dec FILE -r--r--r-- 530 Feb 8 16:20 pgp-enc Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 14:38 pgp-dec FILE -r--r--r-- 530 Apr 8 14:38 pgp-enc Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 17:02 pgp-dec FILE -r--r--r-- 530 Apr 11 17:02 pgp-enc Host server.uga.edu Location: /pub/msdos/mirror/security FILE -r--r--r-- 71064 Feb 3 15:36 pgpshe30.zip Host mrcnext.cso.uiuc.edu Location: /pub/faq/usenet-by-group/alt.answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Location: /pub/faq/usenet-by-group DIRECTORY drwxr-xr-x 1024 Apr 26 13:08 alt.security.pgp Location: /pub/faq/usenet-by-group/news.answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:07 pgp-faq Location: /pub/faq/usenet-by-hierarchy/alt/answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Location: /pub/faq/usenet-by-hierarchy/alt/security DIRECTORY drwxr-xr-x 1024 Apr 26 13:08 pgp Location: /pub/faq/usenet-by-hierarchy/news/answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Host zaphod.ncsa.uiuc.edu Location: /Web/Mosaic-source/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 11 21:02 pgp-dec FILE -rwxr-xr-x 530 Apr 11 21:02 pgp-enc Host f.ms.uky.edu Location: /pub2/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Dec 17 02:10 pgp Host pith.uoregon.edu Location: /pub/Solaris2.x/src/httpd_1.1/support/auth FILE -rwxr-xr-x 1019 Jan 24 21:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 21:42 pgp-enc Host pc.usl.edu Location: /pub/msdos/crypto FILE -rw-r--r-- 187758 Jan 14 1993 pgp21.zip FILE -rw-r--r-- 436302 Jan 14 1993 pgp21src.zip FILE -rw-r--r-- 219951 Jun 23 1993 pgp23.zip Host emx.cc.utexas.edu Location: /pub/mnt/source/www/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 11 12:57 pgp-dec FILE -rwxr-xr-x 530 Apr 11 12:57 pgp-enc Location: /pub/mnt/source/www/NCSA_httpd_1.2/support/auth FILE -rwxr-xr-x 1019 Jan 24 15:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 15:42 pgp-enc Host tolsun.oulu.fi Location: /pub/unix FILE -r--r--r-- 521550 Jun 16 1993 pgp22src.zip Host gogol.cenatls.cena.dgac.fr Location: /pub/util FILE -rw-r--r-- 534661 Jan 7 1993 pgp-2.1.tar.Z Host grasp1.univ-lyon1.fr Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.2/auth FILE -r--r--r-- 315 Feb 8 22:20 pgp-dec.gz FILE -r--r--r-- 319 Feb 8 22:20 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.3/auth FILE -r--r--r-- 315 Apr 8 20:38 pgp-dec.gz FILE -r--r--r-- 319 Apr 8 20:38 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.4/auth FILE -r--r--r-- 315 Apr 11 23:02 pgp-dec.gz FILE -r--r--r-- 319 Apr 11 23:02 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/usenet-stats/groups/alt FILE -rw-r--r-- 2500 Apr 5 09:39 alt.security.pgp Host ns.urec.fr Location: /pub/reseaux/services_infos/WWW/ncsa/Mosaic-source/Mosaic-2.4/auth FILE -rw-rw-r-- 520 Apr 11 21:02 pgp-dec FILE -rw-rw-r-- 530 Apr 11 21:02 pgp-enc Host granuaile.ieunet.ie Location: /ftpmail-cache/ie/tcd/maths/ftp/src/misc DIRECTORY drwxr-xr-x 512 Dec 2 11:43 pgp Location: /ftpmail-cache/uk/co/demon/ftp/mac DIRECTORY drwxr-xr-x 512 Mar 10 04:01 MacPGP Host walton.maths.tcd.ie Location: /news/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 03:45 pgp-faq Location: /pub/msdos/misc FILE -rw-r--r-- 227625 Apr 18 14:47 pgp23.zip Location: /pub/sboyle DIRECTORY drwxr-xr-x 512 Apr 25 20:20 pgp Location: /src/misc DIRECTORY drwxr-xr-x 512 Apr 21 14:52 pgp Location: /src/network/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 18 12:21 pgp-dec FILE -rwxr-xr-x 530 Apr 18 12:21 pgp-enc Host ghost.dsi.unimi.it Location: /pub/security/crypt FILE -rw-r--r-- 3012 May 15 1993 MacPGP.bugfix.README FILE -rw-r--r-- 45446 May 18 1993 MacPGP2.2.bugfix.sit.hqx FILE -rw-r--r-- 299477 May 18 1993 MacPGP2.2.sit.hqx FILE -rw-r--r-- 27882 Aug 11 1993 hint_trick_pgp00.gz FILE -rw-r--r-- 312726 Mar 20 1993 macpgp2.2.cpt.hqx FILE -rw-r--r-- 422851 Jul 3 1993 macpgp2.3.cpt.hqx FILE -rw-r--r-- 1027543 Jul 21 1993 macpgp2.3src.sea.hqx.pgp FILE -rw-r--r-- 12873 Feb 5 18:22 pgp-lang.italian.tar.gz FILE -rw-r--r-- 91281 Jan 22 12:41 pgp-lang.spanish.tar.gz FILE -rw-r--r-- 680985 Jul 22 1993 pgp23A.tar.Z FILE -rw-r--r-- 231 Jul 26 1993 pgp23A.tar.Z.sig FILE -rw-r--r-- 221332 Jul 26 1993 pgp23A.zip FILE -rw-r--r-- 300 Jul 26 1993 pgp23A.zip.sig FILE -rw-r--r-- 51241 Dec 24 19:31 pgp23ltk.zip FILE -rw-r--r-- 547178 Jul 26 1993 pgp23srcA.zip FILE -rw-r--r-- 232 Jul 26 1993 pgp23srcA.zip.sig FILE -rw-r--r-- 3709 Dec 4 15:02 pgpclient.gz FILE -rw-r--r-- 14209 Nov 29 10:46 pgpd.tar.gz FILE -rw-r--r-- 62619 Oct 27 00:00 pgpfront.zip FILE -rw-r--r-- 13689 May 10 1993 pgpmenu.zip FILE -rw-r--r-- 71064 Jan 22 11:59 pgpshe30.zip FILE -rw-r--r-- 142993 Feb 5 18:55 pgptools.zip FILE -rw-r--r-- 17798 Feb 8 1993 pgputils.zip FILE -rw-r--r-- 13825 Sep 20 1993 pgpwin11.zip FILE -r--r--r-- 1043163 Feb 15 12:54 public-keys.pgp FILE -r--r--r-- 1042460 Feb 15 05:39 public-keys.pgp.old Host isfs.kuis.kyoto-u.ac.jp Location: /BSD/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Jun 24 1993 pgp Location: /BSD/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 16 23:10 pgp Location: /ftpmail/ftp.dit.co.jp/pub/security/tools FILE -rw-rw-r-- 422851 Apr 21 21:57 macpgp2.3.cpt.hqx Location: /ftpmail/ftp.nig.ac.jp/pub/security DIRECTORY drwxrwxr-x 512 Dec 18 04:31 PGP Location: /ftpmail/ftp.nig.ac.jp/pub/security/PGP DIRECTORY drwxrwxr-x 512 May 22 1993 MacPGP FILE -rw-rw-r-- 521550 May 20 1993 pgp22src.zip FILE -rw-rw-r-- 680985 Dec 18 04:29 pgp23A.tar.Z FILE -rw-rw-r-- 231 Dec 18 04:31 pgp23A.tar.Z.sig Host theta.iis.u-tokyo.ac.jp Location: /pub1/security/docs/news.answers DIRECTORY drwxr-xr-x 512 Apr 28 17:33 pgp-faq Location: /pub1/security/tools FILE -rw-r--r-- 422851 Mar 6 01:16 macpgp2.3.cpt.hqx FILE -rw-r--r-- 451124 Oct 17 00:00 pgp23.tar.gz FILE -rw-r--r-- 680985 Feb 20 23:06 pgp23A.tar.Z FILE -rw-r--r-- 231 Feb 20 23:06 pgp23A.tar.Z.sig Location: /pub2/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Jun 24 1993 pgp Host news.cfi.waseda.ac.jp Location: /pub2/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Jun 24 1993 pgp Host rena.dit.co.jp Location: /pub/security/docs/news.answers DIRECTORY drwxr-xr-x 512 Mar 1 16:53 pgp-faq Location: /pub/security/tools FILE -rw-r--r-- 422851 Mar 6 01:16 macpgp2.3.cpt.hqx FILE -rw-r--r-- 451124 Oct 17 00:00 pgp23.tar.gz FILE -rw-r--r-- 680985 Feb 20 23:06 pgp23A.tar.Z FILE -rw-r--r-- 231 Feb 20 23:06 pgp23A.tar.Z.sig Host mtecv2.mty.itesm.mx Location: /pub/Mosaic/NCSA-Mirror/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 12 03:02 pgp-dec FILE -r--r--r-- 530 Apr 12 03:02 pgp-enc Location: /pub/usenet/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:06 pgp-faq Host ftp.germany.eu.net Location: /pub/comp/atari-st/mint FILE -rw-rw-r-- 2102 Sep 21 1993 pgp23ast.zip Location: /pub/comp/atari-st/utils FILE -rw-rw-r-- 280576 Apr 20 15:42 pgp23ab.lzh FILE -rw-rw-r-- 29526 Apr 20 15:42 pgpshl06.zip Location: /pub/comp/msdos/local/utils DIRECTORY drwxr-xr-x 512 Jul 12 1993 pgp Location: /pub/comp/msdos/local/utils/pgp FILE -rw-r--r-- 449445 Jul 12 1993 pgp23.tar.gz FILE -rw-r--r-- 219951 Jul 12 1993 pgp23.zip Location: /pub/comp/msdos/mirror.garbo/crypt FILE -rw-r--r-- 209679 Mar 7 1993 pgp22.zip FILE -rw-r--r-- 62885 Oct 9 00:00 pgpfront.zip FILE -rw-r--r-- 71330 Jan 4 13:00 pgpshe30.zip Location: /pub/comp/msdos/mirror.garbo/source FILE -rw-r--r-- 521820 Mar 7 1993 pgp22src.zip Location: /pub/comp/os2/mirror.ftp-os2/2_x/diskutil FILE -rw-r--r-- 1946 Mar 16 1993 pgp22.txt Location: /pub/comp/os2/mirror.ftp-os2/all/diskutil FILE -rw-r--r-- 1946 Mar 16 1993 pgp22.txt Location: /pub/infosystems/www/ncsa/Web/Mosaic-source/Mosaic-2.4/auth FILE -rw-r--r-- 520 Apr 11 19:02 pgp-dec FILE -rw-r--r-- 530 Apr 11 19:02 pgp-enc Location: /pub/newsarchive/news.answers DIRECTORY drwxr-xr-x 512 Apr 19 04:12 pgp-faq Host mcsun.eu.net Location: /documents/faq DIRECTORY drwxrwxr-x 512 Apr 20 03:51 pgp-faq Host sol.cs.ruu.nl Location: /NEWS.ANSWERS DIRECTORY drwxrwxr-x 512 Apr 18 11:55 pgp-faq Host ugle.unit.no Location: /faq/alt.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:27 pgp-faq Location: /faq/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:26 pgp-faq Host csn.org Location: /fruug DIRECTORY drwxr-xr-x 512 Sep 29 1993 PGP Location: /mpj/public DIRECTORY drwxr-xr-x 512 Apr 18 15:09 pgp Location: /mpj/public/pgp FILE -rw-r--r-- 20941 Feb 22 23:07 Here.is.How.to.MacPGP! FILE -rw-r--r-- 687646 Feb 1 07:45 pgp-elm.gz FILE -rw-r--r-- 26905 Feb 22 18:03 pgp-msgs-japanese.tar.gz FILE -rw-r--r-- 88070 Nov 6 17:44 pgp23docA.zip FILE -rw-r--r-- 998 Nov 6 17:44 pgp23sigA.asc FILE -rw-r--r-- 179070 Apr 18 15:08 pgpfaq.asc FILE -rw-r--r-- 44956 Apr 18 15:08 pgpfaq01.asc FILE -rw-r--r-- 44836 Apr 18 15:08 pgpfaq02.asc FILE -rw-r--r-- 44873 Apr 18 15:08 pgpfaq03.asc FILE -rw-r--r-- 45118 Apr 18 15:08 pgpfaq04.asc FILE -rw-r--r-- 3460 Apr 18 15:08 pgpfaq05.asc Host ftp.eff.org Location: /pub/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 512 Apr 20 02:58 PGP Location: /pub/EFF/Policy/Crypto/Tools/PGP FILE -rw-r--r-- 71064 Jan 13 11:57 pgpshe30.zip Host sune.stacken.kth.se Location: /disk2/OS/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 07:10 pgp Host isy.liu.se Location: /pub/misc DIRECTORY drwxr-xr-x 512 Sep 19 1993 pgp Location: /pub/misc/pgp/2.1 FILE -rw-r--r-- 536118 Jan 11 1993 pgp21.tar.Z FILE -rw-r--r-- 187758 Jan 11 1993 pgp21.zip FILE -rw-r--r-- 436302 Jan 11 1993 pgp21src.zip Location: /pub/misc/pgp/2.2 FILE -rw-r--r-- 209409 Mar 10 1993 pgp22.zip FILE -rw-r--r-- 521550 Mar 10 1993 pgp22src.zip Location: /pub/misc/pgp/2.3 FILE -rw-r--r-- 219951 Jun 17 1993 pgp23.zip Location: /pub/misc/pgp/2.3A FILE -rw-r--r-- 422851 Sep 19 1993 macpgp2.3.cpt.hqx FILE -rw-r--r-- 680985 Sep 19 1993 pgp23A.tar.Z FILE -rw-r--r-- 221332 Sep 19 1993 pgp23A.zip FILE -rw-r--r-- 998 Sep 19 1993 pgp23sigA.asc FILE -rw-r--r-- 547178 Sep 19 1993 pgp23srcA.zip Host lth.se Location: /pub/netnews/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 03:44 pgp-faq Host krynn.efd.lth.se Location: /pub/security FILE -rw-r--r-- 521550 Jul 24 1993 pgp22src.zip Host leif.thep.lu.se Location: /pub/Misc FILE -rw-r--r-- 221332 Jul 23 1993 pgp23A.zip Host ftp.luth.se Location: /pub/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 08:10 pgp Location: /pub/amiga/.1/comm/mail FILE -rw-r--r-- 137861 Jan 26 15:04 PGPMIP.lha FILE -rw-r--r-- 1878 Jan 26 15:04 PGPMIP.readme Location: /pub/amiga/util/crypt FILE -rw-r--r-- 305056 Dec 27 05:41 PGPAmi23a2_src.lha FILE -rw-r--r-- 5569 Dec 27 05:41 PGPAmi23a2_src.readme FILE -rw-r--r-- 342426 Dec 27 05:41 PGPAmi23a_2.lha FILE -rw-r--r-- 820 Dec 27 05:41 PGPAmi23a_2.readme FILE -rw-r--r-- 96585 Oct 1 00:00 PGPAmi23aplus.lha FILE -rw-r--r-- 712 Oct 1 00:00 PGPAmi23aplus.readme FILE -rw-r--r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -rw-r--r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -rw-r--r-- 55993 Mar 21 21:41 PGPSendMail2_0.lha FILE -rw-r--r-- 1455 Mar 21 21:41 PGPSendMail2_0.readme FILE -rw-r--r-- 118058 Apr 15 12:20 PGP_german_docs.lha FILE -rw-r--r-- 234 Apr 15 12:20 PGP_german_docs.readme FILE -rw-r--r-- 17141 Mar 1 13:23 StealthPGP1_0.lha FILE -rw-r--r-- 1198 Mar 1 13:23 StealthPGP1_0.readme Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 22:20 pgp-dec FILE -r--r--r-- 530 Feb 8 22:20 pgp-enc Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 20:38 pgp-dec FILE -r--r--r-- 530 Apr 8 20:38 pgp-enc Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 23:02 pgp-dec FILE -r--r--r-- 530 Apr 11 23:02 pgp-enc Host cs6400.mcc.ac.uk Location: /pub/src FILE -r--r--r-- 455861 Feb 22 15:38 pgp23A.tar.gz - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8 39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3 1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o 3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD /3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB 9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd 6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+ =BLg5 - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLcZthT9nBjyFM+vFAQGFaAP/b4k9Eor58GZRDYny+TKfyZEYbUv8JceW iZnNLFyHiGjPxE/ZTwZlCfRiEaFGhsxskH8RMDfLHmcefpNK5oqD2NVpP6MfgO8w BO6LkZTibNCJoZ/7a5cD0pP1fF1BLFlez70qFr2ZueOXnJXO7pXgzqNzkkfJCYWq y61/YjGJefY= =EZ3J -----END PGP SIGNATURE----- From nobody at jarthur.cs.hmc.edu Fri May 6 10:13:12 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Fri, 6 May 94 10:13:12 PDT Subject: Jim Nalbandian Message-ID: <9405061713.AA09070@toad.com> A Detweiler by any other name is still the same. From pcw at access.digex.net Fri May 6 10:15:25 1994 From: pcw at access.digex.net (Peter Wayner) Date: Fri, 6 May 94 10:15:25 PDT Subject: Double betting and money laundering Message-ID: <199405061714.AA27026@access2.digex.net> >Peter Wayner wrote: > >>Apparently, casinos are now on the lookout for people who >>are teaming up to play both halves of a bet. One casino >>kicked out two guys who apparently were betting on pass >>and don't pass on the craps table. Why were they bothering? >>Was it laundering? Nope. It turns out that casinos hand >>out free "comps" based on the amount of betting that you >>do. This is called being "rated." They notice that you're >>betting $10 chips and figure that the math shows that you'll >>probably lose x dollars per hour. Then they give you free >>room and food to show their appreciation. > >Forgive me, but I am skeptical. I worked for a short while as a licensed >craps dealer in NJ about 10 years ago. There is no combination of bets >on a craps table that will cancell out the house advantage. When I delt, >the house welcomed any combination of bets any player wanted to make, let >alone worrying about what some confederate on the same table might do. > Yes, there is no combination that will cancel out the house odds. I'm guessing that the two craps players hoped that their small losses would be less than the cost of the hotel room that they would win by being comped. The story just reported that the casino kicked out two people who were engaged in this after one demanded to be comped. The article mentioned that casinos seemed to want to comp people at 30% of their expected losses. I'm sort of skeptical of this working out because the expected losses of two players mirroring their bets with an odd/even strategy on the roulette wheel is twice the expected losses of one person just betting straight odd. But who says that gamblers know everything? -Peter From dat at ebt.com Fri May 6 10:20:30 1994 From: dat at ebt.com (David Taffs) Date: Fri, 6 May 94 10:20:30 PDT Subject: Bunch of Clueless Idiots In-Reply-To: <174@lassie.lassie.uucp> Message-ID: <9405061720.AA08297@helpmann.ebt.com> One of the better rants I've seen (and one I agree with more than many)... I see nobody mentioned the infringment of the second amendment by the assault weapons ban. These weapons cause 8.4% of the mortal ... From dave at marvin.jta.edd.ca.gov Fri May 6 10:45:36 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto (the Wizard of TOTOSoft)) Date: Fri, 6 May 94 10:45:36 PDT Subject: Regarding Mr. Nalbandian's Comments In-Reply-To: Message-ID: <9405061745.AA21963@marvin.jta.edd.ca.gov> > > The Usenet newsgroup talk.politics.crypto is for political discussions > > about cryptography of any sort whatsoever. > That assumes that people can get it... And that the noise level allows discussion. Presently, by "killing" LD and DS (both From and Subject fields), < %5 of postings make it thru. Dave Otto -- dave at gershwin.jta.edd.ca.gov -- daveotto at acm.org Consulting P/A "If I could do the math, I would have been an engineer." GAT: d++(-)@ -p+(---) c+++ l u++(-) e++/* m++(*) s-/+ !n h---(*) f+ g+++ w+ t++ r+ y++(*) From avalon at coombs.anu.edu.au Fri May 6 10:53:41 1994 From: avalon at coombs.anu.edu.au (Darren Reed) Date: Fri, 6 May 94 10:53:41 PDT Subject: The ITARs In-Reply-To: <9405041110.AA01123@snark.imsi.com> Message-ID: <9405061753.AA09786@toad.com> > Jim Miller says: > > Section #120.9 of the ITAR defines "Defense Service" as: > > > > (1) The furnishing of assistance (including training) to foreign > > persons, whether in the United States or abroad in the design, > > development, engineering, manufacture, production, assembly, testing, > > repair, maintenance, modification, operation, demilitarization, > > destruction, processing, or use of defense articles; or > > (2) The furnishing to foreign persons of any technical data > > controlled under this subchapter (see #120.10), whether in the United > > States or abroad. > > This is sick. According to this, I cannot teach foreigners about > cryptography in the U.S. -- even about the open literature. This is a > grotesque denial of my first amendment rights. > > I wonder if I should hold an open enrollment cryptography class for > the sake of civil disobediance. > > Perry Are there any bills being considered for congress which would remove cryptography from the munitions umbrella ? I think I remember this being talked about earlier on this list..has it gone anywhere ? (It was needed so that US companies could compete with foreigners in this market or some such). Obviously that ammendment is going to need further application if it only affects export controls. From f_griffith at ccsvax.sfasu.edu Fri May 6 11:20:53 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Fri, 6 May 94 11:20:53 PDT Subject: The Value of Money Message-ID: <9405061820.AA10225@toad.com> > >>> GRABOW_GEOFFREY at tandem.com asked: >>> >>>>Didn't Nixon take the U.S. off of the gold standard? >>>> > >> >>The US$ was devalued from $35 to $38 /oz gold and the Treasury stopped >>redeeming dollars from anyone other than central banks in '69. >>This created a two tier market. The US devalued again in '70 (0r '71) >>to $45 /oz, and then threw in the towel and stopped backing the >>currency with anything other than "the full faith and credit of the >>US government" [:)]. >>US citizens were permitted to own gold bullion again as of Jan '75, >>under Ford. >> >> Jeff >> trestrab at gvsu.edu > Roosevelt eliminated domestic convertibility 1n 1933. Nixon eliminated international convertibility ("closed the gold window" as it's often stated) in August, 1971. The dollar was devalued from 1/35 oz of gold to 1/38 oz in December, 1971. The dollar was devalued from 1/38 oz to 1/42.22 oz in Feb, 1973. Of course, the devaluations didn't really matter since even the international convertibility ha been eliminated. Reynolds From dat at ebt.com Fri May 6 12:04:03 1994 From: dat at ebt.com (David Taffs) Date: Fri, 6 May 94 12:04:03 PDT Subject: Regarding Mr. Nalbandian's Comments In-Reply-To: <9405060408.ZM21714@well.sf.ca.us> Message-ID: <9405061903.AA08368@helpmann.ebt.com> Boy am I embarrassed.... (1) I apologize to the list for again posting unintentionally (that's twice now) -- I'm still learning EMACS, and I forget that it automagically CC's the list more often than my old mail system used to (which was never). (2) I share "Fred Heutte"'s sentiments, in spades, about responding before noticing additional spew... (3) There's still hope that I'll learn eventually... From bal at martigny.ai.mit.edu Fri May 6 12:16:16 1994 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Fri, 6 May 94 12:16:16 PDT Subject: Another URL for PGP announcement... Message-ID: <9405061916.AA11033@toad.com> That URL I posted earlier for MIT's PGP announcement won't work after some time today. (The server is/was located in the Hilton Ballroom and had to be moved.) A more permanent URL is: http://web.mit.edu/network/pgp.html This URL will be updated to include information on how to get PGP 2.5 when it is available. --bal From sandfort at crl.com Fri May 6 12:31:54 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 6 May 94 12:31:54 PDT Subject: RADIO SHOW ABOUT CRYPT Message-ID: C'punks, If you are in the Bay Area, tune to 88.5 FM to hear a public radio show on encryption and privacy. I'll be on for the next half hour (till 12:30 pm PDT) S a n d y From dat at ebt.com Fri May 6 12:39:02 1994 From: dat at ebt.com (David Taffs) Date: Fri, 6 May 94 12:39:02 PDT Subject: legal rqmt for FAX return phone # Message-ID: <9405061938.AA08395@helpmann.ebt.com> I thought I heard somewhere that it was illegal to send anonymous faxes -- namely, that there was some regulation that you had to program your FAX machine with your phone number so it would get sent automagically whenever you faxed anything. Essentially it was ILLEGAL to fax without providing the recipient with a mechanism to find out where it came from. Of course, I suspect enforcement is lax, but still... :-) :-( Can someone please confirm this, or help with a reference? Private e-mail is fine... -- dat at ebt.com (David Taffs) From greg at ideath.goldenbear.com Fri May 6 12:47:55 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Fri, 6 May 94 12:47:55 PDT Subject: "cypherpunks write code" In-Reply-To: <199405061020.DAA12320@nunki.usc.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Michael Brandt Handler writes: > > goal). As it has been said more and more often, 'Cypherpunks write CODE!'. > > > You know, I keep hearing this- why is it that you all seem to think > that writing code is mutually exclusive from talking the politics of > cryptography? Is it so hard to do two things at one time??? I'm sorry, I > just don't get it.. There are folks on the list who would disagree with me, but I'm inclined to liken the "cypherpunks write code" phrase to the older "the personal is the political" phrase (which I've heard most in connection with feminism) and the "direct action" movements, principally in environmentalist and animal-rights causes. I think of it as a reminder to focus on the practical needs for crypto; and as a warning away from pure theory. It's also a way to let knowledge from the sphere of practical application inform theoretical discussions. I see it as roughly parallel to the distinction between academics who talk about revolution, and revolutionaries. :) Sometimes there's some crossover, but frequently not. "Cypherpunks write code" encourages a crypto revolution from the bottom up, not from the top down. (I'd say though, the Cypherpunks list seems to function more as a Leninist avant-garde than a true "people's uprising", as per Mr. Nalbandian's recent comments.) Public-key encryption has been documented in open literature since 1978; but it wasn't until 1991 and the release of PGP that it was easily available to folks not relatively fluent in both programming and math. "Cypherpunks write code" reminds us that it shouldn't take 13 years to turn new developments into user-accessible programs. In any event, I don't think it should be interpreted as a slam against non-programmers, but an exhortation to take some sort of practical action to protect privacy; I mentally include the distribution of disks at PC Expo and John Gilmore's FOIA requests within "writing code", for instance. To me, it really means "don't just sit there! do something!", which can apply to all of us, no matter what our expertise. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcqcN33YhjZY3fMNAQG5/QP/ecyLtR1dGLwvQN6emU82+PktOjIJDvyH JQJiSgPZR12tFWpiQr86LQXVwao1qLH3VjDpT8bz9kHhKXxUYmOMwxiUVnvppLPu WEta2F9WXl27UAq75VMH7MEtHY5RJ0Ap5Vle7qvfb2/XAx34nAG8RIR+Hec0rF8F xkb9hdSUTdI= =t5LS -----END PGP SIGNATURE----- From lile at netcom.com Fri May 6 12:49:39 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 6 May 94 12:49:39 PDT Subject: MBone cypherpunks session... Message-ID: <199405061950.MAA26716@netcom.com> Hi folks, I just started a MBone cypherpunks session and the discription is: session: cypherpunks descript: We're here to stay... Just say *no* to the clipper... It'll just clip your wings so you can't fly... -lile :) -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From lile at netcom.com Fri May 6 13:13:14 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 6 May 94 13:13:14 PDT Subject: MBone cypherpunks session... Message-ID: <199405062014.NAA29577@netcom.com> Hey, if any of you cypherpunks have MBone access, could you see if my session is showing up in sd? I also started a bisex channel. :) -lile From perry at snark.imsi.com Fri May 6 13:32:48 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 6 May 94 13:32:48 PDT Subject: MBone cypherpunks session... In-Reply-To: <199405061950.MAA26716@netcom.com> Message-ID: <9405062032.AA02200@snark.imsi.com> What is the point here? The MBONE isn't like usenet. Sessions aren't free. Personaly, I'd say that frivolous use of the mbone will alienate people. Perry Lile Elam says: > Hi folks, > > I just started a MBone cypherpunks session and the discription is: > > session: cypherpunks > > descript: We're here to stay... Just say *no* to the clipper... > It'll just clip your wings so you can't fly... -lile From shipley at merde.dis.org Fri May 6 13:57:01 1994 From: shipley at merde.dis.org (Evil Pete) Date: Fri, 6 May 94 13:57:01 PDT Subject: MBone cypherpunks session... In-Reply-To: <9405062032.AA02200@snark.imsi.com> Message-ID: <199405062056.NAA19181@merde.dis.org> > >What is the point here? The MBONE isn't like usenet. Sessions aren't >free. Personaly, I'd say that frivolous use of the mbone will alienate >people. > >Perry > no... just cause everyone does not have phone does not mean we shalt not use telephones. just cause everyone does not have email does not mean we shalt not use email -Pete From lile at netcom.com Fri May 6 14:00:03 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 6 May 94 14:00:03 PDT Subject: MBone cypherpunks session... Message-ID: <199405062100.OAA05504@netcom.com> >What is the point here? The MBONE isn't like usenet. Sessions aren't >free. Personaly, I'd say that frivolous use of the mbone will alienate >people. > >Perry I disagree. The MBone is here for us to use. Sessions do cost traffic but not actual dollors to individuals who actually bring it up. You may be limited by the connection you have to the Internet or by the router you have that interconnects you to the Internet though, which will determine what you can see and do on the MBone.. I also feel that such a message that I sent will be well received on the net. I doubt it's going to alienate folks. People are human and like alittle humor with the salt. :) Sad news though. I just found out that the MBone sessions I brought up are not seen outside of my site due to router setups. But I will be able to do such things in the future and you can bet I will. :) Prehaps you would feel better if I didn't actually use the term cypherpunks as you feel it might represent the cypherpunks on this mailing list. I think this is not so. Isn't that term a general one for folks who like to work with encryption and are hackers? -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From nowhere at bsu-cs Fri May 6 14:03:21 1994 From: nowhere at bsu-cs (Anonymous) Date: Fri, 6 May 94 14:03:21 PDT Subject: No Subject Message-ID: <199405062102.QAA18073@bsu-cs.bsu.edu> -----BEGIN PGP SIGNED MESSAGE----- lefty at apple.com (Lefty) says, lef> and then treats us to what he purports to be Mr. Nalbandian's phone number lef> and address. ... lef> Whoever you are, nobody, you're a hypocrite and a coward. Well, it wasn't me, but in any event I dispute this. The use of anonymous remailers does not make one a coward, any more than the use of a pseudonym does (or is your given name "Lefty")? As for the privacy aspect, I believe it may serve the interests of those who desire privacy to point out privacy lapses. Not all the time, but sometimes you have to say, "the emperor has no clothes". For example, would you object to this: an4544 at anon.penet.fi = Eric Robison an68863 at anon.penet.fi = Derek M. Harkins * an51751 at anon.penet.fi = Joe Baptista The anonymous remailer is not so anonymous, is it? Should I have kept the information to myself, or am I right to publicize it? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCdAgUBLcqgALhnz857T+PFAQFiMgQ5ATgHyKZbvMvmj0eAgrK2skL+on77UpU0 dT9w8s70bELL7xThquMMk8HwYrj0LbMEFCwntYstN91x+uiA511qdtjP+lS/OEEN 7sHr3M8JOOeVJlv/KZjX5Whck6ETvdxzjWdrcO6AORltNe1SnI/bOI6GnrHZ7TKW 0HZ8pRak/KpxVsCTRB1kgQ== =35GC -----END PGP SIGNATURE----- From karn at qualcomm.com Fri May 6 14:04:54 1994 From: karn at qualcomm.com (Phil Karn) Date: Fri, 6 May 94 14:04:54 PDT Subject: Clipper on Science Friday Message-ID: <199405062104.OAA10965@servo.qualcomm.com> Today's NPR Science Friday show was on Clipper. Flatow's gFrom owner-cypherpunks Fri May 6 14:28:41 1994 Return-Path: Received: by toad.com id AA13801; Fri, 6 May 94 14:28:41 PDT Received: from research.att.com (ninet.research.att.com) by toad.com id AA13790; Fri, 6 May 94 14:28:34 PDT Message-Id: <9405062128.AA13790 at toad.com> From: smb at research.att.com Received: by gryphon; Fri May 6 17:27:20 EDT 1994 To: cypherpunks at toad.com Subject: Re: MBone cypherpunks session... Date: Fri, 06 May 94 17:27:19 EDT Sender: owner-cypherpunks at toad.com Precedence: bulk I disagree with Perry, at least in the abstract. The mbone is not expensive, if no one is transmitting. First of all, there's no bandwidth reservation; if you're not sending anything, you don't consume anything. Second, the bits are sent only to the networks used by the recipients; a tree is constructed by the mbone routers based on IGMP (sic) packets emitted by the participants. So if IdiotS and IdiotD are having an mbone session, no one else is likely to see any impact... There are two exceptions: the IGMP packets themselves, and the sd announcements. But those are both sent once per minute or less, so they're not much of an issue. For technical information, see http://www.eit.com/techinfo/mbone/mbone.html; Rich Stevens' book ``TCP/IP Illustrated'' has a good discussion of IGMP, though I don't think he talks about mrouted, the mbone routing and tunneling protocol. Besides -- two of the important mbone tools, vat and wb, support encryption. What could be more ideal? That said, an open party line is probably a bad idea. The email load is bad enough on cypherpunks -- there's a *lot* of noise -- without having to listen to Cypherpunk Talk Radio (more likely Cypherpunk Shout Radio...) all day. But a semi-organized conference format, of a given duration, might work. It would be an interesting experiment to try. --Steve Bellovin From lile at netcom.com Fri May 6 14:29:24 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 6 May 94 14:29:24 PDT Subject: MBone cypherpunks session... Message-ID: <199405062130.OAA09701@netcom.com> > >Evil Pete says: >> > >> >What is the point here? The MBONE isn't like usenet. Sessions aren't >> >free. Personaly, I'd say that frivolous use of the mbone will alienate >> >people. >> >> just cause everyone does not have phone does not mean we shalt not >> use telephones. >> >> just cause everyone does not have email does not mean we shalt not use email > >You completely misunderstand. The MBONE is a very scarce resource at >the moment. Setting up teleconferencing sessions that aren't, say, >multicasting a conference (like, say, a Cypherpunks meeting) but are >just being used to let people do what they do on mailing lists at >500,000 times the cost in network bandwidth isn't social. > >Perry > Perry, I think you are not quite clear on how the MBone works. It uses the bases of broadcasting a session once which can be received by the many. Only a few of those many will get involved with the session in the since of retransmitting... There are some WWW sites that have alot of MBone info which you might check out. Urls: http://www.research.att.com/mbone-faq.html http://eitech.com/techinfo/mbone/mbone.html http://www.eit.com/techinfo/mbone/mbone.html http://info.arl.army.mil/ACIS/ACD/MBONE/index.html http://info.brl.mil/ACIS/ACD/MBONE/index.html http://www.gatech.edu/aimosaic/faculty/catrambone.html enjoy! -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From eb at sr.hp.com Fri May 6 14:38:49 1994 From: eb at sr.hp.com (Eric Blossom) Date: Fri, 6 May 94 14:38:49 PDT Subject: Lady Ada's Cryptophone In-Reply-To: <199405060512.WAA15752@jobe.shell.portal.com> Message-ID: <9405062138.AA03452@srlr14.sr.hp.com> > >> Each phone shall have a button (hard or soft) >> which can be pressed by the caller at any time. Pressing >> it will cause a new TDES key to be generated and exchanged. >> [Should it generate a new n and g for D-H, or just create >> a new x and demand a new Y?] Paranoid users can press >> this button every few seconds if they wish. (In my >> humble opinion, even a single-DES phone is quite secure >> if it has this feature.) > >It might be possible to compute the DH in the background while the >conversation is going on, but if the computer is also compressing, >uncompressing, encrypting and decrypting at the same time, that's >not going to be easy. > Another thing to remember is that out of the DH you're going to get somewhere in the neighborhood of 1000 - 2000 bits of secret. Assuming triple DES you only eat up 3*56 = 168 (you may actually use 3*64 = 192 just to keep life simple) of these bits. You can rekey 5-10 times without having to re-exponentiate. Eric Blossom From lefty at apple.com Fri May 6 14:43:13 1994 From: lefty at apple.com (Lefty) Date: Fri, 6 May 94 14:43:13 PDT Subject: Message-ID: <9405062142.AA20752@internal.apple.com> >-----BEGIN PGP SIGNED MESSAGE----- > >lefty at apple.com (Lefty) says, > >lef> and then treats us to what he purports to be Mr. Nalbandian's phone number >lef> and address. >... >lef> Whoever you are, nobody, you're a hypocrite and a coward. > >Well, it wasn't me, but in any event I dispute this. The use of anonymous >remailers does not make one a coward, any more than the use of a pseudonym >does (or is your given name "Lefty")? Certainly the use of an anonymous remailer in and of itself it doesn't make one either a coward or a hypocrite. However, invading someone's privacy by posting their telephone number and home address is a hypocritical act for anyone who expects others to respect their own privacy. Moreover, doing so anonymously is cowardly. And, yes, my using my long-standing nickname, "Lefty", is _quite_ different from posting anonymously. You can reply directly to me using my email address, , which appears in the header of everything I post; moreover, I am responsible for what I post using that ID. See it up there? You can easily determine who I am from that information. is, in effect, a True Name. is not. is not. >As for the privacy aspect, I believe it may serve the interests of those >who desire privacy to point out privacy lapses. Not all the time, but >sometimes you have to say, "the emperor has no clothes". It is not the case that anybody "pointed out a privacy lapse" here. On the contrary, someone _committed_ a privacy lapse by obtaining and posting Mr. Nalbandian's phone number and address _specifically_ as an incitement for people to harass him. This _is_ an invasion of privacy. Are you somehow failing to see that? >For example, would you object to this: > >an4544 at anon.penet.fi = Eric Robison >an68863 at anon.penet.fi = Derek M. Harkins > * >an51751 at anon.penet.fi = Joe Baptista > >The anonymous remailer is not so anonymous, is it? Should I have kept >the information to myself, or am I right to publicize it? What you have supplied represents an invasion of privacy as well, in my opinion. If you were to explain how you came by this information, _that_ might be worth sharing, but simply presenting a mapping of anonyms to truenyms is not. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From dcwill at ee.unr.edu Fri May 6 14:47:52 1994 From: dcwill at ee.unr.edu (D.C. Williams) Date: Fri, 6 May 94 14:47:52 PDT Subject: R the best policy In-Reply-To: Message-ID: <9405062147.AA22438@solstice.unr.edu> > > An open letter to *******: > > Dear Asshole, You play directly into his hands with this. Attention is what he craves. The First Amendment might give him the right to blather on, but it doesn't require anybody to listen to him. If we ignore him, he'll lose interest and migrate to alt.flame. =D.C. From strat at uunet.uu.net Fri May 6 14:57:17 1994 From: strat at uunet.uu.net (Bob Stratton) Date: Fri, 6 May 94 14:57:17 PDT Subject: MBone cypherpunks session... In-Reply-To: <199405062056.NAA19181@merde.dis.org> Message-ID: <9405062156.AA02942@odin.UU.NET> >>>>> "Perry" == Perry E Metzger writes: Perry> You completely misunderstand. The MBONE is a very scarce Perry> resource at the moment. Setting up teleconferencing Perry> sessions that aren't, say, multicasting a conference (like, Perry> say, a Cypherpunks meeting) but are just being used to let Perry> people do what they do on mailing lists at 500,000 times Perry> the cost in network bandwidth isn't social. I'm afraid I must pipe up from my normally quiet mode to agree wholeheartedly with Perry. Those who have been on the MBONE for a while understand how brittle the whole thing is. There have been some useful compromises like "Radio Free Vat" which gives out time slots for people who want to DJ without having all of them set up a full-time session. Also, RFV has a policy to yielding to conferences and the like when they are scheduled. Please be discreet. The core movers behind the MBONE are truly gifted people, and I'd rather have them on our side. Cheers, --Strat From lile at netcom.com Fri May 6 15:00:26 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 6 May 94 15:00:26 PDT Subject: FW: MBone cypherpunks session... Message-ID: <199405062201.PAA13338@netcom.com> Gosh, I think I posted this to cypherpunks earlier... Check to see if your site has a tunnel.... If you have multicast packets coming over your subnet, you can access them via sd and other tools... To ftp them, ftp to: ftp.ee.lnl.gov The audio (vat), whiteboard (wb) & session directory (sd) tools are on ftp.ee.lbl.gov in conferencing/{vat,wb,sd}/*. The most widely used video tool (nv) is available on parcftp.xerox.com in pub/net-research. -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From perry at snark.imsi.com Fri May 6 15:04:38 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Fri, 6 May 94 15:04:38 PDT Subject: MBone cypherpunks session... In-Reply-To: <199405062130.OAA09701@netcom.com> Message-ID: <9405062201.AA02903@snark.imsi.com> Lile Elam says: > >You completely misunderstand. The MBONE is a very scarce resource at > >the moment. Setting up teleconferencing sessions that aren't, say, > >multicasting a conference (like, say, a Cypherpunks meeting) but are > >just being used to let people do what they do on mailing lists at > >500,000 times the cost in network bandwidth isn't social. > > I think you are not quite clear on how the MBone works. It uses the > bases of broadcasting a session once which can be received by the > many. Only a few of those many will get involved with the session > in the since of retransmitting... Could you post that in English? "the since of retransmitting" sounds especially interesting. I'm quite clear on how the MBone works. Anyway, I'll summarise my opinion on this subject. If no one is using it it takes up no bandwidth. Naturally, if no one is using it having a session doesn't make much sense. If very few people are using it phone calls are cheaper and better on the ears, so having the session makes no sense. If large numbers are using it the technology makes considerable sense provided that what one is multicasting is something like an IETF or Cypherpunks meeting, but if its just a few random folk chatting, the session isn't justified -- one is spending a huge amount of networkd bandwidth on something that Netnews or IRC is far better suited for. Perry From lile at netcom.com Fri May 6 15:14:37 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 6 May 94 15:14:37 PDT Subject: MBone cypherpunks session... Message-ID: <199405062215.PAA14830@netcom.com> Perry, Actually I think that Steve (smb at research.att.com) described it best. Please note his post about the MBone structure. I am going to drop this debate with you as I don't want to use up needless bandwidth. :) cheers, -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From unicorn at access.digex.net Fri May 6 15:17:29 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 6 May 94 15:17:29 PDT Subject: Anonymous, nobody, lefty and Jimbo In-Reply-To: <199405062102.QAA18073@bsu-cs.bsu.edu> Message-ID: <199405062217.AA10329@access1.digex.net> > > -----BEGIN PGP SIGNED MESSAGE----- > > lefty at apple.com (Lefty) says, > > lef> and then treats us to what he purports to be Mr. Nalbandian's phone > lef> number > lef> and address. > ... > lef> Whoever you are, nobody, you're a hypocrite and a coward. Anonymous replies: > Well, it wasn't me, but in any event I dispute this. The use of anonymous > remailers does not make one a coward, any more than the use of a pseudonym > does (or is your given name "Lefty")? > > As for the privacy aspect, I believe it may serve the interests of those > who desire privacy to point out privacy lapses. Not all the time, but > sometimes you have to say, "the emperor has no clothes". > > For example, would you object to this: > > an4544 at anon.penet.fi = XXXX XXXXXXX > an68863 at anon.penet.fi = XXXX XXXXXXX > an51751 at anon.penet.fi = XXXX XXXXXXX [My deletions in X's] > The anonymous remailer is not so anonymous, is it? Should I have kept > the information to myself, or am I right to publicize it? > > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a [...] > -----END PGP SIGNATURE----- > > I took it upon myself to poke around a bit and this is what I came up with: The phone number and address are indeed belonging to one Jim Nalbandian in Tempe, AZ. They are listed, published, and publicly available. I guess the bottom line question is when is privacy the burden of the user? Is it Mr. Nalbandian's obligation to take steps for privacy? How much at fault can "nobody" be at for publishing information that Mr. Nalbandian could have shielded for pennies? (If indeed it is the same Jim Nalbandian) Mr. N's signature held his state and city of residence. It is no great accomplishment for anyone to look up his published information. Posting it to the net might have been "sleazy" in the eyes of some, but no worse than circumventing copyright laws with the "Information Liberation Front." In fact one could argue that "nobody"'s actions were above this sort of criticism. (I should note that I do not express any personal opinion on the ILF one way or the other). Mr(s). Anonymous' actions are a separate matter. Mr(s). Anonymous outed penet.fi accounts that were created with the express intent of shielding identity. This to me is a more offensive issue. Indeed Mr(s). Anonymous is (probably) correct when (s)he makes the point that the penet.fi remailer isn't very secure, but this point could have been made without the ramifications of outing those who might not look on it too fondly. I hope none of them are frequent alt.sexual.abuse.recovery users. Mr(s). Anonymous should probably consider exposing the method of compromise and the specific compromise to the parties and ask them to come forward to the list to verify the security hole. Taking it upon him(er)self to make that outing decision is more than obnoxious if it was done without consent. Even positing the addresses that were compromised wouldn't have been bad if they were not associated with actual addresses. In short Mr(s). Anonymous, if security was your goal, you didn't have to hurt people to accomplish it. Stands to reason that your motivations lie elsewhere. In short Lefty: Privacy comes to those who seek it. Crypto helps those who help themselves. As for cowards, did you ever complain when anyone violated copyright law via an anonymous account? In short nodody: Be nice. Call Mr. Nalbandian first next time, THEN out him. Mr. Nalbandian got exactly what privacy he paid for: None. "nobody" saved us all the $0.75 a long distance information call costs. Multiply that in the aggregate and you have some nice money. Mr(s). Anonymous may have burdened the community with a net social cost. Damaged reputations from the outing, damaged repute for remailers that might be so abused. I think it worth noting that Mr. Nalbandian hasn't posted since "nobody"'s letter. A considerable social gain in my view. Perhaps Mr. Nalbandian will take an interest in privacy now, another considerable social gain. -uni- (Dark) From andy at autodesk.com Fri May 6 15:18:14 1994 From: andy at autodesk.com (Andrew Purshottam) Date: Fri, 6 May 94 15:18:14 PDT Subject: Putting new PGP on company machines. Message-ID: <199405062158.OAA29578@meefun.autodesk.com> Has anyone asked the company shysters about the legal status of MIT-PGP? I'd really like to have and use pgp at work, but have hesitated about putting it our machines here, as we are so prim and proper (in public) about intellectual property. Andy From phantom at u.washington.edu Fri May 6 15:35:28 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Fri, 6 May 94 15:35:28 PDT Subject: Message to Pr0duct Cypher Message-ID: I've been using magic money, the digital cash implementation. I have a few requests that maybe you could think about. 1) any hope for a macintosh version anytime soon? I've had a number of requests for it... 2) it seems possible to write a routine to report on the banks' current money supply; It'd be useful for me, anyhow. Using the info in elist.dat and dlist.dat and spent.dat I think it'd be trivial. Is it? more later.. mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From lefty at apple.com Fri May 6 15:38:23 1994 From: lefty at apple.com (Lefty) Date: Fri, 6 May 94 15:38:23 PDT Subject: Anonymous, nobody, lefty and Jimbo Message-ID: <9405062237.AA21508@internal.apple.com> Black Unicorn writes > >I took it upon myself to poke around a bit and this is what I came up with: > >The phone number and address are indeed belonging to one Jim Nalbandian >in Tempe, AZ. They are listed, published, and publicly available. I >guess the bottom line question is when is privacy the burden of the >user? Is it Mr. Nalbandian's obligation to take steps for privacy? How >much at fault can "nobody" be at for publishing information that Mr. >Nalbandian could have shielded for pennies? Would it be your position then, that, say, any woman who doesn't happen to have an unlisted phone number is fair game to have her name and number written in a toilet stall in Grand Central Station with the notation "For a Good Time, call..."? You wouldn't feel that to be an invasion of privacy? (If indeed it is the same >Jim Nalbandian) Mr. N's signature held his state and city of residence. >It is no great accomplishment for anyone to look up his published >information. Posting it to the net might have been "sleazy" in the eyes >of some, but no worse than circumventing copyright laws with the "Information >Liberation Front." In fact one could argue that "nobody"'s actions were above >this sort of criticism. (I should note that I do not express any >personal opinion on the ILF one way or the other). Sorry, but we clearly disagree here. I view it as a clear incitement to harassment, and, in my opinion, _that_ constitutes an invasion of privacy. >In short Lefty: Privacy comes to those who seek it. No. Privacy is, or should be, the right of all. I don't have to do anything special to enjoy my rights to free speech or free assembly. I should not have to take special measures to enjoy my right to privacy, either. If I don't lock my front door, that doesn't imply that anyone can walk into my house. To do so would _still_ be an invasion of privacy. >Mr. Nalbandian got exactly what privacy he paid for: None. This misses the point entirely. Even the indigent have a right to privacy. >"nobody" saved us all the $0.75 a long distance information call costs. >Multiply that in the aggregate and you have some nice money. > >I think it worth noting that Mr. Nalbandian hasn't posted since "nobody"'s >letter. A considerable social gain in my view. Perhaps Mr. Nalbandian will >take an interest in privacy now, another considerable social gain. "Hey! The ends _do_ justify the means!" -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jims at Central.KeyWest.MPGN.COM Fri May 6 15:43:24 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Fri, 6 May 94 15:43:24 PDT Subject: Alleged security hole at penet.fi In-Reply-To: <199405062217.AA10329@access1.digex.net> Message-ID: <9405062242.AA29891@Central.KeyWest.MPGN.COM> >Anonymous should probably consider exposing the method of compromise and the >specific compromise to the parties and ask them to come forward to the list to >verify the security hole. I wonder if there is a security hole in or around penet.fi or if Anonymous discovered the identities via email communications. Certainly worth investigating if a security hole is likely, but I have my doubts. Take care Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From bdolan at well.sf.ca.us Fri May 6 15:46:21 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Fri, 6 May 94 15:46:21 PDT Subject: some animals are more equal than others Message-ID: <199405062245.PAA03945@well.sf.ca.us> In the news: A judge has dismissed drug charges against a daughter of Rep. Dan Rostenkowski, saying police had conducted an illegal search. ...police found a gram of cocaine in her car. ... On Thursday, Criminal Court Judge Michael Toomin ruled that the officers didn't have probable cause to conduct the search. *EXCUSE ME!* Since when have the cops and judges cared about legality of searches? Am I confused? Wasn't Bill in Chicago two weeks ago explaining why we needed to do illegal searches to root out drugs? Oh, I forgot. He meant the searches for *US*. Not *THEM*. From warlord at MIT.EDU Fri May 6 15:50:43 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 6 May 94 15:50:43 PDT Subject: Putting new PGP on company machines. In-Reply-To: <199405062158.OAA29578@meefun.autodesk.com> Message-ID: <9405062250.AA09569@toxicwaste.media.mit.edu> > Has anyone asked the company shysters about the legal status of MIT-PGP? > I'd really like to have and use pgp at work, but have hesitated about > putting it our machines here, as we are so prim and proper (in public) > about intellectual property. Asked them what? When PGP 2.5 is released (what you call MIT-PGP), it *WILL* be legal in the US. It will use RSAREF 2.0, so there will be no question as to its legality in the US for non-commercial purposes. -derek From lefty at apple.com Fri May 6 15:56:12 1994 From: lefty at apple.com (Lefty) Date: Fri, 6 May 94 15:56:12 PDT Subject: some animals are more equal than others Message-ID: <9405062255.AA21707@internal.apple.com> >*EXCUSE ME!* Since when have the cops and judges cared about legality >of searches? For about thirty years now. You might recall kind of a major uproar when Ed Meese proposed throwing out the probable cause restrictions on searches several years back. >Am I confused? Well, frankly, it looks that way to me. >Oh, I forgot. He meant the searches for *US*. Not *THEM*. Get a grip. This isn't the first search that was thrown out for lack of probable cause. Call your local ACLU chapter. They can tell you all about it. Or do you feel that she should have been treated especially harshly for being the daughter of a Congressman? -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From paul at hawksbill.sprintmrn.com Fri May 6 15:58:03 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 6 May 94 15:58:03 PDT Subject: Putting new PGP on company machines. In-Reply-To: <199405062158.OAA29578@meefun.autodesk.com> Message-ID: <9405062358.AA11428@hawksbill.sprintmrn.com> > > Has anyone asked the company shysters about the legal status of MIT-PGP? > I'd really like to have and use pgp at work, but have hesitated about > putting it our machines here, as we are so prim and proper (in public) > about intellectual property. > Anonymous (nowhere at bsu-cs.bsu.edu) asked a good question earlier -- one which I have not seen an answer. Personally, I'd like to know the same thing, and that is, can someone shed some light on this rumored version of PGP 2.5 (MIT-PGP?)? - paul From unicorn at access.digex.net Fri May 6 16:34:12 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 6 May 94 16:34:12 PDT Subject: Anonymous, nobody, lefty and Jimbo In-Reply-To: <9405062237.AA21508@internal.apple.com> Message-ID: <199405062333.AA15360@access1.digex.net> > > Black Unicorn writes > > > >I took it upon myself to poke around a bit and this is what I came up with: > > > >The phone number and address are indeed belonging to one Jim Nalbandian > >in Tempe, AZ. They are listed, published, and publicly available. I > >guess the bottom line question is when is privacy the burden of the > >user? Is it Mr. Nalbandian's obligation to take steps for privacy? How > >much at fault can "nobody" be at for publishing information that Mr. > >Nalbandian could have shielded for pennies? > > Would it be your position then, that, say, any woman who doesn't happen to > have an unlisted phone number is fair game to have her name and number > written in a toilet stall in Grand Central Station with the notation "For a > Good Time, call..."? You wouldn't feel that to be an invasion of privacy? Parade of horrors. Comparing this list to a bathroom stall wall is something of a short sell for all those on the list. If this woman had posted provocatively to the list (Intellectually, not sexually you smart guys) with her name and city in the signature, I think perhaps you'd be closer. Even that example strays far from the facts at hand. If your question then only differs in gender from the facts really at hand, then my answer is that there is no invasion of privacy. > > (If indeed it is the same > >Jim Nalbandian) Mr. N's signature held his state and city of residence. > >It is no great accomplishment for anyone to look up his published > >information. Posting it to the net might have been "sleazy" in the eyes > >of some, but no worse than circumventing copyright laws with the "Information > >Liberation Front." In fact one could argue that "nobody"'s actions were above > >this sort of criticism. (I should note that I do not express any > >personal opinion on the ILF one way or the other). > > Sorry, but we clearly disagree here. I view it as a clear incitement to > harassment, and, in my opinion, _that_ constitutes an invasion of privacy. I guess we do disagree. You seem to want to assert Mr. Nalbandian's rights for him. He made no effort to conceal his identity or phone number in any meaningful way. Your version of privacy would forbid you from looking in the telephone directory to complain to the manager of Domino's pizza. If he was harassed there is an appropriate remedy for that in Tort law. File a harassment or stalking suit. Don't try to shield it with some far reaching extension of privacy rights. In fact it was Mr. Nalbandian who incited people (like "nobody") to harass him. Case in point, the many harassing messages posted to the list. Those were messages that scalded through the net and penetrated his very personal computer probably RIGHT IN HIS HOME! I think there's an invasion of privacy here! You never did answer my copyright coward question. > >In short Lefty: Privacy comes to those who seek it. > > No. Privacy is, or should be, the right of all. I don't have to do > anything special to enjoy my rights to free speech or free assembly. I > should not have to take special measures to enjoy my right to privacy, > either. You do have to exercise your rights. You have to comply with the regulations set out before you can assemble, or demonstrate. You have to demonstrate or assemble to exercise those rights regardless of those regulations. It's hard to claim your right of free speech has been violated when you haven't tried to speak. It's difficult to claim your right to assemble has been violated when you were at home all day. Look to the Supreme Court for a sample of the necessity of exerting an expectation of privacy over a thing to have that right protected. See e.g., _Florida v. Riley_, 488 U.S. 445 (1989); _California v. Greenwood_, 486 U.S. 108 (1988). Even so I think there are things that are per se private regardless of any attempt to protect them. Medical records for example. Having this apply to published phone numbers is a little excessive. > If I don't lock my front door, that doesn't imply that anyone can walk into > my house. To do so would _still_ be an invasion of privacy. Because the home is implicitly a personal realm. Extending this argument to the phonebook is more than a little out of hand. > >Mr. Nalbandian got exactly what privacy he paid for: None. > > This misses the point entirely. Even the indigent have a right to privacy. And most phone companies provide waivers for those who cannot afford to pay for non-published or unlisted phone numbers. Are you alleging Mr. N is an indigent? In any event this does not speak to the basic question as to what type of privacy right does one have to a published and listed phone number and address? > >"nobody" saved us all the $0.75 a long distance information call costs. > >Multiply that in the aggregate and you have some nice money. > > > >I think it worth noting that Mr. Nalbandian hasn't posted since "nobody"'s > >letter. A considerable social gain in my view. Perhaps Mr. Nalbandian will > >take an interest in privacy now, another considerable social gain. > > "Hey! The ends _do_ justify the means!" And the means in this case were hardly offensive. > -- > Lefty (lefty at apple.com) > C:.M:.C:., D:.O:.D:. > > > You'll not find one more for privacy rights when they are manifested than me. A person who seeks to participate in a semi-public forum bears to some degree the responsibility of keeping that information which he or she would not like exposed protected. Once there is the slightest effort to protect that information, any attempt to extract it is a violation of privacy in my view. You'll find this basic theory of privacy rights follows the root concepts that make up privacy law in the United States. But the U.S. law only goes so far. I even go even farther. So far as to insist there is a right of privacy in license plates because those are mandatory requirements for the operation of an automobile, among other things. But to assert that one who signs his name to a baiting post has an expectation or a right of privacy to his name and identity is silly. Had Mr. Nalbandian only signed his first name, I would be on your side. As it is, I cannot see it your way. I don't defend "nobody" because I feel he or she did something right. I don't in fact defend "nobody" at all. I only assert that Mr. Nalbandian has no reasonable expectation of privacy in his name and phone number when he all but hands them out. I think we both agree that Mr(s). Anonymous way crossed the line with the penet.fi release however. -uni- (Dark) From andy at autodesk.com Fri May 6 16:43:21 1994 From: andy at autodesk.com (Andrew Purshottam) Date: Fri, 6 May 94 16:43:21 PDT Subject: Putting new PGP on company machines. In-Reply-To: <9405062250.AA09569@toxicwaste.media.mit.edu> Message-ID: <199405062329.QAA29889@meefun.autodesk.com> For starters, does use by employees at work for routine email count as "non-commercial"? From smb at research.att.com Fri May 6 16:49:42 1994 From: smb at research.att.com (smb at research.att.com) Date: Fri, 6 May 94 16:49:42 PDT Subject: Putting new PGP on company machines. Message-ID: <9405062349.AA16716@toad.com> > Has anyone asked the company shysters about the legal status of MIT- PGP? > I'd really like to have and use pgp at work, but have hesitated abou t > putting it our machines here, as we are so prim and proper (in publi c) > about intellectual property. Asked them what? When PGP 2.5 is released (what you call MIT-PGP), it *WILL* be legal in the US. It will use RSAREF 2.0, so there will be no question as to its legality in the US for non-commercial purposes. Two things come to mind. First, some company lawyers may not like the provisions of the RSAREF license. At the very least, most companies with on-staff lawyers would want them to glance at it. Second, I've never seen a comparable piece of electronic ``paper'' about IDEA. Have you seen something from the patent owners themselves? Not that I have any doubts -- but I've seen cases where lawyers demanded a paper trail of agreements from the patent assignee of record as listed in the Official Gazette. The answers may be obvious to some folks on this list -- but most of us aren't lawyers. From lefty at apple.com Fri May 6 17:13:14 1994 From: lefty at apple.com (Lefty) Date: Fri, 6 May 94 17:13:14 PDT Subject: Anonymous, nobody, lefty and Jimbo Message-ID: <9405070012.AA22968@internal.apple.com> >I guess we do disagree. You seem to want to assert Mr. Nalbandian's >rights for him. He made no effort to conceal his identity or phone >number in any meaningful way. Your version of privacy would forbid you >from looking in the telephone directory to complain to the manager of >Domino's pizza. Not at all. It would, however, forbid me from posting his home address and phone number to the net with the notation "This son-of-a-bitch sold me a lousy pizza! Feel free to phone him at five a.m." >If he was harassed there is an appropriate remedy for that in Tort law. >File a harassment or stalking suit. Don't try to shield it with some far >reaching extension of privacy rights. Er, file a harassment or stalking suit against _whom_, precisely? >In fact it was Mr. Nalbandian who incited people (like "nobody") to >harass him. Case in point, the many harassing messages posted to the >list. "Hey! Two wrongs _do_ make a right!" >You never did answer my copyright coward question. I don't view it as being germane to the matter at hand. I do feel that posting copyrighted material via an anonymous ID is wrong. >It's hard to claim your right of free speech has been violated >when you haven't tried to speak. Do you claim that a person without an unlisted number has no right to privacy as far As the phone is concerned, then? >> "Hey! The ends _do_ justify the means!" > >And the means in this case were hardly offensive. Oh, well, that makes it just fine, then. >Once there is the slightest effort to >protect that information, any attempt to extract it is a violation of privacy >in my view. Here's where we differ. By failing to include his home phone number and address in his postings, I believe that Mr. Nalbandian _did_ make "the slightest effort". If he had included them in his sig, for instance, I would agree with you. >Had Mr. Nalbandian only signed his first name, I would >be on your side. As it is, I cannot see it your way. What if he had only signed his first name, but included his last name if you were to finger his account? >I only assert that Mr. Nalbandian >has no reasonable expectation of privacy in his name and phone number >when he all but hands them out. I think it's that "all but" that we're stuck on here. By your reasoning, anyone whose phone number can be derived by anything short of illegal means is "all but handing it out". >I think we both agree that Mr(s). Anonymous way crossed the line with the >penet.fi release however. Yes. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From sandfort at crl.com Fri May 6 17:16:52 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 6 May 94 17:16:52 PDT Subject: Putting new PGP on company machines. In-Reply-To: <9405062349.AA16716@toad.com> Message-ID: C'punks, With regard to the thread about: >> Has anyone asked the company shysters about the legal status of MIT-PGP? Remember, it is easier to get forgiveness than permission. S a n d y From randy at pilot.com Fri May 6 17:29:41 1994 From: randy at pilot.com (Randy Antler) Date: Fri, 6 May 94 17:29:41 PDT Subject: legal rqmt for FAX return phone # Message-ID: <9405070028.AA24291@pilot.com> > Begin forwarded message: > > Date: Fri, 6 May 94 12:38:30 PDT > From: dat at ebt.com (David Taffs) > To: cypherpunks at toad.com > Subject: legal rqmt for FAX return phone # > Content-Length: 539 > Sender: owner-cypherpunks at toad.com > Precedence: bulk > > > I thought I heard somewhere that it was illegal to send > anonymous faxes -- namely, that there was some regulation > that you had to program your FAX machine with your phone > number so it would get sent automagically whenever you > faxed anything. Essentially it was ILLEGAL to fax without > providing the recipient with a mechanism to find out where > it came from. Of course, I suspect enforcement is lax, but > still... :-) :-( > > Can someone please confirm this, or help with a reference? > Private e-mail is fine... > > -- > dat at ebt.com (David Taffs) I was _just_ speaking with a few technicians at various FAX management software vendors. A couple of them were saying that identifying the return telephone number on incomings FAXes is highly problematic. There are no established standards regarding the format or presentation of the return FAX number information. Also, some older FAX machines may or may not have the feature at all. I wonder, however, because it seems to me that whenever I've received FAXes in the past (not exactly commonplace) they have always had the return FAX number somewhere at the top of the page. -- randy at pilot.com (home address) NeXTMAIL randy at nacm.com (work address) Welcome! *Out* and _proud_ of it! (public key on keyservers) ________________________________________________________________________ "We are here! We are here! We are here!" -- Horton and the Who ________________________________________________________________________ GCS(GAT): d--(---/-d+) p-@ c+++@ l u++@ e* m+/++ s/+ n+(---) h(--) f* g+ w++/+++ t++ r(-) y+(*) From mch at sqwest.wimsey.bc.ca Fri May 6 17:45:40 1994 From: mch at sqwest.wimsey.bc.ca (Mark C. Henderson) Date: Fri, 6 May 94 17:45:40 PDT Subject: Putting new PGP on company machines. Message-ID: <9405070044.AA08724@squll.west.sq.com> > For starters, does use by employees at work for routine email count > as "non-commercial"? > For the purposes of RSAREF 2.0, the answer is yes. But I don't know about the IDEA patent. Mark From harveyrj at vt.edu Fri May 6 18:03:57 1994 From: harveyrj at vt.edu (R. J. Harvey) Date: Fri, 6 May 94 18:03:57 PDT Subject: legal rqmt for FAX return phone # Message-ID: <9405070103.AA17833@toad.com> -----BEGIN PGP SIGNED MESSAGE----- hi: > >I thought I heard somewhere that it was illegal to send >anonymous faxes -- namely, that there was some regulation >that you had to program your FAX machine with your phone >number so it would get sent automagically whenever you >faxed anything. Essentially it was ILLEGAL to fax without >providing the recipient with a mechanism to find out where >it came from. Of course, I suspect enforcement is lax, but >still... :-) :-( > >Can someone please confirm this, or help with a reference? >Private e-mail is fine... > according to the manual I received with my copy of WinFax Lite (p. 2-10), "recently passed US legislation" requires date, time, ID of entity, and tel # of sender. unfortunately, it doesn't say WHAT that legislation might be! the copyright on the manual is June 1993. rj -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcqqITaPaZsSlprpAQEQ/AQArQ30Lf44sWmUPvBtM4SYznTl9cE6nevQ ZZWaBPGgJDwz6lYJo+82VsTatXa7IRyOBjp8BVaNuOIKl4/FA7MzmztwluMrfJvZ sdwdNYfpLr3nVnVKbGqQUWT7jmt6+472iUASo4oAQGfPz1ekipi+QpTJ/fJoTEjj SRtEUYLBrwQ= =DZhw -----END PGP SIGNATURE----- --------------------------------------------------------------- R. J. Harvey (harveyrj.beva.blacksburg.va.us) email: harveyrj at vt.edu PGP fingerprint F9 67 AD DC C3 D5 48 DE C4 1E B5 DF 24 50 11 95 From hughes at ah.com Fri May 6 18:06:38 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 6 May 94 18:06:38 PDT Subject: The ITARs In-Reply-To: <9405061753.AA09786@toad.com> Message-ID: <9405070105.AA08395@ah.com> Are there any bills being considered for congress which would remove cryptography from the munitions umbrella ? HR3627, sponsored by Maria Cantwell. Eric From nobody at jarthur.cs.hmc.edu Fri May 6 18:09:05 1994 From: nobody at jarthur.cs.hmc.edu (nobody at jarthur.cs.hmc.edu) Date: Fri, 6 May 94 18:09:05 PDT Subject: Anonymous? Message-ID: <9405070108.AA17959@toad.com> -----BEGIN PGP SIGNED MESSAGE----- lefty at apple.com (Lefty) says, lef> >For example, would you object to this: lef> > lef> >an4544 at anon.penet.fi = XXXX lef> (etc.) lef> What you have supplied represents an invasion of privacy as well, lef> in my opinion. If you were to explain how you came by this lef> information, _that_ might be worth sharing, but simply presenting lef> a mapping of anonyms to truenyms is not. Gladly. The problem was described in comp.risks, volume 15, number 17, and I'll reproduce it below. Two of the i.d.'s above were posted in alt.test, with unusual signatures which Julf's software was unable to strip; the third person posted his anon i.d. in his .sig, apparently so that people could write him anonymously. These are protocol failures, resulting from an incomplete understanding of the anonymous posting procedure. Note that chop.ucsd.edu is also liable to this abuse, but Matthew Ghio's service is somewhat more resistant. === BEGIN QUOTED ARTICLE === Date: Thu, 21 Oct 1993 01:51:07 UTC From: an32153 at anon.penet.fi Subject: Dangers of anonymous remailers Recently, I asked for information on Usenet, but wanted to remain anonymous, so I used an anonymous remailer to post. Most people have seen anonymous postings, and some people have probably replied to them. What many people probably never think about is the following text at the end of every post (that you will see at the end of my post): > Due to the double-blind, any mail replies to this message will be anonymized, > and an anonymous id will be allocated automatically. You have been warned. This means that if Bill replies to my anonymous posting, it will go through the remailer and become anonymized. If Bill has sent an anonymous message before, I will receive mail from him with his (permanent) anonymous id. If he puts in his signature at the end of his mail (which I always do when replying to a stranger), he will be giving me his anonymous id with his "real" id. I can then save this information in a database and cross-reference it with any anonymous postings. In fact, I have been doing just that. I use the "Insidious Big Brother Database" (bbdb) from within emacs, and it automatically inserts email senders into my database, and marks all net-news headers from people in my database. I do this just because I'm curious, not malicious. My database is encrypted, so only I can read it. I could be evil, though. I could post flame-bait in newsgroups like alt.sexual.abuse.recovery, save all the information from people that flame me, and then post the cross-references to alt.rush.limbaugh. Or I could do worse. Be careful to whom you reply. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCcAgUBLcrjsbhnz857T+PFAQGdWAQ3bgmHVNYLCkARHzocOHX3cdzG3K6h4P6/ FmsZspJRAzMLIn3/QBJ7qYcTtD01jT7SClbCqsilCce6rGfkn6ALgyWbU5KSJp1h /Gl4zjJHCPRBWHlh3hh1StSycuJp+VR2gZ6fOYnTEdCvVWkTx6oljPTbJUjnhTPP whAbyDPWXfntD4gf7m4R =HjbX -----END PGP SIGNATURE----- From paul at hawksbill.sprintmrn.com Fri May 6 18:43:33 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 6 May 94 18:43:33 PDT Subject: (fwd) EFF's Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94 (fwd) Message-ID: <9405070245.AA14271@hawksbill.sprintmrn.com> Forwarded message: > From: mech at eff.org (Stanton McCandlish) > Newsgroups: talk.politics.crypto > Subject: EFF's Jerry Berman testimony - House Clipper/DigTel hearing 5/3/94 > Date: 6 May 1994 11:11:10 -0500 > Organization: UTexas Mail-to-News Gateway > Lines: 491 > Sender: daemon at cs.utexas.edu > Approved: mech at eff.org > Message-ID: <199405061610.MAA06408 at eff.org> > NNTP-Posting-Host: cs.utexas.edu > > > > > Testimony > > of > > Jerry J. Berman, Executive Director > Electronic Frontier Foundation > > before the > > Committee on Science, Space and Technology > > Subcommittee on Technology, Environment and > Aviation > > U.S. House of Representatives > > > Hearing on > > Communications and Computer Surveillance, Privacy > and Security > > > May 3, 1994 > > Mr. Chairman and Members of the Committee > > I want to thank you for the opportunity to testify today on > communications > and computer surveillance, privacy, and security policy. The Electronic > Frontier Foundation (EFF) is a public interest membership organization > dedicated to achieving the democratic potential of new communications > and computer technology and works to protect civil liberties in new > digital environments. EFF also coordinates the Digital Privacy and > Security Working Group (DPSWG), a coalition of more than 50 computer, > communications, and public interest organizations and associations > working on communications privacy issues. The Working Group has > strongly opposed the Administration's clipper chip and digital telephony > proposals. > EFF is especially pleased that this subcommittee has taken an > interest in these issues. It is our belief that Administration policy > developed in this area threatens individual privacy rights, will thwart > the development of the information infrastructure, and does not even > meet the stated needs of law enforcement and national security agencies. > A fresh and comprehensive look at these issues is needed. > > > I. Background on digital privacy and security policy > ------------------------------------------------------- > > From the beginning of the 1992 Presidential campaign, President > Clinton and Vice President Gore committed themselves to support the > development of the National Information Infrastructure. They recognize > that the "development of the NII can unleash an information revolution > that will change forever the way people live, work, and interact with > each other." They also know that the information infrastructure can > only realize its potential if users feel confident about security > measures available. > If allowed to reach its potential, this information infrastructure > will carry vital personal information, such as health care records, > private communications among friends and families, and personal > financial transactions. The business community will transmit valuable > information such as plans for new products, proprietary financial data, > and other strategic communications. If communications in the new > infrastructure are vulnerable, all of our lives and businesses would be > subject to both damaging and costly invasion. > In launching its Information Infrastructure Task Force (IITF) the > Clinton Administration recognized this when it declared that: > > The trustworthiness and security of communications channels and > networks are essential to the success of the NII.... Electronic > information systems can create new vulnerabilities. For example, > electronic files can be broken into and copied from remote locations, > and cellular phone conversations can be monitored easily. Yet these > same systems, if properly designed, can offer greater security than > less advanced communications channels. [_Agenda_for_Action_, 9] > > Cryptography -- technology which allows encoding and decoding of > messages -- is an absolutely essential part of the solution to > information security and privacy needs in the Information Age. Without > strong cryptography, no one will have the confidence to use networks to > conduct business, to engage in commercial transactions electronically, > or to transmit sensitive personal information. As the Administration > foresees, we need > > network standards and transmission codes that facilitate > interconnection and interoperation between networks, and ensure the > privacy of persons and the security of information carried.... > [_Agenda_for_Action_, 6] > > While articulating these security and privacy needs, the Administration > has also emphasized that the availability of strong encryption poses > challenges to law enforcement and national security efforts. Though the > vast majority of those who benefit from encryption will be law abiding > citizens, some criminals will find ways to hide behind new technologies. > > > II. Current cryptography policy fails to meet the needs of > ------------------------------------------------------------ > the growing information infrastructure > ---------------------------------------------- > > As a solution to the conflict between the need for user privacy > and the desire to ensure law enforcement access, the Administration has > proposed that individuals and organizations who use encryption deposit a > copy of their private key -- the means to decode any communications they > send -- with the federal government. > In our view, this is not a balanced solution but one that > undermines the need for security and privacy without resolving important > law enforcement concerns. It is up to the Congress to send the > Administration back to the drawing board. > > A. Current Export Controls and New Clipper Proposal Stifle Innovation > ------------------------------------------------------------------------ > > Two factors are currently keeping strong encryption out of the > reach of United States citizens and corporations. First, general > uncertainty about what forms of cryptography will and will not be legal > to produce in the future. Second, export controls make it economically > impossible for US manufacturers that build products for the global > marketplace to incorporate strong encryption for either the domestic or > foreign markets. Despite this negative impact on the US market, export > controls are decreasingly successful at limiting the foreign > availability of strong encryption. A recent survey shows that of the > more than 260 foreign encryption products now available globally, over > 80 offer encryption which is stronger than what US companies are allowed > to export. Export controls do constrain the US market, but the > international market appears to be meeting its security needs without > help from US industry. The introduction of Clipper fails to address the > general uncertainty in the cryptography market. Announcement of a key > escrow policy alone is not sufficient to get the stalled US cryptography > market back on track. > > B. The secrecy of the Clipper/Skipjack algorithm reduces public trust > ------------------------------------------------------------------------ > and casts doubt on the voluntariness of the whole system > -------------------------------------------------------------- > > Many parties have already questioned the need for a secret > algorithm, especially given the existence of robust, public-domain > encryption techniques. The most common explanation given for use of a > secret algorithm is the need to prevent users from bypassing the key > escrow system proposed along with the Clipper Chip. Clipper has always > been presented by the Administration as a voluntary option. But if the > system is truly voluntary, why go to such lengths to ensure compliance > with the escrow procedure? > > C. Current plans for escrow system offer inadequate technical > ---------------------------------------------------------------- > security and insufficient legal protections for users > ----------------------------------------------------------- > > The implementation of a nationwide key escrow system is clearly a > complex task. But preliminary plans available already indicate several > areas of serious concern: > > 1. _No_legal_rights_for_escrow_users_: As currently written, the > escrow procedures insulate the government escrow agents from any legal > liability for unauthorized or negligent release of an individual's key. > This is contrary to the very notion of an escrow system, which > ordinarily would provide a legal remedy for the depositor whose > deposit is released without authorization. If anything, escrow agents > should be subject to strict liability for unauthorized disclosure of > keys. > > 2. _No_stability_in_escrow_rules_: The Administration has > specifically declared that it will not seek to have the escrow > procedures incorporated into legislation or official regulations. > Without formalization of rules, users have no guaranty that subsequent > administrations will follow the same rules or offer the users the same > degree of protection. This will greatly reduce the trust in the system. > > 3. _Fixed_Key_: A cardinal rule of computer security is that > encryption keys must be changed often. Since the Clipper keys are > locked permanently into the chips, the keys can never be changed. This > is a major technical weakness of the current proposal. > > 4. _Less_intrusive,_more_secure_escrow_alternatives_are_available_: > The Clipper proposal represents only one of many possible kinds of key > escrow systems. More security could be provided by having more > than two escrow agents. And, in order to increase public trust, some > or all of these agents could be non-governmental agencies, with the > traditional fiduciary duties of an escrow agent. > > D. Escrow Systems Threaten Fundamental Constitutional Values > --------------------------------------------------------------- > > The Administration, Congress, and the public ought to have the > opportunity to consider the implications of limitations on cryptography > from a constitutional perspective. A delicate balance between > constitutional privacy rights and the needs of law enforcement has been > crafted over the history of this country. We must act carefully as we > face the constitutional challenges posed by new communication > technologies. > Unraveling the current encryption policy tangle must begin with > one threshold question: will there come a day when the federal > government controls the domestic use of encryption through mandated key > escrow schemes or outright prohibitions against the use of particular > encryption technologies? Is Clipper the first step in this direction? > A mandatory encryption regime raises profound constitutional questions. > In the era where people work for "virtual corporations" and > conduct personal and political lives in "cyberspace," the distinction > between _communication_ of information and _storage_ of information is > increasingly vague. The organization in which one works may constitute > a single virtual space, but be physically dispersed. So, the papers and > files of the organization or individual may be moved within the > organization by means of telecommunications technology. Instantaneous > access to encryption keys, without prior notice to the communicating > parties, may well constitute a secret search, if the target is a > virtual corporation or an individual whose "papers" are physically > dispersed. > Wiretapping and other electronic surveillance has always been > recognized as an exception to the fundamental Fourth Amendment > prohibition against secret searches. Even with a valid search warrant, > law enforcement agents must "knock and announce" their intent to search > a premises before proceeding. Failure to do so violates the Fourth > Amendment. Until now, the law of search and seizure has made a sharp > distinction between, on the one hand, _seizures_of_papers_ and other > items in a person's physical possession, and on the other hand, > _wiretapping_of_communications_. Seizure of papers or personal effects > must be conducted with the owner's knowledge, upon presentation of a > search warrant. Only in the exceptional case of wiretapping, may a > person's privacy be invaded by law enforcement without simultaneously > informing that person. > Proposals to regulate the use of cryptography for the sake of law > enforcement efficiency should be viewed carefully in the centuries old > tradition of privacy protection. > > E. Voluntary escrow system will not meet law enforcement needs > ----------------------------------------------------------------- > > Finally, despite all of the troubling aspects of the Clipper > proposal, it is by no means clear that it will even solve the problems > that law enforcement has identified. The major stated rationale for > government intervention in the domestic encryption arena is to ensure > that law enforcement has access to criminal communications, even if they > are encrypted. Yet, a voluntary scheme seems inadequate to meet this > goal. Criminals who seek to avoid interception and decryption of their > communications would simply use another system, free from escrow > provisions. Unless a government-proposed encryption scheme is > mandatory, it would fail to achieve its primary law enforcement purpose. > In a voluntary regime, only the law-abiding would use the escrow system. > > III. Recent policy developments indicate that Administration policy is > ----------------------------------------------------------------------- > bad for the NII, contrary to the Computer Security Act, and > ----------------------------------------------------------------- > requires Congressional oversight > -------------------------------------- > > Along with the Clipper Chip proposal, the Administration announced > a comprehensive review of cryptography and privacy policy. Almost > immediately after the Clipper announcement, the Digital Privacy and > Security Working Group began discussions with the Administration on > issues raised by the Clipper proposal and by cryptography in general. > Unfortunately, this dialogue has been largely one-sided. EFF and many > other groups have provided extensive input to the Administration, yet > the Administration has not reciprocated -- the promised policy report > has not been forthcoming. Moreover, the National Security Agency and > the Federal Bureau of Investigation are proceeding unilaterally to > implement their own goals in this critical policy area. > Allowing these agencies to proceed unilaterally would be a grave > mistake. As this subcommittee is well aware, the Computer Security Act > of 1987 clearly established that neither military nor law enforcement > agencies are the proper protectors of personal privacy. When > considering the law, Congress asked, "whether it is proper for a super- > secret agency [the NSA] that operates without public scrutiny to involve > itself in domestic activities...?" The answer was a clear "no." Recent > Administration announcements regarding the Clipper Chip suggest that the > principle established in the 1987 Act has been circumvented. > As important as the principle of civilian control was in 1987, it > is even more critical today. The more individuals around the country > come to depend on secure communications to protect their privacy, the > more important it is to conduct privacy and security policy dialogues in > public, civilian forums. > The NII can grow into the kind of critical, national resource > which this Administration seeks to promote only if major changes in > current cryptography and privacy policy. In the absence of such > changes, digital technology will continue to rapidly render our > commercial activities and communications -- and, indeed, much of our > personal lives -- open to scrutiny by strangers. The Electronic > Frontier Foundation believes that Americans must be allowed access > to the cryptographic tools necessary to protect their own privacy. > We had hoped that the Administration was committed to making these > changes, but several recent developments lead us to fear that the effort > has been abandoned, leaving individual agencies to pursue their own > policy agendas instead of being guided by a comprehensive policy. The > following issues concern us: > > * Delayed Cryptography Policy Report > ---------------------------------------- > > The policy analysis called for along with the April 16, 1993 > Presidential Decision Directive has not been released, though it was > promised to have been completed by early fall of 1993. We had hoped > that this report would be the basis for public dialogue on the important > privacy, competitiveness, and law enforcement issues raised by > cryptography policy. To date, none of the Administration's policy > rationale has been revealed to the public, despite the fact that > agencies in the Executive Branch are proceeding with their own plan > > * Escrowed Encryption Federal Information Processing Standard (FIPS) > ------------------------------------------------------------------------ > approved against overwhelming weight of public comments > ------------------------------------------------------------- > > The Presidential Decision Directive also called for consideration of a > Federal Information Processing Standard (FIPS) for key-escrow > encryption systems. This process was to have been one of several > forums whereby those concerned about the proposed key-escrow system > could voice opinions. EFF, as well as over 225 of our individual > members, raised a number of serious concerns about the draft FIPS in > September of this 1993. EFF expressed its opposition to government > implementation of key-escrow systems as proposed. We continue to > oppose the deployment of Skipjack family escrow encryption systems > both because they violate fundamental First, Fourth, and Fifth > amendment principles, and because they fail to offer users adequate > security and flexibility. > > Despite overwhelming opposition from over 300 commenters, the > Department of Commerce recently approved FIPS 185. > > * Large-Scale Skipjack Deployment Announced > ----------------------------------------------- > > At the December 9, 1993 meeting of the Computer Systems Security and > Privacy Advisory Board, an NSA official announced plans to deploy from > 10,000 to 70,000 Skipjack devices in the Defense Messaging System in > the near future. The exact size of the order was said to be dependent > only on budget constraints. The Administration is on record in the > national press promising that no large-scale Skipjack deployment would > occur until a final report of the Administration Task Force was > complete. Ten thousand units was set as the upper limit of initial > deployment. Skipjack deployment at the level planned in the Defense > Messaging System circumvents both the FIPS notice and comments process > which has been left in a state of limbo, as well as the Administration's > promise of a comprehensive policy framework. > > * New FBI Digital Telephony Legislation Proposed > ---------------------------------------------------- > > The FBI recently proposed a new "Digital Telephony" bill. After initial > analysis, we strongly oppose the bill, which would require all common > carriers to construct their networks to deliver to law enforcement > agencies, in real time, both the contents of all communications on their > networks and the "signaling" or transactional information. > > In short, the bill lays the groundwork for turning the National > Information Infrastructure into a nation-wide surveillance system, to be > used by law enforcement with few technical or legal safeguards. This > image is not hyperbole, but a real assessment of the power of the > technology and inadequacy of current legal and technical privacy > protections for users of communications networks. > > Although the FBI suggests that the bill is primarily designed to > maintain status quo wiretap capability in the face of technological > changes, in fact, it seeks vast new surveillance and monitoring tools. > > Lengthy delays on the promised policy report, along with these > unilateral steps toward Clipper/Skipjack deployment, lead us to believe > that Administration policy is stalled by the Cold War-era national > security concerns that have characterized cryptography policy for the > last several decades. > EFF believes that it would be a disastrous error to allow national > information policy -- now a critical component of domestic policy -- to > be dictated solely by backward-looking national-security priorities and > unsubstantiated law-enforcement claims. The directions set by this > Administration will have a major impact on privacy, information > security, and the fundamental relationship between the government and > individual autonomy. This is why the Administration must take action-- > and do so before the aforementioned agencies proceed further--to ensure > that cryptography policy is restructured to serve the > interests of privacy and security in the National Information > Infrastructure. We still believe the Administration can play the > leadership role it was meant to play in shaping this policy. If it does > not, the potential of the NII, and of fundamental civil liberties in the > information age, will be threatened. > > IV. Congressional oversight of cryptography & privacy policy is > ----------------------------------------------------------------- > urgently needed to right the balance between privacy, > ----------------------------------------------------------- > competitiveness & law enforcement needs > --------------------------------------------- > > All participants in this debate recognize that the need for > privacy and security is real, and that new technologies pose real > challenges for law enforcement and national security operations. > However, the solutions now on the table cripple the NII, pose grave > threats to privacy, and fail to even meet law enforcement objectives. > In our judgment, the Administration has failed, thus far, to articulate > a comprehensive set of policies which will advance the goals upon > which we all agree. > Congress must act now to ensure that cryptography policy is > developed in the context of the broader goal of promoting the > development of an advanced, interoperable, secure, information > infrastructure. > In order to meet the privacy and security needs of the growing > infrastructure, Congress should seek a set of public policies which > promote the widespread availability of cryptographic systems according > to the following criteria: > > * Use Voluntary Standards to Promote Innovation and Meet > ------------------------------------------------------------ > Diverse Needs: > -------------------- > > The National Information Infrastructure stretches to > encompass devices as diverse as super computers, handheld personal > digital assistants and other wireless communications devices, and plain > old telephones. Communication will be carried over copper wires, fiber > optic cables, and satellite links. The users of the infrastructure will > range from elementary school children to federal agencies. Encryption > standards must be allowed to develop flexibly to meet the wide-ranging > needs all components of the NII. In its IITF Report, the Administration > finds that standards also must be compatible with the large installed > base of communications technologies, and flexible and adaptable enough > to meet user needs at affordable costs. [_AA_, 9] The diverse uses of > the NII require that any standard which the government seeks to promote > as a broadly deployed solution should be implementable in software as > well as hardware and based on widely available algorithms. > > * Develop Trusted Algorithms and End-to-End Security: > --------------------------------------------------------- > > Assuring current and future users of the NII that their communications > are > secure and their privacy is protected is a critical task. This means > that the > underlying algorithms adopted must have a high level of public trust and > the overall systems put in place must be secure. > > * Encourage National and International Interoperability: > ------------------------------------------------------------ > > The promise of the NII is seamless national and international > communications of all types. Any cryptographic standard offered for > widespread use must allow US corporations and individuals to function as > part of the global economy and global communications infrastructure. > > * Seek Reasonable Cooperation with Law Enforcement and National > ------------------------------------------------------------------- > Security Needs: > --------------------- > > New technologies pose new challenges to law enforcement and national > security surveillance activities. American industry is committed to > working with law enforcement to help meet its legitimate surveillance > needs, but the development of the NII should not be stalled on this > account. > > * Promote Constitutional Rights of Privacy and Adhere to Traditional > ------------------------------------------------------------------------ > Fourth Amendment Search and Seizure Rules: > ------------------------------------------ > > New technology can either be a threat or an aid to protection of > fundamental privacy rights. Government policy should promote > technologies which enable individuals to protect their privacy and be > sure that those technologies are governed by laws which respect the > long history of constitutional search and seizure restraints. > > * Maintain Civilian Control over Public Computer and > -------------------------------------------------------- > Communications Security: > ------------------------------ > > In accordance with the Computer Security Act of 1987, development of > security and privacy standards should be directed by the civilian > > V. Conclusion > ---------------- > > Among the most important roles that the federal government has in > NII deployment are setting standards and guaranteeing privacy and > security. Without adequate security and privacy, the NII will never > realize it economic or social potential. Cryptography policy must, of > course, take into account the needs of law enforcement and national > security agencies, but cannot be driven by these concerns alone. The > Working Group, along with other industry and public interest > organizations, is committed to working with the Administration to > solving the privacy and security questions raised by the growing NII. > This must be done based on the principles of voluntary standards, > promotion of innovation, concern for law enforcement needs, and > protection of constitutional rights of privacy. > > *************** > > From mg5n+ at andrew.cmu.edu Fri May 6 18:58:37 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 6 May 94 18:58:37 PDT Subject: The ITARs In-Reply-To: <9405070105.AA08395@ah.com> Message-ID: hughes at ah.com (Eric Hughes) wrote: > Are there any bills being considered for congress which would > remove cryptography from the munitions umbrella ? > > HR3627, sponsored by Maria Cantwell. EFF was soliciting letter in email for Rep. Cantwell that they would print out and deliver. Are they still doing this? And what's the status of the bill? From lassie!jim%lassie at netcom.com Fri May 6 19:07:03 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:07:03 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <201@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:07:19 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:07:19 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <202@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:33:15 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:33:15 PDT Subject: Cypher Punks Autistic Savants Message-ID: <212@lassie.lassie.uucp> The message title says it all. But for more information FTP to toilet at urinal.cookie.com /pub/idiot/concited/fool/selfimportant/wecool/unot -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:37:27 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:37:27 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <207@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:37:31 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:37:31 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <208@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:37:48 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:37:48 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <210@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:37:50 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:37:50 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <206@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:38:26 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:38:26 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <203@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:38:31 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:38:31 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <205@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:38:48 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:38:48 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <204@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:38:48 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:38:48 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <209@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:39:07 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:39:07 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <213@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Fri May 6 19:39:17 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 19:39:17 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <211@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From hayden at krypton.mankato.msus.edu Fri May 6 19:53:36 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 6 May 94 19:53:36 PDT Subject: MIT PGP Announcement (fwd) (fwd) In-Reply-To: <204@lassie.lassie.uucp> Message-ID: I don't like to killfile people, but this person is beginning to annoy me. I'll bet he's LD in disguise. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From mpd at netcom.com Fri May 6 20:28:06 1994 From: mpd at netcom.com (Mike Duvos) Date: Fri, 6 May 94 20:28:06 PDT Subject: Cypher Punks Autistic Savants In-Reply-To: <212@lassie.lassie.uucp> Message-ID: <199405070329.UAA10711@netcom.com> > The message title says it all. But for more information FTP to > toilet at urinal.cookie.com > /pub/idiot/concited/fool/selfimportant/wecool/unot Evidently Internet access is the newest fad in the mental health care industry. We need to up the dosage of Prozac for this individual. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From eagle at deeptht.armory.com Fri May 6 20:49:11 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Fri, 6 May 94 20:49:11 PDT Subject: The ITARs In-Reply-To: Message-ID: <9405062048.aa16031@deeptht.armory.com> > > Are there any bills being considered for congress which would > > remove cryptography from the munitions umbrella ? > > > > HR3627, sponsored by Maria Cantwell. > > EFF was soliciting letter in email for Rep. Cantwell that they would > print out and deliver. Are they still doing this? And what's the > status of the bill? still works to my knowlege, I haven't seen anything from DC to the contrary. The status is that it is sponsored and I don't know if it's gone to commitee yet or not. But it's still very alive. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From nobody at shell.portal.com Fri May 6 21:07:38 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 6 May 94 21:07:38 PDT Subject: Reply to Phantom about Magic Money Message-ID: <199405070408.VAA26181@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- phantom at u.washington.edu wrote: >I've been using magic money, the digital cash implementation. I have a >few requests that maybe you could think about. I have seen your posts about the "GhostMark" bank. How is this doing? How many coins have you issued, and how many transactions are you getting? Are you running the transactions by hand, or do you have it automated? >1) any hope for a macintosh version anytime soon? I've had a number of >requests for it... Somebody here (mpd?) had compiled it for the mac. The user interface was still text-based, but they said it worked. >2) it seems possible to write a routine to report on the banks' current >money supply; It'd be useful for me, anyhow. Using the info in elist.dat >and dlist.dat and spent.dat I think it'd be trivial. Is it? Problem there: the spent list doesn't record the value of the coin. Only the number. So you can't pull it out of the spent list. If you want accounting info, you will have to modify the code to write some information to a file as the coins are exchanged. Not too hard to do, but you can't get the data after-the-fact from the spent list. Pr0duct Cypher -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcr8gsGoFIWXVYodAQHLmwP/efaYEhjKzYjwRmuXS6wQ+TqTH4IM6lE+ GncYWhdEkiNt9QmGX6/Qyw2WDACdKVowiI+U1u856OxS6+MkriNo/iacBaMxCacr YsSQ0kCj895yvwnq7LtN/6gPeKt2pUOP/EoMvzxOQe7qnBQaaCghlRIXxUZKVdWJ cVpCiXOkOgQ= =N7rp -----END PGP SIGNATURE----- From sico at aps.hacktic.nl Fri May 6 21:35:35 1994 From: sico at aps.hacktic.nl (Sico Bruins) Date: Fri, 6 May 94 21:35:35 PDT Subject: money server up and running In-Reply-To: Message-ID: Wednesday May 04 1994 08:39, Matt Thomlinson wrote: MT> From: Matt Thomlinson MT> Message-Id: MT> MT> Date: Tue, 3 May 1994 23:39:46 -0700 (PDT) [edited] MT> digital coins are flowing! Lovely, however can anyone tell me where to ftp for a FAQ or something on the subject? I'm not unfamiliar with the theory, but I miss some practical information, not having joined this list until recently. As a side note, it was actually Detweiler's rants in some newsgroups that made me aware of the existance of this list. ;-) MT> mt MT> Matt Thomlinson CU, Sico (sico at aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico at aps.hacktic.nl) From phantom at u.washington.edu Fri May 6 22:01:42 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Fri, 6 May 94 22:01:42 PDT Subject: Reply to Phantom about Magic Money In-Reply-To: <199405070408.VAA26181@jobe.shell.portal.com> Message-ID: On Fri, 6 May 1994 nobody at shell.portal.com wrote: > I have seen your posts about the "GhostMark" bank. How is this doing? > How many coins have you issued, and how many transactions are you getting? > Are you running the transactions by hand, or do you have it automated? Great. I've just distributed an initial amount of cash; the money supply is around 70gm or so. Transactions (in the two days since conception) have been so-so. I've had two transactions personally -- one for consulting on html pages and one incentive for a key-signing. I'm about to begin offering services to further back my currency. I'm doing all of the transactions by hand, but if the traffic becomes heavy, I'll begin automating the process on one of our unix machines. > >1) any hope for a macintosh version anytime soon? I've had a number of > >requests for it... > > Somebody here (mpd?) had compiled it for the mac. The user interface > was still text-based, but they said it worked. I'd like a pointer to this, as would a few of the people on the list (I can't name any names). I'll contact mpd. > Problem there: the spent list doesn't record the value of the coin. dang. > information to a file as the coins are exchanged. Not too hard to do, > but you can't get the data after-the-fact from the spent list. many thanks for your software. mt PS: how about a different message besides "Bad RSA packet" when receiving a message not encrypted with the servers' key? Threw me off the first dozen times I saw it. :) Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From MIKEINGLE at delphi.com Fri May 6 23:44:27 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Fri, 6 May 94 23:44:27 PDT Subject: iPower card info from NatSemi Message-ID: <01HC1IT9O3PE935CDF@delphi.com> iPower: The Card That Ate Your Privacy I got a "Technology Fact Sheet" on the National Semiconductor iPower (Tessera) card today. It's pretty grim. They have big plans for this little monster, which go way beyond just tapping the telephones of a few Mafiosi. It's too long to key in the whole thing - if you want one, call them at 1-800-272-9959. They are very helpful. Here are a few interesting excerpts: (cover page) DRAFT 1/3/94 National Semiconductor has developed a new concept in data security. iPower technology. Implemented in a personal, portable low-cost access card, iPower technology substantially increases the portability of high-security data applications across unsecured networks while dramatically lowering the cost. It provides the highest level of commercial security available for the exchange of information across digital networks - in a form that dist- ributes security down to the individual user. The technology also allows consumption based metering of digital products - software, database information and other intellectual property. It can be easily added to existing networks and applications or adapted to future systems. It is practical for network communications, electronic funds transfer, wireless data exchange, and systems for access, authoriz- ation, and identification. It is built on industry standards - PCMCIA, DES, RSA, PKCS, X509, Skipjack. Initially implemented in a PCMCIA card format - a personable portable hardware device called an access card or token, it incorporates state- of-the-art security capabilities and can hold information decryption keys, transaction records, credit and account information, your private key, and digital certificates. This new technology can guarantee that the information you send arrives unaltered and goes only to your intended recipients by providing authentication, verification, non-repudiation, and privacy. At the heart of the iPower access card is a new microchip called the Security Processing Unit (SPU). Dedicated to high-speed cryptographic processing, the SPU securely creates, stores, and deploys the secret keys and algorithms used to encrypt and decrypt information. Other portions of the chip firmware can be programmed to perform signaturing, verifi- cation, information metering and other application-specific functions. At the highest level of protected storage, the most critical information is stored in the SPU chip which provides bulletproof security for encrypt- ion algorithms, master keys, secret data, and RAM-based secret programs. The only place where sensitive information is ever in the clear is in non-volative on-chip SPU memory. Protected physically and electrically, the SPU cannot be made to divulge its information. iPower Technology is based on a new concept in security: securing the user not the network. The most secure environment for information is one where the encryption process and keys are housed in a portable hardware token that the user keeps in his possession - personally secured just like your wallet, keys, rings, and employee badge. The SPU microchip will meet Federal Information Processing Standard (FIPS) 140-1 Level 3.0 for data security and provides the highest level of security commercially available at the chip or card level. iPower technology is a manifestation of National Semiconductor's corporate vision: developing products for shaping and moving information. National's products drive industry standards by offering common-sense solutions to complex problems. iPower technology will become the new standard for access to the information superhighway, by providing the means for all types of electronic information to travel safely. Combined with National's leading position in the LAN market, iPower technology will enable National to offer innovative, comprehensive solutions to the world's evolving communications needs. (picture of iPower card on top of credit cards) (caption: The FUTURE is SECURE") ... marketing fluff deleted ... ... less than $100 per user ... contains a 32-bit microcomputer ... The PCMCIA Card PCMCIA cards are easily integrated with many computers and are already widely accepted. Many of the current laptop and notebook computers contain built-in support for PCMCIA cards, and low-cost adapters are available for amost all other computers. The United States government has chosen the PCMCIA-card format as its token standard for all future access to the data superhighway now being developed. The Federal PCMCIA token, dubbed the "Tessera" card, will eventually be used to secure electronic mail and classified information for federal government agencies and their contractors. Because it is designed to be transparent to the information highway, yet provides the highest security for data and transactions traveling on it, iPower technology is a natural choice for the Tessera card. ... Powerful security capabilities * Positive identification and reliable authentication of the card user * Message privacy through bulletproof hardware encryption capability, with support for the major cryptographic standards * Secure key exchange * Secure storage of private and secret keys, transaction records, algorithms, and biometric data * Positive verification of data and messages to prevent alteration * Secure authorization capabilities, including support for digital signatures * On-board transaction recording to improve security and enable off-line transactions and metering ... stuff deleted ... in the first iPower access card, a 20 MHz 32-bit Central Processing Unit (CPU) controls the chip's modules and processes. The CPU is isolated from all off-chip input and can only receive programmed commands from 32k bytes of on-board ROM or 4k bytes of on-board battery-backed RAM. Functional commands from off-chip are validated prior to execution by the CPU. Later implementations of iPower Technology will offer more powerful processors, increased storage, and enhanced versatility. ... stuff deleted ... iPower technology will be the catalyst for a host of new product capabilities including digital signatures, secure elect- ronic mail, and secure information metering, as well as secure identi- fication and data storage capabilities for credit cards, government entitlement programs, and access to the information superhighway. This technology will also fuel the expansion of a new information delivery system - desktop purchasing - where intellectual property and other digital products can be promoted and sold through encrypted multimedia CD-ROM presentations. ... stuff deleted ... Desktop Purchasing - a new way to market iPower Technology is creating a new delivery system for any kind of information product that can be contained in electronic memory (such as movies, software, and databases). Multimedia advertisements, tutorials, demos, documentation, and actual products can all be shipped on a single encrypted CD-ROM, offering dramatic cost-savings to the manufacturer and bringing product marketing and sales directly to the customer's desktop. Since the iPower SPU must be used to decrypt information, it can measure and record usage time and can record and download monetary transactions to a centralized billing service bureau, all with total security. These capabilities will allow any kind of digital information to be sold off- line and will permit users to try digital products before buying. For the first time, renting software and other intellectual property will be a viable, attractive option for consumers and suppliers both. By intro- ducing a pay-as-you go option, iPower technology will open up dynamic new markets for software rentals and database subscriptions. The iPower desktop purchasing system also ensures that sales are followed up with 100% user registration. And it completely prevents the piracy of software and information products. How DESKTOP PURCHASING Works The product manufacturer produces a high-volume, low-cost CD-ROM that is widely distributed to potential end-users. The CD-ROM can contain persuasive multimedia advertisements, demos of software products, databases, games, tutorials, product documentation, or any other form of digital product. Some items, such as demos, are available to the user at no charge. Items for sale or rental are encrypted and are not available to the consumer except by initiating a secured transaction process inside the SPU. After obtaining or determining credit for the user, the SPU allows only the appropriate information to be decrypted and transferred to a hard disk for immediate use. Unlike similar unlocking systems based in software, frequent phone communication with a centralized billing server is unnecessary because the SPU can safely record and store transaction data and decryption keys locally. This allows off-line vending of large infor- mation databases in a highly granular fashion. The user doesn't have to wait for phone authorization for each separate purchase, but is instead authorized to browse and purchase at will, subject only to a pre-deter- mined credit limits. Distributed, high-level financial transactions By adding bulletproof security to the process, iPower technology will allow electronic financial transactions of high value to migrate to the individual level. This will give consumers greater flexibility and convenience. And it will allow financiam institutions to safely offer a wider range of services. It is estimated that 0.5% of current credit card transactions are fraud- ulent, and another 5% are uncollectible, most of them repudiated trans- actions. Because digital signatures can't be duplicated and beacuse completing a transaction will require both the user's access card and PIN number, iPower cards will dramatically reduce fraud and repudiated transactions. iPower - the super card of the future Looking further ahead, iPower access-card technology has the potential to generate a host of new super-card applications. Affordable high security at the consumer level will drive new product concepts such as the electronic wallet. A single iPower card can securely hold a wealth of personal records such as your drivers license, passport, birth certificate, vehicle registration, medical records, social security card, credit card accounts, biometric identification such as your fingerprint or voiceprint, and even digital cash. Individuals may soon be able to conduct all their business and personal transactions with a tiny portable computer equipped with an iPower card slot. Nearly every industry will benefit from applications of electronic identification, authorization and access. In the medical industry, for example, iPower technology will streamline record keeping and insurance reimbursement. A consumer will use his iPower access card at the doctor's office to electronically enter medical history, insurance carriers, or other billing information. Pharmacies will se the same card to check for allergies or conflicting prescriptions. The patient will also be able to use the card to pay for both services electronically. Federal and state government agencies such as the IRS and the Department of Motor Vehicles, financial institutions such as banks, credit unions, and brokerage houses; and medical institutions such as hospitals, pharmacies, and health insurance companies will all enjoy more efficient and secure methods of information exchange and transaction accountability through the implementation of iPower technology. ... final page of marketing fluff mostly deleted ... ... iPower technology will become the new standard for access to the information superhighway, by providing the means for all types of electronic information to travel safely. ... Contact iPower Marketing Communications at 408-721-2448 or 408-721-7383. National Semiconductor From lassie!jim%lassie at netcom.com Fri May 6 23:46:12 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Fri, 6 May 94 23:46:12 PDT Subject: Returned Mail Message-ID: <215@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!Colorado.EDU!Richard.Johnson (Richard Johnson) Date: 07 May 94 Originally To: netcomsv!lassie!jim%lassie I'm sure you want these wonderful things back, Mr. Detweiler. I sure didn't order them. Don't worry, I didn't read them. They're still as good as new. >>> inbox:2817 Subject: Cypher Punks Autistic Savants Date: Fri, 06 May 1994 18:55:15 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA25204 fo r ; Fri, 6 May 1994 21:12:39 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08157 for ; Fri, 6 May 1994 21:12:36 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul05260; Fri, 6 May 94 22:50:03 - 0400 Received: by toad.com id AA19644; Fri, 6 May 94 19:33:15 PDT Received: from netcomsv.netcom.com (uucp3.netcom.com) by toad.com id AA19637; F ri, 6 May 94 19:32:57 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA20682; Fri, 6 May 1994 19:18:29 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:55:15 X-Mailer: WinNET Mail, v2.11 Message-Id: <212 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 619 The message title says it all. But for more information FTP to toilet at urinal.cookie.com /pub/idiot/concited/fool/selfimportant/wecool/unot -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2818 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:51:45 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA27937 fo r ; Fri, 6 May 1994 21:19:59 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08500 for ; Fri, 6 May 1994 21:19:57 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06069; Fri, 6 May 94 22:57:18 - 0400 Received: by toad.com id AA19697; Fri, 6 May 94 19:37:27 PDT Received: from netcomsv.netcom.com (uucp3.netcom.com) by toad.com id AA19687; F ri, 6 May 94 19:37:21 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA20208; Fri, 6 May 1994 19:09:58 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:51:46 X-Mailer: WinNET Mail, v2.11 Message-Id: <207 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2819 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:52:20 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA27946 fo r ; Fri, 6 May 1994 21:20:00 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08498 for ; Fri, 6 May 1994 21:19:55 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06082; Fri, 6 May 94 22:57:26 - 0400 Received: by toad.com id AA19714; Fri, 6 May 94 19:37:48 PDT Received: from uucp3.netcom.com by toad.com id AB19687; Fri, 6 May 94 19:37:41 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA20543; Fri, 6 May 1994 19:14:58 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:52:20 X-Mailer: WinNET Mail, v2.11 Message-Id: <210 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2820 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:51:34 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA28150 fo r ; Fri, 6 May 1994 21:20:20 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08579 for ; Fri, 6 May 1994 21:20:18 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06114; Fri, 6 May 94 22:57:35 - 0400 Received: by toad.com id AA19719; Fri, 6 May 94 19:37:50 PDT Received: from uucp3.netcom.com by toad.com id AB19692; Fri, 6 May 94 19:37:44 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA20098; Fri, 6 May 1994 19:07:59 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:51:34 X-Mailer: WinNET Mail, v2.11 Message-Id: <206 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2821 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:51:57 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA28208 fo r ; Fri, 6 May 1994 21:20:29 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08587 for ; Fri, 6 May 1994 21:20:25 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06206; Fri, 6 May 94 22:58:04 - 0400 Received: by toad.com id AA19702; Fri, 6 May 94 19:37:31 PDT Received: from netcomsv.netcom.com (uucp3.netcom.com) by toad.com id AA19692; F ri, 6 May 94 19:37:26 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA20438; Fri, 6 May 1994 19:12:03 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:51:58 X-Mailer: WinNET Mail, v2.11 Message-Id: <208 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2822 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:51:16 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA28407 fo r ; Fri, 6 May 1994 21:20:48 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08636 for ; Fri, 6 May 1994 21:20:46 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06287; Fri, 6 May 94 22:58:22 - 0400 Received: by toad.com id AA19737; Fri, 6 May 94 19:38:31 PDT Received: from uucp3.netcom.com by toad.com id AB19687; Fri, 6 May 94 19:38:02 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA19996; Fri, 6 May 1994 19:06:40 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:51:17 X-Mailer: WinNET Mail, v2.11 Message-Id: <205 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2823 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:52:08 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA28764 fo r ; Fri, 6 May 1994 21:21:31 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08675 for ; Fri, 6 May 1994 21:21:29 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06433; Fri, 6 May 94 22:59:01 - 0400 Received: by toad.com id AA19753; Fri, 6 May 94 19:38:48 PDT Received: from uucp3.netcom.com by toad.com id AB19692; Fri, 6 May 94 19:38:38 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA20504; Fri, 6 May 1994 19:13:21 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:52:09 X-Mailer: WinNET Mail, v2.11 Message-Id: <209 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2824 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:55:28 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA28859 fo r ; Fri, 6 May 1994 21:21:44 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08698 for ; Fri, 6 May 1994 21:21:41 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06454; Fri, 6 May 94 22:59:03 - 0400 Received: by toad.com id AA19779; Fri, 6 May 94 19:39:07 PDT Received: from uucp3.netcom.com by toad.com id AB19687; Fri, 6 May 94 19:39:03 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA20722; Fri, 6 May 1994 19:20:17 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:55:28 X-Mailer: WinNET Mail, v2.11 Message-Id: <213 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2825 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:52:34 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA28886 fo r ; Fri, 6 May 1994 21:21:47 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08707 for ; Fri, 6 May 1994 21:21:44 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06492; Fri, 6 May 94 22:59:18 - 0400 Received: by toad.com id AA19794; Fri, 6 May 94 19:39:17 PDT Received: from uucp3.netcom.com by toad.com id AB19692; Fri, 6 May 94 19:39:03 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA20632; Fri, 6 May 1994 19:17:08 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:52:35 X-Mailer: WinNET Mail, v2.11 Message-Id: <211 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2826 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:50:47 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA28907 fo r ; Fri, 6 May 1994 21:21:49 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08726 for ; Fri, 6 May 1994 21:21:47 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06488; Fri, 6 May 94 22:59:16 - 0400 Received: by toad.com id AA19732; Fri, 6 May 94 19:38:26 PDT Received: from uucp3.netcom.com by toad.com id AB19692; Fri, 6 May 94 19:38:03 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA19813; Fri, 6 May 1994 19:03:58 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:50:48 X-Mailer: WinNET Mail, v2.11 Message-Id: <203 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- >>> inbox:2827 Subject: Re: MIT PGP Announcement (fwd) (fwd) Date: Fri, 06 May 1994 18:51:03 To: cypherpunks at toad.com From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA28948 fo r ; Fri, 6 May 1994 21:21:56 -0600 Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08735 for ; Fri, 6 May 1994 21:21:54 -0600 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoul06489; Fri, 6 May 94 22:59:16 - 0400 Received: by toad.com id AA19751; Fri, 6 May 94 19:38:48 PDT Received: from uucp3.netcom.com by toad.com id AB19687; Fri, 6 May 94 19:38:41 PDT Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id TAA19913; Fri, 6 May 1994 19:05:17 -0700 Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:51:04 X-Mailer: WinNET Mail, v2.11 Message-Id: <204 at lassie.lassie.uucp> Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 1264 FORWARDED MAIL ------- From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) Date: 06 May 94 Originally To: Jim Nalbandian On the cypherpunks list you excreted: > MIT has just officially announced the upcoming availability of PGP 2.5. > The announcement was just made at Networld+Interop '94 in Las Vegas by > Jeff Schiller, MIT's Network Manager. The text of the actual > announcement is available via WWW at http://www.media.org/. Look under > "MIT PGP Security Announcement." > WHAT WAS WRONG WITH 2.2? Damn programers can never do anything > right the first time? What was wrong with your first fifty brain-damaged rants today? Damn paranoid schizophrenics never know when to quit... Now go away, you're cluttering up our mailboxes. Joe -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From joshua at cae.retix.com Sat May 7 00:22:29 1994 From: joshua at cae.retix.com (joshua geller) Date: Sat, 7 May 94 00:22:29 PDT Subject: MIT PGP Announcement (fwd) (fwd) Message-ID: <199405070721.AAA00663@sleepy.retix.com> >I don't like to killfile people, but this person is beginning to annoy >me. I'll bet he's LD in disguise. the word usage is very different. no, I think this is a seperate person who also has lost his mind. josh From unicorn at access.digex.net Sat May 7 00:36:19 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 7 May 94 00:36:19 PDT Subject: MIT PGP Announcement (fwd) (fwd) In-Reply-To: <199405070721.AAA00663@sleepy.retix.com> Message-ID: <199405070736.AA22796@access2.digex.net> > > >I don't like to killfile people, but this person is beginning to annoy > >me. I'll bet he's LD in disguise. > > the word usage is very different. no, I think this is a seperate person > who also has lost his mind. > > josh > Maybe it's catching? From unicorn at access.digex.net Sat May 7 00:38:09 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 7 May 94 00:38:09 PDT Subject: Reply to Phantom about Magic Money In-Reply-To: Message-ID: <199405070738.AA22845@access2.digex.net> > > Somebody here (mpd?) had compiled it [magic money] for the mac. The user interface > > was still text-based, but they said it worked. > > I'd like a pointer to this, as would a few of the people on the list (I > can't name any names). I'll contact mpd. I have the mac version of the client. What I'd like is a mac version of the server. > > Matt Thomlinson > University of Washington, Seattle, Washington. phone: (206) 548-9804 > Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html > PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu > > -uni- (Dark) From phantom at u.washington.edu Sat May 7 00:39:51 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sat, 7 May 94 00:39:51 PDT Subject: Returned Mail In-Reply-To: <215@lassie.lassie.uucp> Message-ID: Do just as you did with another list abuser: Detweiler. Feel free to just bounce it back to him. He'll learn that mailbombing is not socially acceptable. I guess we get to start complaining to netcom now, huh? Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From prock at teetot.acusd.edu Sat May 7 01:24:08 1994 From: prock at teetot.acusd.edu (no depression) Date: Sat, 7 May 94 01:24:08 PDT Subject: Anonymous? In-Reply-To: <9405070108.AA17959@toad.com> Message-ID: <9405070823.AA07893@teetot.acusd.edu> [rather clever way of using peoples sigs to map anonymous users to their real logins deleted] I will take this to be the final affirmation that .sig files are one of the worst ideas on the network. I do not use them and sign each piece of mail personally. Of course this is oft times automatic, but hey maybe now I'll quit that entirly now. From wcs at anchor.ho.att.com Sat May 7 01:45:37 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sat, 7 May 94 01:45:37 PDT Subject: Nalbandian's email address Message-ID: <9405070844.AA16355@anchor.ho.att.com> Jim Nalbandian, who's recently been posting to cypherpunks, has a signature line that contains a couple of *severely* non-portable addresses; I have no way to tell whether my email to him worked on the netcomish address. Don't know about his spelling errors, but his addressing errors distinctly *are* international.... I got an interesting bouncegram from Namibia when I tried using the N7SZS at K7BUC.AZ.US.NA address - it's some sort of Amateur packet radio address, which has a syntax similar to Internet addresses but rips off the .na namespace (I thought I hadn't seen it before, but I don't keep up with the .US domain, so I tried it, along with K7BUC at AZ.US skipping the .na). I've attacked the bouncegram below. Could one of the administrators at Netcom please help him put a useable return address in his .signature? Thanks; Bill Stewart wcs at anchor.att.com bill.stewart at pleasantonca.ncr.com > -- > * Spelling errors are intentional and international * > Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com > Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA > No free man shall ever be de-barred the use of arms. The strongest > reason for the people to retain there right to keep and bear arms > is as a last resort to protect themselves against tyranny in > government. <-------- Thomas Jefferson -- > From lassie!jim%lassie at netcom.com Sat May 7 01:49:54 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Sat, 7 May 94 01:49:54 PDT Subject: Returned Mail Message-ID: <218@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!u.washington.edu!phantom (Matt Thomlinson) Date: 07 May 94 Originally To: Jim Nalbandian Do just as you did with another list abuser: Detweiler. Feel free to just bounce it back to him. He'll learn that mailbombing is not socially acceptable. I guess we get to start complaining to netcom now, huh? Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From lassie!jim%lassie at netcom.com Sat May 7 02:05:16 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Sat, 7 May 94 02:05:16 PDT Subject: Returned Mail Message-ID: <217@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!u.washington.edu!phantom (Matt Thomlinson) Date: 07 May 94 Originally To: Jim Nalbandian I beleive this is yours. On Fri, 6 May 1994, Jim Nalbandian wrote: > > FORWARDED MAIL ------- > From: netcomsv.netcom.com!Colorado.EDU!Richard.Johnson (Richard Johnson) > Date: 07 May 94 > Originally To: netcomsv!lassie!jim%lassie > > > I'm sure you want these wonderful things back, Mr. Detweiler. I sure > didn't order them. Don't worry, I didn't read them. They're still > as good as new. > > > >>> inbox:2817 > > > Subject: Cypher Punks Autistic Savants > Date: Fri, 06 May 1994 18:55:15 > > To: cypherpunks at toad.com > From: lassie!jim%lassie at netcom.com (Jim Nalbandian) > Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) > > Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] > ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA25204 fo > r ; Fri, 6 May 1994 21:12:39 -0600 > Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. > EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08157 for .edu>; Fri, 6 May 1994 21:12:36 -0600 > Received: from toad.com by relay2.UU.NET with SMTP > (5.61/UUNET-internet-primary) id AAwoul05260; Fri, 6 May 94 22:50:03 - > 0400 > Received: by toad.com id AA19644; Fri, 6 May 94 19:33:15 PDT > Received: from netcomsv.netcom.com (uucp3.netcom.com) by toad.com id AA19637; F > ri, 6 May 94 19:32:57 PDT > Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) > id TAA20682; Fri, 6 May 1994 19:18:29 -0700 > Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:55:15 > X-Mailer: WinNET Mail, v2.11 > Message-Id: <212 at lassie.lassie.uucp> > Sender: owner-cypherpunks at toad.com > Precedence: bulk > Content-Type: text > Content-Length: 619 > > > > > The message title says it all. But for more information FTP to > > toilet at urinal.cookie.com > /pub/idiot/concited/fool/selfimportant/wecool/unot > > > > > -- > * Spelling errors are intentional and international * > Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com > Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA > No free man shall ever be de-barred the use of arms. The strongest > reason for the people to retain there right to keep and bear arms > is as a last resort to protect themselves against tyranny in > government. <-------- Thomas Jefferson -- > > > > >>> inbox:2818 > > > Subject: Re: MIT PGP Announcement (fwd) (fwd) > Date: Fri, 06 May 1994 18:51:45 > > To: cypherpunks at toad.com > From: lassie!jim%lassie at netcom.com (Jim Nalbandian) > Reply-To: lassie!jim%lassie at netcom.com (Jim Nalbandian) > > Received: from boulder.Colorado.EDU (root at boulder.Colorado.EDU [128.138.238.18] > ) by spot.Colorado.EDU (8.6.9/8.6.9/CNS-3.5) with ESMTP id VAA27937 fo > r ; Fri, 6 May 1994 21:19:59 -0600 > Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by boulder.Colorado. > EDU (8.6.9/8.6.9/UnixOps) with SMTP id VAA08500 for .edu>; Fri, 6 May 1994 21:19:57 -0600 > Received: from toad.com by relay2.UU.NET with SMTP > (5.61/UUNET-internet-primary) id AAwoul06069; Fri, 6 May 94 22:57:18 - > 0400 > Received: by toad.com id AA19697; Fri, 6 May 94 19:37:27 PDT > Received: from netcomsv.netcom.com (uucp3.netcom.com) by toad.com id AA19687; F > ri, 6 May 94 19:37:21 PDT > Received: from lassie.UUCP by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) > id TAA20208; Fri, 6 May 1994 19:09:58 -0700 > Received: by lassie.uucp!lassie; Fri, 06 May 1994 18:51:46 > X-Mailer: WinNET Mail, v2.11 > Message-Id: <207 at lassie.lassie.uucp> > Sender: owner-cypherpunks at toad.com > Precedence: bulk > Content-Type: text > Content-Length: 1264 > > > > FORWARDED MAIL ------- > From: netcomsv.netcom.com!access.digex.net!jthomas (Joe Thomas) > Date: 06 May 94 > Originally To: Jim Nalbandian > > On the cypherpunks list you excreted: > > > MIT has just officially announFrom owner-cypherpunks Sat May 7 06:42:33 1994 Return-Path: Received: by toad.com id AA28207; Sat, 7 May 94 06:42:33 PDT Received: from demon-du.an-teallach.com by toad.com id AA28193; Sat, 7 May 94 06:40:52 PDT Received: from an-teallach.com by demon-du.an-teallach.com with SMTP id AA90035 ; Sat, 07 May 94 13:09:06 GMT Received: from gtoal at localhost by an-teallach.com (8.6.4/1.37) id NAA09440; Sat, 7 May 1994 13:01:02 +0100 Date: Sat, 7 May 1994 13:01:02 +0100 From: gtoal at an-teallach.com (Graham Toal) Message-Id: <199405071201.NAA09440 at an-teallach.com> To: cypherpunks at toad.com Subject: Re: X-Phone: +44 31 662 0366 X-Fax: +44 31 662 4678 X-Organisation: An Teallach Limited Sender: owner-cypherpunks at toad.com Precedence: bulk to anyone, so please don't flame me. Hopefully the members of the list will supply lots of feedback! Compression - ----------- It's probably wise to standardize on a particular compression scheme. I have no opinions on this subject and welcome input. The most important feature is speed, not efficiency of compression. Look, just forget the rest of the bullshit and go away and come back when you've got good working compression at about 12kbits/sec, so that you can run it down a v32bis over slip or ppp. All the rest of the stuff has been written already (nevot, vat etc) When you've done that we'll start taking you seriously. G PS Oh yes, I foprgot: it has to be done on something less beefy than a high-speed sparc... any idiot can do that with off the shelf code already. From MAILER-DAEMON at grimsel.frcs.alt.za Sat May 7 01:24:30 1994 From: MAILER-DAEMON at grimsel.frcs.alt.za (MAILER-DAEMON at grimsel.frcs.alt.za) Date: Sat, 7 May 94 04:24:30 EDT Subject: Mail to N7SZS@k7buc.az.us.na Message-ID: You recently sent mail to N7SZS at k7buc.az.us.na. This was routed to grimsel.frcs.alt.za, en route to Namibia. However, this machine has no record of the host in question. If you think that this host really does exist, and is a machine in Namibia, could you please send mail to the administrator of the .NA domain, Dr Eberhard Lisse (el at lisse.na). However, the usual reason for such erroneous addressing is the use of packet-radio addresses across the Internet. Packet radio users have decided to use NA (the ISO code for Namibia) for North America. This incurs great expense, as the mail travels half-way around the planet, over expensive and over-crowded links that are paid for by comparatively poor people in semi-developed countries. If this is the case, please make a _large_ mental nore never to do this again, and tell all your friends not to as well. Packet radio addresses are _not_ Internet addresses, even if they look the same. You may wish to try routing your mail via "gate.ampr.org" (eg: user%site.na at gate.ampr.org). Do _not_ send packet-radio addressing queries to me, as I do not know anything about this network, other than the headaches that it causes for me. Another problem that occurs less frequently is mis-spelling addresses for sites in New Zeeland (.NZ). If this is the problem, you will have to re-send the mail to the relevant site, with the correct address. We have also seen the occasional message escaping from JANET in the UK, which has a reversed addressing scheme, addressed to machines in Napoli, which come out as "user at it.whatever.na". There is no easy answer to this one (other than teaching the rest of the world to drive on the left). The mail headers from your message appear below, sans the body, to save some bandwidth. If you have further queries, please direct them to me, paul at frcs.alt.za. This message was generated automatically, so please do not feel that you absolutely _have_ to reply with a "mea culpa" message. > Received: from gw1.att.com by grimsel.frcs.alt.za with smtp > (Smail3.1.28.1 #6) id m0pzKeF-0000Z0C; Fri, 6 May 94 09:48 SAST > Received: by emsr0.emsr.att.com (4.1/EMS main.cf 1.33 7/21/93 (SMI-4.1/SVR4)) > id AA00198; Fri, 6 May 94 03:53:15 EDT > Received: from anchor.ho.att.com by emsr0.emsr.att.com (4.1/EMS main.cf 1.33 7/21/93 (SMI-4.1/SVR4)) > id AA00194; Fri, 6 May 94 03:53:14 EDT > Received: by anchor.ho.att.com (bind.920909) > id AA24048; Fri, 6 May 94 03:52:29 EDT > Date: Fri, 6 May 94 03:52:29 EDT > From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) > Message-Id: <9405060752.AA24048 at anchor.ho.att.com> > To: N7SZS at k7buc.az.us.na > Subject: flame return From rustman at netcom.com Sat May 7 06:48:45 1994 From: rustman at netcom.com (Rusty Hodge) Date: Sat, 7 May 94 06:48:45 PDT Subject: Nalbandian's email address Message-ID: <199405071348.GAA08570@netcom.netcom.com> At 4:44 AM 5/7/94 -0400, wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510 wrote: >Jim Nalbandian, who's recently been posting to cypherpunks, >has a signature line that contains a couple of *severely* non-portable >addresses; I have no way to tell whether my email to him worked >on the netcomish address. Don't know about his spelling errors, >but his addressing errors distinctly *are* international.... ^^^^^^^^^^ ^^^^^ ^^^^^^^^^^^^^ I don't understand what you mean by the above. I think the correct address would be just jim%lassie at netcom.com, which is a UUCP connection to netcom. Connected to netcomsv. Escape character is '^]'. 220-netcomsv.netcom.com Sendmail 8.6.4/SMI-4.1 ready at Sat, 7 May 1994 03:05:00 220 ESMTP spoken here 250 expn netcomsv!nonexisting!addr #test a bogus addr to see error message 501 netcomsv!nonexisting!addr... nonexisting is an unknown UUCP connection expn netcomsv!lassie!jim%lassie at netcom.com 250 >I got an interesting bouncegram from Namibia when I tried using >the N7SZS at K7BUC.AZ.US.NA address - it's some sort of Amateur packet radio >address, which has a syntax similar to Internet addresses but >rips off the .na namespace The Hams have implemented TCP/IP over the air, using the airwaves as a sort of ethernet (albiet slowly). Works quite well. However, these addresses are not internet addresses, and the Ham network has very important FCC-mandated restrictions on message content. (No encrypting, no commercial traffic, no explicit or oobscene stuff). Don't confuse this with the UUCP city.state.us domains. If you see a user or site name such as [KN]*[1-9]* (e.g. N7SZS or K7BUC), recognize that as a ham call sign and assume that it is a tcp/ip packet network. -- Rusty Hodge From snyderra at dunx1.ocs.drexel.edu Sat May 7 07:15:05 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Sat, 7 May 94 07:15:05 PDT Subject: Nalbandian's email address Message-ID: <199405071414.KAA05240@dunx1.ocs.drexel.edu> At 12:50 AM 5/7/94 -1000, NetSurfer wrote: >> From:wcs at anchor.ho.att.com >> To: jim%lassie at netcom.com, lassie!jim%lassie at netcom.com, >> >> I got an interesting bouncegram from Namibia when I tried using >> the N7SZS at K7BUC.AZ.US.NA address - it's some sort of Amateur packet radio >> >> Could one of the administrators at Netcom please help him >> put a useable return address in his .signature? > >Aren't radio licenses registered and names associated with them available >by FOIA? The address N7SZS at K7BUC.AZ.US.NA is Packet Radio address. Few ways of getting it mail from the internet, in it would be read for violations of FCC rules before it went out anyway. Amateur Radio operator's addresses are available in various callbooks, including a few online. Check the Yandroff(sp?) Services list for addresses. (I'm doing mail offline, or I'd do it and include it with the message), No FOIA is required (although I suspect a FOIA would be honored for it) Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From mab at crypto.com Sat May 7 07:36:03 1994 From: mab at crypto.com (Matt Blaze) Date: Sat, 7 May 94 07:36:03 PDT Subject: iPower card info from NatSemi In-Reply-To: <1994May7.070245.13922@crypto.com> Message-ID: <9405071432.AA21937@crypto.com> >iPower: The Card That Ate Your Privacy > >I got a "Technology Fact Sheet" on the National Semiconductor iPower >(Tessera) card today. It's pretty grim. They have big plans for this >little monster, which go way beyond just tapping the telephones of a >few Mafiosi. It's too long to key in the whole thing - if you want one, >call them at 1-800-272-9959. They are very helpful. Here are a few >interesting excerpts: My understanding is that NSC plans to release a Tessera version for the federal market and a DES version for the rest of us. This is probably reasonable - the federal (defense message system) Tessera market is pretty big. I don't know if they actually got the federal contract; I seem to recal hearing last week that the DoD contract for Tessera cards went to someone else, but I don't remember who. BTW, I've been playing with a prototype Tessera card for the last couple of weeks; cute little thing. Comments to follow shortly... -matt From phantom at u.washington.edu Sat May 7 08:16:56 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sat, 7 May 94 08:16:56 PDT Subject: No Subject Message-ID: I have no idea why jim insists on sending 20 copies of my bounce back to the list. I've contacted netcom and am hoping they'll clear up this abuse of their user agreement. I'm not sure what jim expects to accomplish; his original rants were, well, rants. For a person trying to get crypto to the masses, he's doing a good job of trying to kill all crypto development. Good thinking, jim. His posts now have no apparent reason behind them other than to simply be an anti-social irritation to members of the list. Unless something else happens, this is the last you'll see me write about it on the list. I'm just going to install a filter so I can read cpunks around jim. I hope you all will do the same so we don't have to discuss him. mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From lassie!jim%lassie at netcom.com Sat May 7 16:41:20 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Sat, 7 May 94 16:41:20 PDT Subject: Refused Mail Message-ID: <234@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!krypton.mankato.msus.edu!hayden ("Robert A. Hayden") Date: 07 May 94 Originally To: Jim Nalbandian Is there some reason why you are bouncing your 'refused mail' back to the list? If there is, I would, as would other, appreciate it if you could tell us. If you don't have a reason, or are doing it simply to get attention, then STOP IT! ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From unicorn at access.digex.net Sat May 7 16:55:05 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 7 May 94 16:55:05 PDT Subject: some animals are more equal than others In-Reply-To: Message-ID: <199405072354.AA12374@access3.digex.net> > > On Sat, 7 May 1994, Chris Knight wrote: > > > Due to the tremendous effort of the "War On Drugs" propiganda pimps, a > > law was passed there that allows the police to pull you over and search > > your car WITHOUT PROBABLE CAUSE. > > > > This was late '91, anyone ever know if it got challenged in court? > > Interesting, since this so-called "law" seems to be in direct violation > of the Carroll Doctrine. > From mg5n+ at andrew.cmu.edu Sat May 7 17:27:26 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 7 May 94 17:27:26 PDT Subject: Cypherpunks is gated to Usenet Message-ID: <8hn35v200awSM4UmFA@andrew.cmu.edu> Well, I just found out that someone has gated the cypherpunks list to Usenet. Which means, if you send mail to the list, and include a Newsgroups: header, the message will also be cross-posted to the specified newsgroups. From cknight at crl.com Sat May 7 18:00:31 1994 From: cknight at crl.com (Chris Knight) Date: Sat, 7 May 94 18:00:31 PDT Subject: Data sent to you? In-Reply-To: <231@lassie.lassie.uucp> Message-ID: On Sat, 7 May 1994, Jim Nalbandian wrote: > Go away, you people are losers. If this is truely how you feel, then I would like to remind you that you subscribed to this list... It'll be so much nicer when you unsubscribe. I'm sorry we were not what you are looking for. Frankly, I can't even tell you where to look, since I have not been in any usenet groups that had quite your "quality" of postings. -ck From plocher at attaboy.Eng.Sun.COM Sat May 7 19:23:49 1994 From: plocher at attaboy.Eng.Sun.COM (John Plocher) Date: Sat, 7 May 94 19:23:49 PDT Subject: Expectations of privacy (Was Re: Security Consult. Needed) Message-ID: <9405080221.AA11831@attaboy.Eng.Sun.COM> | I heard a talk this past week [...] | | Basically, every phone in the government buildings is subject to being | listened in on. Everyone there knows this and knows beforehand that | their calls are most likly being taped. There is no privacy in calls | from these buildings and since one party knows this (ie the gov. individual) | it is leagal to tape and and listen in. Of course the other person | is not necisarily aware of this but that's his/her- problem (according to law). | | Now when governement individuals start carrying cell phones, I suspect | that the sames rules will apply. (?) | | I also heard (I may be wrong) that there is a law that says people should | expect that their cell phones will be overheard but that any information | obtained from such a converstation can not be used in court. The government (as do most businesses) asserts it's ownership of its property. Among this property are the phones && phone systems that it has purchased. Since our government is concerned about how our tax dollars are spent, it has regulations forbidding personal use of its property by it's employees. Since this is the government, these regulations take the form of law - both civil and criminal. Since they have outlawed personal use, it follows that the only legitimate use will be that dealing with government business. And there is nothing wrong with a business being concerned with how its operations are being conducted. Consider taping of E911 calls, listening in on IRS help lines to ensure no useful information is divulged, compiling statistics on just how long people will wait on hold for someone in the DMV, and the like ... :-) (As an aside, government people who deal in security usually answer their phones with "Hello, Mr/s Smith speaking, this channel is not secure" to alert the caller that the connection may be monitored) Contrary to Lile's fears, while the government reserves the right to listen to its employees' phone calls, it most certainly does not routinely tape all such calls. (hmmm, several hundred thousand employees times ?? hours phone use per day == how many tons of audio tape? :-) The laws of this land (USoA) also state that it is illegal to record phone conversations unless at least one of the parties is aware of the action (or there is a court warrent authorizing a wiretap). Since all gov't phones are subject to monitoring, all gov't employees are told this, and thus the law is adhered to. Still no reason for paranoia. With today's cell phones there is *no* security - anyone with a scanner can listen to (at least one half of) your phone calls. Phone Encryption Devices (like the device that used to be called Clipper before Intergraph objected) will at least get rid of these casual eavesdroppers - never mind the other problems it has. The FCC has laws that regulate what you can do with information gathered from "private" radio transmissions - any conversations that are not directed at *you*, but that you happen to overhear. One of these regulations states that while it is not illegal to receive these transmissions, but it is illegal to _divulge_ information about it. It is still somewhat of an open question as to whether a cellphone user has an expectation of privacy, or whether the phone's transmissions are somehow "public". If the later, then no warrent would be needed... This issue happens to be the "enhanced security" being proposed in the FBI's Digital Telephony Bill - in an effort to cover up the gaping erosion of privacy mandated by this proposed bill, it offers to make divulging a cordless phone's calls illegal. Thanks, but no thanks. -John From willey at bach.seattleu.edu Sat May 7 19:25:25 1994 From: willey at bach.seattleu.edu (steve willey) Date: Sat, 7 May 94 19:25:25 PDT Subject: magic money clients doing business with more than one server? In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- i now have 10Ghost Marcs. now, for something to spend them on ;) next question, can one client hold coins of different currencies? it appears that it can't. for one thing the bank.key is a single key and not a keyring. is it worth adapting mgmny clients to handle multiple currencies (servers)? has this already be discussed? what do people think of releasing the mgmny package with the necessary pgptls code together so that people who only want magic money need only fetch one archive file, not both mgmny and pgptools? i have both the client and server binaries for SunOS4.1.3 that i will gladly make available (via email, i have no ftp option) On Sat, 7 May 1994, Matt Thomlinson wrote: > I guess I already sent you the initialization file, right? > right, i now have 10Gm. now, for something to spend them on ;) steve - ------ ** stephen willey DoD# 0769, 1Kspt=5.80, prez IBMC * '92 CFM-2 ** ** willey at seattleu.edu pgp key on server * '81 GS450 ** ** "The tree of liberty must from time to time be * '73 RD350 ** ** refreshed by the blood of patriots and tyrants." t. jefferson ** -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLcxMA+kLnBC5IxgxAQFbMQQAmw5+U6riD8/uOCa/OBZCSm6lmTTLb2Co E5zFAL/LszO6tjWPwsIj9q2l/9SqfatzZtdgQaiIRlie3D62+FbfZzwB0dsME4q5 /C/IYS+WN1Ny33m59LEszG/mCxa0GIDmzHLXzA/KNDdFPKsDExWRUG5404eZArlO 8gneAgVAojU= =3KMl -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAivSAg4AAAEEAPI/uyUB7gZf0M57U0qodnwpn5ClnSTgkh33o1g50WZOAxfJ 77iTDxbM/Xp5HFWwFtcB1HucYgego3G2K8JlxWOAHZW1mDBMLx9ASSkQBUb86aH4 IoUcg9TaiuhmOZYy5mxzOIUJhfSaU3kW8XQfR7K+lYTcy+pc0+kLnBC5IxgxAAUT tCpTdGVwaGVuIFN0ZXZlIFdpbGxleSA8d2lsbGV5QHNlYXR0bGV1LmVkdT6JAJUC BRAsqzXQ7dfzATntVykBARUvA/4kAS/p/kcsSE3u4DhsbouK1svDkrYgqhx29hip k9ANeZSIWpbkyOSzrL1cqtyT9vK6N135HNYrct4+fmdVkm7UIxGTMgzilAfxXmBb KPWbo9Xd0qM+HhBylMIBTKFw1pjK64fB8rXwNIgr/YljQA+d77cVtBi8N8mUvTk6 k/0gHw== =SIA9 -----END PGP PUBLIC KEY BLOCK----- From vkisosza at acs.ucalgary.ca Sat May 7 21:18:19 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Sat, 7 May 94 21:18:19 PDT Subject: Is the List dead? Message-ID: <9405080420.AA53538@acs5.acs.ucalgary.ca> Is the list dead? Haven't seen anything now for an extended period. -- Istvan From MWayne at eworld.com Sat May 7 21:19:31 1994 From: MWayne at eworld.com (MWayne at eworld.com) Date: Sat, 7 May 94 21:19:31 PDT Subject: WinPGP Message-ID: <9405080519.tn41054@eworld.com> -----BEGIN PGP SIGNED MESSAGE----- Good morning all-- Can anyone direct me to a BBS which has a copy of WinPGP? Thanks - --Mitch -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLcyQOzIAcJ9oIU2VAQHcCgP/QFFnKUl9356vVNEOWiPf7FBw2g5CtY34 45tTX899ngxLX5DLncDvXEB8TYvkM4L7X68yzHefBCcSuTgS5h6tzYPHUh7bm8la U7RG9wR42CFtX0kGEX3Ufoyzv58eAyBF7Fhow+I2FLVkQbkJ8gNC0sS/FgJPccJG DcLcABHcZpw= =XPcd -----END PGP SIGNATURE----- From MWayne at eworld.com Sun May 8 05:19:28 1994 From: MWayne at eworld.com (MWayne at eworld.com) Date: Sun, 8 May 94 05:19:28 PDT Subject: MacPGP for PowerPC Message-ID: <9405080519.tn41055@eworld.com> -----BEGIN PGP SIGNED MESSAGE----- Hi-- Two questions for you this morning: 1-Does anyone know what is going on re: the development of a version of MacPGP for the PowerPC? Although the exisitng version does work, I am looking for a native code version. 2-With the recent announcement by MIT, is there any development of a version 2.5 for Mac...680x0 or PPC? Thanks regards, - --Mitch -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLcyRkDIAcJ9oIU2VAQEJiwQAnBX5lFv9vx4p4DSTH9rcdABa7CpqA5Q9 hSW+JesqbolTgfFpUotdFiQWBmg/YHiW/UxTjLWmRHv53sDU5/tMeZfXZw7kjQdk R8IJi7w0KfFIoEXcVfuuSyylsHdP20eb64ueAC10InLWnOwySEbera5CSp0wn5Di kaXvQ/LUM1U= =zCHT -----END PGP SIGNATURE----- From bogstad at condor.cs.jhu.edu Sun May 8 08:31:34 1994 From: bogstad at condor.cs.jhu.edu (Bill Bogstad) Date: Sun, 8 May 94 08:31:34 PDT Subject: Anybody else see eye-to-eye with Connie Chung tonight? In-Reply-To: <9405060231.AA19359@sugar-bombs.gnu.ai.mit.edu> Message-ID: <2qj0k3$pkg@condor.cs.jhu.edu> In the message <9405060231.AA19359 at sugar-bombs.gnu.ai.mit.edu>, wrote: >[About segment on "digital stalker" on Prodigy and narrator's bias >towards 'something should be done'. In particular, 'flaming' should >not be tolereated.] I saw it and the reporter's bias as well. What I found most interesting was the interview(s) with the Prodigy representative who made the analogies with regular physical mail and how we don't expect the Post Office to screen all of our incoming mail. The reporter blew right past this argument and seemd to imply that if it was technically possible for the Post Office to screen your mail that it should. Quite disturbing... Bill Bogstad bogstad at cs.jhu.edu From hfinney at shell.portal.com Sun May 8 09:50:47 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 8 May 94 09:50:47 PDT Subject: Message to Hal Message-ID: <199405081651.JAA01007@jobe.shell.portal.com> It has come to my attention that I am the only subscribed member of the list at present. Everyone else seems to have unsubscribed, or been unsub- scribed, and only I have resubscribed. So, I'll just take this opportunity to make a test post, without worrying about swamping hundreds of mailboxes... Hal From nowhere at bsu-cs Sun May 8 10:58:06 1994 From: nowhere at bsu-cs (Anonymous) Date: Sun, 8 May 94 10:58:06 PDT Subject: Detweiler comes out of the woodwork Message-ID: <199405081757.MAA03118@bsu-cs.bsu.edu> Detweiler -- Out of the shadows? Newsgroups: alt.security.pgp,talk.politics.crypto From: tmp at netcom.com Subject: Re: RSA Data Security Inc. and Pretty Good Privacy...some comments Message-ID: Followup-To: alt.security.pgp,talk.politics.crypto Organization: NETCOM On-line Communication Services (408 241-9760 guest) X-Newsreader: TIN [version 1.2 PL1] Date: Sun, 8 May 1994 05:40:46 GMT Lines: 9 tmp at netcom.com wrote: : I post, therefore I am. You offend, therefore you am not. truthfully yours, --L.Detweiler From pcw at access.digex.net Sun May 8 16:13:38 1994 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 8 May 94 16:13:38 PDT Subject: NYT Op-Ed piece... Message-ID: <199405082313.AA08119@access2.digex.net> The NYT ran an op-ed piece by David Gelerntner arguing that the Digital Telephony and Clipper initiatives are a good idea. He is a professor of Computer Science at Yale University who is known for developing a parallel processing langauge known as Linda. He recently received a letter bomb that really hurt him and he mentions this in the piece. The FBI has been tracking this bomber for some time, but they haven't been able to catch him/her. It's in the edition of Sunday May 8th. -Peter Wayner D From sico at aps.hacktic.nl Sun May 8 16:21:54 1994 From: sico at aps.hacktic.nl (Sico Bruins) Date: Sun, 8 May 94 16:21:54 PDT Subject: IRS plans In-Reply-To: <199405060803.BAA07640@jobe.shell.portal.com> Message-ID: Friday May 06 1994 10:03, nobody at shell.portal.com wrote: npc> From: nobody at shell.portal.com npc> Newsgroups: list.cypherpunk npc> Message-Id: <199405060803.BAA07640 at jobe.shell.portal.com> npc> Date: Fri, 6 May 1994 01:03:12 -0700 >> From: johnl at iecc.com (John R Levine) >> Newsgroups: comp.society.privacy >> Subject: What the IRS is up to [lots deleted] npc> Through interface with Social Security, with the DMV, with your banking npc> institutions, we really have a lot of information, so why would you, at npc> the end of the year or on April 15th, today, do we ask the post office npc> to encumber themselves with massive numbers of people out there, npc> picking up pieves of paper that you are required to file? npc> ... We could literally file a return for you. This is the future npc> that we'd like to go to." npc> Lest there be any doubt, she was entirely serious, and she clearly npc> expected that that we'd all think this is as wonderful as she does. Yes, well, uh... If they already have all that information, would it *not* be wonderful if they suggested what your return could look like? I know that *I* really hate it everytime some agency (including income tax folk) sends me a pile of forms that I have to fill in with information they mostly already have. Or am I missing something? CU, Sico (sico at aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico at aps.hacktic.nl) From sico at aps.hacktic.nl Sun May 8 16:22:03 1994 From: sico at aps.hacktic.nl (Sico Bruins) Date: Sun, 8 May 94 16:22:03 PDT Subject: BANK: quite a bit of interest. In-Reply-To: Message-ID: Friday May 06 1994 08:14, Matt Thomlinson wrote: MT> From: Matt Thomlinson MT> Subject: BANK: quite a bit of interest. MT> Message-Id: MT> MT> Date: Thu, 5 May 1994 23:14:41 -0700 (PDT) MT> I've had quite a few people ask for instructions for retreiving the MT> ghostmarks I promised. Good to see that more people are getting MT> involved. I'm more than willing to help people get going using the magic MT> money implementations. I know, thanks for your help! One minor tidbit, however: MT> I've just paid the winner of the sonics/nuggets pool. I'm offering 15 MT> more ghostmarks to the person most closely guessing the spread of MT> the sonics/nuggets game 5 on saturday. (as a reference, the winner this MT> time was only within 14 points of the spread!) You need not have your MT> client installed to enter the pool. Do you realise that not everyone on the list (or should I say: not everyone interested in digital money) knows what "sonics/nuggets pool" is? I only mention this because you might be inadvertently limiting your audience. Allright, I'm off now to install my client. ;-) MT> mt MT> Matt Thomlinson CU, Sico (sico at aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico at aps.hacktic.nl) From lassie!jim%lassie at netcom.com Sun May 8 17:03:16 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Sun, 8 May 94 17:03:16 PDT Subject: Data sent to you? (fwd) Message-ID: <241@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!desert.hacktic.nl!kafka (-=[ Patrick Oonk ]=-) Date: 08 May 94 Originally To: netcomsv!lassie!jim%lassie get a life. ,,, (o o) .---------------oOO---(_)---OOo--------------------. | KAFKA at DESERT.HACKTIC.NL | | Pager: 06-5835851(1/2/3/4) | | Cryptoanarchy - xBase - PGP - House Music - MDMA | | Finger kafka at xs4all.hacktic.nl for PGP key | `--------------------------------------------------' == To get PGP, FTP /pub/unix/security/crypt/pgp23A.zip from ftp.funet.fi == -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From MIKEINGLE at delphi.com Sun May 8 18:51:46 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sun, 8 May 94 18:51:46 PDT Subject: Testing Message-ID: <01HC416ZG2TE95NUJ2@delphi.com> Is the list still alive? No mail today. From frissell at panix.com Sun May 8 19:51:33 1994 From: frissell at panix.com (Duncan Frissell) Date: Sun, 8 May 94 19:51:33 PDT Subject: Gelernter Op-Ed Piece Message-ID: <199405090251.AA16738@panix.com> I've received no cypherpunks mail for 24 hours so this may be old news but... David Gelernter, author of Linda and recent victim of the UnaBomber, writes in support of the DTI and Clipper. "Wiretaps for a Wireless Age" is on the Op-Ed page of the Sunday New York Times. I will be writing a Letter to the Editor and others should as well. Will someone who has access pick this up and post it. It's very important. It has some factual flaws: "What kind of half-wit criminal would...return a rental van that played a starring role in a big-budget terrorist spectacular?" But it represents as strong a statement of their position as Safire's column was of ours. Brilliant bit: "Privacy buffs are often big fans of gun control and the Endangered Species Act; some versions of gun control restrict the objects you may keep in your own home, and the species act has been interpreted in a way that drastically restricts the ways citizens may use their land." Of course many of us are not fans of gun control or the Endangered Species Act. --- WinQwk 2.0b#1165 From rsturt at wilbur.mbark.swin.oz.au Sun May 8 21:54:59 1994 From: rsturt at wilbur.mbark.swin.oz.au (Ice-Fox (aka Robert Sturtz)) Date: Sun, 8 May 94 21:54:59 PDT Subject: magic money Message-ID: could someone give me a hand compileing magic money?? btw many thanks too all those who emailed me adresses for pgp Yours in SYNC. Robert Sturtz __ __ __/// rsturt at wilbur.mbark.swin.oz.au (Ice-Fox on irc) __/// \XX/ Vice-President of Eastern Wargamers And Roleplayers Club \XX/ From GRABOW_GEOFFREY at tandem.com Sun May 8 22:37:26 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Sun, 8 May 94 22:37:26 PDT Subject: Clipper keys - backup copy. Message-ID: <199405082241.AA28985@comm.Tandem.COM> Has anyone considered that there must be a backup copy of the keys somewhere? Granted that the keys are supposed to be securely held by two seperate agencies, but where are the backup copies and who has access to 'em? You can't tell me that there aren't any backups. Any info? G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From GRABOW_GEOFFREY at tandem.com Sun May 8 22:44:29 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Sun, 8 May 94 22:44:29 PDT Subject: Anonymous phone calls Message-ID: <199405082248.AA13625@comm.Tandem.COM> Thanks for all of the responses. A friend of mine who works for a baby bell has been helping me in determining if the suggestions work. As for lassie!jim%lassie at netcom.com's incredibly useless response and instructions on how to use a pay phone... let me guess... you just figured out how to use one and now it gives you a special thrill to inform everyone else. If you use that lump of gray matter you call a brain, you'll realize that the purpose of any truly anonymous system is to reveal NO INFORMATION AT ALL!!!!! If you use a pay phone, the location of the phone is available to the phone company before the call completes. However, I do not mean to put your idea down... if you ever need to make anonymous phone calls to avoid police detection, (or anyone else for that matter...) please feel free to use a pay phone and I'll be happy to visit you after you have been arrested. G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From wmo at rebma.rebma.mn.org Sun May 8 23:03:43 1994 From: wmo at rebma.rebma.mn.org (Bill O'Hanlon) Date: Sun, 8 May 94 23:03:43 PDT Subject: Server Incompatibilities? In-Reply-To: Message-ID: <199405090503.AAA06628@rebma.rebma.mn.org> On Sat, 7 May 1994 15:04:18 -0400 (EDT) Matthew J Ghio wrote: -------- > Stuart Smith wrote: > > > I am writing an automagic remailing chaining/ARA creating OS/2 > > REXX script. A short time ago, either in this group or on the > > cypherpunks mailing list, there was a post that some remailer > > would not work if the previous mailer was remailer at rebma.mn.org. > > I don't remember the remailer and I can't find the original post - > > could someone let me know which one it was? > > Yeah, it's remailer at rebma.mn.org. The reason is because the remailer is > on a UUCP feed and the mail gateway it uses mangles the headers. As Hal mentions in another note, this should be fixed, now. I believe I changed my mail config a couple months ago and did not test the remailer. It took a while for anyone (anyone == Hal) to notice and bug me about it. Sorry for any inconvenience. -Bill From tcmay at netcom.com Mon May 9 00:24:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 9 May 94 00:24:21 PDT Subject: TEST Message-ID: <199405090724.AAA09286@netcom.com> This is a test to see if mail is getting though. If you get this, there are only about a dozen of us shown on Majordomo's listing, as you probably already know. Anybody know what happened? (I can think of some possibilities: Nalbandian's threatened 12.2 MB mail bomb, someone (LD or JN?) unsubscribed everyone with Majordomo, or a toad problem unrelated.) Exciting times in cypherspace. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cdodhner at indirect.com Mon May 9 00:55:10 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Mon, 9 May 94 00:55:10 PDT Subject: No traffic received in two days... Message-ID: Who got nuked, me or the list? Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ From tcmay at netcom.com Mon May 9 01:24:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 9 May 94 01:24:32 PDT Subject: My form letter Message-ID: <199405090824.BAA20449@netcom.com> Here's a form letter I expect to send to people who I see asking about the status of the list. If someone has better information than I have, I'll be happy to use it, or to let someone else handle responses. THIS IS A FORM LETTER (to save me having to type the same stuff) You have asked what happened to the Cypherpunks list. I don't know, but as of Sunday night, 8 May, there were only about a dozen or so subscribers. Apparently something happened to the list. I have messages in to Eric Hughes and Hugh Daniel. The subscriber list may get restored. I don't know. You can also resubscribe by sending a message to majordomo at toad.com with this as the body: subscribe cypherpunks If this is successful, you'll get a confirmation message within a few minutes. Volume is likely to be low, until things get back to normal. I hope this helps. --Tim May, not acting officially on behalf of the list. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From lassie!jim%lassie at netcom.com Mon May 9 03:03:22 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Mon, 9 May 94 03:03:22 PDT Subject: CNN POLL Message-ID: <243@lassie.lassie.uucp> On CNN there was a poll shown in a short segment about Internet. The question was "Do you know what Internet (AKA superhighway) is?" 32% had read or heard about Internet 68% had never read about or heard of Internet It is unclear whether these people are computer users or whether if they were whether they would use cryptography. One thing that is certain is they will probly not "FTP" anywhere to get any form of program. !!!FREE!!! get it !!!FREE!!! before it is gone! What is it? I don't know, but get two, they are free!!! -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From bart at netcom.com Mon May 9 03:17:16 1994 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 9 May 94 03:17:16 PDT Subject: (fwd) apgp200.zip - AutoPGP: Offline e-mail encryption with PGP Message-ID: <199405091017.DAA04979@netcom.com> Organization: Free Trial Software From: thomas at kjemi.unit.no (Thomas Skogestad) Newsgroups: comp.archives.msdos.announce Subject: apgp200.zip - AutoPGP: Offline e-mail encryption with PGP Date: Mon, 9 May 1994 06:30:38 GMT I have uploaded to the SimTel Software Repository (available by anonymous ftp from the primary mirror site OAK.Oakland.Edu and its mirrors): SimTel/msdos/offline/ apgp200.zip AutoPGP: Offline e-mail encryption with PGP AutoPGP v2.00 provides offline e-mail encryption with PGP. It supports XBoard and Offliner, as well as any QWK mail reader. Encrypts, decrypts and signs messages or part(s) of a message; inserts/extracts public keys and ascii armoured files + much more! Special requirements: PGP23A.ZIP. Author: Staale Schumacher (staalesc at ifi.uio.no) ShareWare. Thomas Skogestad thomas at kjemi.unit.no From hugh at ecotone.toad.com Mon May 9 03:26:53 1994 From: hugh at ecotone.toad.com (Hugh Daniel) Date: Mon, 9 May 94 03:26:53 PDT Subject: An ignorable test... Message-ID: <9405091025.AA06688@ ecotone.toad.com> Lets see if fixing all the file perms fixes the list... Hopefuly the list will be up in a few minutes. ||ugh Daniel Sometimes Postmaster hugh at toad.com From perry at snark.imsi.com Mon May 9 04:13:41 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Mon, 9 May 94 04:13:41 PDT Subject: iPower card info from NatSemi In-Reply-To: <01HC1IT9O3PE935CDF@delphi.com> Message-ID: <9405091113.AA06749@snark.imsi.com> Mike Ingle says: > iPower: The Card That Ate Your Privacy I would suggest that Cypherpunks begin calling up National Semiconductor officials, especially marketing officials, and asking them if they are aware of the degree of backlash against the company that this is likely to cause. Perry From cort at ecn.purdue.edu Mon May 9 04:54:41 1994 From: cort at ecn.purdue.edu (Cortland D. Starrett) Date: Mon, 9 May 94 04:54:41 PDT Subject: PGP and Yarn (offline reader) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- PGP can now be nicely integrated with the excellent offline news/mail package, Yarn. You can now, at the touch of a key, encrypt an out-going note, sign an out-going note/post and decrypt/verify incoming notes/posts. Yarn (stable beta version .64) can be retrieved by ftp from oak.oakland.edu:/pub/msdos/offline/yarn-064.zip (as well as mirrors and other sites). Yarn imports news/mail in the SOUP format. (I am quite pleased with this combination.) Thanks to the author, Chin Huang. Cort. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLc4Txes4vmytylqdAQH4ZAP/beKsMsK0uel1tWN+ApPLKU5FVM9wfimq r8c/rNFEK2BKsqu3m2eDObleKP2r5u4p17jR6q+Z+BCz+3Jcs8so5EYjWbJVaWJz YsuChCJJ1Q6hkfeBlAA8+NQXvZo4Zw6Dxwko4DZ7RoB+5hSwjkLF6apB4CeeKVNI 8XcqYG0GS9g= =R6MF -----END PGP SIGNATURE----- From mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu Mon May 9 05:19:11 1994 From: mg5n+eartdjp7xy633zeul7cwkz3c6zly7n1l98k233yemu0 at andrew.cmu.edu (Anonymous) Date: Mon, 9 May 94 05:19:11 PDT Subject: Anonymous Faxes Illegal (Re: legal rqmt for FAX return phone #) Message-ID: > I thought I heard somewhere that it was illegal to send > anonymous faxes -- namely, that there was some regulation ===== Excerpted from FCC January 11, 1993 Public Notice ===== FEDERAL COMMUNICATIONS COMMISSION PUBLIC NOTICE (31291 / DA 92-1716) January 11, 1993 INDUSTRY BULLETIN -- TELEPHONE CONSUMER PROTECTION ACT TELEPHONE SOLICITATIONS, AUTODIALED AND ARTIFICIAL OR PRERECORDED VOICE MESSAGE TELEPHONE CALLS, AND THE USE OF FACSIMILE MACHINES ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [...] *** [Lots of Q&A's Deleted] *** WHAT OTHER REQUIREMENTS APPLY TO THE USE OR MANUFACTURE OF TELEPHONE FACSIMILE MACHINES? FCC rules require that each transmission to a telephone facsimile machine must clearly contain, in a margin at the top or bottom of each transmitted page or on the first page of the transmission, (1) the date and time the transmission is sent (2) the identity of the ender and (3) the telephone number of the sender or of the sending machine. All telephone facsimile machines manufactured on or after December 20, 1992 must have the capacity to clearly mark such identifying information on the first page or on each page of the transmission. WHO IS RESPONSIBLE FOR COMPLIANCE WITH FCC RULES ON TELEPHONE FACSIMILE TRANSMISSIONS? The person on whose behalf a facsimile transmission is sent will ultimately be held liable for violations of the TCPA or FCC rules. *** [More Q&A's Deleted] *** ===== Partial Text of FCC January 13, 1993 Public Notice ===== FEDERAL COMMUNICATIONS COMMISSION PUBLIC NOTICE (31328) January 13, 1993 PART 68 IMPLEMENTATION OF TELEPHONE CONSUMER PROTECTION ACT FCC Docket No. 92-90, released October 16, 1992, became effective on December 20, 1992. For Part 68 requirements, see 47 C.F.R. sec. 68.318(c)(2) and (c)(3). [...] Form 730 Customer Instructions: The following information must be provided in Exhibit J of the Form 730 application and in instructions furnished the customer as provided in the following example: The Telephone Consumer Protection Act of 1991 makes it unlawful for any person to use a computer or other electronic device to send any message via a telephone fax machine unless such message clearly contains in a margin at the top or bottom of each transmitted page or on the first page of the transmission, the date and time it is sent and an identification of the business or other entity, or other individual sending the message and the telephone number of the sending machine or such business, other entity, or individual. In order to program this information into your fax machine, you should complete the following steps. Insert here instructions for programming the equipment and the required information or the page where it can be found. The fax branding procedure outlined above will be used only for fax machines and not for fax cards used in computers pending reconsideration proceedings. FCC Contact: William von Alven (202) 634 1833 ===== end of attachments ===== From gtoal at an-teallach.com Mon May 9 05:41:34 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 9 May 94 05:41:34 PDT Subject: What's Happened to the Cypherpunks list? Message-ID: <199405091241.NAA25665@an-teallach.com> : I came in this morning, expecting (as usual), a plethora of : mail from the cypherpunks mailing list. Instead, zilch. : Since this sounded fishy, I tried to find out if there was : a fault with the mecahnisms at U. Q. Since this seemed to : check out, I tried mailing to the Majordomo server with the : magic line: : : : "who cypherpunks" : in the body. I found out that "only" about 12 people were : subscribers. Yet when I last tried it, there were 700 people : listed. Is it a problem with me, or do other people have the : same hassles? Oh dear, looks like our favourite net.kook has forged 700 unsubscribe requests to majordomo on our behalf. This is getting out of hand :-( G From johncla at freenet.scri.fsu.edu Mon May 9 08:36:33 1994 From: johncla at freenet.scri.fsu.edu (John Clark) Date: Mon, 9 May 94 08:36:33 PDT Subject: Is the list down? Message-ID: I didn't get anything from Cypherpunks today (Sunday), is the list down? John K Clark johncla at freenet.fsu.edu From m5 at vail.tivoli.com Mon May 9 08:47:40 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 9 May 94 08:47:40 PDT Subject: Is the list down? In-Reply-To: Message-ID: <9405091547.AA03137@vail.tivoli.com> John Clark writes: > I didn't get anything from Cypherpunks today (Sunday), is the list > down? Is it excessively paranoid of me to wonder whether this was a deliberate denial-of-service attack? How exciting, if it was. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From frissell at panix.com Mon May 9 08:49:22 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 9 May 94 08:49:22 PDT Subject: Is the list down? In-Reply-To: Message-ID: On Mon, 9 May 1994, John Clark wrote: > I didn't get anything from Cypherpunks today (Sunday), is the list down? > John K Clark johncla at freenet.fsu.edu Send a message to majordomo at toad.com with the line: subscribe cypherpunks in it. Looks like we had a little denial of service attack from you know who. Everyone was unsubscribed. DCF From hayden at krypton.mankato.msus.edu Mon May 9 08:51:30 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 9 May 94 08:51:30 PDT Subject: So what happened? Message-ID: Subject says it all. What happened to the list? Did someone hack it or did it just suffer from sunspots or some such? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From jim at rand.org Mon May 9 09:16:16 1994 From: jim at rand.org (Jim Gillogly) Date: Mon, 9 May 94 09:16:16 PDT Subject: Is the list down? In-Reply-To: Message-ID: <9405091614.AA06838@mycroft.rand.org> > Duncan Frissell writes: > Looks like we had a little denial of service attack from you know who. Actually, I don't -- I can think of two likely suspects... of course, they could be tentacles of each other, but the styles don't match. > Everyone was unsubscribed. I guess that means forging a message from each of us; when I first tried subscribing, it wouldn't accept my subscription from mycroft.rand.org for my mail address of rand.org without human intervention, so the attacker couldn't do it from his own account without forging. I just did an experiment verifying that "Reply-to" is honored by Majordomo, which would explain why I didn't get acked for the unsubscribe on Saturday. Cooperative anarchy works only when people can be either motivated or coerced into being cooperative. As the net keeps increasing exponentially the probability of sucking in a critical mass of loonies increases along with it. As with public key cryptography, it takes only a linear increase in loonies to seriously interfere with the exponentially increasing (relatively) sane population. Well... countermeasures. Majordomo could require its subscriptions signed with a valid public key (PGP or RIPEM) with the public key in the signed body, and process future transactions for that individual only if they're signed. That's still open to a spam attack, though, where the attacker can subscribe 30 variations of (say) Jim Gillogly's address with different public keys constructed just for that, and Gillogly wouldn't be able to send the right unsubscriptions. Hurm. Jim Gillogly Mersday, 18 Thrimidge S.R. 1994, 16:09 From a2 at ah.com Mon May 9 09:30:19 1994 From: a2 at ah.com (Arthur Abraham) Date: Mon, 9 May 94 09:30:19 PDT Subject: sufficantly advanced software... Message-ID: <9405091629.AA13350@ah.com> ...is indistinguishable from a bug. Sufficantly advanced hacking.... ...is indistinguishable from a bug. : The Cypherpunks list has been wiped somehow...everyone was unsubscribed. Send mail to majordomo at toad.com with "subscribe cypherpunks" in the subject and as the first line of the message. If you are not on the cypherpunks list, or if you get multiple copies of this message, please ignore it... Mike -a2 From hayden at krypton.mankato.msus.edu Mon May 9 09:38:14 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 9 May 94 09:38:14 PDT Subject: Is the list down? In-Reply-To: <9405091614.AA06838@mycroft.rand.org> Message-ID: On Mon, 9 May 1994, Jim Gillogly wrote: > Well... countermeasures. Majordomo could require its subscriptions signed > with a valid public key (PGP or RIPEM) with the public key in the signed > body, and process future transactions for that individual only if they're > signed. That's still open to a spam attack, though, where the attacker > can subscribe 30 variations of (say) Jim Gillogly's address with different > public keys constructed just for that, and Gillogly wouldn't be able to > send the right unsubscriptions. Or you could remove the ability to whois the subscribers of the list. I know it can be done as queernet has done that for its majordomo lists. At the very least, that will remove the ability to get a listing of who is subscribed, although I kind think it's nice to be able to see who is on the list. I worry that requiring PGP or some other signature could pose problems for those outside the U.S., especially if MIT-PGP is apparently not exportable. Another choice is to require a confirmation from the subscriber. I run several LISTSERV mailing lists, and while it doesn't require confirmation for unsibscription (just signing up), it does keep down on the number of "accidental" activities. It'd be pretty trivial to hack majordomo to reply to the address in the whois list (instead of the Reply-To:) and maintain a small database of 'pending' people. By requiring a, say, six-digit code in the subject line of the confirmation, the software can verify that it is genuine. As I said, LISTSERV implements something similiar as an option for subscribing. Maybe even for unsubscribing (I've never checked). ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From nelson at crynwr.com Mon May 9 09:43:55 1994 From: nelson at crynwr.com (Russell Nelson) Date: Mon, 9 May 94 09:43:55 PDT Subject: Cypherpunks change bytes! In-Reply-To: Message-ID: From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 5 May 1994 15:30:24 -0700 (PDT) I don't see the point in forcing everyone to patch their binaries or recompile from source - does anyone else? Bidzos & Co. are certainly smart enough to anticipate this step. What's the catch? I'd guess that it was a face-saving negotiating point. RSA was screwed to the wall because MIT has fair use on the PKP patents since the invention was performed there. The restrictions on the fair use are so broad as to be meaningless. So they threw him a bone... -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From nelson at crynwr.com Mon May 9 09:53:32 1994 From: nelson at crynwr.com (Russell Nelson) Date: Mon, 9 May 94 09:53:32 PDT Subject: Hell's Bells In-Reply-To: <199405052149.OAA04904@netcom.com> Message-ID: Date: Thu, 5 May 1994 14:49:04 -0700 From: lile at netcom.com (Lile Elam) I am listening to the Hell's BElls broadcast on the MBone that's coming from Interop. I just heard that AT&T wants to control conduit *and* content! Maybe. They won't get to. It's on the session: Cyberstation:audio feed I just noticed that president at whitehouse.gov is listening in on this channel... Nahhh. I was there at the Cyberstation while Simon Hackett checked -- was actually someone at anl. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From nelson at crynwr.com Mon May 9 09:54:31 1994 From: nelson at crynwr.com (Russell Nelson) Date: Mon, 9 May 94 09:54:31 PDT Subject: i In-Reply-To: <9405061652.AA15641@internal.apple.com> Message-ID: Date: Fri, 6 May 1994 09:52:38 -0800 From: lefty at apple.com (Lefty) Some nobody writes >should you be interested in congratulating jim nalbandian for his >recent well thought out and highly intellectual contributions to the list >feel free to contact him personally and then treats us to what he purports to be Mr. Nalbandian's phone number and address. ... The same goes for anyone who would attempt to _use_ this information. Why? A phone call in time saves nine flames. Perhaps he's not a jerk in person or on the phone? My wife is accrediting a potential LaLeche League Leader whose writing style is very dry and unemotional. They just met in person this weekend and she's not that way at all in person. So yes, give the guy a call and see what's up with him... If you care, that is. ObCrypto: Is it "MIT-PGP", "PGP 2.5", or "MIT-PGP 2.5"? -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From lefty at apple.com Mon May 9 10:01:26 1994 From: lefty at apple.com (Lefty) Date: Mon, 9 May 94 10:01:26 PDT Subject: i Message-ID: <9405091700.AA22697@internal.apple.com> > Some nobody writes > > >should you be interested in congratulating jim nalbandian for his > >recent well thought out and highly intellectual contributions to the list > >feel free to contact him personally > > and then treats us to what he purports to be Mr. Nalbandian's phone > number and address. ... The same goes for anyone who would attempt > to _use_ this information. > >Why? A phone call in time saves nine flames. Perhaps he's not a jerk >in person or on the phone? > >My wife is accrediting a potential LaLeche League Leader whose writing >style is very dry and unemotional. They just met in person this >weekend and she's not that way at all in person. > >So yes, give the guy a call and see what's up with him... > >If you care, that is. I harbor grave doubts as to whether this is what the original poster intended. If anyone cares to take it upon themselves to find out Mr. Nalbandian's phone number to have a chat with him, they're certainly entitled to do so. I continue to feel that posting his phone number and address to the mailing list in this fashion constitutes incitement to harassment and invasion of privacy. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jis at mit.edu Mon May 9 10:56:01 1994 From: jis at mit.edu (Jeffrey I. Schiller) Date: Mon, 9 May 94 10:56:01 PDT Subject: MIT Announces PGP 2.5 Message-ID: <9405091332.AA29405@big-screw> Beta Test Release of PGP version 2.5 May 9, 1994 The Massachusetts Institute of Technology announces the distribution of PGP version 2.5, incorporating the RSAREF 2.0 cryptographic toolkit under license from RSA Data Security, Inc., dated March 16, 1994. In accordance with the terms and limitations of the RSAREF 2.0 license of March 16, 1994, this version of PGP may be used for non-commercial purposes only. PGP 2.5 strictly conforms to the conditions of the RSAREF 2.0 license of March 16, 1994. As permitted under its RSAREF license, MIT's distribution of PGP 2.5 includes an accompanying distribution of the March 16, 1994 release of RSAREF 2.0. Users of PGP 2.5 are directed to consult the RSAREF 2.0 license included with the distribution to understand their obligations under that license. This distribution of PGP 2.5, available in source code form, is available only to users within the United States of America. Use of PGP 2.5 (and the included RSAREF 2.0) may be subject to export control. Questions concerning possible export restrictions on PGP 2.5 (and RSAREF 2.0) should be directed to the U.S. State Department's Office of Defense Trade Controls. Users in the United States of America can obtain information via FTP from net-dist.mit.edu in the directory /pub/PGP. *** Beta Release Note -- May 7, 1994 *** Today's release of PGP 2.5 is a beta test release, designed to permit users to familiarize themselves with the program and to give us feedback before we make the final release. This version of PGP2.5 has been tested on the following platforms: MSDOS, Sun381i, Solaris 2.X, Ultrix 4.X, Linux, RS6000, HP/UX Over the next few days, we will be testing PGP2.5 on a variety of other systems and collecting bug reports from this release. Please send bug reports to pgp-bugs at mit.edu. If you obtain a copy of this beta release code, please keep checking http://web.mit.edu for the announcement of the final release, so that you can update your copy of PGP2.5. We expect the final release to occur within a week. *** To Get PGP2.5: The directory where PGP2.5 is located is hidden. To get it you need to telnet to "net-dist.mit.edu" and login as getpgp. You will be asked to confirm that you will abide by the terms and conditions of the 3/16/94 RSAREF 2.0 license. The license is in the file "license.txt" in /pub/PGP on net-dist.mit.edu. From MIKEINGLE at delphi.com Mon May 9 11:18:43 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Mon, 9 May 94 11:18:43 PDT Subject: List crash/deleted? Message-ID: <01HC4ZNS9Y1G935VV3@delphi.com> What happened? 1: A software bug ate the file. 2: Someone hacked toad and deleted everyone. 3: Someone obtained a list of members and forged unsubscribes from everyone. Anyone know for sure? If it was forged unsubscribes, the sendmail logs should show where it came from... Some people have asked about the message I sent out. That was sent to everyone who posted in the last two weeks or so. I had those posts in files and used the from: lines as a distribution list. --- Mike From mech at eff.org Mon May 9 12:41:40 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 9 May 94 12:41:40 PDT Subject: Clipper: Govt. Monopoly in the Making - Ineffective Law Enforcement Message-ID: <199405091938.PAA29993@eff.org> Date: Mon, 9 May 1994 10:09:02 -0600 From: clewis at ils.nwu.edu (Charles Lewis) [according to the author, this may be redistributed at will; for print publication, best contact the author.] The Clipper Chip: Government Monopoly in the Making or Ineffective Law Enforcement Charles Lewis 2/26/94 On April 16, 1993, the White House released an official announcement of a new encryption technology called the Clipper Chip. Developed by the National Security Agency (NSA), and implemented by the National Institute for Standards and Technology (NIST), the Clipper initiative was intended to satisfy the private sector's need for secure encryption of data, specifically telephone communications, and at the same time allow law enforcement agencies to tap into these encrypted communications when such actions were approved by the Attorney General. The needs of private industry for secure lines of communication have long been left unfulfilled, primarily because of obsolete legislation that considers encryption algorithms to be a munitions for export purposes. For fear of the potential uses of such algorithms in the wrong hands, the export of technology implementing said algorithms has been virtually impossible. Industry leaders have been reluctant to incorporate encryption into their products because munitions laws would require that the versions made for export would have to be significantly different from the ones sold for domestic use. Meanwhile, industrial espionage remains a significant risk for many private companies. The government maintains that introducing secure encryption for public use could have disastrous effects for law enforcement agencies. "Unfortunately, the same encryption technology that can help Americans protect business secrets and personal privacy can also be used by terrorists, drug dealers, and other criminals," (The White House, Office of the Press Secretary, April 4, 1994). The Clipper initiative was meant to satisfy both the needs of the public sector for privacy, and the needs of law enforcement agencies to conduct legitimate electronic surveillance. To this end, the government proposed the controversial Escrow Encryption Standard (EES), of which Clipper is the first implementation. The concept is simple: Clipper will provide encryption of telephone calls between two Clipper equipped phones. This encryption will be unnoticeable at either end of the connection, but the signal in between will be scrambled to prevent monitoring by unauthorized parties. The scrambled signal can be decoded by using two data 'keys,' each held by a different government agency and released only when the Attorney General approves a request for them. By using this back door in the encryption algorithm, law enforcement agencies will still be able to conduct surveillance. Following the Clinton Administration's announcement of EES, there were concerned responses from many industry leaders and organizations. The primary cause for their anxiety was the power of the government to override the encryption provided by Clipper. This was defended as being a trade-off necessary for the compromise between the availability of encryption to the public and the needs of law enforcement agencies to effectively do their jobs. EES proponents argue that it does not make it any easier to obtain approval for electronic surveillance. The issue of whether the government can be trusted to hold the keys to this system is wide open for debate. Essentially, the government is asking us to trust them in this issue, and many aren't sure that this is wise or necessary. These arguments have far reaching implications for the future of personal privacy in America. It is very important for Americans, both in and out of the government, to consider how these issues affect us all. In the case of the EES, however, there are much more clear cut reasons why this initiative is both ineffective in satisfying the purposes for which it was devised, and damaging to those who would develop or use encryption. Even if we are to trust that the government is acting in our best interests by allowing law enforcement agencies to compromise the encryption standard, and even if we trust that the EES will provide adequate protection of the keys that can be used to bypass this encryption, many have asked just how effective the algorithm implemented in Clipper, called the SKIPJACK algorithm, is in the first place. The answer to this is impossible to ascertain first hand, unless you are one of the privileged few who were responsible for the development or testing of the algorithm. Secrecy is necessary in order to preserve the law enforcement functions ofs the algorithm. According to the NIST approval of EES, this ensures that no one can develop communications devices which use the algorithm without the law enforcement features (NIST, 2/9/94). That is to say that if the algorithm were made public, it would be no problem for a company to produce telephones which were capable of having encrypted communications with Clipper equipped phones, but would be impervious to decryption by law enforcement agencies, defeating the purpose of the algorithm. This secrecy comes at a cost. There is universal concern about the adequacy of an algorithm which cannot be revealed. In order to allay these concerns, the government had SKIPJACK examined by a panel of independent experts, who found it to be secure. Even so, it is difficult for many to simply take the word of this panel rather than to test the algorithm themselves. Dorothy Denning, a member of this panel, has little patience for outsiders who want in: "Nothing can be concluded from a statement questioning the technology by someone who has not seen it regardless of whether that person is an expert in security," (Denning, 2/9/94). By making this claim, she uniformly ignores the questions of the entire cryptography community. The attitude that no one outside of a government agency or government appointed panel is worthy of developing or testing SKIPJACK is echoed by Stuart Baker of the NSA in defending the secrecy surrounding the algorithm: "There are very few institutions other than government that are willing to devote both the kind of energy and resources that it takes to eliminate the last few bugs in encryption software or machinery," (Fourth Conference on Computers, Freedom, and Privacy, 3/24/94). Denning and Baker would have us believe that there is nothing useful to be had from consulting with the many industry and academic experts doing research in this field. In truth, it has often been the case that innovations in cryptography have come from non-government sources. There are many private companies providing encryption services professionally, as well as computer scientists doing important research in the field. Ignoring the opinions of these professionals not only damages the study of cryptography, but potentially hurts the EES by not taking advantage of what these experts have to offer. Even the sacrifice of a publicly available algorithm for the sake of law enforcement is in vain. Whitfield Diffie of Sun Microsystems, a veteran researcher in cryptography, tells us that "the Clipper system, as it has been described, is not difficult to bypass," (Diffie, 5/11/93). If Clipper chips do become as widely available as the government suggests, it will be possible for them to be used in such a manner as to defeat the law enforcement features of the chip. Also, what is to stop one from simply using a different sort of encryption that does not have the back door that Clipper does? According to official press releases, nothing. Government spokespeople repeatedly state that the use of the Clipper chip is entirely voluntary. But there are some drawbacks to not using it. For one thing, it is expected that the first big customer of Clipper equipped devices will be the government itself. Not only will this create many users of the EES right off, but it will also force companies that do business with the government to fall in line with the initiative. Another drawback to not using the government standard will be the old munitions laws restricting the export of encrypting devices. While the government is planning on loosening these restrictions for products using Clipper, "...the Administration will continue to restrict export of the most sophisticated encryption devices," (White House, Office of the Press Secretary, 2/4/94). It appears that the government hopes to simply squeeze out Clipper competitors economically. There are two possible results of the Clipper initiative. In the first scenario, competing encryption standards will arise. Without the government stepping in to make sure that the Clipper chip is the only form of telecommunications encryption available, this is inevitable. Alternate encryption standards will sell to the segment of consumers who would rather not trust the government to listen in on their phone calls. If this happens, Clipper will become completely ineffective for law enforcement because of the people using encryption that doesn't conform to the EES. At best, Clipper will fail. The only possible way that Clipper can not fail is if U.S. government successfully eliminates competitors selling encryption without a back door. Again, the government has repeatedly stated that this is not part of their game plan. If we are to believe that they will not try to create a Clipper monopoly, the first scenario is the only one possible. On the other hand, if the government does in fact force competitors out of the market using economic and legislative pressures, it would be extremely damaging both for the agencies outside of the government which work in the cryptography field, and for individuals using cryptography. The NSA would become the only agency in America with access to the workings of the system which the entire industry would be dependent upon. Additionally, only the NSA would have a say in keeping the EES competitive by incorporating new advances in encryption. Because of this choke hold, private research and innovation in this field would be brought to a halt. Either the U.S. government is prepared to take draconian measures to ensure that the EES is used universally, or the Clipper chip will be unable to keep the phone tapping business alive in the Information Age. The fact that these are the only possible outcomes is reason enough to oppose the Clipper initiative. Glossary Escrow Encryption Standard (EES): The encryption standard proposed by NIST, which has a back door accessible by keys held in escrow by government agencies. Clipper: The first implementation of the EES. This chip will be used in telecommunications devices. SKIPJACK: The encryption algorithm used in the EES. NIST: National Institute of Standards and Technology. Part of the Commerce Department. NSA: National Security Agency CPSR: Computer Professionals for Social Responsibility EFF: Electronic Frontier Foundation Sources Computer Professionals for Social Responsibility (CPSR). Computer Professionals Call For Public Debate on New Governement Encryption Initiative, April 16, 1993. Denning, D. Re:Campaign and Petition Against Clipper, (open letter on the Internet) February 9, 1994. Department of Commerce (DOC) National Institure of Standards and Technology (NIST). Approval of Federal Information Processing Standards Publication 185, Escrowed Encryption Standard (EES), February 9, 1994 Diffie, W. The Impact of a Secret Cryptographic Standard on Encryption, Privacy, Law Enforcement and Technology (congressional testimony), May 11, 1993. Electronic Frontier Foundation (EFF). "Initial EFF Analysis of Clinton Privacy and Security Proposal", EFFector Online, April 16, 1993. Fourth Conference on Computers, Freedom and Privacy. Data Encryption: Who Holds the Keys? (panel), March 24, 1994. Jackson, D. and S. Ratan. "Who Should Keep the Keys", Time, March 14, 1994. Markov, J. "Electronics Plan Aims to Balance Governement Access With Privacy", The New York Times, April 16, 1993. Murray, F. "Government picks affordable chip to scramble phone calls", The Washington Times, April 17, 1993. White House Office of the Press Secretary, Statement of the Press Secretary, February 4, 1994. Note: the great bulk of this information came from the following FTP sites: ftp.cpsr.org /cypherpunks/clipper ftp.eff.org /pub/EFF/Issues/Clipper ---- Charles Lewis Every normal man must be tempted clewis at ils.nwu.edu at times to spit on his hands, Institute forthe Learning Sciences hoist the black flag, Northwestern University and begin slitting throats. - H.L.Mencken -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From jim at bilbo.suite.com Mon May 9 13:31:09 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 9 May 94 13:31:09 PDT Subject: ping Message-ID: <9405092029.AA18213@bilbo.suite.com> This is an obnoxious, bandwidth-wasting test message. Please flame..er..ignore. Jim_Miller at suite.com From hfinney at shell.portal.com Mon May 9 13:32:21 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 9 May 94 13:32:21 PDT Subject: PGP 2.5 changes Message-ID: <199405092033.NAA14141@jobe.shell.portal.com> Below I have included the contents of the file newfor25.doc from the PGP 2.5 beta release which I just grabbed. It says that old (pre 2.3) signatures will not verify under 2.5. That's too bad. Also, key sizes are limited to 1024 bits. Tough luck for people who made bigger ones, I guess. Looks to me like there may still be a market for a non-RSAREF PGP. Anyway, here's the file: Changes to PGP 2.5: ***** MOST IMPORTANT ***** This version of PGP uses RSAREF 2.0, so it's legal in the U.S.! The RSAREF license forbids you to (among other things; see the license for full details) "use the program to provide services to others for which you are compensated in any manner", but that still covers a lot of people. If you want to use it in a commercial or governmental setting, talk to ViaCrypt (2014 West Peoria Avenue, Phoenix, Arizona 85029, +1 602 944-0773). PGP 2.5 should always be distributed with a copy of the RSAREF 2.0 license of March 16, 1994 from RSA Data Security, Inc., so that all users will be aware of their obligations under the RSAREF license. Since the RSAREF license conflicts with the GNU General Public License that PGP was formerly distributed under, the GPL had to go. PGP is still freely distributable, though. (From a copyright point of view; export controls or some other legal hassle may apply.) *** IMPORTANT CHANGE: RSAREF 2.0 can understand only the pkcs_compat=1 formats for signatures and encrypted files. This has been the default since 2.3, so old files should not be too much of a problem, but old key signatures will encounter difficulties. This change will result in a hole being ripped in the "web of trust" as many old signatures are invalidated. Please check your key rings (pgp -kc) and re-issue any signatures that have been invalidated. PGP by default offers to remove such signatures. Even if you leave them in, they are not trusted. Another RSAREF limitation is that it cannot cope with keys longer than 1024 bits. PGP now prints a reasonably polite error message in such a case. OTHER CHANGES: The support files are thinner. The various contrib directory utilities have not been updated since 2.3a, and since the PGP developers know how annoying it is to have people using an ancient version and complaining about a bug in a program that was fixed a year ago, they have been omitted rather than annoy the contributors in this way. Also, the language translation file, language, is incomplete. The strings that were in 2.3a are there, and some that could be updated without much knowledge of the language, but others that are new to 2.5 are untranslated. The format should be obvious and some tools for manipulating the language traslations are included in the contrib directory. Printed KeyIDs have been incresed to 32 bits, as there were enough keys out there that 24-bit keyIDs were no longer sufficiently unique. The previous 24-bit keyID is the LAST 6 digits of an 8-digit 32-bit keyID. For example, what was printed as A966DD now appears as C7A966DD. The config-file options pubring=, secring=, and randseed= have been added. Hopefully, the uses will be obvious. With these, you can keep keyrings anywhere you like. Of course, they can also be specified on the command line with +pubring= (or abbreviated to +pub=). If the line comment= appears in the config file, the line "Comment: " appears in ASCII armor output. Of course, you can also use this from the command line, e.g. to include a filename in the ASCII armor, do "pgp -eat +comment=filename filename recipient". PGP now enables clearsig by default. If you sign and ascii-armor a text file, and do not encrypt it, it is clearsigned unless you ask for this not to be done. The now enables textmode. Textmode detects non-text files and automatically turns itself off, so it's quite safe to leave on all the time. If you haven't got these defaults yourself, you might want to enable them. All prompts and progress messages are now printed to stderr, to make them easier to find and ensure they don't get confused with data on standard output such as pgp -m output. PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random data in an attempt to force disk compressors to overwrite as much data as possible. On Unix, if the directory /usr/local/lib/pgp exists, it is searched fror help files, language translations, and the PGP documentation. On VMS, the equivalent is PGP$LIBRARY:. (This is PGP_SYSTEM_DIR, defined in fileio.h, if you need to change it for your site.) Also, it is searched for a default global config. This file may be overridden by a local config, and it may not set pubring, secring, randseed or myname (which should be strictly personal) The normal help files (pgp -h) are pgp.hlp or .hlp, such as fr.hlp. Now, there is a separate help file for pgp -k, called pgpkey.hlp, or key.hlp. No file is provided by default; PGP will use its one-page internal help by default, but you can create such a file at your site. On Unix systems, $PGPPATH defaults to $HOME/.pgp. PGP used to get confused if you had a keyring containing signatures from you, but not your public key. (PGP can't use the signatures in this case. Only signatures from keys in the keyring are counted.) PGP still can't use the signatures, but prints better warning messages. Also, adding a key on your secret key ring to your public keyring now asks if the key should be considered ultimately-trusted. Prviously, you had to run pgp -ke to force this check, which was non-obvious. Due to a few people distributing PGP without the manual (including one run of a few thousand CD-ROMs), and the resultant flood of phone calls from confused users, PGP now looks to make sure a manual is somewhere in the vicinity when running to discourage this sort of thing. (If you're getting this warning and need details on how to get rid of it, try pgp -kg.) On Unix, PGP now figures out the resolution of the system clock at run time for the purpose of computing the amount of entropy in keystroke timings. This means that on many Unix machines, less typing should be required to generate keys. (SunOS and Linux especially.) The small prime table used in generating keys has been enlarged, which should speed up key generation somewhat. There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!) when generating primes 2 bits over a multiple of the unit size (16 bits on PC's, 32 bits on most larger computers), if the processor doesn't deal with expressions like "1<<32" by producing a result of 1. In practice, that corresponds to a key size of 64*x+4 bits. Code changes: At the request of Windows programmers, the PSTR() macro used to translate string has been renamed to LANG(). The random-number code has been *thoroughly* cleaned up. So has the IDEA code and the MD5 code. The MD5 code was developed from scratch and is available for public use. The Turbo C makefile was dropped in favour of a Borland C .prj file. You can use makefile.msc as a guide if you need one for a command-line Turbo C. From hayden at krypton.mankato.msus.edu Mon May 9 13:39:09 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 9 May 94 13:39:09 PDT Subject: ping Message-ID: On Mon, 9 May 1994, Jim Miller wrote: > This is an obnoxious, bandwidth-wasting test message. Please > flame..er..ignore. ok ) ( ( ( ( ) () @@ ) (( ( ( ( )( @@ ( )) ) ( ( ( ( ()( /---\ (()( ( _______ ) ) )(@ !O O! )@@ ( ) ) ) < ____) ) ( ( )( ()@ \ o / (@@@@@ ( ()( ) /--| |( o| ( ) ) ((@@(@@ !o! @@@@(@@@@@)() ( | > \___| ) ( @)@@)@ /---\-/---\ )@@@@@()( ) | /---------+ (@@@@)@@@( // /-----\ \\ @@@)@@@@@( . | | \ =========______/|@@@@@@@@@@@@@(@@@ // @ /---\ @ \\ @(@@@(@@@ . . | \ \\=========------\|@@@@@@@@@@@@@@@@@ O @@@ /-\ @@@ O @@(@@)@@ @ . | \ \----+--\-))) @@@@@@@@@@ !! @@@@ % @@@@ !! @@)@@@ .. . | |\______|_)))/ . @@@@@@ !! @@ /---\ @@ !! @@(@@@ @ . . \__========== * . @@ /MM /\O O/\ MM\ @@@@@@@. . | |-\ \ ( . @ !!! !! \-/ !! !!! @@@@@ . | | \ \ ) . . @@@@ !! !! .(. @. .. . | | \ \ ( / .( . \)). ( |O )( O! @@@@ . ) . | | / / ) ( )). (( .) !! ((( !! @@ (. ((. . . | | / / () )) )) .( ( ( ) ). ( !! )( !! ) (( )) .. | |_< / ( ) ( ( ) ) (( ) )).) ((/ | ( | \( )) ((. ). ____<_____\\__\__(___)_))_((_(____))__(_(___.oooO_____Oooo.(_(_)_)((_ ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From ebrandt at jarthur.cs.hmc.edu Mon May 9 14:30:14 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Mon, 9 May 94 14:30:14 PDT Subject: jarthur remailer down Message-ID: <9405092129.AA18872@toad.com> The remailer is down for an indefinite and possibly infinite period of time, due to abuse. Gory details to follow. In the mean time, don't use it. Eli ebrandt at hmc.edu finger for PGP key. From lassie!jim%lassie at netcom.com Mon May 9 14:35:14 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Mon, 9 May 94 14:35:14 PDT Subject: shit for brains (fwd) Message-ID: <245@lassie.lassie.uucp> FORWARDED MAIL ------- From: netcomsv.netcom.com!crynwr.com!nelson (Russell Nelson) Date: 09 May 94 Originally To: netcomsv!lassie!jim%lassie (Jim Nalbandian) You have shit for brains. I have to call long distance to get my email. Stop this bs. NOT ONLY ARE YOU PEOPLE IGNORANT BUT YOU ARE GOING TO BE BOMBED -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From pkm at maths.uq.oz.au Mon May 9 14:42:17 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Mon, 9 May 94 14:42:17 PDT Subject: What's happened to the mail? Message-ID: <9405092141.AA27368@axiom.maths.uq.oz.au> Well, did anyone write "who cypherpunks" to Majordomo? I did. The number of people it contained was about 10 (although it would probably be more than that by now). My guess is that someone (possibly Jim Nalbadian (sic?)) was the culprit. On a related matter, do you need an old (i.e. about 2 weeks old) copy of the cypherpunks mailing list, so as to bring it back to its old glory? ======================================================= | Peter Murphy. . Department of | | Mathematics - University of Queensland, Australia. | ------------------------------------------------------- | "What will you do? What will you do? When a hundred | | thousand Morriseys come rushing over the hill?" | | - Mr. Floppy. | ======================================================= From jim at rand.org Mon May 9 14:54:12 1994 From: jim at rand.org (Jim Gillogly) Date: Mon, 9 May 94 14:54:12 PDT Subject: PGP 2.5 changes In-Reply-To: <199405092033.NAA14141@jobe.shell.portal.com> Message-ID: <9405092153.AA08849@mycroft.rand.org> > Hal writes: > Below I have included the contents of the file newfor25.doc from the > PGP 2.5 beta release which I just grabbed... nefor25.doc writes: > Another RSAREF limitation is that it cannot cope with keys longer than > 1024 bits. PGP now prints a reasonably polite error message in such a > case. Reasonably polite? It says "Error: Bad pass phrase." That doesn't sound at all polite to me. And since my key is 1234 bits, I'm vastly unimpressed. What in the world is the point of this restriction? I see a lot of "what it is" but not "why it is" in the docs. Would one of the MIT reps mind explaining some of the reasoning behind the restrictions and deals that were made? > Since the RSAREF license conflicts with the GNU General Public License that > PGP was formerly distributed under, the GPL had to go. PGP is still How do you get rid of a copyleft? Just snip it out of the docs? Don't forget to take it out of the manifest also: DOC\COPYING - GNU General Public Licence If the plan was to supplant the freeware 2.3a with a nice legal US version, I don't think this has made it yet: eliminating compatibility with older versions (for which read "MY BELOVED KEY") can lead to hard feelings and user resistance. I like bug fixes, but not at the expense of functionality. Of course, this is a beta version, and annoyances may be fixed later. I'll watch for the next international version, and see if it's less annoying. Jim Gillogly Mersday, 18 Thrimidge S.R. 1994, 21:53 From lassie!jim%lassie at netcom.com Mon May 9 15:09:15 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Mon, 9 May 94 15:09:15 PDT Subject: Idiots Message-ID: <249@lassie.lassie.uucp> Well it seems like you people are really as stupid as it seems. Anybody (That is the dumb fucks name) decided to mail me twenty or so messages thru a remailer to try and clog my slow timeshare environment mail reader. Also someone named Ryn R. Snyder (This guy is extra autistic) did the same thing. Too bad I read all my mail offline by UUCP on an old slow IBM PS/2 MOD80 (intresting though, local supermarkets use this model computer as a product code server). Would not it be funny if someone set there .forward command in there little used Internet timeshare terminal environment to the cypherpunks mailing list and then subsribed to the list. I guess most people missed the point about distribution but that's OK, CLIPPER is a much better crypto program anyway. People that are not members of the Internt clique are expossed to it almost nightly on the news wheras they are not exposed to PGP or other RSA type crypto. I think marketing whizzes call this product recognition (don't ask me I am just a dumm as dirt sod buster). Oh well, I must go now, I now you all respect and adore me as much as I do you. Also it seems that the few fools that send repeated stupid mail to my box are in the minority. Thanks for the excelent and way cool mail that the rest of you send. 32% had heard or read about Internet (AKA Superhighway) 68% had NEVER heard or read of Internet I quess that 68% can FTP to a site to get PGP (etc.). Out of that agregate I wonder what percent has heard of PGP or RSA? CLIPPER? -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From anon1df3 at nyx10.cs.du.edu Mon May 9 15:12:10 1994 From: anon1df3 at nyx10.cs.du.edu (Paul Grange) Date: Mon, 9 May 94 15:12:10 PDT Subject: PGP 2.5 Message-ID: <9405092209.AA21090@nyx10.cs.du.edu> |> Another RSAREF limitation is that it cannot cope with keys longer than |> 1024 bits. PGP now prints a reasonably polite error message in such a |> case. |Reasonably polite? It says "Error: Bad pass phrase." That doesn't |sound at all polite to me. And since my key is 1234 bits, I'm vastly |unimpressed. What in the world is the point of this restriction? |I see a lot of "what it is" but not "why it is" in the docs. Would one of This restrcition comes from RSAREF code, over which the PGP team had no control. Everyone is entitled to their own opinion, but to me the development of a free, legal, source code version of PGP is such a positive development that it easily outweighs any of the problems (key sigs, incompatibility with big keys, etc.) that the new release has brought about. When the jump from verison 1 to verison 2 was made, everyone's key became obsolete, and everyone survived. Everyone will survive this time, too. I'm also very pleased with some of the new features (like the default for PGPPATH, which will make PGP a lot more accessible to casual users). From hayden at krypton.mankato.msus.edu Mon May 9 15:18:44 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 9 May 94 15:18:44 PDT Subject: Idiots In-Reply-To: <249@lassie.lassie.uucp> Message-ID: On Mon, 9 May 1994, Jim Nalbandian wrote: > Would not it be funny if someone set there .forward command in > there little used Internet timeshare terminal environment to the > cypherpunks mailing list and then subsribed to the list. I consider this to be a threat and grounds for removal and notification of his service provider. As the owner of several mailing lists, this kind of childish behaviour can bring certain nodes to their knees, and without the max-posting protections of LISTSERV, majordomo will keep sending until it dies, killing toad.com in the process. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From mech at eff.org Mon May 9 15:54:56 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 9 May 94 15:54:56 PDT Subject: 05\03\94 - VOLUNTARY NATURE OF TELECOMMUNICATIONS SECURITY INITIATIVE (fwd) Message-ID: <199405092254.SAA06367@eff.org> pulled this of the IITF server. FOR IMMEDIATE RELEASE: NIST 94-21 May 3, 1994 Contact: Anne Enright Shepherd VOLUNTARY NATURE OF (301) 975-4858 TELECOMMUNICATIONS SECURITY INITIATIVE STRESSED BY NIST OFFICIAL IN TESTIMONY A government-developed technology to protect the security of telephone conversations and other information communicated over telephone lines is meant to be used by both the government and the private sector on a strictly voluntary, as-needed basis -- and is not intended to be mandated in the future, a National Institute of Standards and Technology (NIST) official said today in congressional testimony. In statements to both the Senate Committee on the Judiciary and House Subcommittee on Technology, Environment and Aviation, NIST Deputy Director Raymond Kammer stressed that the "voluntary key escrow" coding system "first and foremost, was devised to provide solid, first-rate cryptographic security for the protection of information held by the government when government agencies decide such protection is needed for unclassified government communications." He cited as examples the protection of tax records, Social Security records, census data and other proprietary information when transmitted over telephone lines. At the same time, Kammer pointed out the importance of strong encryption protection for citizens and U.S. companies. Encryption "protects the individual privacy of our citizens.... Private-sector organizations can also benefit from encryption by securing their product development and marketing plans, for example. It also can protect against industrial espionage," Kammer said. But the increasing proliferation of encryption techniques also is expected to make the law enforcement community's job more difficult, he said, and the voluntary key escrow approach provides a way for law enforcement authorities -- when legally authorized -- to decode messages sent over telecommunications systems using the key escrow technique. The initiative is intended to strike a balance between the needs of law enforcement and national security with the needs of businesses and individuals for security and privacy. In every instance, Kammer stressed, the system is being made available on a strictly voluntary basis. Each federal agency can use the key escrow technology to protect its information on an as-needed basis. Companies can choose to use the system when they need excellent security -- or they can use any other encryption technologies available in the marketplace. "Let me be clear," Kammer said. "This Administration does not seek legislation to prohibit or in any way restrict the domestic use of cryptography." - 30 - NOTE TO EDITORS: Copies of the NIST testimony are available to reporters by calling (301) 975-2762. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From unicorn at access.digex.net Mon May 9 16:09:04 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 9 May 94 16:09:04 PDT Subject: PGP 2.5 In-Reply-To: <9405092209.AA21090@nyx10.cs.du.edu> Message-ID: <199405092308.AA14455@access1.digex.net> > > |> Another RSAREF limitation is that it cannot cope with keys longer than > |> 1024 bits. PGP now prints a reasonably polite error message in such a > |> case. > > |Reasonably polite? It says "Error: Bad pass phrase." That doesn't > |sound at all polite to me. And since my key is 1234 bits, I'm vastly > |unimpressed. What in the world is the point of this restriction? > > |I see a lot of "what it is" but not "why it is" in the docs. Would one of > > This restrcition comes from RSAREF code, over which the PGP team had no > control. > > Everyone is entitled to their own opinion, but to me the development of a > free, legal, source code version of PGP is such a positive development > that it easily outweighs any of the problems (key sigs, incompatibility > with big keys, etc.) that the new release has brought about. I'm afraid I have to disagree. I dislike the limiting of key length to 1024 bits and would encourage a fix to at least the 1200's range. Unfortunately I don't know enough about RSAREF to know what this involves but it seems a step backwards to limit key length to this size especially with the recent advances in processing on the retail market (powerpc pentium etc.) To me this makes 2.5 a real loser. More and more 2.5 looks like a restriction on choice. No keys over 1024 bits. No use of servers for the older versions. > When the > jump from verison 1 to verison 2 was made, everyone's key became > obsolete, and everyone survived. Everyone will survive this time, too. I don't use a 1200 bit key now, but I'd like the option. Calling the limitation a mere backwards compatibility problem shortcuts the issue. I wouldn't care less if I used a 1200 bit key or a 2048 bit key today and had to make a new one for the new version. I would care if I used a 1200 or 2048 bit key today and had to make a 1024 bit one. I don't want to be paranoid, but why the restriction? Who does it serve? Definitely not the user. What modifications are possible? What are the restrictions on modification to code in the licensing agreement? > > I'm also very pleased with some of the new features (like the default for > PGPPATH, which will make PGP a lot more accessible to casual users). > Fine, how about satisfactory for serious users? -uni- (Dark) From dat at ebt.com Mon May 9 16:13:56 1994 From: dat at ebt.com (David Taffs) Date: Mon, 9 May 94 16:13:56 PDT Subject: [anon1df3@nyx10.cs.du.edu: Re: PGP 2.5] Message-ID: <9405092313.AA09441@helpmann.ebt.com> |> Another RSAREF limitation is that it cannot cope with keys longer than |> 1024 bits. Projecting current progress in factoring, how long will 1024-bit keys be secure against something like NSA? Is it the case that by standarizing on 1024-bit keys for the forseeable future, are we merely providing a window of opportunity for cryptopunks which will work fine for awhile but which will slam shut forever once the NSA becomes able (as a result of vast computer power, if nothing else) to routinely factor numbers this large, maybe in about 2150 or so? Remember people thought RSA-129 would take a long time. Cypherpunks write code that will remain secure for a long, long time I hope. Standardizing on RSAREF might, in the very long run, eventually have the same crippling effect that standarizing on clipper could have in the short to intermediate term. If people become complacent about this limitation, it could become institutionalized. If everybody uses PGP 2.5 for the next hundred years, what happens then? If the public PGP depends on RSAREF whose evolution is controlled by RSA, and if eventually a new version comes out which is incompatible with the older versions, and for which source code isn't as readily available, and the world standardizes on it, and it isn't interoperable with older versions, then we lose control, even if we now distribute a version of PGP 2.5 with the key restriction removed. I would be happier if PGP 2.5 did not impose such a limit on key length. If we standardize on something with limitations, we have to remove them in the future. If we standarize on something without limitations, future generations don't have to worry about it. In addition to distributing crypto to the masses, we need to ensure that no infrastructure gets imposed which obviates our methods. I don't know if the 1024-bit key restriction will over time become an important limitation or not -- do you? A better question -- how long will it take? I don't think I'm being paranoid, I'm just curious about the details about what is known about just how hard factoring is, and how that corresponds to the exponential growth in technological capability, and where the crossover point lies for 1024-bit keys. Maybe I should just read the book instead of posting... (Naah!..) -- dat at ebt.com (David Taffs) From cme at sw.stratus.com Mon May 9 16:18:50 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Mon, 9 May 94 16:18:50 PDT Subject: PGP 2.5 working on UNIX Message-ID: <199405092318.TAA11880@galt.sw.stratus.com> -----BEGIN PGP SIGNED MESSAGE----- Note -- I built it for my UNIX machine but I needed to edit the rsaref2 makefile in 3 places to specify gcc. cc barfed on the make. The instructions say to make your own directory, but you need to edit the makefile and run make in place in the rsaref2/install/unix directory or the pgp makefile won't find it. You should make rsaref2 first. - Carl P.S. I'll sign my new 1024 bit key with my old 1264 bit key later. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLc7EflQXJENzYr45AQEiqAP/Wg4jq/u8636hMd/zmKS8opL683rKnL0a Jv+WVNIqOASyA9UYoAXegmmXDIohW1PjzudQ3SkZPxfhr9yLrz4h7KUZSowNAdlq XaVBJETumF60YYKPzjDLSj2j3z9yqC8HR4Vv5HtbEv/nEIM8RsFW03rIn4HcUiiO fCCA5K70ouc= =6i8v -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi3OxA8AAAEEALNdAXftavTBG2zHV7BEV59gntNlxtJYqfWIi2kTcFIgIPSj KlHleyi9s5dDcQbVNMzjRjF+z8TrICEn9Msy0vXB00WYRtw/7aH2WAZx+x8erOWR +yn1CTRLS/68IWB6Wc1x8hiPycMbiICAbSYjHC/ghq2mwCZO7VQXJENzYr45AAUR tC5DYXJsIEVsbGlzb24gMTAyNC1iaXQga2V5IDxjbWVAc3cuc3RyYXR1cy5jb20+ =tEQq -----END PGP PUBLIC KEY BLOCK----- From loofbour at cis.ohio-state.edu Mon May 9 21:17:37 1994 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Mon, 9 May 94 21:17:37 PDT Subject: PGP 2.5 In-Reply-To: <9405092209.AA21090@nyx10.cs.du.edu> Message-ID: <199405100404.AAA06262@styracosaur.cis.ohio-state.edu> Paul Grange writes: > |> Another RSAREF limitation is that it cannot cope with keys longer than > |> 1024 bits. PGP now prints a reasonably polite error message in such a > |> case. > [...] > This restrcition comes from RSAREF code, over which the PGP team had no > control. Strange -- the RSAREF 2.0 license asserts no such restriction, unless I've misread it. Patching it -- say, to allow it to handle >1024 bit keys -- would seem to fall under one's license... [from license.txt] c. to modify the Program in any manner for porting or performance improvement purposes (subject to Section 2) or to incorporate the Program into other computer programs for your own personal or internal use, provided that you provide RSA with a copy of any such modification or Application Program by electronic mail, and grant RSA a perpetual, royalty-free license to use and distribute such modifications and Application Programs on the terms set forth in this Agreement. Is the definition of "performance improvement" so limited that improving maximum key size is not permitted? This aside, modifying RSAREF 2.0 (and taking out the guardrails in keymgmt.c) *appears* to allow larger key sizes. The only succeeding restriction on key sizes is the 1280-bit restriction imposed by the assembly code, if the comments are to be believed. Generating a brand new ~1280 bit key under 2.5 appears to work perfectly, although I suppose RSAREF could be happily returning a shorter key that claims to be >1024 bits (either by design, or by omission). The fact that an older >1024 bit key fails this test does raise this suspicion. This will take some further work. I would be surprised to discover that the MIT folk hadn't fiddled with this at all, though -- Any comment from the 2.5 folks on the barriers to using RSAREF for longer keys? nathan From michaelrgn at aol.com Mon May 9 21:18:12 1994 From: michaelrgn at aol.com (michaelrgn at aol.com) Date: Mon, 9 May 94 21:18:12 PDT Subject: C'punks list Message-ID: <9405092356.tn335928@aol.com> What has happened to the list?? My C'punks incoming mail atopped yesterday (5/8/94). I sent a "Who cypherpunks" command and my name is no longer there. There was only about six names that were returned. I've been lurking for a little over a month now and really enjoy the discussion. Where did everyone go??? Mciahel Ragan From 71431.2564 at CompuServe.COM Mon May 9 21:19:04 1994 From: 71431.2564 at CompuServe.COM (Bradley W. Dolan) Date: Mon, 9 May 94 21:19:04 PDT Subject: reassuring press release Message-ID: <940510030409_71431.2564_FHA28-1@CompuServe.COM> >Date: Mon, 09 May 1994 18:54:08 -0400 (EDT) >From: Stanton McCandlish >Subject: 05\03\94 - VOLUNTARY NATURE OF TELECOMMUNICATIONS SECURITY >INITIATIVE (fwd) >Sender: owner-cypherpunks at toad.com >FOR IMMEDIATE RELEASE: NIST 94-21 >May 3, 1994 >Contact: Anne Enright Shepherd VOLUNTARY NATURE OF > (301) 975-4858 TELECOMMUNICATIONS SECURITY > INITIATIVE STRESSED BY NIST > OFFICIAL IN TESTIMONY >clear," Kammer said. "This Administration does not seek >legislation to prohibit or in any way restrict the domestic use >of cryptography." ^^^^^^^^^^^^ !!!!!!!! From lassie!jim%lassie at netcom.com Mon May 9 21:19:12 1994 From: lassie!jim%lassie at netcom.com (Jim Nalbandian) Date: Mon, 9 May 94 21:19:12 PDT Subject: I am sorry I bothered you. Message-ID: <256@lassie.lassie.uucp> I am sorry to have bothered the group known as cyberpunks. Please forgive me, but I must go. There is a TV program about guns in America, I must watch this so I may have a good laff. They say you can buy a gun on the street anywhere. I doubt if I could here near Arizona State University (rated #1 party school by playboy magazine). But if an econimist would look at graphs for public assistance from the Fed and comparied it with crime rate per 1,000 citizens in an area he probly could find an area to purchase guns rather rapidly (he probly would not need to look at the crime figures, just public assistance). Freenzy like a shark. The newspapers do a survey to see what people are concerned about. They are concerned about crime. So they write articles about crime. People get more concerned about crime. So they write more articles 8 (that is supose to be sideways) Intresting to note, no one brags about the statistics involving police officers and violent gun related crime. Could it be that having a hand gun strapped to your belt deters crime? Or is it just the bullet proof vest. I know this is stupid second amendment talk, but it is only one away from cryptographies 1st amendment and 3 away from the 5th that should allow you to have any crypto your heart desires. After they strike down the right to protect your documents on your word processer, what next, torture for confessions? Well one thing for sure you probly won't have a gun to defend your freedom of speech or your freedom to assemble or any other freedom you can think of that can be taken away in the proclamation of national intrest. Sorry for bothering you. -- * Spelling errors are intentional and international * Jim Nalbandian netcomsv!lassie!jim%lassie at netcom.com Tempe, Arizona, USA N7SZS at K7BUC.AZ.US.NA No free man shall ever be de-barred the use of arms. The strongest reason for the people to retain there right to keep and bear arms is as a last resort to protect themselves against tyranny in government. <-------- Thomas Jefferson -- From drzaphod at brewmeister.xstablu.com Mon May 9 21:19:19 1994 From: drzaphod at brewmeister.xstablu.com (DrZaphod) Date: Mon, 9 May 94 21:19:19 PDT Subject: 05\03\94 VOLUNTARY ... SECURITY INITIATIVE Message-ID: > . . . meant to be used by both the government and > the private sector on a strictly voluntary, as-needed basis -- > and is not intended to be mandated in the future, a National > Institute of Standards and Technology (NIST) official said today > in congressional testimony. I would have been impressed if they left out "intended." The above "testimony" is meaningless. How is NIST supposed to know what diabolical plans NSA/etc has in store for us. > But the increasing proliferation of encryption techniques > also is expected to make the law enforcement community's job more > difficult, he said, and the voluntary key escrow approach > provides a way for law enforcement authorities -- when legally > authorized -- to decode messages sent over telecommunications > systems using the key escrow technique. This is the same argument used for the Digital Telephony Bill. That's MANDATORY . . it won't work if it's voluntary. > . . . Companies can choose to use the system when > they need excellent security -- or they can use any other > encryption technologies available in the marketplace. Can companies believe the government's secret[obscure] crypto is safer than PGP or it's offspring? Why does the government feel the need to spend all our money and provide us with inferior encryption? ANSWERS: 1] They're lying to us. 2] They have too much money..and we trust them to print it? It's too bad people, in general, believe what they hear, not what is done. The Master Plan to hypnotize our nation [+the world?] into supporting what they have not a clue about continues . . . -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod at brewmeister.xstablu.com] [MindPolice Censored This Bit] - - 50 19 1C F3 5F 34 53 B7 B9 BB 7A 40 37 67 09 5B - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From pcw at access.digex.net Mon May 9 21:19:38 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 9 May 94 21:19:38 PDT Subject: This is an abstract from a talk at Cornell University... Message-ID: <199405100253.AA29544@access3.digex.net> Subject: Lecture-Peter Shor-Factoring in Poly time Date: Mon, 9 May 1994 02:23:57 GMT FACTORING IN POLYNOMIAL TIME ON A QUANTUM COMPUTER Peter Shor, AT&T Bell Labs Richard Feynman and others have challenged the traditional Turing machine model of computation. A new model of computation based on quantum mechanics has recently been proposed. It is too early to know whether quantum computers will be practical. However, it is shown that quantum computers can factor integers and compute discrete logarithms in polynomial time. Lecture Hall D (north end), Goldwin Smith 11:40am, Monday, May 9 ----------------- Any comments on the veracity? From rsturt at wilbur.mbark.swin.oz.au Mon May 9 21:21:28 1994 From: rsturt at wilbur.mbark.swin.oz.au (Ice-Fox (aka Robert Sturtz)) Date: Mon, 9 May 94 21:21:28 PDT Subject: Is the list down? In-Reply-To: <9405091614.AA06838@mycroft.rand.org> Message-ID: > I guess that means forging a message from each of us; when I first tried > subscribing, it wouldn't accept my subscription from mycroft.rand.org for > my mail address of rand.org without human intervention, so the attacker > couldn't do it from his own account without forging. I just did an > experiment verifying that "Reply-to" is honored by Majordomo, which > would explain why I didn't get acked for the unsubscribe on Saturday. > would Majordomo still have copies of these replies??? that should point the finger (hopefully) > Cooperative anarchy works only when people can be either motivated > or coerced into being cooperative. As the net keeps increasing > exponentially the probability of sucking in a critical mass of loonies > increases along with it. As with public key cryptography, it takes only > a linear increase in loonies to seriously interfere with the exponentially > increasing (relatively) sane population. > > Well... countermeasures. Majordomo could require its subscriptions signed > with a valid public key (PGP or RIPEM) with the public key in the signed > body, and process future transactions for that individual only if they're > signed. That's still open to a spam attack, though, where the attacker > can subscribe 30 variations of (say) Jim Gillogly's address with different > public keys constructed just for that, and Gillogly wouldn't be able to > send the right unsubscriptions. > increase human intervention ie a human needs to authorise unsubscribes (or doesn't accept replys) as not all ppl use pgp or ripem > Hurm. > > Jim Gillogly > Mersday, 18 Thrimidge S.R. 1994, 16:09 Yours in SYNC. Robert Sturtz __ __ __/// rsturt at wilbur.mbark.swin.oz.au (Ice-Fox on irc) __/// \XX/ Vice-President of Eastern Wargamers And Roleplayers Club \XX/ From MWayne at eworld.com Mon May 9 21:25:35 1994 From: MWayne at eworld.com (MWayne at eworld.com) Date: Mon, 9 May 94 21:25:35 PDT Subject: MacPGP 2.5 Message-ID: <9405092125.tn47570@eworld.com> Does anyone have any info on whether or not this new version will be available for Macs? How about for PowerPC Macs? Thanks --Mitch From nobody at soda.berkeley.edu Mon May 9 21:30:58 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Mon, 9 May 94 21:30:58 PDT Subject: Missed stuff Message-ID: <199405100013.RAA20954@soda.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- Sorry to be a pain. I just resubscribed after whatever it was that happened that caused the massive unsubscription. Anyway, I missed the start of the PGP 2.5 thread. If someone archived the messages between the unsubscription and now, I'd appreciate it they'd get in touch with me so I can get a hold of them. Well, except for the Nalbandian message maybe :-) Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLc7O2hVg/9j67wWxAQHSZgQAhW9bM3QA1GWjIt7+j1eXjh/fDxGHWq3h p8I2x3HnY5kSPU6/0N66Y+gUISHt7z/ojkZ7tadDgUjAMCeqM3eGPJDjoal1VdIJ 7/OEpsjFVcuHwpZp5qrNHjOd4GGcpixmU1/CY6+FPUUyNXmOak9HlqZ4KMWG/dx3 Gr0p5IKA5lI= =aZVk -----END PGP SIGNATURE----- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```$YS^P;+]AB?X9TW6\8WR:>P&2'9,7.YM5[DU*:IVOLYZ'LR#3R6]%Q. F!LKO;7PXSNM7K3\Q(-"OG(+>&OAJ66?'R7L` ====Encrypted-Sender-End==== From tcmay at netcom.com Mon May 9 21:30:59 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 9 May 94 21:30:59 PDT Subject: Patents on RSA will expire soon.... In-Reply-To: <9405092313.AA09441@helpmann.ebt.com> Message-ID: <199405100017.RAA06001@netcom.com> David Taffs writes: > Projecting current progress in factoring, how long will 1024-bit keys > be secure against something like NSA? Schneier has a good exposition of this in his book. It's worthwhile to do the calculations, even back-of-the-envelope. Assuming no surprise breakthroughs in factoring (in which case even 1200-1500 bit keys would fall, one would assume), a 1024-bit key is *vastly* stronger than a 384-bit key, which just consumed several thousand MIPS-years to break (to factor the modulus, of course). > Is it the case that by standarizing on 1024-bit keys for the > forseeable future, are we merely providing a window of opportunity for > cryptopunks which will work fine for awhile but which will slam shut > forever once the NSA becomes able (as a result of vast computer power, > if nothing else) to routinely factor numbers this large, maybe in > about 2150 or so? Remember people thought RSA-129 would take a long > time. Recall that the RSA patents begin to expire in a few years and are completely expired by 2002. After that, the issue will be moot. And at the rate at which things are moving these days, I expect an MIT-RSADSI-blessed version of PGP--perhaps Version 3--to add features, increase key lengths, etc. I don't know any details of the MIT-RSADSI deal, but I think this PGP 2.5 deal is a GOOD THING, on the whole. It gives the national security apparatus no excuses for cracking down on PGP, vis-a-vis patent infringements (not that they enforce patents, but that was a cloud hanging over PGP), and probably makes the export of PGP for Zimmermann a non-issue. (Somebody will very quickly export PGP 2.5 to Europe, presumably by very untraceable means). As for generating a new key, I was planning to do so anyway...one ought to change one's key at least 0.5% as often as one change's one's underwear. (Awkwardly said, but you get the idea.) As there is not yet a Mac version, I'll have to wait a while. > in the short to intermediate term. If people become complacent about > this limitation, it could become institutionalized. If everybody > uses PGP 2.5 for the next hundred years, what happens then? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Not too likely. Not even the next _five_ years. By the time truly strong (last a couple of centuries) crypto is needed, for critical financial trusts and cryonic suspension sorts of things, this deal will help to make sure nothing can block the spread of strong crypto. A good thing. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From an49276 at anon.penet.fi Mon May 9 21:31:36 1994 From: an49276 at anon.penet.fi (Joe Blow) Date: Mon, 9 May 94 21:31:36 PDT Subject: MBone cypherpunks session... In-Reply-To: <9405062032.AA02200@snark.imsi.com> Message-ID: <9405092335.AA24507@anon.penet.fi> Perry E. Metzger wrote here, in response to Lile Elam's message: > What is the point here? The MBONE isn't like usenet. Sessions aren't > free. Personaly, I'd say that frivolous use of the mbone will alienate > people. Pls excuse my ignorance, but what is MBONE? If anyone would care to enlighten me on this, use email to avoid noise on the list. ;-) ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From hayden at krypton.mankato.msus.edu Mon May 9 21:31:39 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 9 May 94 21:31:39 PDT Subject: Idiots In-Reply-To: <252@lassie.lassie.uucp> Message-ID: On Mon, 9 May 1994, Jim Nalbandian wrote: > >I consider this to be a threat and grounds for removal and notification > >of his service provider. As the owner of several mailing lists, this > >kind of childish behaviour can bring certain nodes to their knees, and > >without the max-posting protections of LISTSERV, majordomo will keep > >sending until it dies, killing toad.com in the process. > > Gee Bob, can't you take a joke?? Not when it will spam the net. This is about as funny as Green Card Lawyers, the Clipper Chip, and Janet "Flambe'" Reno. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From jbzoza at io.org Mon May 9 21:31:41 1994 From: jbzoza at io.org (Jack Bzoza) Date: Mon, 9 May 94 21:31:41 PDT Subject: [ Secure Mosaic] In-Reply-To: <199404261449.KAA09085@thumper.bellcore.com> Message-ID: On Tue, 26 Apr 1994, Augustine Lo wrote: > To successfully combine simplicity of operation and key administration > functions with a high level of security that can be accessible to even > non-sophisticated users, significant changes were necessary for > existing WWW security protocols. EIT developed a new protocol called > Secure-HTTP for dealing with a full range of modern cryptographic > algorithms and systems in the Web. > > Secure-HTTP enables incorporation of a variety of cryptographic > standards, including, but not limited to, RSA's PKCS-7, and Internet > Privacy Enhanced Mail (PEM), and supports maximal interoperation > between clients and servers using different cryptographic > algorithms. Cryptosystem and signature system interoperation is > particularly useful between U.S. residents and non-U.S. residents, > where the non-U.S. residents may have to use weaker 40-bit keys in > conjunction with RSA's RC2 (TM) and RC4 (TM) variable keysize > ciphers. EIT intends to publish Secure-HTTP as an Internet standard, > and work with others in the WWW community to create a standard that > will encourage using the Web for a wide variety of commercial > transactions. > > Availability > > EIT will make Secure NCSA Mosaic software available at no charge to > CommerceNet members in September and NCSA will incorporate these > secure features in future NCSA Mosaic releases. > How likely is it that these specs will be publicly available so that others can build client front ends to this application? Thanks From jamesd at netcom.com Mon May 9 22:39:36 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 9 May 94 22:39:36 PDT Subject: This is an abstract from a talk at Cornell University... In-Reply-To: <199405100253.AA29544@access3.digex.net> Message-ID: <199405100539.WAA12160@netcom.com> Peter Wayner writes > > > Subject: Lecture-Peter Shor-Factoring in Poly time > Date: Mon, 9 May 1994 02:23:57 GMT > > FACTORING IN POLYNOMIAL TIME ON A QUANTUM COMPUTER > Peter Shor, AT&T Bell Labs > > Richard Feynman and others have challenged the traditional Turing > machine model of computation. A new model of computation based > on quantum mechanics has recently been proposed. It is too early > to know whether quantum computers will be practical. However, it > is shown that quantum computers can factor integers and compute > discrete logarithms in polynomial time. > > Lecture Hall D (north end), Goldwin Smith > 11:40am, Monday, May 9 > It is news to me that a quantum computer can do this, but is seems plausible that it could. Factoring is a member of a class of problems for which it is plausible that quantum computers have capabilities fundamentally superior to classical computers. On the other hand the field of quantum computing is full of crackpots. No quantum computers have been built. Quantum computers are unlikely to be useful until we get down to nanometer scale At the current rate of progress I conjecture (ill informed guestimate) that quantum computers will not do anything useful until about 2030. Quantum computers are coherence limited. For any computation that cannot be completed swiftly they will develop noise, which makes them act like classical computers. Thus even if their limitations are polynomial, whereas classical computers have non polynomial limitations on factoring, it will take them a long time to catch up with classical computers. Thus it will be many years after quantum computers have been developed and are being used routinely before they could equal classical computers in the factoring problem. If Goldwin's claim is true, then perhaps public key cryptograhy will eventually fall, in sixty years or so. -- --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesd at netcom.com | the arbitrary power of the omnipotent state. From phantom at u.washington.edu Mon May 9 22:47:47 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Mon, 9 May 94 22:47:47 PDT Subject: GhostMarks Message-ID: The trading of ghostmarks has begun. I've personally been party to a half-dozen transactions from my own personal account, and have more than 20 clients. It's time for trade to begin large-scale. I've placed the names of those clients who agreed to be publicly listed on my finger info: phantom at stein.u.washington.edu These are people (although not the only ones) that are ready and willing to begin transactions. Each of them has some sort of supply of ghostmarks. Let the grand experiment begin. Matt Executive Director The Phantom Exchange ("I'm not only the director, I'm also a client!") Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From dwitkow at eis.calstate.edu Mon May 9 23:24:26 1994 From: dwitkow at eis.calstate.edu (David T. Witkowski) Date: Mon, 9 May 94 23:24:26 PDT Subject: Voice encryption info request Message-ID: I'm looking for technical info on analog voice encryption techniques, including app notes and schematics if available. Any help would be appreciated, direct email replies are preferred. ...dtw /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ | I'll do whatever my Rice Krispies tell me to do... | | | | ******* Notice of impending email address change: ******* | | New interim address: dwitkow at eis.calstate.edu | /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAqeeBhcAAAEEAM8M83T/IpKEFbho61dHQIiXx3gFcmBNqMGKtAFFprt9obHH GQ0N1sm/T9DNnS59IxYkB1e08rEMHlearsiw48/p/A43jsYiwYVvy2IBPw6Lnwwc Cdtgbkou/PPiDq/M5nzC9EziljDAE8QhJISKgmez89d4HlLsNqhwMY4XVqGjAAUR tDJEYXZpZCBULiBXaXRrb3dza2kgPGR3aXRrb3dzQG5lcm1hbC5zYW50YXJvc2Eu ZWR1Pg== =PqVE -----END PGP PUBLIC KEY BLOCK----- From hfinney at shell.portal.com Mon May 9 23:27:15 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 9 May 94 23:27:15 PDT Subject: This is an abstract from a talk at Cornell University... Message-ID: <199405100628.XAA19786@jobe.shell.portal.com> From: jamesd at netcom.com (James A. Donald) > Peter Wayner writes > > Richard Feynman and others have challenged the traditional Turing > > machine model of computation. A new model of computation based > > on quantum mechanics has recently been proposed. It is too early > > to know whether quantum computers will be practical. However, it > > is shown that quantum computers can factor integers and compute > > discrete logarithms in polynomial time. > > It is news to me that a quantum computer can do this, but > is seems plausible that it could. > > Factoring is a member of a class of problems for which it > is plausible that quantum computers have capabilities > fundamentally superior to classical computers. I would be surprised if quantum computers had the capability to factor in polynomial time. The special capabilities that I have seen claimed for quantum computers have a probabilistic component, so that, in effect, you can do a calculation n times faster but have only a 1/n chance of getting an answer. (This is an oversimplification but gives the idea.) In the context of the Many-Worlds interpretation of QM, you might say that the various instances of the quantum computer spanning the multi- verse can be made to work together, but by a sort of conservation of information production, only a fraction of the individual universes of the multiverse get the answer. The one loophole that I see is that this term "quantum computer" covers a lot of territory. They might sneak in some infinities in addition to adding the strictly quantum capabilities. It is known that ordinary computers which can hold arbitrarily-large numbers (and do arithmetic on them in one time step) can factor in polynomial time. If the definition of your quantum computer is so broad that you can squeeze in some outrageous capability like this, then the claim of polynomial-time factoring is more plausible. Hal From unicorn at access.digex.net Mon May 9 23:32:37 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 9 May 94 23:32:37 PDT Subject: DigiCash Announcement Message-ID: <199405100632.AA09470@access1.digex.net> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- - - -- For Immediate Release -- In an agreement between The Phantom Exchange and UniBank, we are proud to announce the opening of a digital currency server and exchange service at unicorn at access.digex.net. UniBank will begin circulating DigiFrancs at 1:38pm EST Tuesday May 10, 1994. (The moment of peak coverage in the annular eclipse of the sun) DigiFrancs are backed by 10 cases of Diet Coke, located at the UniBank "vault" reserves in Washington, DC. DigiFrancs are redeemable for their equivalent value in 16 oz Diet Coke cans (unchilled) on demand FAS Washington, DC. This arrangement implies no agreement between any of the parties and Coca-Cola company. The Phantom Exchange and UniBank have launched a cooperative effort to exchange information and establish realistic floating rates of exchange between our two currencies. As a result PhantomMarks and DigiFrancs will be freely interchangeable at the spot rate. Exchange rates will also be offered for Tacky Tokens from mpd at netcom.com's digital bank. Tacky Tokens are exchangeable at UniBank at the current rate subject to some restrictions. No exchange fees will be assigned for the month of May. Current rates of exchange are available via finger at unicorn at access.digex.net. - -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLc8uahibHbaiMfO5AQG7HQP+NChh9+fcegBBdUfiwAt/flUKZBvSEkn/ eNBnuNmRJmm1GLQVn51IWCF8rip17cEvLSSKhV4jBldHOgwFGd5a7jBsHN5bXncC zkDWe6O0q1ftQpGV87smm0NpLUw0Sl7HnXx9SBndcAeUxdEjqag0ROunoCeakcc6 R6HGM2HvlSQ= =Z0Io - -----END PGP SIGNATURE----- Matt Thomlinson, Executive Director, Phantom Exchange 23:30 PST 5/9/94 -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLc8Yi2SGfFo1zsA5AQGtpwQAuahasIOjAqQ9gcJ3vuXNlr6mH2GU70jd MGC1GpmmhJW+L9LtkabCLYyLOXxA7GjQ0XJZm9nWcPZNOFBTpSNgdGG8kUcw5enU tU19EH2b5Q38KI4ICwz38t4/cbsop23TMJGATG977IKwpzOnvzh5nW88/Q4EoUC2 M8MFz01aqH4= =EJmD -----END PGP SIGNATURE----- unicorn at access.digex.net: Director/Operator, UniBank phantom at u.washington.edu: Executive Director, Phantom Exchange From norm at netcom.com Mon May 9 23:48:33 1994 From: norm at netcom.com (Norman Hardy) Date: Mon, 9 May 94 23:48:33 PDT Subject: Patents on RSA will expire soon.... Message-ID: <199405100646.XAA20601@netcom.netcom.com> The algorithm that factored RSA129 takes about exp(sqrt((log n)(log log n))) steps. Indeed 10^17 instructions is just about how much work was required to factor RSA129--. That formula gives about 10^29 for a 1024 bit number. If computers double in speed every 18 months then they will be only 32 times as fast when the patents expire. From cyber1 at r-node.io.org Tue May 10 00:05:44 1994 From: cyber1 at r-node.io.org (Cyber City) Date: Tue, 10 May 94 00:05:44 PDT Subject: Majordomo Message-ID: <199405100705.DAA02514@r-node.io.org> I'm posting this from Toronto, and I have no direct knowledge of what took the Cypherpunks list down, but here's my guess: The CP list is run my "majordomo" [MJD], a group of Perl scripts. According to the MJD docs: "If you'd like a list with the absolute minimum of maintenance (but also a minimum of security), you could create an "auto" list. All subscription or unsubscription requests will be honored without any input from the list owner. For example, anyone could unsubscribe anyone else." - unsubscribe list [address] This unsubscribes the user (or "address") from "list". This means that anyone could write a message to majordomo at toad.com, with the following message: unsubscribe cypherpunks user1 at some.org unsubscribe cypherpunks user2 at some.org unsubscribe cypherpunks user3 at some.org ... and so on. Forgery is unnecessary. MJD permits the use of a password by which the list owner can approve unsubscription requests, but Sendmail displays this password. See: telnet toad.com 25 Trying 140.174.2.1... Connected to toad.com. 220 toad.com Sendmail 4.1/Gnu-smail ready at Mon, 9 May 94 22:12:32 PDT VRFY owner-cypherpunks 250 Eric Hughes <"|/u/hughes/.bin/procmail"> VRFY cypherpunks 250 <"|/u/majordom/bin/wrapper resend -p bulk \ -l cypherpunks -f owner-cypherpunks \ -h toad.com -s cypherpunks-outgoing"> *** password would be displayed here *** ==== What it means ======================================================== -l list name -h host name -f "sender" (default -request) -p add "Precedence: " header -I Bounce messages from users not listed in file in colon-separated * -a approval password ** -s enable "administrivia" checks * Note that majordomo postings can be limited to those on an approved list, but selected posters can not be excluded. This is not appropriate for the Cypherpunk list, due to anonymous remailers, pseudonyms, etc. ** Note that if there WAS an approval password, it would be visible. Fortunately, version 1.90 of MJD, which is now in beta, fixes this problem by putting the passwords in a configuration file. It is available for ftp.GreatCircle.com. What to do about abusive posters? How about reversing the function of the -I switch? === Here's the PERL code for option -I from 1.90 beta: =============== if ( defined($opt_I) && defined($from) && ! defined($approved) ) { local($infile) = 0; @files = split (/[:\t\n]+/, $opt_I); foreach $file (@files) { if ($file !~ /^\//) { $file = "$listdir/$file"; } if ( open (LISTFD, "<${file}") != 0 ) { @output = grep (&addr_match($from, $_), ); close (LISTFD); if ( $#output != -1 ) { $infile = 1; last; } } else { die("resend: Can't open $file: $!"); } } if ( $infile == 0 ) { &bounce ("Non-member submission from [$from]"); } } === Now, with minimal hacking, this can be reversed, so that if the user === name is in the list, the incoming post is bounced to the list owner, === who can approve it or junk it. So here is a technological fix, where we don't have to go bothering system administators if they have a troublesome user. -- Alex Brock From norm at netcom.com Tue May 10 00:06:02 1994 From: norm at netcom.com (Norman Hardy) Date: Tue, 10 May 94 00:06:02 PDT Subject: This is an abstract from a talk at Cornell University... Message-ID: <199405100705.AAA22580@netcom.netcom.com> I recently saw a video tape of a talk by Feynman on quantum computers. It was taped in '86 or '89 I think. It was his presentation of 'balistic' quantum computers. In that talk he refered very briefly to the David Deutch idea of the many worlds computer but was sceptical, but not entirely dismissive of it. In other comments Feynman seemed to think that the many worlds idea was not very useful. It would certainly be useful if it helped design such a computer. I would bet against it. From werner at mc.ab.com Tue May 10 03:56:08 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Tue, 10 May 94 03:56:08 PDT Subject: MBone cypherpunks session... Message-ID: <9405101056.AA18602@werner.mc.ab.com> >From: an49276 at anon.penet.fi (Joe Blow) >Date: Mon, 9 May 1994 23:35:41 UTC > >Pls excuse my ignorance, but what is MBONE? If anyone would care to enlighten >me on this, use email to avoid noise on the list. ;-) I would also be interested in this info. Pls send it to me too. tw From habs at warwick.com Tue May 10 08:01:44 1994 From: habs at warwick.com (Harry S. Hawk) Date: Tue, 10 May 94 08:01:44 PDT Subject: Clipper on Science Friday In-Reply-To: <199405062104.OAA10965@servo.qualcomm.com> Message-ID: <9405101752.AA11724@cmyk.warwick.com> > (used in PGP) in the same way she had reviewed Skipjack. She said she > could not because her review of Skipjack consisted mostly of reviewing > the work NSA had already done, and similar information was not available > for IDEA. So much for "an independent review ..." /hawk From bsteve at zontar.com Tue May 10 10:10:52 1994 From: bsteve at zontar.com (Steve Blasingame) Date: Tue, 10 May 94 10:10:52 PDT Subject: Party Announcement Message-ID: <9405101538.AA27821@zontar.attmail.com> Dear Colleagues; Announcing the 3rd annual.... George Leroy Detweiler Memorial Weenie Roast & Whale Exhibition MONDAY MAY 30, 1 PM - 1 AM * R.S.V.P. * This is our annual pool inauguration. We will be cooking/providing limited quantities of Vienna Beef(tm) hot dogs from Chicago, Home- made cajun hotlinks, South Carolina hotlinks, and some kielbasas; The sausages will be plumped in the *cheapest* available beer and then grilled in the time-honored way. We will provide some limited quantities of snack foods. For the vegetarian diners, we will have some limited quantities of tofu-burgers & garden-burgers. We should have back-up blenders & ice to insure that the we are able to prepare sufficient quantities of Moo-moo drinks, lest we feel the wrath of the Moo-moo gods. We will also provide condiments, picnic gear, some ice for beverages, limited quantities of soft drinks, cheap beer, wine and *good* beer.The pool will be heated as close to body temperature as possible,and the tub will be operational. The tub seats 6-8 regular-sizedpeople and 4-6 extraordinary people. We'll have limited internet access at poolside for those with a requirement for it. We will provide limited crash space if required. WHERE the heck is it? At the home of Steve Blasingame (bsteve at zontar.com) and Mihoko Doyama (miho at zontar.com). 2608 Totana Court San Ramon, CA 94583 Take I-680 to Bollinger Canyon Road Take Bollinger Canyon Road West about 1/4 mile to Aranda Drive Right on Aranda Drive and 80 feet to Totana Court Left on Totana Court Ours is the light colored ranch with teal trim. If you are lost, the phone number is 510 830 9724. So WHAT do I need to bring? 1) Yourself (if you bring kids, parental discression is advised; this is essentially an adult gathering and when the Moo-moo gods are summoned, young minds may be contaminated) 2) Swimming attire, towel (we have only a limited quantity of towels for guests) 3) Some food item that you deem appropriate for the event; If you bring it, someone else will want to taste it. Chips,Salads,etc. You know the drill. If you wish to join us, drop a note to whale at zontar.com. This way we can insure that we provide enough goodies. Steve Blasingame bsteve at zontar.com (510) 866-1864 Voice (510) 866-1861 FAX From dat at ebt.com Tue May 10 10:15:26 1994 From: dat at ebt.com (David Taffs) Date: Tue, 10 May 94 10:15:26 PDT Subject: C'punks list In-Reply-To: <9405092356.tn335928@aol.com> Message-ID: <9405101714.AA09740@helpmann.ebt.com> you need to resubscribe -- somebody (Nalbandian?) wiped the list... From: michaelrgn at aol.com X-Mailer: America Online Mailer Date: Mon, 09 May 94 23:56:08 EDT Sender: owner-cypherpunks at toad.com Precedence: bulk Content-Type: text Content-Length: 328 What has happened to the list?? My C'punks incoming mail atopped yesterday (5/8/94). I sent a "Who cypherpunks" command and my name is no longer there. There was only about six names that were returned. I've been lurking for a little over a month now and really enjoy the discussion. Where did everyone go??? Mciahel Ragan From lefty at apple.com Tue May 10 10:29:11 1994 From: lefty at apple.com (Lefty) Date: Tue, 10 May 94 10:29:11 PDT Subject: C'punks list Message-ID: <9405101728.AA11122@internal.apple.com> >you need to resubscribe -- somebody (Nalbandian?) wiped the list... Is there the slightest bit of evidence to support this frequently-repeated suspicion? Personally, I don't think he has the spare neurons required. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From peb at netcom.com Tue May 10 11:16:55 1994 From: peb at netcom.com (Paul E. Baclace) Date: Tue, 10 May 94 11:16:55 PDT Subject: NYT op-ed May 8 Message-ID: <199405101816.LAA29969@netcom.com> I just tuned-in last night...Has anyone discussed the NYT op-ed by David Gelernter (associate prof. at Yale)? It was accompanied by a comic "the first wiretap" and Gelernter says common sense dictates that wiretaps be preserved and he wants the digital telephony bill passed. Paul E. Baclace peb at netcom.com From frissell at panix.com Tue May 10 11:30:03 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 May 94 11:30:03 PDT Subject: NYT op-ed May 8 In-Reply-To: <199405101816.LAA29969@netcom.com> Message-ID: On Tue, 10 May 1994, Paul E. Baclace wrote: > I just tuned-in last night...Has anyone discussed the NYT op-ed by > David Gelernter (associate prof. at Yale)? It was accompanied by a > comic "the first wiretap" and Gelernter says common sense dictates > that wiretaps be preserved and he wants the digital telephony bill > passed. > > Paul E. Baclace > peb at netcom.com I sent a message on same into the void on Sunday. If anyone has it, I would appreciate it if they would repost it (I was unsubscribed to the list at the time.) This op-ed piece represents the strongest independent attack on our position. Someone should grab it from Nexis and post it. It has to be answered. DCF From dat at ebt.com Tue May 10 11:42:49 1994 From: dat at ebt.com (David Taffs) Date: Tue, 10 May 94 11:42:49 PDT Subject: NYT op-ed May 8 In-Reply-To: <199405101816.LAA29969@netcom.com> Message-ID: <9405101842.AA09792@helpmann.ebt.com> I caught this in EDUPAGE -- sorry if you've seen this before (and sorry again about posting by mistake yet again to the list, and sorry about wasting so damn much bandwidth apologizing)... >From EDUPAGE: SUPPORT FOR THE CLIPPER CHIP Yale computer scientist David Gelernter urges support for the Clipper Chip encryption technology and for the Administration's Digital Telephony and Communications Privacy Improvement Act, the heart of which is to give law-enforcement agents a continued ability to conduct wiretapping with court orders. "Nothing would do us more good as a nation than to reassert our right to tell the experts to get lost. I am a `technical expert,' but don't take my words on this bill as an expert. I was seriously and permanently injured by a terrorist letter bomb last year, but don't take my word as a special pleader either. Take my word because common sense demands that wiretapping be preserved." (New York Times 5/8/94 Sec.4, p.17) -- dat at ebt.com (David Taffs) From ABROUARD at antioc.antioch.edu Tue May 10 12:01:27 1994 From: ABROUARD at antioc.antioch.edu (ABROUARD at antioc.antioch.edu) Date: Tue, 10 May 94 12:01:27 PDT Subject: NYT op-ed May 8 Message-ID: <01HC6F5FY0N6000EAB@antioc.antioch.edu> David Gelertner's NYT op ed piece seemed to suggest that the government would gain no new information if the digital telephony bill is passed. Quite obviously the ability to automatically scan for what one is interested in would be a tremendous boon to various agencies info gathering projects. Even Gelernter must realize how hollow his reasoning sounds. It makes one wonder what sort of critical thinking they're teaching at Yale these days - or perhaps in whose pocket he's comfortably ensconsed. Andrew Brouard abrouard at chaos.antioch.edu From ejohnson at pmip.dist.maricopa.edu Tue May 10 12:01:59 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Tue, 10 May 94 12:01:59 PDT Subject: NYT op-ed May 8 Message-ID: <199405101856.LAA02649@pmip.dist.maricopa.edu> : On Tue, 10 May 1994, Paul E. Baclace wrote: : : > I just tuned-in last night...Has anyone discussed the NYT op-ed by : > David Gelernter (associate prof. at Yale)? It was accompanied by a : > comic "the first wiretap" and Gelernter says common sense dictates : > that wiretaps be preserved and he wants the digital telephony bill : > passed. : > : > Paul E. Baclace : > peb at netcom.com : : I sent a message on same into the void on Sunday. If anyone has it, I : would appreciate it if they would repost it (I was unsubscribed to the : list at the time.) : Here it is... : : I've received no cypherpunks mail for 24 hours so this may be old news : but... : : David Gelernter, author of Linda and recent victim of the UnaBomber, : writes in support of the DTI and Clipper. "Wiretaps for a Wireless Age" : is on the Op-Ed page of the Sunday New York Times. : : I will be writing a Letter to the Editor and others should as well. Will : someone who has access pick this up and post it. It's very important. : : It has some factual flaws: : : "What kind of half-wit criminal would...return a rental van that played a : starring role in a big-budget terrorist spectacular?" : : But it represents as strong a statement of their position as Safire's : column was of ours. : : Brilliant bit: : : "Privacy buffs are often big fans of gun control and the Endangered : Species Act; some versions of gun control restrict the objects you may : keep in your own home, and the species act has been interpreted in a way : that drastically restricts the ways citizens may use their land." : : Of course many of us are not fans of gun control or the Endangered Species : Act. : --Eric From dat at ebt.com Tue May 10 12:12:07 1994 From: dat at ebt.com (David Taffs) Date: Tue, 10 May 94 12:12:07 PDT Subject: From Todays' RISKS column Message-ID: <9405101910.AA09815@helpmann.ebt.com> I'm sending this because of the first item, but thought the rest were relevant also, although I would assume that most c'p'ers would read comp.risks anyway... If you haven't seen it, be sure to check out the piece by EFFector Online 07.08 and Digital Media, "Ever Feel Like You're Being Watched? You Will..." -- see below for details... ... from: RISKS-LIST: RISKS-FORUM Digest Tuesday 10 May 1994 Volume 16 : Issue 04 ---------------------------------------------------------------------- Date: 06 May 94 00:06:10 -0500 From: Dave.Leibold at f730.n250.z1.fidonet.org (Dave Leibold) Subject: Secret elevator codes baffle Metro Toronto government An article in _The_Toronto_Star_ on 5 May 1994 described secret codes which are necessary to maintain elevators at Metro Hall, the building which houses Metro Toronto municipal council and services. The elevators, made and maintained by Schindler Elevator Corp., require secret password codes in order to maintain them. This means that only Schindler staff can maintain the Metro Hall lifts, and as such forced Metro Council to award a 10 year contract of $3.5 million to Schindler. Meanwhile, Metro is also suing the building's developer, Marathon Realty, to try to get the codes. Without the passwords, elevator maintenance contracts cannot be given to a competing firm. Metro Councillor Howard Moscoe wanted the Council to issue a $10 000 reward to the first person to successfully crack Schindler's Code. This motion probably didn't get approval. David Leibold Fidonet 1:250/730 dave.leibold at f730.n250.z1.fidonet.org ------------------------------ Date: 09 May 94 06:31:56 EDT From: "Mich Kabay [NCSA]" <75300.3232 at CompuServe.COM> Subject: Dartmouth prof spoofed Here is some old news that was new to me: According to the _Dartmouth Life_ newsletter (Feb 1994--I'm just clearing up my in basket today), an article appeared in _The New York Times_ on 94.01.05 entitled "Confronting changing ethics of the computer age." The unsigned article begins, "Hanover, N.H. -- Somebody in Prof. David Becker's course on Latin American politics did not want to take the midterm exam, so he or she used Dartmouth's innovative electronic mail network to impersonate a department secretary and cancel the test. "At 11 o'clock on the night before the test in the Government 49 class, a message flashed on students' computer screens. Because of a family emergency, the message said, Professor Becker would be unable to administer the midterm." The article explains that half the class understandably failed to show up for the test. No one has been identified yet as the culprit. The rest of the article talks about the extensive electronic mail system on campus. One of the key concerns of the unregulated network is the rapid spread of rumours: "Late in August computer flashed an account of a woman being raped while jogging near campus. The message was intended as a warning, but there had been no rape." The Hanover police department were swamped with calls. The Chief of Police now has his own electronic mail account to try to squelch rumours. M. E. Kabay, Ph.D. (Dartmouth '76) / Dir Educn / Natl Computer Security Assn. ------------------------------ Date: Mon, 9 May 1994 18:04:54 +0100 From: pcl at foo.oucs.ox.ac.uk (Paul C Leyland) Subject: Re: Bellcore cracks 129-digit RSA encryption code (RISKS-16.03) > predicted would take "40 quadrillion years" to break. ... > This mathematically arduous task was accomplished in eight months by > 600 volunteers in 24 countries who used their organizations' spare > computing capacity. ... There are two risks, one amusing. Ron Rivest now regrets ever making that 40 quadrillion years estimate. It was silly when he made it; his papers in the scientific literature from that era give estimates which are within an order of magnitude of how much computation we actually used. From those estimates, and the observation that way back then it wasn't feasible to hook together hundreds of computers, we can deduce that a late 70's supercomputer using the best algorithms available then would have taken a few decades, maybe a century. Certainly much less than the 40 quadrillion years. The risk is: making predictions about the runtime of computer programs can sometimes make you look silly 8-) The other risk is more serious. RSA is widely used to protect commercially significant information. 512-bit keys are widely used for this. Most, if not all, smart-card implementations are restricted to 512-bit keys. RSA-129 has 425 bits. I estimate (taking a risk 8-) that 512-bit keys are only about 20 times harder to break than 425-bit keys. Readers are left to draw their own conclusions. However, it is not by chance that I have a 1024-bit PGP key. Oh yes, as Arjen Lenstra had pointed out: if you had used RSA-129 as the modulus in a digital signature for a 15-year mortgage, you would have been cutting it pretty fine. It is the use of RSA for long-lived signatures which needs to be examined with a very critical eye. Paul Leyland (one of four RSA-129 project coordinators) ------------------------------ Date: Fri, 6 May 1994 02:45:26 +0200 From: Dik.Winter at cwi.nl Subject: Re: Bellcore cracks 129-digit RSA encryption code Perhaps because there is no risk beyond the known ones? Bob Silverman of MITRE (well known in number factoring circles) has publicly predicted already some time ago that it would require about 5000 MIPS years to factor the number. Reasonably close to the actual figure. That the team was led by Bell Communications Research is untrue. It is a team led by four people from Bellcore (Arjen Lenstra), MIT (Derek Atkins), Iowa State University (Michael Graff) and Oxford University (Paul Leyland). dik t. winter, cwi, kruislaan 413, 1098 sj amsterdam, nederland, +31205924098 home: bovenover 215, 1025 jn amsterdam, nederland; e-mail: dik at cwi.nl ------------------------------ Date: Thu, 5 May 94 20:02 PDT From: paulb at teleport.com (Paul Buder) Subject: Re: Bellcore cracks 129-digit RSA encryption code (RISKS-16.03) I've heard this 40 quadrillion years figure a couple of times now and I find it odd. Is that what the Scientific American said? I have the original document from MIT's Laboratory for Computer Science. It's titled "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems" by Ronald Rivest, Adi Shamir, and Len Adleman, April 1977. I can't do superscripting with vi so 10 10th means 10 to the 10th power. It has the following table in it: Digits Number of Operations Time =================================================== 50 1.4 X 10 10th 3.9 hours 75 9.0 X 10 12th 104 days 100 2.3 X 10 15th 73 years 200 1.2 X 10 23rd 3.8 X 10 9th years 300 1.5 X 10 29th 4.8 X 10 15th years 500 1.3 X 10 39th 4.2 X 10 25th years 200 digits was supposed to take 3.8 trillion years and 100 a mere 73. So where does the 40 quadrillion figure come from? paulb at teleport.COM Not affiliated with teleport. ------------------------------ Date: 9 May 1994 15:26:52 GMT From: daugher at cs.tamu.edu(Walter C. Daugherity) Subject: White House May Issue National ID Cards >From Prodigy 5/9/94: White House May Issue National ID Cards The Clinton administration is working on a national ID card that every American would need in order to interact with any federal agency, reports Digital Media: A Seybold Report, a computer industry newsletter based in Media, Pa. The so-called U.S. Card would be issued to citizens by the Postal Service. It would be issued as a "smart card," with its own internal CPU, or as a plug-in "PCMCIA" card with megabytes of built-in memory. Administration approval of the plan "could come at any time," states the newsletter. Walter C. Daugherity daugher at cs.tamu.edu uunet!cs.tamu.edu!daugher Texas A & M University, College Station, TX 77843-3112 DAUGHER at TAMVENUS [Several folks sent me Mitch's piece from EFFector Online 07.08, and Digital Media, "Ever Feel Like You're Being Watched? You Will..." However, I cannot run it in RISKS because of its copyright notice. Contact Mitch Ratcliffe (NOT RISKS) if you want a copy of the whole article. PGN] ------------------------------ -- dat at ebt.com (David Taffs) From cme at sw.stratus.com Tue May 10 12:15:59 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Tue, 10 May 94 12:15:59 PDT Subject: Gelernter's piece Message-ID: <199405101915.PAA13055@galt.sw.stratus.com> I wish I could stop each person advocating Clipper and get them to explain how this will give access to criminals' conversations before they Even DERD backed way down from there on Science Friday last week -- saying that Clipper *wasn't* for giving access to criminal conversations -- just for making sure that the gov't standard didn't shoot the gov't in the foot. Given that more reasonable stance, the next step is to eradicate from the record (before the jury sees it) any mention of criminal behavior or wiretaps of criminals as a justification for Clipper. >From that point, I think we could have a reasonable debate. From pcw at access.digex.net Tue May 10 12:17:52 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 10 May 94 12:17:52 PDT Subject: A CC of my letter to Gelernter@cs.yale.edu Message-ID: <199405101917.AA21325@access1.digex.net> I caught your piece on the Op-Ed page. Of course I agree with you about the fact that there is a need for wiretaps. But I think that there are serious problems with the Clipper chip. It is very expensive compared to software only solutions and it is also very, very brittle. First the cost: * Every extra chip adds to cost, battery usage and pocket bulge. This is a heavy price to pay for something that could be done in software. Many of the next generation digital phones, for instance, use a DSP. There are more than enough spare cycles available to do encryption. * The high cost is effectively a tax on privacy for the average person. It is easy to imagine clipper chips adding $100 to the cost of an already digital phone, fax machine or computer. The poor are just as much targets as the rich. In fact, they are often easier targets because no one wants to bother chasing down a fake credit card transaction or bank account withdrawl if it only amounts to $75. If a chip was necessary, then it would be a different story. Software could help all of America, not just the rich. Now the Fragility: * The first generation of Capstone chips is already obsolete. They're worthless. All of the money that went into fabbing and producing them is gone. Why? Because the NSA discovered a weakness in the Secure Hash ALgorithm. They've fixed it now, but all the old chips are worthless. * Imagine that problems arise well after the chip is standardized. What will millions of Americans do? All of the digital phones, fax machines and modem cards will need to be replaced. * Now imagine that a pair of turncoats sell out America and put both halves of the key escrow on the black market. If we're lucky enough to discover this leak, it could easily take 6 months to a year to replace our now worthless phone system. * Software, on the other hand, is very easy to change. In many cases, the anti-virus programs travel faster than the viruses. These are the main reasons why I think that the Clipper is a boondoggle. Software based solutions would solve all of these problems _except_ the government's desire for a firm grip on the world and technology. -Peter Wayner From frissell at panix.com Tue May 10 12:22:32 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 May 94 12:22:32 PDT Subject: Net Banking in Info Week Message-ID: <199405101922.AA09817@panix.com> The May 9th Info Week (now being distributed on news stands) has an article on using the Internet for funds transfer. "these banks could save millions by not having to build expensive private networks, and the Internet...could become the backbone of worldwide electronic commerce. Photo of and interview with Daniel Schutzer Citicorp VP. I had breakfast with Shutzer last Fall. He follows this list among others and is up to speed with the institutional changes under way. He thinks it will be a real challenge for conventional banks to survive. DCF "Where do messages go when sent to a Majordomo listserver with an empty subscribers file?" -- unanswered questions of the Net. --- WinQwk 2.0b#1165 From unicorn at access.digex.net Tue May 10 12:31:49 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 10 May 94 12:31:49 PDT Subject: DigiCash announcement correction Message-ID: <199405101931.AA22223@access1.digex.net> An error was made in the UniBank/Phantom Exchange press release which indicated that DigiFrancs were backed by a store of 16 oz Diet Coke cans. There are of course no 16 oz cans, but rather 12 oz cans. UniBank regrets the error. From lile at netcom.com Tue May 10 12:43:35 1994 From: lile at netcom.com (Lile Elam) Date: Tue, 10 May 94 12:43:35 PDT Subject: Des.... Message-ID: <199405101943.MAA28057@netcom.com> Where might I find DES? I have a friend that needs to decript a tape... thanks, -lile From mg5n+eathv93j40vo0ro1asmhi5ilvwcmzf at andrew.cmu.edu Tue May 10 12:59:30 1994 From: mg5n+eathv93j40vo0ro1asmhi5ilvwcmzf at andrew.cmu.edu (Anonymous) Date: Tue, 10 May 94 12:59:30 PDT Subject: What happened? Message-ID: What happened to the list? It hasn't been sending anything out... From cort at ecn.purdue.edu Tue May 10 13:14:47 1994 From: cort at ecn.purdue.edu (Cortland D. Starrett) Date: Tue, 10 May 94 13:14:47 PDT Subject: PGP and Yarn (offline reader) Message-ID: <8kzpjWDCu40F064yn@ecn.purdue.edu> -----BEGIN PGP SIGNED MESSAGE----- (This may be the 2nd time you hear this.... but the original post may have been flushed.) .............................Cort. PGP can now be nicely integrated with the excellent offline news/mail package, Yarn. You can now, at the touch of a key, encrypt an out-going note, sign an out-going note/post and decrypt/verify incoming notes/posts. Yarn (stable beta version .64) can be retrieved by ftp from oak.oakland.edu:/pub/msdos/offline/yarn-064.zip (as well as mirrors and other sites). Yarn imports news/mail in the SOUP format. (I am quite pleased with this combination.) Thanks to the author, Chin Huang. Cort. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLc/cCus4vmytylqdAQElwgP9G3WSjphJ+C9e0JFQV7GaKNzV3orVy0xV oBKSvO2Hw9jZFp7iPq75PAkyQgYX+vALbJe6LqzWF7Oc0jaEd+LhBjWiYv3rTNzR f+CZCZf2FnNc+00Ylus/MxrXNJj2svYF9nHHH0Pld9CYylq/qNntVuj43MvdNi4W stI98P8c6C0= =GHLe -----END PGP SIGNATURE----- From jpp at markv.com Tue May 10 13:22:16 1994 From: jpp at markv.com (Diet Coke Fan) Date: Tue, 10 May 94 13:22:16 PDT Subject: DigiCash announcement correction In-Reply-To: <199405101931.AA22223@access1.digex.net> Message-ID: > > UniBank will begin circulating DigiFrancs at 1:38pm EST Tuesday May 10, > 1994. (The moment of peak coverage in the annular eclipse of the sun) > > DigiFrancs are backed by 10 cases of Diet Coke, located at the UniBank 10 cases == 240 cans right? or is it 120? > "vault" reserves in Washington, DC. DigiFrancs are redeemable for their > equivalent value in 16 oz Diet Coke cans (unchilled) on demand FAS what? > Washington, DC. This arrangement implies no agreement between any of > the parties and Coca-Cola company. The question remains -- how many df's per 12 oz (I assume) can of coke? I also assume you mean cans of diet coke, rather than Diet Coke (brand, and possibly empty) cans. So, how much aluminun, and how much Diet Coke brand soft drink is 1 df exchangeable for? j' From ecarp at netcom.com Tue May 10 13:23:55 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 10 May 94 13:23:55 PDT Subject: away from my mail (fwd) Message-ID: I sent Phil a copy of my patches to get pgp-2.3a to build under Solaris 2.2 with gcc-2.5.8, and this is what I got in return: From: via the vacation program Subject: away from my mail I will not be reading my mail for a while. I am on travel until Wednesday, 11 May 94. This canned message was generated automatically by the "vacation" program, but my business trip is not a vacation. Your mail regarding "pgp-2.3A diffs to compile under Solaris 2.2 with gcc-2.5.8" will be read when I return. Also, in case you are still using my old email address, please update your records to use only my current email address, which is prz at acm.org. In case you haven't heard, MIT is releasing PGP version 2.5, available from an FTP site at MIT, for US noncommercial users only. It is a nice version of PGP, with all the strength and integrity of PGP 2.3a, with some bug fixes and improvements. -Philip Zimmermann From nate at VIS.ColoState.EDU Tue May 10 13:47:38 1994 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Tue, 10 May 94 13:47:38 PDT Subject: My Absence Message-ID: <9405102047.AA14676@vangogh.VIS.ColoState.EDU> Hey guys. I have been gone for a few weeks now, taking care of lots of personal business. I thought I might tell you that I am dropping my netcom account as of the 15th of may, so please start sending mail to nate at vis.colostate.edu again (yeah, yeah, don't whine) -nate -- +-----------------------------------------------------------------------+ | Nate Sammons | | Colorado State University Computer Visualization Laboratory | | Data Visualization/Interrogation, Modeling, Animation, Rendering | +-----------------------------------------------------------------------+ From m5 at vail.tivoli.com Tue May 10 13:49:57 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 10 May 94 13:49:57 PDT Subject: A CC of my letter to Gelernter@cs.yale.edu In-Reply-To: <199405101917.AA21325@access1.digex.net> Message-ID: <9405102049.AA08064@vail.tivoli.com> Peter Wayner writes: > * Imagine that problems arise well after the chip is standardized. > What will millions of Americans do? All of the digital phones, > fax machines and modem cards will need to be replaced. Not that I don't agree with the basic premise, of course, but there's a similar risk to *any* consumer electronics implementation of a cryptosystem. Of course, in Clipper/Skipjack's case the problem is magnified by the fact that the stuff is kept secret, but the potential remains. > * Software, on the other hand, is very easy to change. In many > cases, the anti-virus programs travel faster than the viruses. However, a software-based consumer communicator will probably end up implying at least as much weight in people's pockets, and as much extra money, as Clipper. I don't think an economic argument will really fly well, though I'd love to be shown to be way wrong. Seems to me that a mass-produced chip whose production is subsidized by the government would probably be pretty cheap. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From dwitkow at eis.calstate.edu Tue May 10 13:54:58 1994 From: dwitkow at eis.calstate.edu (David T. Witkowski) Date: Tue, 10 May 94 13:54:58 PDT Subject: away from my mail (fwd) Message-ID: At 1:23 PM 5/10/94 -0700, Philip Zimmermann wrote: >From: via the vacation program >Subject: away from my mail > [snip] > >In case you haven't heard, MIT is releasing PGP version 2.5, >available from an FTP site at MIT, for US noncommercial users only. >It is a nice version of PGP, with all the strength and integrity of >PGP 2.3a, with some bug fixes and improvements. > 'an FTP site at MIT' is rather vague. Anyone have specifics? ...dtw ---------------------------------------------------------------- Notice of address change: Please send mail to the following: dwitkow at eis.calstate.edu (Mail sent to dwitkows at nermal.santarosa.edu will be forwarded) ---------------------------------------------------------------- Transmitted via modified Eudora 1.4.2 over LINUX host dialup! ---------------------------------------------------------------- Finger dwitkows at nermal.santarosa.edu for PGP key ---------------------------------------------------------------- From mpj at netcom.com Tue May 10 14:02:47 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Tue, 10 May 94 14:02:47 PDT Subject: Where to get PGP 2.3, 2.3a, 2.4 and 2.5 Message-ID: <199405102101.OAA26398@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 3 May 1994 by Mike Johnson) The latest BETA TEST version for DOS and Unix is 2.5 (Uses RSAREF 2.0 for U. S. Patent compliance, even though the original RSA code written by Philip Zimmermann runs faster). The latest commercial versions are 2.4 (both Viacrypt and BSAFE versions). The latest freeware Mac version is 2.3 or 2.3aV1.1, depending on the variant. (Location of the source code for 2.3aV1.1 is a mystery to me). The latest Amiga version is 2.3a2 The latest fully released freeware version for all other platforms is 2.3a WHERE TO GET VIACRYPT PGP If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest information I have from them on compiled versions are: PGP 2.4 for MS-DOS PGP 2.4 for Unix (several different platforms) PGP 2.4 for WinCIM CSNAV Mac version expected late this summer. ViaCrypt David A. Barnhart, Product Manager 2104 West Peoria Avenue Phoenix, Arizona 85029 Tel: (602) 944-0773 Fax: (602) 943-2601 E-Mail: 70304.41 at compuserve.com E-Mail: wk01965 at worldlink.com Credit card orders only. (800)536-2664 (8-5 MST M-F) WHERE TO GET THE BETA TEST PGP 2.5 FROM MIT (USES RSAREF 2.0) MIT-PGP 2.5 is for U. S. use only (due to some archaic export control laws), but interoperates with PGP 2.3 and 2.3a. *** To Get PGP2.5: The directory where PGP2.5 is located is hidden. To get it you need to telnet to "net-dist.mit.edu" and login as getpgp. You will be asked to confirm that you will abide by the terms and conditions of the 3/16/94 RSAREF 2.0 license. The license is in the file "license.txt" in the same directory as this file. You will then be disconnected and you can ftp the software from the indicated hidden directory. You can also get PGP 2.5 from the Colorado Catacombs BBS (303-938-9654). Other BBS and ftp sites will no doubt pick it up rapidly after the beta test is completed. Please send bug reports to pgp-bugs at mit.edu. If you obtain a copy of this beta release code, please keep checking http://web.mit.edu for the announcement of the final release, so that you can update your copy of PGP2.5. We expect the final release to occur within a week. WHERE TO GET PGP 2.3a (RELEASED FROM NEW ZEALAND) The freeware version of PGP is intended for noncommercial, experimental, and scholarly use. It is available on thousands of BBSes, commercial information services, and Internet anonymous-ftp archive sites on the planet called Earth. This list cannot be comprehensive, but it should give you plenty of pointers to places to find PGP. Although the latest freeware version of PGP was released from outside the USA (New Zealand), it is not supposed to be exported from the USA under a strange law called the International Traffic in Arms Regulations (ITAR). Because of this, please get PGP from a site outside the USA if you are outside of the USA. This data is subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Thanks to Gary Edstrom and Hugh Miller for providing part of this data. FTP sites: soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) Verified: 21-Dec-93 ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ghost.dsi.unimi.it /pub/crypt Verified: 21-Dec-93 ftp.tu-clausthal.de (139.174.2.10) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) black.ox.ac.uk (129.67.1.165) /src/security/pgp23A.zip (MS-DOS executables & docs) /src/security/pgp23srcA.zip (Unix, MS-DOS, VMS, Amiga sources, docs, info on building PGP into mailers, editors, etc.) /src/security/pgp23A.tar.Z (Same as PGP22SRC.ZIP, in Unix tar format) /src/security/macpgp2.3.cpt.hqx (Macintosh version) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) csn.org /mpj/README.MPJ contains variable directory name -- read this first. /mpj/help explains how to get to hidden directory containing PGP /mpj/I_will_not_export/crypto_???????/pgp/ contains current PGP /mpj/I_will_not_export/crypto_???????/pgptools/ contains related tools /mpj/I_will_not_export/crypto_???????/ contains other crypto info. /mpj/public/pgp/ contains PGP shells, faq documentation, etc. ftp.netcom.com /pub/dcosenza -- PGP for several platforms + some shells and steganography utilities. /pub/gbe/pgpfaq.asc -- frequently asked questions answered. /pub/mpj (see README.MPJ -- similar layout to csn.org//mpj) /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ, Steganograpy software list. MacUtilites for use with MacPGP. Stealth1.1 + other steganography programs. Send mail to qwerty at netcom.com with the subject "Bomb me!" to get the PGP FAQ and MacPGP guide if you don't have ftp access. nic.funet.fi (128.214.6.100) /pub/crypt/pgp23A.zip /pub/crypt/pgp23srcA.zip /pub/crypt/pgp23A.tar.Z van-bc.wimsey.bc.ca (192.48.234.1) /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip ftp.uni-kl.de (131.246.9.95) qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) StealthPGP: The Amiga version can be FTP'ed from the Aminet in /pub/aminet/util/crypt/ as StealthPGP1_0.lha. Also, try an archie search for PGP using the command: archie -s pgp23 (DOS Versions) archie -s pgp2.3 (MAC Versions) ftpmail: For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. BBS sites: Colorado Catacombs BBS (Longmont, CO) Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, etc. v.32bis/v.42bis, speeds up to 14,400 baud 8 data bits, 1 stop, no parity Free access, but only one line. If busy or no answer, try again later. Downloads of crypto software are limited to the USA and Canada, but you can download on the first call if you are qualified and you answer the questions truthfully. Log in with your own name, or if someone else already used that, try a variation on your name or pseudonym. (303) 938-9654 (Boulder, Colorado number forwarded to Longmont number) (303) 678-9939 (Longmont, Colorado number) Verified: 5-2-94 Hieroglyphics Voodoo Machine (Colorado) DOS, OS2, and Mac versions. (303) 443-2457 Verified: 5-2-94 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Carrying RIME, Throbnet, Smartnet, and Usenet Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel PGP 2.3A has been posted to the FidoNet Software Distribution Network and should on most if not all Canadian and U.S. nodes carrying SDN software. It has also been posted on almost all of the major private North American BBS systems, thence to countless smaller boards. Consult a list of your local BBSes; most with a sizeable file inventory should carry the program. If you find a version of the PGP package on a BBS or FTP site and it does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. ftp.netcom.com /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ, Steganograpy software list. MacUtilites for use with MacPGP. I also have Stealth1.1 compiled for DOS, and Stealth1.1 which easily compiles on Unix, plus many steganography programs (all of them). I will also send the PGP FAQ and my MacPGP guide to anyone e-mailing me with Subject "Bomb me!". Here is the result of an archie search for file names containing "pgp" (not case sensitive) on 5/2/94. The search was limited to 300 matches, because, as you can plainly see, lots of people value their privacy. Note that archie will not find all relevant files at some sites, like the one at csn.org//mpj properly, due to the export control nonsense, but it does find the directory where the PGP documentation is kept. Host gipsy.vmars.tuwien.ac.at Location: /pub/misc FILE -rw-r--r-- 209409 May 7 1993 pgp22.zip FILE -rw-r--r-- 451114 Jul 23 1993 pgp23.tar.gz Host swdsrv.edvz.univie.ac.at Location: /network/misc/Mosaic/Unix/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 21:02 pgp-dec FILE -r--r--r-- 530 Apr 11 21:02 pgp-enc Location: /os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host plaza.aarnet.edu.au Location: /micros/amiga/aminet/comm/mail FILE -r--rw-r-- 137861 Jan 26 08:04 PGPMIP.lha FILE -r--rw-r-- 1878 Jan 26 08:04 PGPMIP.readme Location: /micros/amiga/aminet/util/crypt FILE -r--rw-r-- 305056 Dec 26 22:41 PGPAmi23a2_src.lha FILE -r--rw-r-- 5569 Dec 26 22:41 PGPAmi23a2_src.readme FILE -r--rw-r-- 342426 Dec 26 22:41 PGPAmi23a_2.lha FILE -r--rw-r-- 820 Dec 26 22:41 PGPAmi23a_2.readme FILE -r--rw-r-- 96585 Sep 30 1993 PGPAmi23aplus.lha FILE -r--rw-r-- 712 Sep 30 1993 PGPAmi23aplus.readme FILE -r--rw-r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -r--rw-r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -r--rw-r-- 55993 Mar 21 04:41 PGPSendMail2_0.lha FILE -r--rw-r-- 1455 Mar 21 04:41 PGPSendMail2_0.readme FILE -r--rw-r-- 17141 Feb 28 19:23 StealthPGP1_0.lha FILE -r--rw-r-- 1198 Feb 28 19:23 StealthPGP1_0.readme Location: /micros/pc/garbo/pc/crypt FILE -r--r--r-- 209679 Mar 7 1993 pgp22.zip FILE -r--r--r-- 62885 Oct 9 00:00 pgpfront.zip FILE -r--r--r-- 71330 Jan 4 15:00 pgpshe30.zip Location: /micros/pc/garbo/pc/source FILE -r--r--r-- 521820 Mar 7 1993 pgp22src.zip Location: /micros/pc/garbo/windows/util FILE -r--r--r-- 13825 Sep 3 1993 pgpwin11.zip Location: /usenet/FAQs/alt.answers DIRECTORY drwxr-xr-x 512 Apr 18 09:56 pgp-faq Location: /usenet/FAQs DIRECTORY drwxr-xr-x 512 Apr 18 10:09 alt.security.pgp Location: /usenet/FAQs/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 09:45 pgp-faq Host luga.latrobe.edu.au Location: /archive-disk2/os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host sunb.ocs.mq.edu.au Location: /PC/Crypt FILE -r--r--r-- 219951 Sep 14 1993 pgp23.zip Host nic.switch.ch Location: /mirror/Mosaic/Mosaic-source/Mosaic-2.4/auth FILE -rw-rw-r-- 520 Apr 11 23:02 pgp-dec FILE -rw-rw-r-- 530 Apr 11 23:02 pgp-enc Location: /mirror/atari/Utilities FILE -rw-rw-r-- 280576 Apr 15 16:18 pgp23ab.lzh FILE -rw-rw-r-- 29526 Apr 15 16:18 pgpshl06.zip Location: /mirror/os2/all/diskutil FILE -rw-rw-r-- 1946 Mar 16 1993 pgp22.txt Location: /mirror/vms/DECUS/vlt93b/vltextra FILE -rw-rw-r-- 192196 Mar 19 1993 pgp22.zip FILE -rw-rw-r-- 481215 Mar 19 1993 pgp22src.zip Location: /mirror/vms/DECUS/vms92b/hkennedy FILE -rw-rw-r-- 187758 Dec 14 1992 pgp21.zip FILE -rw-rw-r-- 433713 Dec 14 1992 pgp21src.zip Host gatekeeper.dec.com Location: /.0/BSD/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--rw-r-- 478 Jun 24 1993 pgp Location: /.0/BSD/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 16 23:10 pgp Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 13:20 pgp-dec FILE -r--r--r-- 530 Feb 8 13:20 pgp-enc Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 11:38 pgp-dec FILE -r--r--r-- 530 Apr 8 11:38 pgp-enc Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 14:02 pgp-dec FILE -r--r--r-- 530 Apr 11 14:02 pgp-enc Host hpcsos.col.hp.com Location: /mirrors/.hpib1/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 00:10 pgp Host qiclab.scn.rain.com Location: /pub/mail FILE -rw-r--r-- 537455 Jan 18 1993 pgp-2.1.tar.Z Host world.std.com Location: /src/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 8192 Apr 21 02:43 PGP Location: /src/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools/PGP FILE -r--r--r-- 71064 Jan 13 16:57 pgpshe30.zip Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 21:20 pgp-dec FILE -r--r--r-- 530 Feb 8 21:20 pgp-enc Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 18:38 pgp-dec FILE -r--r--r-- 530 Apr 8 18:38 pgp-enc Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 21:02 pgp-dec FILE -r--r--r-- 530 Apr 11 21:02 pgp-enc Host quepasa.cs.tu-berlin.de Location: /.cdrom0/security FILE -r-xr-xr-x 71064 Mar 5 11:51 pgpshe30.zip Host sun.rz.tu-clausthal.de Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 19:56 pgp Location: /pub/atari/misc/pgp FILE -rw-r--r-- 280454 Oct 11 00:00 pgp23ab.lzh Location: /pub/msdos/utils/security FILE -rw-rw-r-- 209679 Jun 21 1993 pgp22.zip Location: /pub/unix/admin/security DIRECTORY drwxrwxr-x 512 Sep 19 1993 pgp Location: /pub/unix/admin/security/pgp FILE -rw-rw-r-- 209409 Mar 12 1993 pgp22.zip FILE -rw-rw-r-- 521550 Mar 12 1993 pgp22src.zip FILE -rw-rw-r-- 219951 Jun 23 1993 pgp23.zip FILE -rw-rw-r-- 680985 Sep 19 1993 pgp23A.tar.Z FILE -rw-rw-r-- 221332 Sep 19 1993 pgp23A.zip FILE -rw-rw-r-- 88070 Sep 19 1993 pgp23docA.zip FILE -rw-rw-r-- 998 Sep 19 1993 pgp23sigA.asc FILE -rw-rw-r-- 547178 Sep 19 1993 pgp23srcA.zip Host hermes.hrz.uni-bielefeld.de Location: /.mnt1/systems/os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host sun1.ruf.uni-freiburg.de Location: /misc FILE -rw-r--r-- 680985 Mar 11 14:15 pgp23A.tar.Z Host rzsun2.informatik.uni-hamburg.de Location: /pub/doc/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 05:15 pgp-faq Location: /pub/security/tools/crypt DIRECTORY drwxr-xr-x 512 Feb 18 22:05 pgp Location: /pub/security/tools/crypt/pgp FILE -r--r--r-- 449455 Jun 21 1993 pgp23.tar.gz FILE -rw-rw-r-- 17798 May 26 1993 pgputils.zip Host askhp.ask.uni-karlsruhe.de Location: /pub/aegee/tmp FILE -rw-rw-r-- 103448 Mar 12 17:18 pgp23A.zip Location: /pub/infosystems/mosaic/Mosaic-source/Mosaic-2.4/auth FILE -rwxr--r-- 520 Apr 11 23:02 pgp-dec FILE -rwxr--r-- 530 Apr 11 23:02 pgp-enc Host ftp.uni-kl.de Location: /pub1/unix/security DIRECTORY drwxrwxr-x 512 Feb 24 1993 pgp Location: /pub1/unix/security/pgp FILE -rw-rw-r-- 536118 Dec 10 1992 pgp21.tar.Z FILE -rw-rw-r-- 187758 Dec 10 1992 pgp21.zip FILE -rw-rw-r-- 436302 Dec 10 1992 pgp21src.zip FILE -rw-rw-r-- 92405 Feb 19 1993 pgprtest.tar.Z FILE -rw-rw-r-- 17798 Feb 5 1993 pgputils.zip Location: /pub3/amiga/aminet/comm/mail FILE -rw-rw-r-- 137861 Jan 26 14:04 PGPMIP.lha FILE -rw-rw-r-- 1878 Jan 26 14:04 PGPMIP.readme Location: /pub3/amiga/aminet/util/crypt FILE -rw-rw-r-- 305056 Dec 27 04:41 PGPAmi23a2_src.lha FILE -rw-rw-r-- 5569 Dec 27 04:41 PGPAmi23a2_src.readme FILE -rw-rw-r-- 342426 Dec 27 04:41 PGPAmi23a_2.lha FILE -rw-rw-r-- 820 Dec 27 04:41 PGPAmi23a_2.readme FILE -rw-rw-r-- 96585 Oct 1 00:00 PGPAmi23aplus.lha FILE -rw-rw-r-- 712 Oct 1 00:00 PGPAmi23aplus.readme FILE -rw-rw-r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -rw-rw-r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -rw-rw-r-- 55993 Mar 21 20:41 PGPSendMail2_0.lha FILE -rw-rw-r-- 1455 Mar 21 20:41 PGPSendMail2_0.readme FILE -rw-rw-r-- 118058 Apr 15 10:20 PGP_german_docs.lha FILE -rw-rw-r-- 234 Apr 15 10:20 PGP_german_docs.readme FILE -rw-rw-r-- 17141 Mar 1 12:23 StealthPGP1_0.lha FILE -rw-rw-r-- 1198 Mar 1 12:23 StealthPGP1_0.readme Host minnie.zdv.uni-mainz.de Location: /pub/amiga/util/aminet/crypt FILE -r--r--r-- 305056 Dec 27 03:41 PGPAmi23a2_src.lha FILE -r--r--r-- 5569 Dec 27 03:41 PGPAmi23a2_src.readme FILE -r--r--r-- 342426 Dec 27 03:41 PGPAmi23a_2.lha FILE -r--r--r-- 820 Dec 27 03:41 PGPAmi23a_2.readme Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 17:56 pgp Location: /pub/atari/misc/pgp FILE -rw-r--r-- 280454 Oct 11 00:00 pgp23ab.lzh Host von-neum.uni-muenster.de Location: /pub/unix FILE -rw-rw---- 449445 Mar 24 13:04 pgp23.tar.gz Host inf.informatik.uni-stuttgart.de Location: /pub/net FILE -r--r--r-- 680985 Aug 5 1993 pgp23A.tar.Z Host net-1.iastate.edu Location: /pub/netbsd/NetBSD-current/src/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 01:10 pgp Host jhunix.hcf.jhu.edu Location: /pub/public_domain_software/NetBSD/usr/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Jun 9 1993 pgp Host mintaka.lcs.mit.edu Location: /pub DIRECTORY drwxr-xr-x 512 Jun 18 1993 pgp Location: /pub/pgp FILE -rw-r--r-- 312726 Mar 22 1993 macpgp2.2.cpt.hqx FILE -rw-r--r-- 209409 Mar 22 1993 pgp22.zip FILE -rw-r--r-- 521550 Mar 22 1993 pgp22src.zip FILE -rw-r--r-- 219951 Jun 18 1993 pgp23.zip FILE -rw-r--r-- 17798 Mar 22 1993 pgputils.zip Host josquin.media.mit.edu Location: /pub FILE -rw-r--r-- 321424 Nov 30 20:27 pgp Host archive.egr.msu.edu Location: /pub DIRECTORY drwxr-xr-x 512 Mar 9 18:58 pgp Host xanth.cs.odu.edu Location: /pub DIRECTORY drwxrwxr-x 512 Apr 27 13:38 pgp Location: /pub/pgp FILE -rw-rw-rw- 221332 Apr 27 13:38 pgp23A.zip Host unixd1.cis.pitt.edu Location: /users/i/n/infidel/.Backup/httpd/support/auth FILE -rwxr-xr-x 1019 Jan 24 16:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 16:42 pgp-enc Location: /users/i/n/infidel/httpd/support/auth FILE -rwxr-xr-x 1019 Jan 24 16:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 16:42 pgp-enc Host arthur.cs.purdue.edu Location: /pub/pcert/tools/unix DIRECTORY drwxr-xr-x 512 Jul 31 1993 pgp Location: /pub/pcert/tools/unix/pgp FILE -r--r--r-- 209409 Mar 7 1993 pgp22.zip FILE -r--r--r-- 521550 Mar 7 1993 pgp22src.zip Location: /pub/pcert/tools/unix/virus/misc FILE -rw-r--r-- 19277 Feb 23 1993 pgputils.zip Host tehran.stanford.edu Location: /www/httpd_1.2/support/auth FILE -rwxr-xr-x 1019 Jan 24 13:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 13:42 pgp-enc Host relay.cs.toronto.edu Location: /pub/usenet/news.answers DIRECTORY drwxr-xr-x 512 Apr 22 04:51 pgp-faq Host uceng.uc.edu Location: /pub/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 8192 Apr 20 22:43 PGP Location: /pub/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools/PGP FILE -r--r--r-- 71064 Jan 13 11:57 pgpshe30.zip Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 16:20 pgp-dec FILE -r--r--r-- 530 Feb 8 16:20 pgp-enc Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 14:38 pgp-dec FILE -r--r--r-- 530 Apr 8 14:38 pgp-enc Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 17:02 pgp-dec FILE -r--r--r-- 530 Apr 11 17:02 pgp-enc Host server.uga.edu Location: /pub/msdos/mirror/security FILE -r--r--r-- 71064 Feb 3 15:36 pgpshe30.zip Host mrcnext.cso.uiuc.edu Location: /pub/faq/usenet-by-group/alt.answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Location: /pub/faq/usenet-by-group DIRECTORY drwxr-xr-x 1024 Apr 26 13:08 alt.security.pgp Location: /pub/faq/usenet-by-group/news.answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:07 pgp-faq Location: /pub/faq/usenet-by-hierarchy/alt/answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Location: /pub/faq/usenet-by-hierarchy/alt/security DIRECTORY drwxr-xr-x 1024 Apr 26 13:08 pgp Location: /pub/faq/usenet-by-hierarchy/news/answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Host zaphod.ncsa.uiuc.edu Location: /Web/Mosaic-source/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 11 21:02 pgp-dec FILE -rwxr-xr-x 530 Apr 11 21:02 pgp-enc Host f.ms.uky.edu Location: /pub2/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Dec 17 02:10 pgp Host pith.uoregon.edu Location: /pub/Solaris2.x/src/httpd_1.1/support/auth FILE -rwxr-xr-x 1019 Jan 24 21:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 21:42 pgp-enc Host pc.usl.edu Location: /pub/msdos/crypto FILE -rw-r--r-- 187758 Jan 14 1993 pgp21.zip FILE -rw-r--r-- 436302 Jan 14 1993 pgp21src.zip FILE -rw-r--r-- 219951 Jun 23 1993 pgp23.zip Host emx.cc.utexas.edu Location: /pub/mnt/source/www/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 11 12:57 pgp-dec FILE -rwxr-xr-x 530 Apr 11 12:57 pgp-enc Location: /pub/mnt/source/www/NCSA_httpd_1.2/support/auth FILE -rwxr-xr-x 1019 Jan 24 15:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 15:42 pgp-enc Host tolsun.oulu.fi Location: /pub/unix FILE -r--r--r-- 521550 Jun 16 1993 pgp22src.zip Host gogol.cenatls.cena.dgac.fr Location: /pub/util FILE -rw-r--r-- 534661 Jan 7 1993 pgp-2.1.tar.Z Host grasp1.univ-lyon1.fr Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.2/auth FILE -r--r--r-- 315 Feb 8 22:20 pgp-dec.gz FILE -r--r--r-- 319 Feb 8 22:20 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.3/auth FILE -r--r--r-- 315 Apr 8 20:38 pgp-dec.gz FILE -r--r--r-- 319 Apr 8 20:38 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.4/auth FILE -r--r--r-- 315 Apr 11 23:02 pgp-dec.gz FILE -r--r--r-- 319 Apr 11 23:02 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/usenet-stats/groups/alt FILE -rw-r--r-- 2500 Apr 5 09:39 alt.security.pgp Host ns.urec.fr Location: /pub/reseaux/services_infos/WWW/ncsa/Mosaic-source/Mosaic-2.4/auth FILE -rw-rw-r-- 520 Apr 11 21:02 pgp-dec FILE -rw-rw-r-- 530 Apr 11 21:02 pgp-enc Host granuaile.ieunet.ie Location: /ftpmail-cache/ie/tcd/maths/ftp/src/misc DIRECTORY drwxr-xr-x 512 Dec 2 11:43 pgp Location: /ftpmail-cache/uk/co/demon/ftp/mac DIRECTORY drwxr-xr-x 512 Mar 10 04:01 MacPGP Host walton.maths.tcd.ie Location: /news/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 03:45 pgp-faq Location: /pub/msdos/misc FILE -rw-r--r-- 227625 Apr 18 14:47 pgp23.zip Location: /pub/sboyle DIRECTORY drwxr-xr-x 512 Apr 25 20:20 pgp Location: /src/misc DIRECTORY drwxr-xr-x 512 Apr 21 14:52 pgp Location: /src/network/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 18 12:21 pgp-dec FILE -rwxr-xr-x 530 Apr 18 12:21 pgp-enc Host ghost.dsi.unimi.it Location: /pub/security/crypt FILE -rw-r--r-- 3012 May 15 1993 MacPGP.bugfix.README FILE -rw-r--r-- 45446 May 18 1993 MacPGP2.2.bugfix.sit.hqx FILE -rw-r--r-- 299477 May 18 1993 MacPGP2.2.sit.hqx FILE -rw-r--r-- 27882 Aug 11 1993 hint_trick_pgp00.gz FILE -rw-r--r-- 312726 Mar 20 1993 macpgp2.2.cpt.hqx FILE -rw-r--r-- 422851 Jul 3 1993 macpgp2.3.cpt.hqx FILE -rw-r--r-- 1027543 Jul 21 1993 macpgp2.3src.sea.hqx.pgp FILE -rw-r--r-- 12873 Feb 5 18:22 pgp-lang.italian.tar.gz FILE -rw-r--r-- 91281 Jan 22 12:41 pgp-lang.spanish.tar.gz FILE -rw-r--r-- 680985 Jul 22 1993 pgp23A.tar.Z FILE -rw-r--r-- 231 Jul 26 1993 pgp23A.tar.Z.sig FILE -rw-r--r-- 221332 Jul 26 1993 pgp23A.zip FILE -rw-r--r-- 300 Jul 26 1993 pgp23A.zip.sig FILE -rw-r--r-- 51241 Dec 24 19:31 pgp23ltk.zip FILE -rw-r--r-- 547178 Jul 26 1993 pgp23srcA.zip FILE -rw-r--r-- 232 Jul 26 1993 pgp23srcA.zip.sig FILE -rw-r--r-- 3709 Dec 4 15:02 pgpclient.gz FILE -rw-r--r-- 14209 Nov 29 10:46 pgpd.tar.gz FILE -rw-r--r-- 62619 Oct 27 00:00 pgpfront.zip FILE -rw-r--r-- 13689 May 10 1993 pgpmenu.zip FILE -rw-r--r-- 71064 Jan 22 11:59 pgpshe30.zip FILE -rw-r--r-- 142993 Feb 5 18:55 pgptools.zip FILE -rw-r--r-- 17798 Feb 8 1993 pgputils.zip FILE -rw-r--r-- 13825 Sep 20 1993 pgpwin11.zip FILE -r--r--r-- 1043163 Feb 15 12:54 public-keys.pgp FILE -r--r--r-- 1042460 Feb 15 05:39 public-keys.pgp.old Host isfs.kuis.kyoto-u.ac.jp Location: /BSD/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Jun 24 1993 pgp Location: /BSD/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 16 23:10 pgp Location: /ftpmail/ftp.dit.co.jp/pub/security/tools FILE -rw-rw-r-- 422851 Apr 21 21:57 macpgp2.3.cpt.hqx Location: /ftpmail/ftp.nig.ac.jp/pub/security DIRECTORY drwxrwxr-x 512 Dec 18 04:31 PGP Location: /ftpmail/ftp.nig.ac.jp/pub/security/PGP DIRECTORY drwxrwxr-x 512 May 22 1993 MacPGP FILE -rw-rw-r-- 521550 May 20 1993 pgp22src.zip FILE -rw-rw-r-- 680985 Dec 18 04:29 pgp23A.tar.Z FILE -rw-rw-r-- 231 Dec 18 04:31 pgp23A.tar.Z.sig Host theta.iis.u-tokyo.ac.jp Location: /pub1/security/docs/news.answers DIRECTORY drwxr-xr-x 512 Apr 28 17:33 pgp-faq Location: /pub1/security/tools FILE -rw-r--r-- 422851 Mar 6 01:16 macpgp2.3.cpt.hqx FILE -rw-r--r-- 451124 Oct 17 00:00 pgp23.tar.gz FILE -rw-r--r-- 680985 Feb 20 23:06 pgp23A.tar.Z FILE -rw-r--r-- 231 Feb 20 23:06 pgp23A.tar.Z.sig Location: /pub2/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Jun 24 1993 pgp Host news.cfi.waseda.ac.jp Location: /pub2/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Jun 24 1993 pgp Host rena.dit.co.jp Location: /pub/security/docs/news.answers DIRECTORY drwxr-xr-x 512 Mar 1 16:53 pgp-faq Location: /pub/security/tools FILE -rw-r--r-- 422851 Mar 6 01:16 macpgp2.3.cpt.hqx FILE -rw-r--r-- 451124 Oct 17 00:00 pgp23.tar.gz FILE -rw-r--r-- 680985 Feb 20 23:06 pgp23A.tar.Z FILE -rw-r--r-- 231 Feb 20 23:06 pgp23A.tar.Z.sig Host mtecv2.mty.itesm.mx Location: /pub/Mosaic/NCSA-Mirror/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 12 03:02 pgp-dec FILE -r--r--r-- 530 Apr 12 03:02 pgp-enc Location: /pub/usenet/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:06 pgp-faq Host ftp.germany.eu.net Location: /pub/comp/atari-st/mint FILE -rw-rw-r-- 2102 Sep 21 1993 pgp23ast.zip Location: /pub/comp/atari-st/utils FILE -rw-rw-r-- 280576 Apr 20 15:42 pgp23ab.lzh FILE -rw-rw-r-- 29526 Apr 20 15:42 pgpshl06.zip Location: /pub/comp/msdos/local/utils DIRECTORY drwxr-xr-x 512 Jul 12 1993 pgp Location: /pub/comp/msdos/local/utils/pgp FILE -rw-r--r-- 449445 Jul 12 1993 pgp23.tar.gz FILE -rw-r--r-- 219951 Jul 12 1993 pgp23.zip Location: /pub/comp/msdos/mirror.garbo/crypt FILE -rw-r--r-- 209679 Mar 7 1993 pgp22.zip FILE -rw-r--r-- 62885 Oct 9 00:00 pgpfront.zip FILE -rw-r--r-- 71330 Jan 4 13:00 pgpshe30.zip Location: /pub/comp/msdos/mirror.garbo/source FILE -rw-r--r-- 521820 Mar 7 1993 pgp22src.zip Location: /pub/comp/os2/mirror.ftp-os2/2_x/diskutil FILE -rw-r--r-- 1946 Mar 16 1993 pgp22.txt Location: /pub/comp/os2/mirror.ftp-os2/all/diskutil FILE -rw-r--r-- 1946 Mar 16 1993 pgp22.txt Location: /pub/infosystems/www/ncsa/Web/Mosaic-source/Mosaic-2.4/auth FILE -rw-r--r-- 520 Apr 11 19:02 pgp-dec FILE -rw-r--r-- 530 Apr 11 19:02 pgp-enc Location: /pub/newsarchive/news.answers DIRECTORY drwxr-xr-x 512 Apr 19 04:12 pgp-faq Host mcsun.eu.net Location: /documents/faq DIRECTORY drwxrwxr-x 512 Apr 20 03:51 pgp-faq Host sol.cs.ruu.nl Location: /NEWS.ANSWERS DIRECTORY drwxrwxr-x 512 Apr 18 11:55 pgp-faq Host ugle.unit.no Location: /faq/alt.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:27 pgp-faq Location: /faq/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:26 pgp-faq Host csn.org Location: /fruug DIRECTORY drwxr-xr-x 512 Sep 29 1993 PGP Location: /mpj/public DIRECTORY drwxr-xr-x 512 Apr 18 15:09 pgp Location: /mpj/public/pgp FILE -rw-r--r-- 20941 Feb 22 23:07 Here.is.How.to.MacPGP! FILE -rw-r--r-- 687646 Feb 1 07:45 pgp-elm.gz FILE -rw-r--r-- 26905 Feb 22 18:03 pgp-msgs-japanese.tar.gz FILE -rw-r--r-- 88070 Nov 6 17:44 pgp23docA.zip FILE -rw-r--r-- 998 Nov 6 17:44 pgp23sigA.asc FILE -rw-r--r-- 179070 Apr 18 15:08 pgpfaq.asc FILE -rw-r--r-- 44956 Apr 18 15:08 pgpfaq01.asc FILE -rw-r--r-- 44836 Apr 18 15:08 pgpfaq02.asc FILE -rw-r--r-- 44873 Apr 18 15:08 pgpfaq03.asc FILE -rw-r--r-- 45118 Apr 18 15:08 pgpfaq04.asc FILE -rw-r--r-- 3460 Apr 18 15:08 pgpfaq05.asc Host ftp.eff.org Location: /pub/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 512 Apr 20 02:58 PGP Location: /pub/EFF/Policy/Crypto/Tools/PGP FILE -rw-r--r-- 71064 Jan 13 11:57 pgpshe30.zip Host sune.stacken.kth.se Location: /disk2/OS/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 07:10 pgp Host isy.liu.se Location: /pub/misc DIRECTORY drwxr-xr-x 512 Sep 19 1993 pgp Location: /pub/misc/pgp/2.1 FILE -rw-r--r-- 536118 Jan 11 1993 pgp21.tar.Z FILE -rw-r--r-- 187758 Jan 11 1993 pgp21.zip FILE -rw-r--r-- 436302 Jan 11 1993 pgp21src.zip Location: /pub/misc/pgp/2.2 FILE -rw-r--r-- 209409 Mar 10 1993 pgp22.zip FILE -rw-r--r-- 521550 Mar 10 1993 pgp22src.zip Location: /pub/misc/pgp/2.3 FILE -rw-r--r-- 219951 Jun 17 1993 pgp23.zip Location: /pub/misc/pgp/2.3A FILE -rw-r--r-- 422851 Sep 19 1993 macpgp2.3.cpt.hqx FILE -rw-r--r-- 680985 Sep 19 1993 pgp23A.tar.Z FILE -rw-r--r-- 221332 Sep 19 1993 pgp23A.zip FILE -rw-r--r-- 998 Sep 19 1993 pgp23sigA.asc FILE -rw-r--r-- 547178 Sep 19 1993 pgp23srcA.zip Host lth.se Location: /pub/netnews/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 03:44 pgp-faq Host krynn.efd.lth.se Location: /pub/security FILE -rw-r--r-- 521550 Jul 24 1993 pgp22src.zip Host leif.thep.lu.se Location: /pub/Misc FILE -rw-r--r-- 221332 Jul 23 1993 pgp23A.zip Host ftp.luth.se Location: /pub/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 08:10 pgp Location: /pub/amiga/.1/comm/mail FILE -rw-r--r-- 137861 Jan 26 15:04 PGPMIP.lha FILE -rw-r--r-- 1878 Jan 26 15:04 PGPMIP.readme Location: /pub/amiga/util/crypt FILE -rw-r--r-- 305056 Dec 27 05:41 PGPAmi23a2_src.lha FILE -rw-r--r-- 5569 Dec 27 05:41 PGPAmi23a2_src.readme FILE -rw-r--r-- 342426 Dec 27 05:41 PGPAmi23a_2.lha FILE -rw-r--r-- 820 Dec 27 05:41 PGPAmi23a_2.readme FILE -rw-r--r-- 96585 Oct 1 00:00 PGPAmi23aplus.lha FILE -rw-r--r-- 712 Oct 1 00:00 PGPAmi23aplus.readme FILE -rw-r--r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -rw-r--r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -rw-r--r-- 55993 Mar 21 21:41 PGPSendMail2_0.lha FILE -rw-r--r-- 1455 Mar 21 21:41 PGPSendMail2_0.readme FILE -rw-r--r-- 118058 Apr 15 12:20 PGP_german_docs.lha FILE -rw-r--r-- 234 Apr 15 12:20 PGP_german_docs.readme FILE -rw-r--r-- 17141 Mar 1 13:23 StealthPGP1_0.lha FILE -rw-r--r-- 1198 Mar 1 13:23 StealthPGP1_0.readme Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 22:20 pgp-dec FILE -r--r--r-- 530 Feb 8 22:20 pgp-enc Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 20:38 pgp-dec FILE -r--r--r-- 530 Apr 8 20:38 pgp-enc Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 23:02 pgp-dec FILE -r--r--r-- 530 Apr 11 23:02 pgp-enc Host cs6400.mcc.ac.uk Location: /pub/src FILE -r--r--r-- 455861 Feb 22 15:38 pgp23A.tar.gz - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8 39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3 1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o 3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD /3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB 9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd 6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+ =BLg5 - -----END PGP PUBLIC KEY BLOCK----- Note: I didn't have to generate a new key to use version 2.5, but I chose to to test the new version and because I think keys should be changed periodically anyway just to limit damages in case a key should be compromised. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi3P6L4AAAEEAM4qXLLvN7dOVuEOIMjX3AFB8HtsCeYECF428Z1dVSf8OMGr KbTjGpuy0WvkigHm0yZmfmAdS8GkLReFmwv36TbhYYvjRaTou+qFjC9um9j4UPP3 /337HTEvFC+oVtCcqLVn2Xv0tTO/KB4nfbash8tzPZWn0WUfpQ9rDjx3TioRAAUR tCJNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+tB1tcGo2IDxtcGpv aG5zb0BueXguY3MuZHUuZWR1PokAlQIFEC3P7AA/ZwY8hTPrxQEBmEoD/RJZure0 ghGjOq2qxYIgrd8xebuFEchOQZwInerWd0izjpIMmfh3zlgkgejUhEfPafwCTYg6 BMdbxjNzYwC8/rq/R4EGR6pTe7dJqhvFfvzzLZyjBarX7lw6TJ2Oyt9oFMSQbGwF /BKqc0Ymr/8EmT+JsEDnypepm41otWMyYFfSiQCVAgUQLc/rww9rDjx3TioRAQF0 igQAkRrmuAmF1QLp1gFRxqMLw+dDzAtUjFpUrpvqN8yDu/TS3Ue/GdvBECFCzbcD jA3gGviXBWfRx4w6KRVpqTSsfJt5IvcrTbYGcscIQWHPzqLiq8iu22+Ao2ImcDUB Lu+Z+Wo2Ok00DnvAnzqjXrffo6Eq2qOoGhBlFfStXUCMvbe0HU1pa2UgSm9obnNv biA8bXBqQG5ldGNvbS5jb20+tDBEb24ndCB1c2UgZm9yIGVuY3J5cHRpb24gYWZ0 ZXIgMzEgRGVjZW1iZXIgMTk5NS60I01pY2hhZWwgSm9obnNvbiA8bWlrZWpAZXhh Ynl0ZS5jb20+tDBNaWNoYWVsIFBhdWwgSm9obnNvbiA8NzEzMzEuMjMzMkBjb21w dXNlcnZlLmNvbT60KU1pY2hhZWwgUC4gSm9obnNvbiA8bS5wLmpvaG5zb25AaWVl ZS5vcmc+ =w6Cu - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLc/tyz9nBjyFM+vFAQHsOgP/Yp2x1Gbgju8DHKKzz3qlGtmMvqTfVyrZ j9VCcd5hpXoD43/zy/JexDfqyKon8iR1amDVcIDuVe/+nOKOu8+wLg8gk6GPP9eJ wgS7igZyDpcX8wCS/yUnyXzIT4lpedkOV17Cw/ZaIFnTBmUww6iFWesnRI0MvzJr dN5luhki4iw= =aEhl -----END PGP SIGNATURE----- From dave at marvin.jta.edd.ca.gov Tue May 10 14:04:11 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto (the Wizard of TOTOSoft)) Date: Tue, 10 May 94 14:04:11 PDT Subject: A CC of my letter to Gelernter@cs.yale.edu In-Reply-To: <9405102049.AA08064@vail.tivoli.com> Message-ID: <9405102103.AA03346@marvin.jta.edd.ca.gov> Mike McNally says: > love to be shown to be way wrong. Seems to me that a mass-produced > chip whose production is subsidized by the government would probably > be pretty cheap. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^ Your tax dollars at work. Dave Otto -- dave at gershwin.jta.edd.ca.gov -- daveotto at acm.org "Pay no attention to the man behind the curtain!" [the Great Oz] GAT d++(-)@ -p+(---) c+++ l u++(-) e++/* m++(*) s-/+ !n h---(*) f+ g+++ w+ t++ r+ y++(*) From geoffw at nexsys.net Tue May 10 14:09:16 1994 From: geoffw at nexsys.net (Geoff White) Date: Tue, 10 May 94 14:09:16 PDT Subject: Real DigiCash ! Message-ID: <199405102106.OAA27549@nexsys.nexsys.net> MONDEX SPECIFICATIONS FOR ELECTRONIC CASH PAYMENT RELEASED Nationl Westminster Bank today (26th April) announced that it is rele asing the first of its product development specifications for Mondex, the electronic cash payment service which it will launch in the UK n ext year in a joint venture with Midland Bank and BT. These specifications will enable manufacturers to begin the developme nt of Mondex-compatible products such as point-of-sale terminal equip ment for retailers and bank cash machines as well as opening up compe tition for the production of other Mondex devices such as the Mondex electronic wallet and the Mondex personal balance reader. The specifi cations take account of existing ISO standards for Integrated Circuit (IC) cards and other emerging IC card standards. Tim Jones, Chief Executive of Mondex, said: "Production of Mondex dev ices was neccessarily limited to a number of specialist suppliers to provide the basis of next year's large scale launch in Swindon. Howev er, Mondex has been designed as a global product and we are now in a position to provide interested manufacturers around the world with th e specifications they need to begin development of their own new prod ucts or to adapt their existing ranges to be Mondex compatible. "Mondex offers manufacturers an exciting opportunity to develop and m arket new product ranges that add value to the simple Mondex proposit ion -- the storage and transfer of electronic cash" he added. Devices for the Mondex launch in the UK are being developed by: * AT&T Global Information Solutions (formerly known as NCR) -- cash m achines * BT -- residential telephones and payphones * Dai Nippon Printing Co. Ltd. / SPOM Japan Co. Ltd. -- cards * De La Rue Fortronic -- retailer terminals * Hitachi Ltd. -- integrated circuits * Oki Electric Industry Company Ltd. -- electronic wallets * Panasonic (Matsushita Electric/Matsushita Battery) -- electronic wa llets and personal balance readers * Texas Instruments Ltd. -- personal balance readers. NOTES FOR EDITORS 1. Mondex is an open, unaccounted electronic purse initiative which h as been developed by National Westminster Bank. Mondex is being launc hed in the UK by a joint venture of NatWest and Midland working with BT. 2. The first specifications available are: * IFD-Purse Application Interface Specification. (IFD stands for Inte rface Device.) This core product development specification defines th e commands to which a card will respond and refers to the relevant in ternational standards covering general communications to an from smar t cards. * Introduction to Mondex Purse Operation. This is a companion documen t to the above specification. It provides an overview of the Mondex c ard and its interface with a Mondex device. * The Mondex Brand Manual. This document defines the permissible impl ementations of the Mondex brand. 3. Other specifications will cover the communications between two int erface devices, the user-interface standards designed to ensure user- friendly product design and the card specification. 4. Manufacturers interested in Mondex specifications should contact t he Mondex Information Centre, National Westminister Bank plc, 1st Flo or Podium, Drapers Gardens, 12 Throgmorton Avenue, London EC2N 2DL (f ax 071 920 1562). Further enquiries to David Morton, PR Department, NatWest Bank, UK Br anch Business, 41 Lothbury, London EC2P 2BP (tel 071 726 1782, fax 07 1 726 1530). From m5 at vail.tivoli.com Tue May 10 14:11:54 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 10 May 94 14:11:54 PDT Subject: A CC of my letter to Gelernter@cs.yale.edu In-Reply-To: <9405102049.AA08064@vail.tivoli.com> Message-ID: <9405102111.AA08239@vail.tivoli.com> Dave Otto (the Wizard of TOTOSoft) writes: > Mike McNally says: > > a chip whose production is subsidized by the government would probably > > be pretty cheap. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > ^^^^^^^^^^^^^^^ > > Your tax dollars at work. True, of course, but looking at things as they are today a lot of my tax dollars are long gone into the pockets of the contractors and NSA people who did the design. A commercial product not using Clipper is at a disadvantage from the get-go. Seems to me this is already true, and short of exploiting the "investment gap" created in the Clipper project by the inherent waste and inefficiency of Government-driven projects, it'd be tough. Certainly, there's a tremendous marketing problem (which, I realize, our evangelism might help ameliorate). -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From perry at snark.imsi.com Tue May 10 14:13:36 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 10 May 94 14:13:36 PDT Subject: Real DigiCash ! In-Reply-To: <199405102106.OAA27549@nexsys.nexsys.net> Message-ID: <9405102113.AA11573@snark.imsi.com> Geoff White says: > Real DigiCash ! In the subject of a message about > MONDEX SPECIFICATIONS FOR ELECTRONIC CASH PAYMENT RELEASED So far as anyone knows, Modex has no cryptographic security, and thus isn't "real digicash" by any stretch. Perry From blancw at microsoft.com Tue May 10 14:25:16 1994 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 10 May 94 14:25:16 PDT Subject: A CC of my letter to Gelernter@cs.yale.edu Message-ID: <9405102026.AA16700@netmail2.microsoft.com> From: Mike McNally I don't think an economic argument will really fly well, though I'd love to be shown to be way wrong. Seems to me that a mass-produced chip whose production is subsidized by the government would probably be pretty cheap. ................................. I think an economic argument may be more of what "they" would be attentive to, since it is the issue with which they concern themselves the most - the economic situation of the country, and their need to be in control of its facade. A problem: subsidization would mean higher taxes. Blanc From ecarp at netcom.com Tue May 10 14:27:32 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 10 May 94 14:27:32 PDT Subject: (fwd) MIT Announces availability of PGP 2.5 Message-ID: <199405102108.OAA06636@netcom.com> Xref: netcom.com sci.crypt:25468 alt.security.pgp:12712 Path: netcom.com!netcomsv!decwrl!lambda.msfc.nasa.gov!newsxfer.itd.umich.edu!gatech!udel!MathWorks.Com!news.kei.com!bloom-beacon.mit.edu!senator-bedfellow.mit.edu!zurich.ai.mit.edu!bal From: bal at zurich.ai.mit.edu (Brian A. LaMacchia) Newsgroups: sci.crypt,alt.security.pgp Subject: MIT Announces availability of PGP 2.5 Date: 9 May 94 14:04:14 Organization: M.I.T. Artificial Intelligence Lab. Lines: 66 Message-ID: NNTP-Posting-Host: freeside.ai.mit.edu MIT has announced availability of PGP 2.5 (beta). Here's a copy of the announcement I received: --bal Date: Mon, 9 May 94 09:32:39 -0400 From: Jeffrey I. Schiller Subject: MIT Announces PGP 2.5 Beta Test Release of PGP version 2.5 May 9, 1994 The Massachusetts Institute of Technology announces the distribution of PGP version 2.5, incorporating the RSAREF 2.0 cryptographic toolkit under license from RSA Data Security, Inc., dated March 16, 1994. In accordance with the terms and limitations of the RSAREF 2.0 license of March 16, 1994, this version of PGP may be used for non-commercial purposes only. PGP 2.5 strictly conforms to the conditions of the RSAREF 2.0 license of March 16, 1994. As permitted under its RSAREF license, MIT's distribution of PGP 2.5 includes an accompanying distribution of the March 16, 1994 release of RSAREF 2.0. Users of PGP 2.5 are directed to consult the RSAREF 2.0 license included with the distribution to understand their obligations under that license. This distribution of PGP 2.5, available in source code form, is available only to users within the United States of America. Use of PGP 2.5 (and the included RSAREF 2.0) may be subject to export control. Questions concerning possible export restrictions on PGP 2.5 (and RSAREF 2.0) should be directed to the U.S. State Department's Office of Defense Trade Controls. Users in the United States of America can obtain information via FTP from net-dist.mit.edu in the directory /pub/PGP. *** Beta Release Note -- May 7, 1994 *** Today's release of PGP 2.5 is a beta test release, designed to permit users to familiarize themselves with the program and to give us feedback before we make the final release. This version of PGP2.5 has been tested on the following platforms: MSDOS, Sun381i, Solaris 2.X, Ultrix 4.X, Linux, RS6000, HP/UX Over the next few days, we will be testing PGP2.5 on a variety of other systems and collecting bug reports from this release. Please send bug reports to pgp-bugs at mit.edu. If you obtain a copy of this beta release code, please keep checking http://web.mit.edu for the announcement of the final release, so that you can update your copy of PGP2.5. We expect the final release to occur within a week. *** To Get PGP2.5: The directory where PGP2.5 is located is hidden. To get it you need to telnet to "net-dist.mit.edu" and login as getpgp. You will be asked to confirm that you will abide by the terms and conditions of the 3/16/94 RSAREF 2.0 license. The license is in the file "license.txt" in /pub/PGP on net-dist.mit.edu. -- Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From perry at bacon.imsi.com Tue May 10 14:30:49 1994 From: perry at bacon.imsi.com (Perry E. Metzger) Date: Tue, 10 May 94 14:30:49 PDT Subject: 1024 limit... Message-ID: <9405102130.AA27830@bacon.imsi.com> Hmmm... This was from the newfor24.doc file -- NOT the newfor25.doc file! -- included in the pgp25 distribution. >- Number of bits allowed when generating keys limited to 1024, in line > with the limits in RSAREF and BSAFE. It used to be higher, but > folks, if you think you need a key larger than that, do some research > into the complexity of factoring. I'm sure patches to fix this bit of fascism will show up soon. Perry From adam at bwh.harvard.edu Tue May 10 14:47:34 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 10 May 94 14:47:34 PDT Subject: away from my mail (fwd) In-Reply-To: Message-ID: <199405102147.RAA06176@spl.bwh.harvard.edu> | 'an FTP site at MIT' is rather vague. Anyone have specifics? | From owner-cypherpunks at toad.com Mon May 9 14:02:29 1994 | Date: Mon, 9 May 94 09:32:39 -0400 | Message-Id: <9405091332.AA29405 at big-screw> | From: "Jeffrey I. Schiller" | To: cypherpunks at toad.com | Subject: MIT Announces PGP 2.5 | Sender: owner-cypherpunks at toad.com | Precedence: bulk | | Beta Test Release of PGP version 2.5 | May 9, 1994 | | The Massachusetts Institute of Technology announces the distribution | of PGP version 2.5, incorporating the RSAREF 2.0 cryptographic toolkit | under license from RSA Data Security, Inc., dated March 16, 1994. In | accordance with the terms and limitations of the RSAREF 2.0 license of | March 16, 1994, this version of PGP may be used for non-commercial | purposes only. | | PGP 2.5 strictly conforms to the conditions of the RSAREF 2.0 license | of March 16, 1994. As permitted under its RSAREF license, MIT's | distribution of PGP 2.5 includes an accompanying distribution of the | March 16, 1994 release of RSAREF 2.0. Users of PGP 2.5 are directed | to consult the RSAREF 2.0 license included with the distribution to | understand their obligations under that license. | | This distribution of PGP 2.5, available in source code form, is | available only to users within the United States of America. Use of | PGP 2.5 (and the included RSAREF 2.0) may be subject to export | control. Questions concerning possible export restrictions on PGP 2.5 | (and RSAREF 2.0) should be directed to the U.S. State Department's | Office of Defense Trade Controls. | | Users in the United States of America can obtain information via FTP | | | | from net-dist.mit.edu in the directory /pub/PGP. | | *** | Beta Release Note -- May 7, 1994 | *** | | Today's release of PGP 2.5 is a beta test release, designed to permit | users to familiarize themselves with the program and to give us | feedback before we make the final release. | | This version of PGP2.5 has been tested on the following platforms: | | MSDOS, Sun381i, Solaris 2.X, Ultrix 4.X, Linux, RS6000, | HP/UX | | Over the next few days, we will be testing PGP2.5 on a variety of | other systems and collecting bug reports from this release. | | Please send bug reports to pgp-bugs at mit.edu. | | If you obtain a copy of this beta release code, please keep checking | http://web.mit.edu for the announcement of the final release, so that | you can update your copy of PGP2.5. We expect the final release to | occur within a week. | | *** To Get PGP2.5: The directory where PGP2.5 is located is hidden. | To get it you need to telnet to "net-dist.mit.edu" and login as getpgp. | You will be asked to confirm that you will abide by the terms and | conditions of the 3/16/94 RSAREF 2.0 license. The license is in | the file "license.txt" in /pub/PGP on net-dist.mit.edu. | From dwitkow at eis.calstate.edu Tue May 10 14:51:10 1994 From: dwitkow at eis.calstate.edu (David T. Witkowski) Date: Tue, 10 May 94 14:51:10 PDT Subject: NYT op-ed May 8 Message-ID: At 11:16 AM 5/10/94 -0700, Paul E. Baclace wrote: >I just tuned-in last night...Has anyone discussed the NYT op-ed by >David Gelernter (associate prof. at Yale)? It was accompanied by a >comic "the first wiretap" I'd be interested in seeing a scan of that comic, our local paper didn't include it. Gelernter's piece has merit, but he seems to be missing the point entirely. He acknowledges that smart criminals would NOT use Clipper, but then asserts that it's still a good idea because half-witted ones would. Am I missing some vital logical point, or does this just not make sense? Take two criminals, Danny Dumbo and Sam Smart. If Danny is too dumb to use alternative encryption, where does it follow that he would use any sort of encryption at all? Thus whether his equipment is Clippered or not, the gov't could easily tap his line. Whereas Sam is smart enough to choose some other form of encryption that the gov't can't monitor. So what good does Clipper do in either case? And thus, why does it even exist? If the gov't needs Clipper to secure its own communications, why don't they just sanctify PGP or something likewise? Dismissing the likely explanation; that Clipper is just some Cold-war-style pork barrel project, we're left with one question. How can Clipper ever be effective? The only two possible answers are: 1) if usage of alternative methods is outlawed. (Which we've been told won't happen. Veracity-alert! Whoop! Whoop!) 2) if the Clipper chip itself could somehow compromise alternative encryption schemes, perhaps by monitoring keystrokes during password entries? I'm really reaching with this one, but I thought it would be wrong to dismiss it entirely. And no, I'm not a proponent of the "Grass Knoll" and "Frozen Aliens stored in Nevada" conspiracy theories too. :) ...dtw ---------------------------------------------------------------- Notice of address change: Please send mail to the following: dwitkow at eis.calstate.edu (Mail sent to dwitkows at nermal.santarosa.edu will be forwarded) ---------------------------------------------------------------- Transmitted via modified Eudora 1.4.2 over LINUX host dialup! ---------------------------------------------------------------- Finger dwitkows at nermal.santarosa.edu for PGP key ---------------------------------------------------------------- From perry at snark.imsi.com Tue May 10 15:00:04 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 10 May 94 15:00:04 PDT Subject: NYT op-ed May 8 In-Reply-To: Message-ID: <9405102159.AA11694@snark.imsi.com> David T. Witkowski says: > Take two criminals, Danny Dumbo and Sam Smart. If Danny is too dumb to use > alternative encryption, where does it follow that he would use any sort of > encryption at all? Thus whether his equipment is Clippered or not, the > gov't could easily tap his line. Whereas Sam is smart enough to choose > some other form of encryption that the gov't can't monitor. So what good > does Clipper do in either case? And thus, why does it even exist? If the > gov't needs Clipper to secure its own communications, why don't they just > sanctify PGP or something likewise? Last week, the Wall Street Journal had an excellent article on a drug smuggling ring that got caught -- they were the folks who brought in flights of cocaine for Pablo Escobar. They had an excellent intelligence network, flew spotter planes to provide them with information on the movement of government planes, etc. They were finally captured one day by pure accident as a result of a chain of events starting from a chance unscheduled overflight by an AWACS plane on a training mission. It is unlikely that they would be so stupid as to use government cryptography. Criminals are sometimes not smart, but the ones who are a supposed threat to us will rapidly learn what crypto to use, just as even stupid people can learn to use cars and learn the difference between stick and automatic. Perry From nelson at crynwr.com Tue May 10 15:12:05 1994 From: nelson at crynwr.com (Russell Nelson) Date: Tue, 10 May 94 15:12:05 PDT Subject: Why Digital Cash is Not Being Used In-Reply-To: <199405031848.LAA13081@netcom.netcom.com> Message-ID: Date: Tue, 3 May 1994 11:48:18 -0800 From: tcmay at netcom.com (Timothy C. May) - Digital Postage. This remains my favorite. There's a _need_ for untraceable payments (else why use a remailer?). I've written about this extensively, as have others. If remailers offered robust (see above point about crufty, flaky, hobby remailers) services that they operated as _businesses_, with reasonable attention to reliability, interconnectivity to other remailers, overall robustness, and carefully articulated policies about logging, privacy, etc., then MM or something similar could have a real value. But there's a conflict here. You'd like to be able to use the same postage on multiple remailers. But if the remailers know each other well enough to agree on a common currency, then they know each other well enough to remove the reason for using multiple remailers. From lile at netcom.com Tue May 10 15:24:59 1994 From: lile at netcom.com (Lile Elam) Date: Tue, 10 May 94 15:24:59 PDT Subject: MBone map by Steve Casner... Message-ID: <199405102224.PAA18574@netcom.com> If you are interested in MBone, you might find the following postscript file of use. It's located at: ftp://ftp.isi.edu/mbone/mbone-topology.ps And is being reviewed right now. After it is reviewed, it will be available for people to use in talks, etc. Bi the way, the next cypherpunks meeting will be on the MBone... :) -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From lile at netcom.com Tue May 10 15:36:27 1994 From: lile at netcom.com (Lile Elam) Date: Tue, 10 May 94 15:36:27 PDT Subject: KQED Clipper discussion.... Message-ID: <199405102236.PAA20371@netcom.com> Hi folks, Is anyone up for discussing the Clipper and why it's bad for us on KQED this thursday night? Please let me know and I will forward your name to Russel. I might not be able to make it because I am having my art photographed that night... It will soon be scanned and available on a WWW site... thanks, -lile >From brand at drums.reasoning.com Tue May 10 13:17:30 1994 Return-Path: Received: from drums.reasoning.com by mail.netcom.com (8.6.8.1/Netcom) id NAA19095; Tue, 10 May 1994 13:17:22 -0700 Received: from maraca.reasoning.com.res_no_yp by drums.reasoning.com (4.1/25-eef) id AA26100; Tue, 10 May 94 13:17:07 PDT for lile at netcom.com Date: Tue, 10 May 94 13:17:07 PDT From: Russell Brand Message-Id: <9405102017.AA26100 at drums.reasoning.com> Received: by maraca.reasoning.com.res_no_yp (4.1/SMI-4.0) id AA12260; Tue, 10 May 94 13:16:27 PDT To: lile at netcom.com Subject: KQED is doing something on CLIPPER Thursday night and needs some help Reply-To: brand at reasoning.com Status: RO As best I understand it (which may not be very well), Robin Giattassio-Mall (who produces the FORUM series) is looking for a host/expert for disussion of the online fight against clipper. I have a law school final that night. I thought you might be interested in acting in my place. If so, please call her directly to get the details. I am asking four of five people to give her a call and hopefully one of you will be free and able to help her. I haven't given her your name. Her number is 415 553 2190 Let me know if you get recruited or get a better idea of what is going on that I have. (this is the same group that was going to be putting on the show Thursday morning and had asked about your FOIA stuff) From perry at snark.imsi.com Tue May 10 15:42:24 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Tue, 10 May 94 15:42:24 PDT Subject: KQED Clipper discussion.... In-Reply-To: <199405102236.PAA20371@netcom.com> Message-ID: <9405102238.AA11779@snark.imsi.com> Lile Elam says: > Is anyone up for discussing the Clipper and why it's bad for us > on KQED this thursday night? I would suggest contacting EFF and seeing if they have a spokesperson handy. In general they are likely good people to contact for this sort of thing. Perry From fhalper at pilot.njin.net Tue May 10 15:42:55 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Tue, 10 May 94 15:42:55 PDT Subject: MacPGP 2.5? Message-ID: <9405102242.AA03748@pilot.njin.net> Does anyone have any info on when I mac version of PGP 2.5 will be released? Thanks, Reuben Halper Montclair High From pcw at access.digex.net Tue May 10 15:48:38 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 10 May 94 15:48:38 PDT Subject: Why Digital Cash is Not Being Used Message-ID: <199405102248.AA25221@access3.digex.net> > Date: Tue, 3 May 1994 11:48:18 -0800 > From: tcmay at netcom.com (Timothy C. May) > > - Digital Postage. This remains my favorite. There's a _need_ for > untraceable payments (else why use a remailer?). I've written about this > extensively, as have others. > I should point out that Pitney Bowes has a patent on using digital signatures and RSA to "sign" a postal meter application. The patent begins by noting that postal meters are literally machines that print money. It goes on to show how to control this with digital signatures. There is some kind of bar code applied to the stamp. My impression is that getting the info density on the envelope is a bit of a problem with the invention. But I'm not sure. From nate at VIS.ColoState.EDU Tue May 10 16:00:07 1994 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Tue, 10 May 94 16:00:07 PDT Subject: remailer list wanted Message-ID: <9405102259.AA15320@vangogh.VIS.ColoState.EDU> I need the latest and greatest remailer listing. thanks, -nate -- +-----------------------------------------------------------------------+ | Nate Sammons | | Colorado State University Computer Visualization Laboratory | | Data Visualization/Interrogation, Modeling, Animation, Rendering | +-----------------------------------------------------------------------+ From peb at netcom.com Tue May 10 16:50:57 1994 From: peb at netcom.com (Paul E. Baclace) Date: Tue, 10 May 94 16:50:57 PDT Subject: NYT op-ed May 8 Message-ID: <199405102350.QAA22553@netcom.com> I'm writing up a response to the Gelernter editorial and have the following notes...if you have any comments, please send me mail so I can revise and add to the argument. Also, I recall an NSA spokesperson said something that amounted to an admission that Clipper would not stop the smart terrorist or somesuch in response to a question at a press conference. Does anyone know what snippet that is (unfortunately, my archive tapes are inaccessible right now). This would be a nice quote to include. Paul E. Baclace peb at netcom.com -------------------------------------------- What Gelernter does not mention: We have wiretaps today and he still got bombed. (I deplore the Ludite terrorist who allegedly did the bombing and I am not unaffected by this in circuitous ways...) Some crimes are always hard to stop, regardless of technology. Note that arson and serial murders still happen and we have a free society. Only a police state would mitigate such crimes, but who would guard the guards? The real decision that people need to make about privacy regards balance of power. Privacy is power. Setting up laws that require privacy to be violable for all time to come is giving up the most important non-enumerated right. People who live under oppressive governments need privacy. There is no guarantee that the U.S. government will never abuse its power. The digital telephony bill and Clipper initiative, if both are passed, will pave the way for desktop wiretaps. A warrant could be requested and granted by a judge by electronic mail and then the wiretap itself could be turned on remotely. It could be accomplished in minutes after the required forms are filled out. Wiretaps will become cheaper and faster. This will be very tempting to abuse. Remember that Nixon kept a list of enemies and had them wiretapped. This brings into question the whole warrant issuing process and has nothing to do with technology. Prediction: If Clipper is used widely one day, the first time a terrorist blows up a building and uses unbreakable encryption in order to pull it off, the government will not be able to resist a new effort to ban cryptography. Since neither the Digital Telephony bill or Clipper will stop the smart terrorist, it is only a matter of time. Cryptography amounts to inventing a private language. A ban on cryptography would thus violate the First Amendment. As people conduct more of their life on the information superhighway, privacy will become more important over time. The passing of the digital telephony bill put in place cheap mechanisms for spying on citizens that a corrupt government could use. From dwitkow at eis.calstate.edu Tue May 10 17:17:19 1994 From: dwitkow at eis.calstate.edu (David T. Witkowski) Date: Tue, 10 May 94 17:17:19 PDT Subject: KQED Clipper discussion.... Message-ID: At 6:38 PM 5/10/94 -0400, Perry E. Metzger wrote: >Lile Elam says: >> Is anyone up for discussing the Clipper and why it's bad for us >> on KQED this thursday night? > >I would suggest contacting EFF and seeing if they have a spokesperson >handy. In general they are likely good people to contact for this sort >of thing. > >Perry I concur. The following is a listing of KQED-local EFF members. CALIFORNIA San Francisco Bay Area: This!Group Mitch Ratcliffe coyote at well.sf.ca.us or Mitch_Ratcliffe at macweek.ziff.com Glenn Tenney tenney at netcom.com Judi Clark judic at netcom.com ...dtw ---------------------------------------------------------------- Notice of address change: Please send mail to the following: dwitkow at eis.calstate.edu (Mail sent to dwitkows at nermal.santarosa.edu will be forwarded) ---------------------------------------------------------------- Transmitted via modified Eudora 1.4.2 over LINUX host dialup! ---------------------------------------------------------------- Finger dwitkows at nermal.santarosa.edu for PGP key ---------------------------------------------------------------- From nobody at shell.portal.com Tue May 10 17:46:32 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 10 May 94 17:46:32 PDT Subject: Why Digital Cash... Message-ID: <199405110047.RAA09840@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- Well I'm bummed, my earlier post on this seems to have been totally ignored. I will shorten it. Tim May asks some interesting questions about the pace of crypto deployment, and asks about "compensating" people for their work. OBSTACLES I think there are two main reasons for slow deployment: 1. Lack of resources To really do it right, you must own a net connected machine. - digital bank: speed, convenience - data havens: speed, convenience, access to huge storage - anonymous remailers: need to be able to control sendmail logging, need to be able to hack config files for best results, etc. Owning the machine this stuff runs on (no other users) is necessary for key security. For guarding against what Tim calls "Mom and Pop" type remailers (ones that may vanish at anytime when a student graduates, moves, etc.) 2. Legal issues In my mind, the biggest hurdle. - patents: these may really suck but the fact is they are legal until a court overturns them, or they expire ;) - exposure: the operator assumes a certain (almost unpredictable) risk. For example: * suppose I run a data haven and people use it for moving pirated software. * suppose somebody uses an anonymous remailer to threaten another Call me nuts, but the fact that many remailers run on systems that do log mail is "protection" for the remailer operator. A balance needs to be struck between offering anonymous mail and logging; unfortunately I think in the current climate the balance lies closer to logging to avoid problems. Don't get me wrong, I'm in favor of this technology (I've run remailers, etc.). But the "infrastructure" to deal with some events isn't here. (Say somebody gets threatening anonymous mail. In a world rich with crypto tools, this person would be using positive reputation filters, ignoring mail not digitally signed, maybe even be posting to usenet or participating in an email list "anonymously" themselves with return address blocks, etc. In this case, their identity could be kept completely private.) INCENTIVES What are the incentives for running these services? None as far as I can tell, other than the satisfaction of doing it. I'm not sure the market is ready for anonymous mail, data havens, etc. So it falls to interested hobbyists to experiment with. Johan Helsingus (Julf of anon.penet.fi) spends hours a day maintaining his site, responding to complaints, etc. He provides a valuable service, which obviously is very popular... all the same, I'll bet when he asked for a donation of $5 per account to help defray costs, he got almost no response. > Later protocols have not fared as well. Why this is so is of great > importance. I'm very interested in hearing your theories about this, Tim. Post! I too wish things were different. We are in a "ease of use" phase. Most people on this list don't even pgp sign their messages, largely because it isn't convenient. It isn't surprising later protocols aren't faring well. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdAqdIOA7OpLWtYzAQFrzgP+Mtrvyq+aG0pIX57t/bJ+L1dsbO+tnf3O orcr8ZytlNWFfaoxDVf33780FCRFHsP06xOmXRiGM14bWrIVKbq+D9y4pvx8Qh/6 4YEND80DWooALAK8Meo4gKJgc5EPXcsGgW9/JvfjP46VG2kq7vcAQoKGH9HZe4c7 W+0I3cpteQg= =sLe4 -----END PGP SIGNATURE----- From geoffw at nexsys.net Tue May 10 17:47:00 1994 From: geoffw at nexsys.net (Geoff White) Date: Tue, 10 May 94 17:47:00 PDT Subject: Where is PGP2.5? Message-ID: <199405110044.RAA27882@nexsys.nexsys.net> It seems like the directory at MIT is write locked. Anybody have the key? From mech at eff.org Tue May 10 18:21:36 1994 From: mech at eff.org (Stanton McCandlish) Date: Tue, 10 May 94 18:21:36 PDT Subject: EFF's Kapor announces new cyberspace tv show Message-ID: <199405110047.UAA23675@eff.org> Forwarded message: Date: Tue, 10 May 1994 09:13:23 -0400 From: mkapor at kei.com (Mitchell Kapor) Subject: My tv show (I thought you might be interested in this.) New Cyberspace TV Program I am developing a new program on cyberspace in conjunction with WGBH-TV, PBS' Boston affiliate. The show is intended to be a window onto the world of computer networks for the television viewer, whose point of view is that the world of on-line communications is interesting because of what people do there, not because of the digital plumbing which enables it. We will be focusing on the human aspects of networking and the individual and social aspects of being on-line. Cyberspace will be portrayed as a not-so-really strange territory after all, where all of us will increasingly come to live and work. My role is to guide people through this new territory, introducing the audience to its native culture, its scenic attraction, and its sights and sounds. We assume our audience is motivated by curiosity to learn more about what goes on in cyberspace, but we do not assume they are knowledgeable or, in general experienced with it. On the other hand, we will not trivialize the subject matter by reducing it to a least common denominator. We will give the show a look and feel which is approachable and down-to-earth. Interview guests and roundtable participants will be drawn from the net community itself. There will be plenty of demos of cool net stuff from Mosaic, CU See Me, and other cutting-edge applications and services. We are taping two test shows in mid-June which will be shown in Boston and other cities and hope to have some sort of national distribution (to be determined) in the fall for a regularly scheduled program. We are also going to create a WWW server for the show, the segments of which will be downloadable. The server will be have on it additional material which won't fit into the show format. An Invitation: We would like to include some video clips of net citizens expressing their greatest hope and worst fear about the future of the net which we will edit into an on-air piece for our regular feedback session. It's important to me to have the voices heard (and faces seen) of people already on the net. This is an opportunity for those of us who enjoy appreciate the decentralized and democratic character to express that sentiment to a mass audience. I hope you'll take advantage of the opportunity. Guidelines: Since an individual on-air clip will run at most 20-30 seconds, please keep your statement succinct. In shooting the clip, please feel free to pick a location which says something about yourself, whether it's your computer, your pet, or the great outdoors. We can accept Quicktime movies, VHS cassettes, or 8mm tapes. If you enclose a mailer, we will return your tape. We can also pick up digital submissions from any FTP site, etc. Contact Information: email: cybertv at kei.com Postal: Cybertv c/o Kapor Enterprises, Inc. 238 Main St., Suite 400 Cambridge MA 02142 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From tcmay at netcom.com Tue May 10 19:21:25 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 10 May 94 19:21:25 PDT Subject: Remailer Comments (was: "Why Digital Cash...") In-Reply-To: <199405110047.RAA09840@jobe.shell.portal.com> Message-ID: <199405110221.TAA03509@netcom.com> "Nobody" writes: > > Well I'm bummed, my earlier post on this seems to have been totally > ignored. I will shorten it. I saw it and thought it quite good. As to why nobody (besides Nobody, of course) commented.... I wrote an essay on how the "bad posts drive out the good," that is, the trivial chatter and net.repartee posts tend to dominate over the thoughtful, detailed reports. I sent this around 5 p.m., PDT, on Saturday, so it no doubt vanished into the Maximal Entropy empty set. (However, being anal retentive, I saved a copy...I will resubmit it when the readership gets back to a high enough level.) > Owning the machine this stuff runs on (no other users) is necessary > for key security. For guarding against what Tim calls "Mom and Pop" > type remailers (ones that may vanish at anytime when a student > graduates, moves, etc.) Actually, these are not what I mean by "Mom and Pop remailers." My usage here is that someday there will be the infrastructure to support local entrepreneurial services, wherein households (hence "Mom and Pop") set up remailer services and collect digital postage. Far from being flaky (the "Joe College remailers." one might call them), these remailers-for-pay would need to be counted on to be up, and could not afford to be flaky. O'Reilly and Associates (the Unix books people) are about to unveil their "Internet-in-a-box" product. Can it be much longer before some of you enterprising remailer builders offer "Remailer-in-a-box"? > - exposure: the operator assumes a certain (almost unpredictable) > risk. For example: > * suppose I run a data haven and people use it for moving pirated > software. > * suppose somebody uses an anonymous remailer to threaten another This apparently is happening. Offshore remailers will help, but a malicious person planning a denial of service attack can still send threats, pirated software, etc., through a remailer he want to put heat on. > Don't get me wrong, I'm in favor of this technology (I've run > remailers, etc.). But the "infrastructure" to deal with some events > isn't here. Agreed. But the infrastructure won't exist until some experiments have been done and evolutionary learning takes place. A platitude perhaps, but still the truth. > What are the incentives for running these services? None as far as I > can tell, other than the satisfaction of doing it. I'm not sure the > market is ready for anonymous mail, data havens, etc. So it falls to > interested hobbyists to experiment with. Longterm (as short as 2 years perhaps, but more likely 5-10 years...an eyeblink, as I see it) the incentive is as with *any other service*. Just like Federal Express or UPS. "Digital postage" of some form. > Johan Helsingus (Julf of anon.penet.fi) spends hours a day maintaining > his site, responding to complaints, etc. He provides a valuable > service, which obviously is very popular... all the same, I'll bet > when he asked for a donation of $5 per account to help defray costs, > he got almost no response. A variant of the "tragedy of the commons," of course. All users benefit, regardless of contributions. For now, Julf is presumably deriving psychic satisfaction (fame, notoriety, happiness at perhaps helping people in the *.recovery "confession" groups, etc.). He sometimes comments here, so perhaps he will now. When there is a need for some service, and the means to make that service happen, and the economic incentives, the service usually gets provided. I'm not too worried about "making it happen," myself. Only in doing what I can to head-off any restrictive moves by governments. I'm pretty hopeful. Strong crypto + wide-open communications = this future we talk about. Whatever form remailers take, it's probably too late to stop them. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From harmon at tenet.edu Tue May 10 19:28:09 1994 From: harmon at tenet.edu (Dan Harmon) Date: Tue, 10 May 94 19:28:09 PDT Subject: Forwarded mail.... Message-ID: ---------- Forwarded message ---------- Date: Tue, 10 May 1994 17:00:19 -0500 (CDT) From: Dan Harmon To: cypherpunk at toad.com Subject: Is there a problem? I have not received any mail for the last three days. Dan Harmon From VACCINIA at UNCVX1.OIT.UNC.EDU Tue May 10 20:00:52 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Tue, 10 May 94 20:00:52 PDT Subject: List Down? Message-ID: <01HC6WD6Q9YA000OVJ@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Could someone tell me if the list is down? I have'nt gotten any mail for the past two days. Perhaps, a router into our site is down? Anyway, if it is the list and not my node, I would at least have a better fix on what is happening. Thanks. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLc74eT2paOMjHHAhAQGhDgQA076HZTxTUlY1/48AmEzpWuT/aUzkzFYT +l9JgSuBqzukF9FkDrGCEwPm0q5NMvU9bcQOmDskxtByotpj0XGetnqAskLH3qm8 4MJ2tnxS68VQkUszYYRxFgM/6SGf3KfdnFikjUY77iQdXnyC+jApMzMnbMeqim0V 9Oe/7MWTJMk= =ReD/ -----END PGP SIGNATURE----- From pfarrell at netcom.com Tue May 10 20:27:31 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Tue, 10 May 94 20:27:31 PDT Subject: converting old keys to new MIT PGP 2.5 Message-ID: <84252.pfarrell@netcom.com> There has been a lot of speculation about the need to create new PGP 2.5 keys to keep on the mit keyserver. I got a copy of 2.5 beta last night. I ran it, and created a new 1024-bit key so Derek's work won't compromise my old 512 bit key. I then added my old key to my 2.5 keyring. Folks with long memories may recognize my key, I created it at NSA's National Computer Security Conference in 1992. Notice all the changes to make it 2.5 compliant. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi3PfgAAAAEEAJ3jXeV45rPehvumTmvu3hWzirASU6CHuUKT+QwtMtXkIHsp IvSH96Cw02hH3Q9u48UWaOTrAtCyZHSEK59rtL16fGhUS8Uj4YQQjVlFXEwX0oxy DUUmKa2xDeW5QKd2knvnk36wqz4C+jJwBZv/pMapWaE4HXuuLrCsmOInW9opAAUR tC5QYXQgRmFycmVsbCAoUGF0cmljayBELikgPHBmYXJyZWxsQG5ldGNvbS5jb20+ =d32V -----END PGP PUBLIC KEY BLOCK----- This surelooks like an 18 month old key with lots of sigs. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQBNAiq7mr4AAAECAM9R8OL+Vr5uS85tCCI6caNElBdfobX9/0AKidfp/+D7MRz8 6IsyffmaCWp/F8yitR1FYzbe7kDxH1sado5v8o0ABRG0J1BhdCBGYXJyZWxsIDw3 NjQ2NywyNjEwQENvbXB1c2VydmUuY29tPokAlQIFECvZ+y2MLukKAcOq2wEBwOgD /0TiS1tQzoUBhe9nKAb/KuBZzXoyNwO1glvmWXciGQXokojxoHwarrbee/5iSPzm MPQPzt2OPRloHpkllaHnb2upji0Nd09ishr3vFsCVJUZStXsEGrEFR/W4xtUySF2 hFKgaYXpOQZJcevByWPT+2RWrvduDqTR9xQY0D93gN6RtC5QYXQgRmFycmVsbCAo UGF0cmljayBELikgPHBmYXJyZWxsQGNzLmdtdS5lZHU+iQCVAgUQK9McLI4wrq++ 1Ls5AQEgWAP/b/LVlqWQKWswOgNdD1SmTI+49Oa9nsh0mL8D+usu3oAYyUeSHcWE v53EFVl6Ab2ptyPIQ9dWBIMjWhQ/l/l7zn+rxl+7JLCE+Q7SUJNtIQovXknGXieX TQqcgbSOF/JsqKl0wio4axjBx42pkQPEbr2hQd07l8twxOm4s6mNg/2JAJUCBRAr QIiLWhaZXhf/sZkBASDoA/9Ou3yg2h24ruJUnfmIAcq8sBmZ8OqVi5HL44LkZqQR OiB6wYIZ3Ns84mTIlsuasGJ/KJCSerM3VHPWbJxX5Gcj7QiKJ0EAl3oUrelIijMB ZAIzVm11DOV2cb6zHsXdSuKEUzXxEV5QyWCeylLSuJ8Ls0QvYwoQCciiWQw+jijS 7IkAVQIFECs3sGbMi+WsjLS5UQEB4owB/RTCq9Ja67qlJSeqeEmWURv7o+q0B002 pYNx5gySy5cb4l3SKALNMgFja4Gchh7achk9JmLOJf/KiDB3rh1TpFqJAEUCBRAq 9QMWMS8XS2BAvK0BASocAYCPqFjOT4iCmzMvqgl4xJFD+NZUFm6RoT/VcjFsDa3c +H8keVgQ3KRwDSbmChSfEzqJAJUCBRArACIqBQGOdIYeg9kBAcxdBAC6SbdkxeOM QbwW99aT/nMTsRvc/MzpB7VacTxiY0X+Cxs61gGIZSa050N2JOhAloekPkiGoI/m 71UFeQ0VzlJaHJi7mzVXOWvQdGKllwlgp8/rWTIAPvai5ZD642s1ipsL+KrVsjY1 dqzBqY1d9SqBOqkhBUuUgn71z5FszSTet4kAlQIFECsS9Us1J04nVqoK1QEBcikD /21VkPPvwzfqNBdOAsIaz7zq2zIrjBCD2XpMN8fA6vMNoV99q7I8rkOA3tXxNnrH liVI7UKs7iB7+30xdXut3vXMc8Ar6wqrrRbmjPHduH7PzbTdNmRl+ckJLqnK8mNt PEdHLt3tzelcDCnjyFIzFZyXt5oW+JtahfUzTB6rqV5siQBVAgUQKwEiUFSLDsfl P4mDAQGHbQIAvzQnQAKUA1WubJiMeFBNshn1SJCXazLL3UCuicBa/ZjQlf/fPBrT WPhuGuwZ3Fv0zfeFUEf8MOqHcd6iUw/XNokAVQIFECr/4CkfWxp2jm/yjQEBbzsB /jSTK9T7iNcKeb9DJEa2bkERK/o9Tp+hr/pTDN6yvkfX8gCa3cAty0HjD6raBO49 i7RImcHcAxqoAm+IcOwlG/SJAFUCBRAq5VdzGYOCw1Lv1hcBAR4MAf0cjSwG8pQc 1wTaHJiYUU2aP++QMfGHvRA800Z4f1Gs5e7OWxQut8H7X5cZO5YK33kIPmvak2uO oPk4DPuwwxqaiQBVAgUQKt2aJKSRIVZZINU1AQEfkwH9HvhXFbofG81xH3SbqfUE 9bg9VGUX9c8xv5aSYxvFwL9zLwAv//jbqWIWlsYPRCfk8TZS0vOyDnCG4faP36Ab mLQnUGF0IEZhcnJlbGwgPDc2NDY3LjI2MTBAQ29tcHVTZXJ2ZS5jb20+iQCVAgUQ K2vtlFoWmV4X/7GZAQFOCAQAt2yWz8BAD22VSysN2r+TUVLeO8Ng0K8JtxVd1v3t os8qLYfenZOkaWwhrPEJ6ovN2GvWWcYSjl63ryEOGRnGLFxHOVPsQBLs1D+Qu4aE 9NQWKD03Z9tbw4ZtLWq5A8PHAbiNUQN7X7oCfPidpkW4s4UHE99O2fJ+LBGa1Jc8 5LmJAJUCBRArDb/FeWjYJM7+R1kBAalDBACGbwJDENsBOW5jCM1X3I7OPbQOT7bI IaSpo5oUB+JdV3Ir08rNv0feugStgE/AVnAY+Cx+sPfPCkjyprutrDjzq+WjmmZK TrWnaA/CfuzIXEblwXnszOx5pP14uKpu3VBzyYZN1xGRe1OwFc9C/578a0XHefGQ cfoI1XmZ+TLtwA== =K5uB -----END PGP PUBLIC KEY BLOCK----- This might be a new key -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi3PfgAAAAEEAJ3jXeV45rPehvumTmvu3hWzirASU6CHuUKT+QwtMtXkIHsp IvSH96Cw02hH3Q9u48UWaOTrAtCyZHSEK59rtL16fGhUS8Uj4YQQjVlFXEwX0oxy DUUmKa2xDeW5QKd2knvnk36wqz4C+jJwBZv/pMapWaE4HXuuLrCsmOInW9opAAUR tC5QYXQgRmFycmVsbCAoUGF0cmljayBELikgPHBmYXJyZWxsQG5ldGNvbS5jb20+ iQBVAgUQLc9/oh9bGnaOb/KNAQEHuQIAvCmjJaDDkros1Lp7MxL+133tLTumSlW5 HFnkz99pzH8L85iFEYS/UUGTrNJkG2AOJWGt2NnDNCQ2HLOBtxJNVokAlQIFEC3P fqywrJjiJ1vaKQEBzFQD/jO274jo91J6uARzVVC+CG8CE5ocNz9ZZ1RSYM7tonbf YfgNfysT+G8fdFFxpZE40pWUte56sTfPH9isXo+GVN1JKIhI4mmdekrpme32ZXvw mTk9Kofj0mwZQwhKgtY1VTMG++tErOaTxIXnjMGZRVNQbKS1aXfI3XnSDdTZRrts =70Dd -----END PGP PUBLIC KEY BLOCK----- So I say thanks Jeff, et al, and even thanks to Jim Bidzos. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From cdodhner at indirect.com Tue May 10 20:28:23 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Tue, 10 May 94 20:28:23 PDT Subject: PGP and Yarn (offline reader) In-Reply-To: <8kzpjWDCu40F064yn@ecn.purdue.edu> Message-ID: Does anybody know of a QWK format offline pgp-intigrated mail program? Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner at indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ On Tue, 10 May 1994, Cortland D. Starrett wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > (This may be the 2nd time you hear this.... but the original > post may have been flushed.) > .............................Cort. > > PGP can now be nicely integrated with the excellent offline > news/mail package, Yarn. You can now, at the touch of a key, > encrypt an out-going note, sign an out-going note/post and > decrypt/verify incoming notes/posts. > > Yarn (stable beta version .64) can be retrieved by ftp from > oak.oakland.edu:/pub/msdos/offline/yarn-064.zip (as well as > mirrors and other sites). Yarn imports news/mail in the SOUP > format. > > (I am quite pleased with this combination.) > > Thanks to the author, Chin Huang. > > Cort. > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a > > iQCVAgUBLc/cCus4vmytylqdAQElwgP9G3WSjphJ+C9e0JFQV7GaKNzV3orVy0xV > oBKSvO2Hw9jZFp7iPq75PAkyQgYX+vALbJe6LqzWF7Oc0jaEd+LhBjWiYv3rTNzR > f+CZCZf2FnNc+00Ylus/MxrXNJj2svYF9nHHH0Pld9CYylq/qNntVuj43MvdNi4W > stI98P8c6C0= > =GHLe > -----END PGP SIGNATURE----- > From loofbour at cis.ohio-state.edu Tue May 10 21:34:10 1994 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Tue, 10 May 94 21:34:10 PDT Subject: 1024 limit... In-Reply-To: <9405102130.AA27830@bacon.imsi.com> Message-ID: <199405110433.AAA06928@styracosaur.cis.ohio-state.edu> Perry E. Metzger writes: > >- Number of bits allowed when generating keys limited to 1024, in line > > with the limits in RSAREF and BSAFE. It used to be higher, but > > folks, if you think you need a key larger than that, do some research > > into the complexity of factoring. > > I'm sure patches to fix this bit of fascism will show up soon. No sooner said... Ahem. The patches to both PGP 2.5 and RSAREF 2.0 are both obscenely trivial, actually, with the exception of the bug fix (!) to idea.c, which was obtained mere minutes after my bug report courtesy of jis at mit.edu himself. Should elegance be demanded, crypto.c and language.txt should both be patched to mention the new upper limit. With MAX_RSA_MODULUS_BITS out of the way, MAX_BIT_PRECISION is the next hard upper limit, defined as 1280 bits. There isn't any glaring reason not to increase that constant as well... However, my goal for the nonce was to grandfather old 1024+ keys. I don't see much point nowadays in generating a new key that a thousand other "stock" PGP users won't be able to utilize. In accordance with the terms of the RSAREF 2.0 license agreement, I am providing a copy of this modification by electronic mail (note CC:); they may have a perpetual, royalty-free license to the three bytes I changed :-) nathan Patches to PGP 2.5: ------------------- *** keymgmt.c.dist Sat May 7 21:15:18 1994 --- keymgmt.c Mon May 9 13:06:54 1994 *************** *** 2618,2625 **** --- 2618,2630 ---- #ifndef DEBUG /* minimum RSA keysize: */ if (keybits < 384) keybits=384; + #ifdef FASCIST if (keybits > 1024) keybits = 1024; + #else + if (keybits > MAX_BIT_PRECISION) + keybits = MAX_BIT_PRECISION; + #endif #else if (keybits > MAX_BIT_PRECISION) keybits = MAX_BIT_PRECISION; *** idea.c.orig Sun May 8 21:18:59 1994 --- idea.c Tue May 10 14:22:48 1994 *************** *** 446,452 **** int bufleft = context->bufleft; if (bufleft) { ! memcpy(context->iv+bufleft, context->iv, 8-bufleft); memcpy(context->iv, context->oldcipher+8-bufleft, bufleft); context->bufleft = 0; } --- 446,452 ---- int bufleft = context->bufleft; if (bufleft) { ! memmove(context->iv+bufleft, context->iv, 8-bufleft); memcpy(context->iv, context->oldcipher+8-bufleft, bufleft); context->bufleft = 0; } Patches to RSAREF 2.0: ---------------------- *** rsaref.h.dist Fri Mar 25 14:01:49 1994 --- rsaref.h Mon May 9 12:49:59 1994 *************** *** 31,37 **** /* RSA key lengths. */ #define MIN_RSA_MODULUS_BITS 508 ! #define MAX_RSA_MODULUS_BITS 1024 #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8) #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2) #define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8) --- 31,37 ---- /* RSA key lengths. */ #define MIN_RSA_MODULUS_BITS 508 ! #define MAX_RSA_MODULUS_BITS 2048 #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8) #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2) #define MAX_RSA_PRIME_LEN ((MAX_RSA_PRIME_BITS + 7) / 8) From grendel at netaxs.com Tue May 10 21:48:48 1994 From: grendel at netaxs.com (Michael Brandt Handler) Date: Tue, 10 May 94 21:48:48 PDT Subject: PGP v2.5 update Message-ID: <199405110447.AAA00534@access.netaxs.com> I know that the source for PGP 2.5 has been released for beta testing. I have been unable to get it yet [the server is really busy, as is NetAccess, so I time out. =( ] I also never saw the majority of the cypherpunk messages for the past five days due to Net Access's internet feed dying. Can someone please update me on the modifications to PGP v2.5 and the reasons why they are being made via private email (ie remove the list from the Cc: line). I gather that in the code as published you cant generate keys bigger than 1024 bits, but that's all I know. Thanks in advance. -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server / mail / finger | ========================================================================== From pleiku!kelly at pleiku.com Wed May 11 03:19:06 1994 From: pleiku!kelly at pleiku.com (kelly@netcom.com) Date: Wed, 11 May 94 03:19:06 PDT Subject: Harassment of a mailing list by lassie!jim%lassie@netcom.com In-Reply-To: <231@lassie.lassie.uucp> Message-ID: <199405110958.CAA15336@pleiku.pleiku.com> And you sir have a netcom feed... as do I... I will be talking with Bob Rieger about your harassment of other netcom users on this list... I feel that you WILL lose your accounts with netcom if this HARASSMENT doesnt stop. I suggest you think about your highly immature actions of the last week.. a copy of this mail is being forwarded to noc at netcom.com as well as bobr at netcom.com... in fact I am sending a copy of ALL of your postings to netcom management... mailbombing a mailing list IS NOT with in netcom's AUP(that is Acceptable Use Policy). and IS grounds for revocation of your accounts on netcom... Think about it... kelly at netcom.com From frissell at panix.com Wed May 11 04:27:23 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 11 May 94 04:27:23 PDT Subject: From Todays` RISKS column Message-ID: <199405111127.AA24021@panix.com> D > D >White House May Issue National ID Cards D > D >The Clinton administration is working on a national ID card that D >every American would need in order to interact with any federal agency, D >reports Digital Media: A Seybold Report, a computer industry newsletter Gee. It's a good thing I don't "interact with any federal agency" or I'd be really worried. DCF "Ver are yur paypers?" I lost them. I'm an illegal alien. I don't have any. I'm a foreign tourist. I forget. I'm homeless. I'm an anarchist (a recognized alternative life/style) and I don't believe in such things. My dog ate them. As a product of the public schools, I couldn't read them so I must have thrown them away. Where are your papers? --- WinQwk 2.0b#1165 From whitaker at dpair.csd.sgi.com Wed May 11 05:43:07 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Wed, 11 May 94 05:43:07 PDT Subject: Real DigiCash ! In-Reply-To: <9405102113.AA11573@snark.imsi.com> Message-ID: <9405110540.ZM5612@dpair.csd.sgi.com> On May 10, 5:13pm, Perry E. Metzger wrote: > Subject: Re: Real DigiCash ! > > Geoff White says: > > Real DigiCash ! > > In the subject of a message about > > > MONDEX SPECIFICATIONS FOR ELECTRONIC CASH PAYMENT RELEASED > > So far as anyone knows, Modex has no cryptographic security, and thus > isn't "real digicash" by any stretch. > Mondex is more of a reloadable stored value card. There are no provisions for anonymity in the system. Russell > Perry >-- End of excerpt from Perry E. Metzger -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From dmandl at lehman.com Wed May 11 07:17:06 1994 From: dmandl at lehman.com (David Mandl) Date: Wed, 11 May 94 07:17:06 PDT Subject: Here they come... Message-ID: <9405111416.AA03845@disvnm2.lehman.com> In today's New York Times: "Anarchy, a Threat on the Electronic Frontier," by Peter H. Lewis. It's kind of a scare piece on how flame wars, abuse, and out-of-control sociopaths are destroying the self-regulating Eden of the net. The piece itself is more or less "neutral," in classic NYT style, but it can also be seen as the first rumblings of a call for some kind of "responsible regulation" of the net. The pedophiles we all run into by the thousands every day are mentioned in the piece, as are the "pornographic pictures [...] traded in great volume." Also, "virtually every network, large and small, has crackpots and sociopaths who seek to bully others with obscenities and threats." Other quotes: "In recent months, it has become difficult for even network libertarians to argue that the network community can resolve its problems through peer pressure alone." and "[...] 'What people will probably do is invent "site kill files,"' wrote David Hayes, a Usenet regular who works for the National Aeronautics and Space Admistration's Jet Propulsion Laboratory in Pasadena, Calif. [...] 'My fear is that this will be a cyber-revisiting of the blacklisting that was prevalent in the 50's,' Mr. Hayes wrote. 'Eventually, I predict that such site kill files will be used to censor politically unpopular views (like mine, for example).'" Think about that next time you put someone in your killfile. --Dave. From perry at snark.imsi.com Wed May 11 07:28:42 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 11 May 94 07:28:42 PDT Subject: Here they come... In-Reply-To: <9405111416.AA03845@disvnm2.lehman.com> Message-ID: <9405111428.AA12782@snark.imsi.com> David Mandl says: > In today's New York Times: "Anarchy, a Threat on the Electronic > Frontier," by Peter H. Lewis. It's kind of a scare piece on how > flame wars, abuse, and out-of-control sociopaths are destroying the > self-regulating Eden of the net. The piece itself is more or less > "neutral," in classic NYT style, but it can also be seen as the first > rumblings of a call for some kind of "responsible regulation" of the > net. The Times has two beat reporters for cyberspace. They are Peter Lewis and John Markoff. Markoff's pieces in the times show remarkable understanding of the issues, but Lewis's make it seem like he's never even logged in. I suspect he has, but he shows no signs of actually "living" in our world. I really find it horrifying that in three articles on the subject he has yet to explain the fundamental problem with the jerks at Canter&Segal, and even whitewashed their disbarrment in Florida in today's piece. There is a difference between "neutral" reporting and uninformed reporting. Peter Lewis hasn't really shown much of a comprehension of what the fundamental issues he is supposed to be reporting are. I encourage people to feed Markoff their interesting scoops and tips, and for people being interviewed by Lewis to ask why Markoff isn't covering a piece. I haven't anything against Mr. Lewis personally, but he seems more interested in finding juicy stories than in producing good stories. Maybe he'll change as he learns more about the beat he's covering. Perry From habs at warwick.com Wed May 11 07:28:47 1994 From: habs at warwick.com (Harry S. Hawk) Date: Wed, 11 May 94 07:28:47 PDT Subject: macPGP In-Reply-To: Message-ID: <9405111703.AA16198@cmyk.warwick.com> > HH> I understand you are the author of MacPGP. > > I'm only one in a large group - but I have released version 2.3a V1.1 > (executables only, the source is not available yet). Since that doesn't allow us to verify the code, is there a reason for this? Can you predict how long it will take before you release them. > HH> I didn't find a any sig. on the copy I am using, nor have > HH> I found any source code. I am worried that I might have > HH> an altered copy. > > Mmh, that's strange since I signed all archives. How did you sign them? Did you sign the binhex file or the Mac executeable, etc.? > But they are on some FTP sites, too, but don't ask me for the exact > address. Both versions (English and German) should be available at > darmstadt.gmd.com. I have found them on Demon in England. > Bye > Christoph > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.3a > > mQCPAiyuBAIAAAED+gOnj7OxWPtBy9ueDmRdeXtniUMo4QpvuZo+4PPD2RsHqWzl > 8zSu32jlRzTG5nSLoYjJ03gminzKU3n5GAhuNwahCZRm5sNLkYC0nkC/SnEyshAQ > UaWmY2pEzxU6vsS7hI+SLr61IKPM9PuBVoErprSPup6ldh7tZYtuGAyac44RABEB > AAG0M0NocmlzdG9waCBQYWdhbGllcyA8Q2hyaXN0b3BoIFBhZ2FsaWVzQEhIMi5t > YXVzLmRlPokAlQIFECy5tKQAgZ7lATjvnQEBLZ0D+gMyhsDIF0dE3iPQxahIk0RM > R33dyWcpmnZLqAtJ1JwNZmWBEGDEsVmicrG2yuz56x5YHCley1d+fvrmwUwh5yDN > JNDKKFu4AUvKZE5sHicczf6NR0DuWNF28GzVDWIGzcT9vUiohATphYLQTeoA8E1V > frGSXBiKO8qhLRh2I428iQBVAgUQLUGKSPBuDEKPNJK9AQEUpAH9GBl0dLnD+Bpl > jmJ3kdypugOzI7QcvWPF2kePgAE2P4R7SkiLnmc5sUYs7JnAeaOeSayuANJTaty2 > KUc8TtWoVQ== > =3VyW > -----END PGP PUBLIC KEY BLOCK----- > From dmandl at lehman.com Wed May 11 07:51:36 1994 From: dmandl at lehman.com (David Mandl) Date: Wed, 11 May 94 07:51:36 PDT Subject: Here they come... Message-ID: <9405111451.AA04562@disvnm2.lehman.com> From: "Perry E. Metzger" > The Times has two beat reporters for cyberspace. They are Peter Lewis > and John Markoff. > > Markoff's pieces in the times show remarkable understanding of the > issues, but Lewis's make it seem like he's never even logged in. I > suspect he has, but he shows no signs of actually "living" in our > world. I really find it horrifying that in three articles on the > subject he has yet to explain the fundamental problem with the jerks > at Canter&Segal, and even whitewashed their disbarrment in Florida in > today's piece. Yes! I meant to mention this in my post, but in my haste I forgot. Lewis seems like Markoff's dumber, more reactionary little brother. I haven't seen anything good from him yet (not that I read the Times every day). NYT basher's note: I'm surprised at how "liberal" (in the good sense) Markoff's articles have been. Lewis's oblivious and lifeless writing is more of what I expect to see in the Times. --Dave. From wex at media.mit.edu Wed May 11 08:09:27 1994 From: wex at media.mit.edu (Alan Wexelblat) Date: Wed, 11 May 94 08:09:27 PDT Subject: MIT TOC SEMINAR--ADI SHAMIR--MONDAY--MAY 16--4:15pm In-Reply-To: <199405091413.AA29156@dove.lcs.mit.edu> Message-ID: <9405111509.AA16855@spike.media.mit.edu> [Even though I'm no longer on the list, I will continue to forward talk announcements on crypto-related topics to the list... as long as no one objects. As always, if you need more information about this seminar, please email joanne at theory.lcs.mit.edu. --Alan Wexelblat] > Monday, May 16, 1994 > Refreshments at 4:00pm, Talk at 4:15pm in NE43-2nd Floor Lounge > > ``Visual Cryptography'' > by Adi Shamir > The Weizmann Institute of Science > > ABSTRACT > >In this talk we consider a new type of cryptographic scheme, which >encodes visual information (printed text, handwritten notes, pictures, >etc) in a perfectly secure way which can be decoded directly by the >human visual system without any cryptographic computations or knowhow. >We extend it into a visual variant of the k out of n secret sharing >problem, and analyse the combinatorial aspects of such codes. > >Joint work with Moni Naor. > >Host: Ron Rivest From jims at Central.KeyWest.MPGN.COM Wed May 11 08:18:26 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Wed, 11 May 94 08:18:26 PDT Subject: Here they come... In-Reply-To: <9405111416.AA03845@disvnm2.lehman.com> Message-ID: <9405111518.AA01696@Central.KeyWest.MPGN.COM> > > flame wars, abuse, and out-of-control sociopaths are destroying the > self-regulating Eden of the net. Unfortunately I agree with this statement for the most part. > rumblings of a call for some kind of "responsible regulation" of the > net. This one I do not agree with though. Who can regulate it, what are the penalties for violation, how can you prove I typed this, etc. > The pedophiles we all run into by the thousands every day are > mentioned in the piece, as are the "pornographic pictures [...] traded > in great volume." Also, "virtually every network, large and small, Unfortunately, newsgroups like alt.sex.bestiality and erotica picture groups make this point hard to defend against. > [...] 'My fear is that this will be a cyber-revisiting of the blacklisting > that was prevalent in the 50's,' Mr. Hayes wrote. 'Eventually, I predict > that such site kill files will be used to censor politically unpopular > views (like mine, for example).'" > > Think about that next time you put someone in your killfile. There is a difference between a site kill file that blocks everyone who works at AT&T from conversing with people that work at MCI, and my personal kill file that says I don't want to hear from Jim Nalbandian or Detweiler. With personal kill files they have the right to speak and I have the right not to listen. ;) Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From perry at snark.imsi.com Wed May 11 08:23:11 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 11 May 94 08:23:11 PDT Subject: Here they come... In-Reply-To: <9405111518.AA01696@Central.KeyWest.MPGN.COM> Message-ID: <9405111521.AA12918@snark.imsi.com> "Jim Sewell" says: > Unfortunately, newsgroups like alt.sex.bestiality and erotica picture > groups make this point hard to defend against. Alt.sex.bestiality is full of jokes about bestiality, not real suggestions about it. There are no newsgroups devoted to pedophillia, nor are pedophiles a visible presense in the erotic pictures newsgroups. From ecarp at netcom.com Wed May 11 08:36:10 1994 From: ecarp at netcom.com (Ed Carp) Date: Wed, 11 May 94 08:36:10 PDT Subject: MIT TOC SEMINAR--ADI SHAMIR--MONDAY--MAY 16--4:15pm In-Reply-To: <9405111509.AA16855@spike.media.mit.edu> Message-ID: On Wed, 11 May 1994, Alan Wexelblat wrote: > > ``Visual Cryptography'' > > by Adi Shamir > > The Weizmann Institute of Science > > > > ABSTRACT > > > >In this talk we consider a new type of cryptographic scheme, which > >encodes visual information (printed text, handwritten notes, pictures, > >etc) in a perfectly secure way which can be decoded directly by the > >human visual system without any cryptographic computations or knowhow. > >We extend it into a visual variant of the k out of n secret sharing > >problem, and analyse the combinatorial aspects of such codes. Quick, someone apply for a patent, before Rivest and crew steal yet another idea and try to lock it away from people, like they did RSA... From cme at sw.stratus.com Wed May 11 09:02:58 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 11 May 94 09:02:58 PDT Subject: NYT op-ed May 8 In-Reply-To: <9405102159.AA11694@snark.imsi.com> Message-ID: <199405111602.MAA14917@galt.sw.stratus.com> When we engage in debates with the forces of the Dark Side, we should be careful not to let them talk about criminals as a single class. It bothers me to see people on that side do bait-and-switch: talk about the evils of major Coke importers to get people worked up then admit that the big ones won't be affected by Clipper but 'some criminals will be'. From exabyte!smtplink!mikej at uunet.UU.NET Wed May 11 09:11:56 1994 From: exabyte!smtplink!mikej at uunet.UU.NET (exabyte!smtplink!mikej at uunet.UU.NET) Date: Wed, 11 May 94 09:11:56 PDT Subject: Where is PGP2.5? Message-ID: <9404117686.AA768674633@smtplink.exabyte.com> In addition to the directory at MIT, PGP 2.5 is available as ftp:csn.org//mpj/I_will_not_export/crypto_???????/pgp/pgp25* See ftp:csn.org//mpj/README.MPJ for the ??????? and ftp:ftp.netcom.com//pub/mpj/I_will_not_export/crypto_???????/pgp/pgp25* See ftp:ftp.netcom.com//pub/mpj/README.MPJ for the ??????? and Colorado Catacombs BBS (303-938-9654). From dat at ebt.com Wed May 11 09:24:42 1994 From: dat at ebt.com (David Taffs) Date: Wed, 11 May 94 09:24:42 PDT Subject: Here they come... In-Reply-To: <9405111521.AA12918@snark.imsi.com> Message-ID: <9405111622.AA10440@helpmann.ebt.com> From: "Perry E. Metzger" "Jim Sewell" says: > Unfortunately, newsgroups like alt.sex.bestiality and erotica picture > groups make this point hard to defend against. Alt.sex.bestiality is full of jokes about bestiality, not real suggestions about it. There are no newsgroups devoted to pedophillia, nor are pedophiles a visible presense in the erotic pictures newsgroups. I used to systematically read the pictures groups, including alt.binaries.pictures.erotica.children, and never once was an actual picture of a child posted. In fact, there was only one picture in a.b.p.e.c during the first several months of its existence, of an adult. The discussion in a.b.p.e.c was almost entirely about how horrible any group with that name must be, a self-fulfilling prophecy if I ever saw one... :-) -- dat at ebt.com (David Taffs) From sandfort at crl.com Wed May 11 09:29:28 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 11 May 94 09:29:28 PDT Subject: DigiCash announcement correction In-Reply-To: <199405101931.AA22223@access1.digex.net> Message-ID: C'punks, On Tue, 10 May 1994, Black Unicorn wrote: > > An error was made in the UniBank/Phantom Exchange press release which > indicated that DigiFrancs were backed by a store of 16 oz Diet Coke cans. > > There are of course no 16 oz cans, but rather 12 oz cans. > > UniBank regrets the error. > > Damn bankers. Overnight they devalued the DigiFranc by 25%! S a n d y From peb at netcom.com Wed May 11 10:07:25 1994 From: peb at netcom.com (Paul E. Baclace) Date: Wed, 11 May 94 10:07:25 PDT Subject: MIT TOC SEMINAR--ADI SHAMIR--MONDAY--MAY 16--4:15pm Message-ID: <199405111707.KAA16650@netcom.com> I'm very curious as to how humans can directly decode encrypted pictures. Do they stare at it for 10 minutes and go "ah, there it is". Paul E. Baclace peb at netcom.com From hfinney at shell.portal.com Wed May 11 10:16:58 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 11 May 94 10:16:58 PDT Subject: converting old keys to new MIT PGP 2.5 Message-ID: <199405111717.KAA18320@jobe.shell.portal.com> From: "Pat Farrell" > There has been a lot of speculation about the need to create new PGP 2.5 > keys to keep on the mit keyserver. > [...] > This surelooks like an 18 month old key with lots of sigs. > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.5 > > mQBNAiq7mr4AAAECAM9R8OL+Vr5uS85tCCI6caNElBdfobX9/0AKidfp/+D7MRz8 > [...] > TrWnaA/CfuzIXEblwXnszOx5pP14uKpu3VBzyYZN1xGRe1OwFc9C/578a0XHefGQ > cfoI1XmZ+TLtwA== > =K5uB > -----END PGP PUBLIC KEY BLOCK----- I get "malformed or obsolete key signature" when I try to signature-check this key using 2.5. That is exactly what the readme file warned about. PGP changed its signature format in 2.2 or 2.3 but retained backward compatibility. 2.5 is no longer backwards compatible to signatures created in earlier versions. Old keys with signatures have been harmed to this extent. I should add that PGP has always had a policy (one which I don't like) that compatibility would only be retained across two sub-versions. In other words, messages and signatures created with 2.5 are only guaranteed to be usable with 2.6 but perhaps not 2.7. So this change might have been made anyway even with- out the move to RSAREF. It's also worth noting that the old signature format was a bug. The code was originally supposed to be PKCS compatible (the format used in RSAREF and PEM) but late changes broke it; the changes had to do with endian conversions and the bytes ended up going out in reverse order. This was not a security bug, just a compatibility problem. This problem was discovered about a year later and was changed, but backwards compatibility was retained by having PGP check for both signature formats. So, there has always been regret about the PGP 2.0 signature format and a desire to abandon it. Hal From werner at mc.ab.com Wed May 11 10:20:16 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Wed, 11 May 94 10:20:16 PDT Subject: Here they come... Message-ID: <9405111720.AA19586@werner.mc.ab.com> >Date: Wed, 11 May 1994 11:21:55 -0400 >From: "Perry E. Metzger" > >"Jim Sewell" says: >> Unfortunately, newsgroups like alt.sex.bestiality and erotica picture >> groups make this point hard to defend against. > >Alt.sex.bestiality is full of jokes about bestiality, not real >suggestions about it. There are no newsgroups devoted to pedophillia, >nor are pedophiles a visible presense in the erotic pictures newsgroups. There is an occasional gif of bestiality in alt.sex.bestiality, but if potential net.cops want pictures to make them sick when they look at them, alt.binaries.pictures.tasteless is much better for that. At my company, it is considered to be sexual harrassment if a female finds out that I have a pornographic gif on my computer, even if I never display it. Apparently, just the knowledge that this material exists creates a "hostile" environment. Since viewing pornography is one of my few remaining vices, I am very concerned with this issue. I do not need cryptography for planning terrorist attacks, but it may not be long before the majority decide that the existance of girlie pictures is an affront to women everywhere, and must be stamped out. In that case, I will probably revert to being a criminal. Hopefully by then the cryptographic tools to work around the law will be well-honed. I have heard that in Canada it is already illegal to even possess drawings or stories that depict pedophilia. I am sure that many Americans would have no objection to similar laws. tw From jims at Central.KeyWest.MPGN.COM Wed May 11 10:26:02 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Wed, 11 May 94 10:26:02 PDT Subject: Here they come... In-Reply-To: <9405111622.AA10440@helpmann.ebt.com> Message-ID: <9405111725.AA02919@Central.KeyWest.MPGN.COM> > From: "Perry E. Metzger" > "Jim Sewell" says: > > Unfortunately, newsgroups like alt.sex.bestiality and erotica picture > > groups make this point hard to defend against. > Alt.sex.bestiality is full of jokes about bestiality, not real > suggestions about it. There are no newsgroups devoted to pedophillia, > nor are pedophiles a visible presense in the erotic pictures newsgroups. > > I used to systematically read the pictures groups, including > alt.binaries.pictures.erotica.children, and never once was an actual > picture of a child posted. In fact, there was only one picture in Can't you hear "them" saying, "Well, those heathen pagan computer worshiping nerds are looking at pictures of women defiling themselves with carnal relations with animals. Can't you just imagine what they do in private with their little computer thingeys." It, in a typical person's mind, is a trivial line between child porn and animal porn. To be identified as part of a group of people that routinely pass pictures of women having sex with animals makes us so much more easily identified as part of a group of people that secretly pass kiddie porn... why else would we be so involved in encryption... just look what we send back and forth in public! Guilt by association is unfair, but very prevalent especially with the news media's influence. Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From dwitkow at eis.calstate.edu Wed May 11 10:27:42 1994 From: dwitkow at eis.calstate.edu (David T. Witkowski) Date: Wed, 11 May 94 10:27:42 PDT Subject: Here they come... In-Reply-To: <9405111428.AA12782@snark.imsi.com> Message-ID: Does anyone have Lewis' and Markoff's email address(es)? ...dtw /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ | I'll do whatever my Rice Krispies tell me to do... | | | | ******* Notice of impending email address change: ******* | | New interim address: dwitkow at eis.calstate.edu | /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ From mpd at netcom.com Wed May 11 10:33:45 1994 From: mpd at netcom.com (Mike Duvos) Date: Wed, 11 May 94 10:33:45 PDT Subject: Here they come... In-Reply-To: <9405111720.AA19586@werner.mc.ab.com> Message-ID: <199405111733.KAA13298@netcom.com> > At my company, it is considered to be sexual harrassment if a female finds > out that I have a pornographic gif on my computer, even if I never display > it. Apparently, just the knowledge that this material exists creates a > "hostile" environment. Does the GIF have to portray a person of the female persuasion in order for the "hostile" environment to be created, or will any sexually oriented image suffice? > I have heard that in Canada it is already illegal to even possess drawings > or stories that depict pedophilia. Yes, the Canadians are way ahead of us in the area of censorship. In addition to drawings and stories, anything which suggests that sexual relationships between adults and minors are not always harmful is also prohibited by law. If you do a piece of scientific research on intergenerational relationships, it can only be published in Canada if it concludes such relationships are harmful. One sex study which came to the "wrong" conclusion has already been banned by the Canadian government. > I am sure that many Americans would have no objection to similar laws. I would make that "most Americans". But only after they finish their current crusade to bring back flogging. :) -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From peb at netcom.com Wed May 11 10:42:19 1994 From: peb at netcom.com (Paul E. Baclace) Date: Wed, 11 May 94 10:42:19 PDT Subject: Here they come... Message-ID: <199405111741.KAA21986@netcom.com> Kill files should always be personal. If you want to find out more about my ideas on information filtering, see netcom.com:/ftp/peb/ifilter*. The idea that libertarians on the net are giving up to regulation is crazy. People get all worked up because they don't have good filtering or have poor newsreaders or slow data transfer...it is mostly technical. Paul E. Baclace peb at netcom.com From lefty at apple.com Wed May 11 11:05:17 1994 From: lefty at apple.com (Lefty) Date: Wed, 11 May 94 11:05:17 PDT Subject: Here they come... Message-ID: <9405111804.AA05260@internal.apple.com> >> I am sure that many Americans would have no objection to similar laws. > >I would make that "most Americans". But only after they finish their >current crusade to bring back flogging. :) Robin Williams once made the interesting observation that, if you were convicted of sodomy in Georgia, the punishment you were likely to receive consisted of being locked in a cell with somebody who would sodomize you. I'm starting to wonder whether we're liable to see laws passed punishing practioners of sadomasochism with flogging... -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From nobody at soda.berkeley.edu Wed May 11 11:26:16 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Wed, 11 May 94 11:26:16 PDT Subject: Here they come... Message-ID: <199405111825.LAA15270@soda.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- Date: Wed, 11 May 1994 13:20:30 -0400 From: werner at mc.ab.com At my company, it is considered to be sexual harrassment if a female finds out that I have a pornographic gif on my computer, even if I never display it. Apparently, just the knowledge that this material exists creates a "hostile" environment. Even if it's a picture of two guys fucking?! Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdEYeBVg/9j67wWxAQETrwP/RfGfHEXuTFRJgBSDCXgZDX0duW0f4dag BQT8eE9TcaewMRlr08PjNh4Z2kKaQowi5mjTInO1AYvKz65DLK4lRhSmRdPH7x/F UVL06nAPeovpUWDKBQqePNGxxaRZIYih0pX7eIzw+q/od+8sgt9XVShAtsC9+Oez v0NJAaO0v80= =MBod -----END PGP SIGNATURE----- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```$YS^P;+]AB?X9TW6\8WR:>P&2'9,7.YM5[DE'E9 Message-ID: <199405111824.LAA20055@netcom.com> Mike Duvos brings up an important issue: what to do about the mounting pressure to ban certain kinds of research. One of the powerful uses of strong crypto is the creation of journals, web sites, mailing lists, etc., that are "untraceable." These are sometimes called "data havens," though that term, as used by Bruce Sterling in "Islands in the Net" (1988), tends to suggest specific places like the Cayman Islands that corporations might use to store data. I prefer the emphasis on "cypherspace." Mike writes: > Yes, the Canadians are way ahead of us in the area of censorship. In > addition to drawings and stories, anything which suggests that sexual > relationships between adults and minors are not always harmful is also > prohibited by law. If you do a piece of scientific research on > intergenerational relationships, it can only be published in Canada if it > concludes such relationships are harmful. One sex study which came to > the "wrong" conclusion has already been banned by the Canadian government. Uses for research havens: - medical experimentation deemed "illegal" by authorities (use of Nazi freezing data, for example, or research into live donors for organ transplants) - sexual research of the sort mentioned above - research into racial and gender differences in intelligence or other abilities - drug research that violates some norm - tons of similar examples Strong crypto allows for the creation and distribution of journals or article distribution methods that allow for novel features: - anonymous receipt (a la the "anonymous anonymous ftp" system) - refereeing of articles by truly untraceable pseudonyms (but still reputation-based) - scientists doing controversial or speculative research could adopt a digitally signed pseudonym (as several Cypherpunks have done) and publish their illegal, controversial, hare-brained, or otherwise speculative research under this pseudonym. If the research succeeds, or the stigma attached diminishes (think of RU-486), then they could of course reveal the mapping between their identities. (lots more to say here) What might be some first steps? 1. Investigate ways to create an "anonymous Web site," that is, a WWW site that can be reached only through a system of remailers. Actually, due to the slow response (else traffic analysis is a big danger), this would be more like a "CryptoGopher." (But gopher is being subsumed into the Mosaic/lynx model, I suspect, and will be obsolete soon.) 2. Anonymous moderation. Publication of cryptographically-sensitive information, illegal research, etc., by anonymous means and with some modertation. (The moderation could be bypassed by users who don't want it, or set for a higher threshold...I'm not arguing for moderation per se, but for reputation-based systems. Another topic.) 3. Create such a journal in an area unrelated directly to cryptography, but using the methods of cryptography. For example, imagine the allusive implications of this journal: "The Haight-Ashbury Journals of Reproductive Freedom," containing "illegal" articles by non-licensed researchers (non-doctors....note that the medical profession controls the publication by various rules saying who can practice medicine). I can think of several variants on this, all in the medical area: - "The Journal of Assisted Suicide" - "Advances in Experimentation on Humans" - "Illegal Drugs and Your Health" You get the picture. Some of these are quite controversial, and might not "help the cause." And I'm not endorsing experimentation on Jews or other humans...I just don't think it right that many countries have banned the publication of results from the WW2 experiments on Jewish concentration camp results....imagine being imprisoned for the "sin" of citing the statistics on how long it took people to die when immersed in cold water? (Yes, it may offend some Jews, especially those whose relatives were the ones dunked in the water, but so what? Free speech and free exchange of ideas is what it's all about. Using the data can't send a signal backward in time and cause Mengele and his cronies to do more such experiments.) I'm especially intrigued by the prospects for getting traditionally left-leaning groups such as the "women's movement" involved in strong crypto. Research into RU-486 results would seem to be one fertile area. Clinton has lifted some of the restrictions, but certainly not all of them (and the medical union has of course retained control). Wouldn't it be interesting to have an anonymous site in cypherspace that acts as a repository for RU-486 test results of all sorts? Official results, as they dribble out, plus more unofficial, anecdotal, and person results. The "web of trust" model could be used to increase/decrease credence given to reports in this crypto-repository. Lots more to talk about. But I'll stop now. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hayden at krypton.mankato.msus.edu Wed May 11 11:29:07 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 11 May 94 11:29:07 PDT Subject: Another sensationalist Newsweek Article Message-ID: The May 16th newsweek has an article on comparing women and men is cyberspace. It's blatantly biased, portraying men as sex-starved, war-mongering, unsensitive geeks, and women as the perfect example of what society should REALLY be. I'm growing tired of these sensationalist articles in the popular press, that serve to only alienate the denizens of cyberspace and scare off the civilians. *rant mode off* ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From jpinson at fcdarwin.org.ec Wed May 11 11:33:42 1994 From: jpinson at fcdarwin.org.ec (jpinson at fcdarwin.org.ec) Date: Wed, 11 May 94 11:33:42 PDT Subject: Enhanced One-time pad available: Message-ID: <9405111833.AA29771@toad.com> Greetings Cypherpunks. After a lengthy test period, I am releasing the first official version of OTP-PC (there is no change from the beta version). The file otp-10.zip may be found on: wuarchive.wustl.edu /pub/MSDOS_UPLOADS/cryptography (the same directory as Secdev) I have also posted the file to the cypherpunks directory on soda.berkeley.com. Attempts to find out when/where otp will be posted on soda have not been answered. (My cypherpunks mail has stopped, so there may be a problem there) If you problems finding otp-10.zip, please send me a message and I will send it to you via PGP ASCII-armor. If any one can provide a FTP site for me to post OTP-PC, please let me know. Description: ------------- This is the first public release of OTP-PC, which is a MS-DOS implementation of the one-time pad or Vernam Cipher. The one-time pad is the only encryption method proven to be unbreakable. Complete source, of course! OTP-PC features: -Automatic compression of plain text messages prior to encryption. Compression reduces consumption of the pad, and masks the size of the original document. (compression can be overridden) -Automatic wiping of the pad (codebook), to prevent reuse on both encryption and decryption. -Wiping and deletion of intermediate compressed files. -Two stage cipher text headers. The first stage header is un- encrypted, and contains information needed to start decryption. The second stage contains sensitive information (CRC etc), and is encrypted. -A 32 bit CRC stored in the encrypted header verifies reconstruction of the original file. -A verbose mode which displays encryption/decryption statistics. Thanks, Jim Pinson -Galapagos jpinson at fcdarwin.org.ec From jim at bilbo.suite.com Wed May 11 11:33:55 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 11 May 94 11:33:55 PDT Subject: Tessera, National ID card Message-ID: <9405111831.AA05801@bilbo.suite.com> I have recently started exchanging e-mail with the Technology Writer for the Dallas Morning News (Tom Steinert-Threlkeld). He is interested in new angles for Clipper/Tessera articles. He is currently looking for opinions on whether Tessera (or a sibling) will be/could be used in the U.S. Card mentioned in yesterday's RISK column. If you have anything you would like to say about this, send it to me. I will collect the replies and forward them to Tom. Indicate in your reply if you want me to withhold your name/eaddr. Jim_Miller at suite.com From dcwill at ee.unr.edu Wed May 11 11:37:14 1994 From: dcwill at ee.unr.edu (D.C. Williams) Date: Wed, 11 May 94 11:37:14 PDT Subject: From Todays` RISKS column In-Reply-To: <199405111127.AA24021@panix.com> Message-ID: <9405111836.AA16577@solstice.unr.edu> > Gee. It's a good thing I don't "interact with any federal agency" or I'd > be really worried. > > DCF > > "Ver are yur paypers?" > > I lost them. > I'm an illegal alien. I don't have any. > I'm a foreign tourist. > I forget. > I'm homeless. > I'm an anarchist (a recognized alternative life/style) and I don't > believe in such things. > My dog ate them. > As a product of the public schools, I couldn't read them so I must have > thrown them away. > Where are your papers? A9: Gee . . . I dunno. Doesn't Hillary have them? A10: Last time I saw them, they were in Vince Foster's office . . . A11: Call the Rose Law Firm. They're my lawyers. =D.C. Williams From tcmay at netcom.com Wed May 11 11:47:35 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 May 94 11:47:35 PDT Subject: Another sensationalist Newsweek Article In-Reply-To: Message-ID: <199405111847.LAA22717@netcom.com> Robert Hayden writes: > The May 16th newsweek has an article on comparing women and men is > cyberspace. It's blatantly biased, portraying men as sex-starved, > war-mongering, unsensitive geeks, and women as the perfect example of > what society should REALLY be. > > I'm growing tired of these sensationalist articles in the popular press, > that serve to only alienate the denizens of cyberspace and scare off the > civilians. I thought the article was fair, and describes reality very well. As the computer nerds are so fond of saying: "Where are all the women in this group?" Me, I just accept it as the way things are that women are not much interested in cars, hunting, and cryptography, to name but a few groups, and that their interests tend to lie elsewhere. I don't expect to meet women for dating situation at hacker gathering, so when I _don't_, I'm not surprised or disappointed. When people ask me what I'm interested in, what this "Cypherpunks" group is all about, I get fairly stereotypical reactions: most of the men are interested, enthused, and see all kinds of implications that intrigue them. Most of the women express worry, concern, and fear that this crypto anarchic future will mean scary things. And with any technical description, the women's eyes glaze over. That's just the way it is. Maybe the generation that comes of age in 2010 will be different, but I doubt it. The "Newsweek" article had a hilarious, and accurate-even-if exaggerated, cartoons: A girl in front of a terminal: "My friends and I are teaching dolphins to communicate through e mail." A boy: "I like to blow stuff up." There you have it. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From karn at unix.ka9q.ampr.org Wed May 11 11:59:22 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Wed, 11 May 94 11:59:22 PDT Subject: State Dept Response to my second CJ request Message-ID: <199405111907.MAA04092@unix.ka9q.ampr.org> United States Department of State Bureau of Politico-Military Affairs Office of Defense Trade Controls Washington, DC 20522-0602 May 11, 1994 [stamped] In reply refer to ODTC Case: CJ 081-94 YOUR LETTER DATED: March 9, 1994 REQUEST FOR COMMODITY JURISDICTION DETERMINATION FOR: "Applied Cryptography Source Code Disk" Your commodity jurisdiction (CJ) request was referred to the Departments of Commerce and Defense and the National Security Agency for their review and recommendations. As a result, the Department of State has determined that the subject source code disk is subject to the licensing jurisdiction of the Department of State in accordance with the International Traffic in Arms Regulations (22 CFR 120 through 130). This article is designated as a defense article under category XIII(b)(1) of the United States Munitions List. Licenses issued by this office are required prior to export. The text files on the subject disk are not an exact representation of what is found in "Applied Cryptography." Each source code listing has been partitioned into its own file and has the capability of being easily compiled into an executable subroutine. The subject disk contains source code listings for each of the following cryptographic algorithms: Vigenere, Beauford, Enigma, DES, Lucifer, NewDES, FEAL-8, FEAL-NX, REDOC III, LOKI 91, IDEA, N-HASH, MD5, Secure Hash Algorithm (SHA), and Secret Sharing. Also, the subject disk contains source code listings for certain algorithms that would not be exportable if they were incorporated int a product. The intended use of this source code disk, as stated in your CJ request, is to provide code for those who wish to incorporate encryption into their applications. There are fourteen (14) separate source code files that amount to thousands of lines of easily executable code contained on the subject disk. This is certainly an added value to any end-user that wishes to incorporate encryption into a product. Should you require further assistance on this matter, please contact Tom Denner at (703) 875-7041. Sincerely, [signed] William B. Robinson Director Office of Defense Trade Controls Phil Karn 7431 Teasdale Ave San Diego, CA 92122 From frissell at panix.com Wed May 11 12:15:22 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 11 May 94 12:15:22 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <199405111907.MAA04092@unix.ka9q.ampr.org> Message-ID: So obviously the next step is to put the source code in one big text file... DCF From m5 at vail.tivoli.com Wed May 11 12:18:42 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 11 May 94 12:18:42 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <199405111907.MAA04092@unix.ka9q.ampr.org> Message-ID: <9405111918.AA12489@vail.tivoli.com> Phil Karn writes: > Bureau of Politico-Military Affairs ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I thought this was a joke at first! > Each source code > listing has been partitioned into its own file and has the > capability of being easily compiled into an executable subroutine. So the only thing protecting our national security is the hurdle of typing ^X-W a few times? Oh boy. > The subject disk contains source code listings for each of the > following cryptographic algorithms: Vigenere, Beauford... Duhh. Looks like you gotta get up pretty early in the morning to fool these guys... > Also, the > subject disk contains source code listings for certain algorithms > that would not be exportable if they were incorporated int > a product. But they of course *would* be exportable if they were printed in a form ready to be scanned. Brilliant. > This is > certainly an added value to any end-user that wishes to incorporate > encryption into a product. ...and so of *course* we can't help them out. Better make them wait until somebody scans or manually types in exported printed versions the stuff and makes it available for ftp. That'll teach 'em to toy with Uncle Sam! -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From karn at unix.ka9q.ampr.org Wed May 11 12:24:18 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Wed, 11 May 94 12:24:18 PDT Subject: State Dept Response to my second CJ request In-Reply-To: Message-ID: <199405111932.MAA04159@unix.ka9q.ampr.org> >So obviously the next step is to put the source code in one big text file... That occurred to me, but the wording suggests that it's the machine readability that they really object to. Phil From cort at ecn.purdue.edu Wed May 11 12:26:41 1994 From: cort at ecn.purdue.edu (Cortland D. Starrett) Date: Wed, 11 May 94 12:26:41 PDT Subject: PGP and Yarn (offline reader) In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Does anybody know of a QWK format offline pgp-intigrated mail program? > > Happy Hunting, -Chris. See AutoPGP (oak.oakland.edu:/pub/msdos/offline/apgp*.zip). Cort. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdEiSes4vmytylqdAQGrugP7Baa4/s1RuTw20Ts0sy4eeZbgprRJ8oIM n4R71MG3gwQ7CGQKYzbWRT0hqO4T9jn8MXWxgHbkmElhCs/JL5MHt3h85Zln2Dab EQjcPBMs1GwM28MjwYD5xnojv97WNk+KrItBUx8Nipcbc40WkcPnocorv2SPzQJt w3XbdIOjDpA= =H/J8 -----END PGP SIGNATURE----- From loofbour at cis.ohio-state.edu Wed May 11 12:33:39 1994 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Wed, 11 May 94 12:33:39 PDT Subject: MIT TOC SEMINAR--ADI SHAMIR--MONDAY--MAY 16--4:15pm In-Reply-To: <199405111707.KAA16650@netcom.com> Message-ID: <199405111933.PAA07198@styracosaur.cis.ohio-state.edu> Paul E. Baclace writes: > I'm very curious as to how humans can directly decode encrypted > pictures. Do they stare at it for 10 minutes and go "ah, there > it is". SIRD stereograms might qualify as an encryption method, although many have been able to view these patterns using a brute-force search by selectively diverging the eyes. I don't see how this generalizes to a k of d secret sharing analogue, unless the viewer is assumed to have k+1 eyes. nathan From perry at snark.imsi.com Wed May 11 12:37:12 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 11 May 94 12:37:12 PDT Subject: State Dept Response to my second CJ request In-Reply-To: Message-ID: <9405111937.AA13465@snark.imsi.com> Duncan Frissell says: > So obviously the next step is to put the source code in one big text file... I'd say the obvious next step is a lawsuit -- at this point there is standing and little point in accomodating the clowns. I've already offered Phil a donation towards this suit, and if he chooses to pursue it I encourage others to donate money towards it as well. In my opinion there is no more important action this year in the area of cryptography than Phil's export license request. Perry From paul at poboy.b17c.ingr.com Wed May 11 12:40:54 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 11 May 94 12:40:54 PDT Subject: PGP 2.5 for Intergraph Clipper available Message-ID: <199405111942.AA16602@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Below is an announcement I posted to ingr.general. For those of you who are outside the firewall, drop me an e-mail and I'll forward the archive to you. And, as always, "Clipper" is a registered trademark of Intergraph Corporation. - -Paul Date: 11 May 94 19:36:10 GMT Message-ID: Newsgroups: ingr.general Subject: PGP 2.5 for Clipper available Thanks to MIT & RSA Data Security, Version 2.5 of Pretty Good Privacy (PGP) is now fully legal in the United States. Since it's now legal in the US, there's no excuse for you to have insecure e-mail from now on out. Here's how you can get it: CLIX - ---- * via newprod to my desktop CLIX box; look under "Security" newprod -n newprod at poboy.b17c.ingr.com * via my PGP page at http://www.ingr.com/pgp.html DOS/Windows/Windows NT - ---------------------- * via ftp to poboy.b17c.ingr.com in /pub/pgp25/.stuff * via the PGP page at http://www.ingr.com/pgp.html In either case, you should read the RSAREF 2.0 license file before downloading PGP 2.5. If you agree with the license terms, have at it; if you don't, please don't download the software. This software may be export-controlled under US law. Do not export it. If you aren't a US citizen, do not download it from these sites. - -Paul - -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich at ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLdE1Jqfb4pLe9tolAQGCtQP6A4u7+l7bchEWNWEb9Zn+JkCJ4hA/Jyfr WamcxN8PgNH1eHX6viws/nzb6AJpnX95YGc2/4imugx9M0T07/2FJy5+UgFcje7c LkZdqKMFmg3sNZMu3pCF+I5Jq63cWHqgtJoNCQRAMPtcjKR3OGlMlvsMnMbqpQHY Ei+Utpg84bQ= =uPf0 -----END PGP SIGNATURE----- From m1tca00 at FRB.GOV Wed May 11 12:43:04 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Wed, 11 May 94 12:43:04 PDT Subject: Another sensationalist Newsweek Article Message-ID: <9405111942.AA24645@mass6.FRB.GOV> -----BEGIN PGP SIGNED MESSAGE----- > The May 16th newsweek has an article on comparing women and men is > cyberspace. It's blatantly biased, portraying men as sex-starved, > war-mongering, unsensitive geeks, and women as the perfect example of > what society should REALLY be. Maybe you otta forward them something from Barbera Abernathy. And just how, might I ask, did they determine the sex of various posters. Heck, as far as you know I'm another Mark Ethan Smith. And there are LOTS of users with logins like fd9465 and the like. Heck, I can't always determine gender in *real* life! > I'm growing tired of these sensationalist articles in the popular press, > that serve to only alienate the denizens of cyberspace and scare off the > civilians. I've also noticed several notorious loons being quoted in the mainstream. Dave Hayes & John Palmer jump to mind, and you can just bet that Detweiler is talking to these people, although probably using a different name each time. rgds-- TA (tallard at frb.gov) I don't speak for the Federal Reserve Board, they don't speak for me. pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLdE1C6AudFplx0TNAQFl2wP+O+tt+IKuSREeP2k7Zx6LC8SMEwTDtU8e Dbia4SLd6oHv0meMifwDHtO6/x+eWmbib+8TQrNWGcJW3C991ycM39Z0PLK2rW1B sl/tYbp1cUPztsoj60tRGjogFE9ZkOaiQCv8C3fUG1Y/U8+5yN9UZtNmLJG01ysC SozS2AfavVs= =YP1X -----END PGP SIGNATURE----- From perry at snark.imsi.com Wed May 11 12:43:48 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 11 May 94 12:43:48 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <9405111937.AA13465@snark.imsi.com> Message-ID: <9405111943.AA13487@snark.imsi.com> "Perry E. Metzger" says: > > Duncan Frissell says: > > So obviously the next step is to put the source code in one big text file.. > I'd say the obvious next step is a lawsuit -- at this point there is > standing and little point in accomodating the clowns. Phil informs me that he has to go through the DTC administrative appeal process before suing. However, obviously after the appeal... Perry From werner at mc.ab.com Wed May 11 12:47:34 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Wed, 11 May 94 12:47:34 PDT Subject: Here they come... Message-ID: <9405111947.AA19635@werner.mc.ab.com> >From: mpd at netcom.com (Mike Duvos) >Date: Wed, 11 May 1994 10:33:33 -0700 (PDT) >> At my company, it is considered to be sexual harrassment if a female finds >> out that I have a pornographic gif on my computer, even if I never display >> it. Apparently, just the knowledge that this material exists creates a >> "hostile" environment. > >Does the GIF have to portray a person of the female persuasion in order >for the "hostile" environment to be created, or will any sexually >oriented image suffice? Anything that suggests that anyone could be naked and having fun at the same time, I think. tw From fnerd at smds.com Wed May 11 12:57:09 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 11 May 94 12:57:09 PDT Subject: Patents on RSA will expire soon.... Message-ID: <9405111945.AA11431@smds.com> > The algorithm that factored RSA129 takes about exp(sqrt((log n)(log log > n))) steps. > Indeed 10^17 instructions is just about how much work was required to > factor RSA129--. > That formula gives about 10^29 for a 1024 bit number. If computers double > in speed every 18 months then they will be only 32 times as fast when the > patents expire. If that rate of speedup held long term, and no significantly better factoring algorithms showed up, it would be 60 years until a 1024 bit number were as easy to factor as RSA129 was this year. -fnerd - - - - - - - - - - - - - - - and i dreamed i was flying high up above my eyes could clearly see the statue of liberty sailing away to sea --Paul Simon -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From fnerd at smds.com Wed May 11 12:57:09 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 11 May 94 12:57:09 PDT Subject: NIST Good Intentions Message-ID: <9405111949.AA11442@smds.com> > [Clipper] is not intended to be mandated in the future, a [NIST] > official said today in congressional testimony. Paving the superhighway to Hell, of course. -fnerd quote me - - - - - - - - - - - - - - - and i dreamed i was flying high up above my eyes could clearly see the statue of liberty sailing away to sea --Paul Simon -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From lile at netcom.com Wed May 11 13:01:14 1994 From: lile at netcom.com (Lile Elam) Date: Wed, 11 May 94 13:01:14 PDT Subject: MBone map - updated... Message-ID: <199405112001.NAA11247@netcom.com> The last version has been updated and can be found in ftp://ftp.isi.edu/mbone/mbone-topology.ps -lile From cme at sw.stratus.com Wed May 11 13:08:31 1994 From: cme at sw.stratus.com (Carl Ellison) Date: Wed, 11 May 94 13:08:31 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <9405111937.AA13465@snark.imsi.com> Message-ID: <199405112007.QAA15386@galt.sw.stratus.com> I'd donate toward a lawsuit. How much $$ is involved? From perry at snark.imsi.com Wed May 11 13:28:36 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 11 May 94 13:28:36 PDT Subject: Patents on RSA will expire soon.... In-Reply-To: <9405111945.AA11431@smds.com> Message-ID: <9405112028.AA13574@snark.imsi.com> FutureNerd Steve Witham says: > If that rate of speedup held long term, and no significantly better > factoring algorithms showed up, it would be 60 years until > a 1024 bit number were as easy to factor as RSA129 was this year. That cuts it rather close for some applications. Consider that a constant factor of a few thousand is easy if a really good new factoring algorithm shows up. If you are concerned that no one be able to read your messages for the next twenty years, you have trouble. Perry From perry at snark.imsi.com Wed May 11 13:31:54 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Wed, 11 May 94 13:31:54 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <199405112007.QAA15386@galt.sw.stratus.com> Message-ID: <9405112031.AA13596@snark.imsi.com> Carl Ellison says: > I'd donate toward a lawsuit. How much $$ is involved? I think the question is premature, but the intention isn't. We ought to give Phil a few days to figure out what his future strategy is. Meanwhile, anyone with contacts at EFF ought to emphasize to Mike Godwin and others there the importance of this particular opening -- by potentially giving Phil standing to sue on the clearest conceivable case, in which their position is the most clearly indefensible, they've produced a clear opening to shatter export control over software published on the internet in court. Perry From cdodhner at indirect.com Wed May 11 13:36:45 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 11 May 94 13:36:45 PDT Subject: PGP and Yarn (offline reader) In-Reply-To: Message-ID: Thank you very much cort for the pointer. TO ALL: I have installed yarn v0.65 I think, whatever is current, and although it will decrypt and check sigs ok, it does almost exactly *nothing* when asked to encrypt or sign outgoing stuff. (ok, so the disk drive light goes on and it makes a little noise, but that's it.) Does anyone know what I've done wrong?? Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner @ indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 ------------------------------------------------------------------------------ PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger revolution H.E.A.T. warheads porno kiddiesex export import customs deviant bribe corrupt White House senator congressman president Clinton Gore bootleg assasinate target ransom secret bluprints prototype microfilm agents mole From lefty at apple.com Wed May 11 13:53:20 1994 From: lefty at apple.com (Lefty) Date: Wed, 11 May 94 13:53:20 PDT Subject: Here they come... Message-ID: <9405112052.AA08907@internal.apple.com> > At my company, it is considered to be sexual harrassment if a female finds > out that I have a pornographic gif on my computer, even if I never display > it. Apparently, just the knowledge that this material exists creates a > "hostile" environment. > >Even if it's a picture of two guys fucking?! According to what I learned in our "Managers and the Law" class, in California, for something to constitute "sexual harassment" it must satisfy the following criteria: It must be unwelcome (in the eyes of the complainant). It must be offensive (again, in the eyes of the complainant). It must be sexual in nature. Period. I don't make the news, I just report it. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From lile at netcom.com Wed May 11 14:03:36 1994 From: lile at netcom.com (Lile Elam) Date: Wed, 11 May 94 14:03:36 PDT Subject: So what do you think... Message-ID: <199405112103.OAA18969@netcom.com> about this letter? Would you sign it? -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------- Forwarded message ---------- Date: Wed, 11 May 1994 12:37:27 -0400 (EDT) From: Michael Ward To: niiregional-l at rain.org Subject: Letter to NSF re: Internet Pricing Distributed to TAP-INFO, a free Internet Distribution List (subscription requests to listserver at essential.org) TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE May 7, 1994 - Request for signatures for a letter to NSF opposing metered pricing of Internet usage - Please repost this request freely The letter will be sent to Steve Wolff, the Director of Networking and Communications for NSF. The purpose of the letter is to express a number of user concerns about the future of Internet pricing. NSF recently announced that is awarding five key contracts to telephone companies to operate four Internet "Network Access Points" (NAPs), and an NSF funded very high speed backbone (vBNS). There have been a number of indications that the telephone companies operating the NAPs will seek permission from NSF to price NAPs services according to some measure of Internet usage. The vBNS is expected to act as a testbed for new Internet pricing and accounting schemes. The letter expresses the view that metered pricing of Internet usage should be avoided, and that NSF should ensure that the free flow of information through Internet listserves and file server sites is preserved and enhanced. jamie love, Taxpayer Assets Project (love at essential.org; but unable to answer mail until May 15). Until then, direct inquires to Michael Ward. If you are willing to sign the letter, send the following information to Mike Ward of the Taxpayer Assets Project (mike at essential.org, fax: 202/234-5176; voice: 202/387-8030; P.O. Box 19367, Washington, DC 20036): Names: ___________________________ Title: ___________________________ (Optional) Affiliation: ____________________________________ (for purposes of identification only) Address: ______________________________________ City; St, Zip ________________________________ Email Address: _____________________________________ Voice: __________________________________ for verification) the letter follows: Steve Wolff Director Division of Networking and Communications National Science Foundation 1800 G Street Washington, DC 20550 Dear Steve: It is our understanding that the National Science Foundation (NSF) and other federal agencies are developing a new architecture for the Internet that will utilize four new Network Access Points (NAPs), which have been described as the new "cloverleaves" for the Internet. You have indicated that NSF is awarding contracts for four NAPs, which will be operated by telephone companies (Pac Bell, S.F.; Ameritech, Chicago; Sprint, NY; and MFS, Washington, DC). We further understand that NSF has selected MCI to operate its new very high speed backbone (vBNS) facility. There is broad public interest in the outcome of the negotiations between NSF and the companies that will operate the NAPs and vBNS. We are writing to ask that NSF consider the following objectives in its negotiations with these five firms: PRICING. We are concerned about the future pricing systems for Internet access and usage. Many users pay fixed rates for Internet connections, often based upon the bandwidth of the connection, and do not pay for network usage, such as the transfer of data using email, ftp, Gopher or Mosaic. It has been widely reported on certain Internet discussion groups, such as com-priv, that the operators of the NAPs are contemplating a system of usage based pricing. We are very concerned about any movement toward usage based pricing on the Internet, and we are particularly concerned about the future of the Internet Listserves, which allow broad democratic discourse on a wide range of issues. We believe that the continued existence and enhancement of the Internet discussion groups and distribution lists is so important that any pricing scheme for the NAPs that would endanger or restrict their use should be rejected by the NSF. It is important for NSF to recognize that the Internet is more than a network for scientific researchers or commercial transactions. It represents the most important new effort to expand democracy into a wide range of human endeavors. The open communication and the free flow of information have made government and private organizations more accountable, and allowed citizens to organize and debate the widest range of matters. Federal policy should be directed at expanding public access to the Internet, and it should reject efforts to introduce pricing schemes for Internet usage that would mimic commercial telephone networks or expensive private network services such as MCI mail. To put this into perspective, NSF officials must consider how any pricing mechanisms will change the economics of hosting an Internet electronic mail discussion groups and distribution lists. Many of these discussion groups and lists are very large, such as Humanist, GIS-L, CNI-Copyright, PACS-L, CPSR-Announce or Com-Priv. It is not unusual for a popular Internet discussion group to have several thousand members, and send out more than 100,000 email messages per day. These discussion groups and distribution lists are the backbones of democratic discourse on the Internet, and it is doubtful that they would survive if metered pricing of electronic mail is introduced on the Internet. Usage based pricing would also introduce a wide range of problems regarding the use of ftp, gopher and mosaic servers, since it conceivable that the persons who provide "free" information on servers would be asked to pay the costs of "sending" data to persons who request data. This would vastly increase the costs of operating a server site, and would likely eliminate many sources of data now "published" for free. We are also concerned about the types of accounting mechanisms which may be developed or deployed to facilitate usage based pricing schemes., which raise a number of concerns about personal privacy. Few Internet users are anxious to see a new system of "surveillance" that will allow the government or private data vendors to monitor and track individual usage of Information obtained from Internet listserves or fileserves. ANTI-COMPETITIVE PRACTICES We are also concerned about the potential for anti- competitive behavior by the firms that operate the NAPs. Since 1991 there have been a number of criticisms of ANS pricing practices, and concerns about issues such as price discrimination or preferential treatment are likely to become more important as the firms operating the NAPs become competitors of firms that must connect to the NAPs. We are particularly concerned about the announcements by PAC-Bell and Ameritech that they will enter the retail market for Internet services, since both firms were selected by NSF to operate NAPs. It is essential that the contracts signed by NSF include the strongest possible measures to insure that the operators of the NAPs do not unfairly discriminate against unaffiliated companies. Recommendations: As the Internet moves from the realm of the research community to a more vital part of the nation's information infrastructure, the NSF must ensure that its decisions reflect the needs and values of a much larger community. 1. The NSF contracts with the NAPs operators will include clauses that determine how the NAP services will be priced. It is important that NSF disclose and receive comment on all pricing proposals before they become final. NSF should create an online discussion list to facilitate public dialog on the pricing proposals, and NSF should identify its criteria for selecting a particular pricing mechanism, addressing the issue of how the pricing system will impact the Internet's role in facilitating democratic debate. 2. NSF should create a consumer advisory board which would include a broad cross section of consumer interests, including independent network service providers (NSPs), publishers of Internet discussion groups and distribution lists, academic networks, librarians, citizen groups and individual users. This advisory board should review a number of policy questions related to the operation of the Internet, including questions such as the NAP pricing, NAP operator disclosure of financial, technical and operational data, systems of Internet accounting which are being tested on the vBNS and other topics. 3. NSF should solicit public comment, though an online discussion group, of the types of safeguards against anticompetitive behavior by the NAPs which should be addressed in the NSF/NAPs contracts, and on issues such as NAPs pricing and Internet accounting systems. --------------------------------------------------------------------- TAP-INFO is an Internet Distribution List provided by the Taxpayer Assets Project (TAP). TAP was founded by Ralph Nader to monitor the management of government property, including information systems and data, government funded R&D, spectrum allocation and other government assets. TAP-INFO reports on TAP activities relating to federal information policy. tap-info is archived at ftp.cpsr.org; gopher.cpsr.org and wais.cpsr.org Subscription requests to tap-info to listserver at essential.org with the message: subscribe tap-info your name --------------------------------------------------------------------- Taxpayer Assets Project; P.O. Box 19367, Washington, DC 20036 v. 202/387-8030; f. 202/234-5176; internet: tap at essential.org --------------------------------------------------------------------- From norm at netcom.com Wed May 11 14:11:39 1994 From: norm at netcom.com (Norman Hardy) Date: Wed, 11 May 94 14:11:39 PDT Subject: No Subject Message-ID: <199405112108.OAA13229@netcom.netcom.com> There was a long article in April 11, 1994 Forbes: "AUCTIONING THE AIRWAYS", by George Gilder". It had a supprising amount of technical information about a new technology similar to spread spectrum. The article has a "too cheep to meter" flavor that I do not agree with but it does present some interesting information and ideas. It is about 43k bytes and is available via anonymous ftp at netcom.com:/pub/Silk/auction.txt From ritter at io.com Wed May 11 14:22:04 1994 From: ritter at io.com (Terry Ritter) Date: Wed, 11 May 94 14:22:04 PDT Subject: Estimating Population Summary Message-ID: <199405112119.QAA10207@indial1.io.com> Summary of: Estimating Population from Repetitions in Accumulated Random Samples In the latest (April 1994) issue of Cryptologia, I describe the development of a new technique for the statistical estimation of population. An example of such a problem would be estimating the number of different values or codes produced by a physically- random number generator. Background This work is an outgrowth of a sci.crypt discussion in early 1992 in which Nico de Vries promoted as "physically-random" a computer program which made use of variations between software and "IBM PC" hardware timing. It was difficult to know how one could determine the amount of "state" (and, thus, the limit of "randomness") in such a mechanism. Ross Anderson suggested measurement using the "birthday paradox." The Experimental Procedure The experimenter will obtain a value from the RNG and save it, repeating this for some fixed number of random samples, a "trial." Each new sample must be compared to all previous samples to see if there is a match or "exact double." (The birthday paradox does not apply to those statistical RNG's which are designed to produce a sequence without value repetition.) A trial contains enough samples if, on average, it produces a few doubles. About 2.5 or 3 Sqrt(N) samples will be needed, given population N, but N is the value we wish to measure. Producing and saving N samples may not be trivial. Exact Repetitions In a single trial, if we find two occurrences of some value, we have a single level-two "repetition"; this is an "exact" repetition count. But if we then find another occurrence of the same value, we have a level-three repetition and no level-two repetitions. Note how increased information (another occurrence) results in reduced effectiveness in the level-two measurement statistic. Expectations Classical binomial equations can predict the number of expected exact repetitions for a given population and number of samples. But these equations are extremely difficult to reverse for use in predicting population. Trying to use these equations with numerical root-finding techniques produces ambiguous results, as there are generally multiple roots. Equations which _estimate_ the probability of repetitions are well known, but it was not previously clear how accurate these would be, how they could be used effectively, what they would mean in random sampling distribution, or how they could be generalized to higher repetition levels. Augmented Repetitions I have found a new, simple, exact, and easily-reversed combinatoric relationship between population and a value which I call "augmented repetitions." An "augmented double" consists of the number of exact doubles (exactly two samples which have the same value), _plus_ contributions from exact triples, exact quads, etc. An exact triple may be seen as three doubles: There are three ways in which an exact triple may produce exact doubles. Therefore, for augmentation purposes, a triple should count as three augmented doubles. Similarly, a quad or exact 4-rep may be 4 seen as ( ) or 6 doubles, the number of combinations of four 2 things taken two at a time. When we do this, we find that simple equations predict the result _exactly_. Thus, the number of augmented repetitions at the kth level (k = 2 means doubles), given r exact repetitions at level i is: i n i ar = SUM ( ) r . k i=1 k i (This is equation 2.3 which very unfortunately was printed incorrectly in the article.) That is, we multiply the number of exact matches at each level by the effective number of matches each could produce at the lower level, and accumulate an overall sum. Augmented Doubles and Population Given population N, the expected number of augmented doubles Ead found in s samples is _exactly_: s (s - 1) Ead(N,s) = --------- . 2 N Given population N = 10,000 (so Sqrt(N) = 100), we can show the expected number of augmented doubles for various numbers of samples: s Ead ----------- 100 0.495 150 1.118 200 1.990 250 3.113 300 4.485 400 7.980 The formula implies, of course, that the population N is related to augmented doubles ad and samples s as: s (s - 1) Nad(s,ad) = --------- 2 ad which is the desired simple form for estimating population. Distribution A major issue in population measurement is the fact that the number of augmented doubles varies greatly over similar trials on the exact same population. Thus, a single trial is essentially meaningless for estimating population. Experiments indicate that various numbers of augmented doubles occur in Poisson distribution over different trials, a result which also has theoretical support. Therefore, we should develop an arithmetic mean or expected value which is the Poisson parameter. The Poisson distribution is asymmetric, and changes radically for different expected values. In general it will be necessary to perform tens or hundreds of separate trials to develop an accurate mean for population estimation. It is worthwhile to accumulate the entire distribution (rather than just a simple mean), and compare that shape with the ideal shape of the Poisson distribution for the given mean. The Poisson distribution also gives us a way to talk about the probability of finding augmented doubles Ead: -Ead Pd(N,s) = 1 - e . So, for population N = 10,000: s Ead Pd ------------------ 100 0.495 0.39 150 1.118 0.67 200 1.990 0.86 250 3.113 0.96 300 4.485 0.99 400 7.980 0.9997 It is often stated that the birthday paradox predicts a match with the sample size s = Sqrt(N), but this value is actually a little small; the expected number of augmented doubles for s = Sqrt(N) is 0.5 (and there are at least as many augmented doubles as exact doubles). Thus, if we want one augmented double on average, we need something like s = 1.5 Sqrt(N) samples. But it is beneficial to move the Poisson distribution toward a symmetric Normal curve, so 2.5 Sqrt(N) or 3 Sqrt(N) are reasonable experimental minimums. The Advance A new statistically-exact combinatoric relationship has been found between population and value repetition in random trials. Since previous well-known estimates could be used for rough estimates, it is not clear that this is a breakthrough in practice. However, the identification of an applicable _exact_ relationship, and its expected distribution in random trials, is important in that it clarifies what we can expect to see in actual use. The paper starts with simple probability, limits itself to algebra and statistics, discusses the existing techniques for exact and other repetitions, and develops general expressions for augmented repetitions. It also has tables of all possible trials for some tiny populations, whose resulting repetition values correspond to predictions exactly. The paper also has some nice graphs of experimental results on larger populations, which show a real Poisson distribution in action, and tables show the effect of estimating population from the experimental results. --- Terry Ritter ritter at io.com From karn at qualcomm.com Wed May 11 14:32:44 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 11 May 94 14:32:44 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <9405112031.AA13596@snark.imsi.com> Message-ID: <199405112131.OAA18089@servo.qualcomm.com> >I think the question is premature, but the intention isn't. We ought >to give Phil a few days to figure out what his future strategy is. What you said. Thanks for all the expressions of support. At this point the best thing to do is to talk to all the lawyers who know this stuff to decide what to do next. What may seem cut-and-dried to us laymen usually isn't to a lawyer. If you really want to contribute and can't wait, EFF already has a cryptography defense fund. I've given to it myself, and suggest that others do too. Phil From frissell at panix.com Wed May 11 15:00:47 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 11 May 94 15:00:47 PDT Subject: Enhanced One-time pad Message-ID: <199405112200.AA27383@panix.com> What I love about the nets.... Part 1073 J > J >Thanks, Jim Pinson -Galapagos ^^^^^^^^^<--------------------------- J > jpinson at fcdarwin.org.ec J > J > J > DCF "Ergonomics is an important part of interface design" Proposed HyperForm "Document" standard: "The Ruger Mini-14 was based on the US Army's M-14 battle rifle. Make sure your Molecular Deposition Desktop Fabricator is turned on and click the buttons to produce some samples. ---------- ---------- ---------- l Mini l l 100 l l 2,000 l l 14 l l Round l l Rounds l l l l Drum l l .223 l ---------- ---------- ---------- --- WinQwk 2.0b#1165 From CCGARY at MIZZOU1.missouri.edu Wed May 11 15:14:05 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Wed, 11 May 94 15:14:05 PDT Subject: *Here they come Message-ID: <9405112213.AA03523@toad.com> Lefty reports some really nasty political facts in *Here they come about what constitutes sexual harassment. Would it be sexual harasse- ment to put up signs saying "DEATH TO THE POLITICALLY CORRECT" OR "DEATH TO STATISTS". Or, you could wear buttons or drop the phrases casually in conversations. It would surely be protected speech by the 1st Amendment. In case pressure was brought against you, you could just say "hey, I was only kidding." I think that we should think past behavior that bothers us in certain cases &, instead, think about the kinds of people who constantly sanction this behavior. When these people realized that we morally sanctioned their deaths, they would be less pushy. Or, at least, we could help redefine "hostile environment" for them. hey, its just a goof, Gary Jeffers From lefty at apple.com Wed May 11 15:31:16 1994 From: lefty at apple.com (Lefty) Date: Wed, 11 May 94 15:31:16 PDT Subject: *Here they come Message-ID: <9405112230.AA10987@internal.apple.com> > Lefty reports some really nasty political facts in *Here they come >about what constitutes sexual harassment. Would it be sexual harasse- >ment to put up signs saying "DEATH TO THE POLITICALLY CORRECT" OR >"DEATH TO STATISTS". Or, you could wear buttons or drop the phrases >casually in conversations. It would surely be protected speech by the >1st Amendment. In case pressure was brought against you, you could just >say "hey, I was only kidding." > I think that we should think past behavior that bothers us in certain >cases &, instead, think about the kinds of people who constantly >sanction this behavior. When these people realized that we morally >sanctioned their deaths, they would be less pushy. Or, at least, we >could help redefine "hostile environment" for them. I doubt that there's a court in the land, not even in California, that would view the phrases "DEATH TO THE POLITICALLY CORRECT" or "DEATH TO STATISTS" as being sexual in nature. Beyond that, and I feel certain this will disappoint you, I haven't a clue as to what you're talking about. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From nowhere at bsu-cs Wed May 11 16:13:45 1994 From: nowhere at bsu-cs (Anonymous) Date: Wed, 11 May 94 16:13:45 PDT Subject: No Subject Message-ID: <199405112313.SAA02753@bsu-cs.bsu.edu> -----BEGIN PGP SIGNED MESSAGE----- The Phantom Exchange public client list -------------------------------------------- aa ... etc. Is there someone out there who would like to act as a broker (for a small fee, natch), so that I can maintain rigorous anonymity while trading? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCcAgUBLdFfwLhnz857T+PFAQGKiQQ49PT6XiiXCjcIt4TRRApXdom4iaKBYnTs hPbdYSm7Yo3tBbzluZwBH2zX3k2P48yO2Z3nSoMzQvtI7AW9761xzInDl7mvyTlu QBIT5glBrbFGFkUl5HFfAV4mpOnNoXRHRsxp7QvIZTT3vG9YrzH5FAi/7gjBQvyE h+V7MSBrF7vuhpAHs+5/ =SRWU -----END PGP SIGNATURE----- From d7urban at dtek.chalmers.se Wed May 11 16:23:06 1994 From: d7urban at dtek.chalmers.se (Urban Nilsson) Date: Wed, 11 May 94 16:23:06 PDT Subject: (fwd) What the IRS is up to In-Reply-To: <199405060734.AAA26748@netcom.com> Message-ID: <199405112322.BAA02656@hacke18.dtek.chalmers.se> > But I am an excellent advocate of return-free filing. We know > everything about you that we need to know. Your employer tells us > everything about you that we need to know. Your activity records on > your credit cards tell us everything about you that we need to know. > Through interface with Social Security, with the DMV, with your banking > institutions, we really have a lot of information, so why would you, at > the end of the year or on April 15th, today, do we ask the post office > to encumber themselves with massive numbers of people out there, > picking up pieves of paper that you are required to file? > ... We could literally file a return for you. This is the future > that we'd like to go to." > > Lest there be any doubt, she was entirely serious, and she clearly > expected that that we'd all think this is as wonderful as she does. > > Regards, > John Levine, johnl at iecc.com, jlevine at delphi.com, 1037498 at mcimail.com If anyone is interested, this is how it is done here in Sweden today. Almost, anyway. You get a single paper where you put an X in the square which says 'The reports that I've got (from your employer, bank etc.) are correct' and then you sign it at the bottom. That's it. Is this what you are afraid of? It most probably *will* happen to you. (There are ofcourse exceptions to this, if you have a business, or have income from other sources etc.) The fact is, though, that the majority of us do use this simplified tax return. Urban Nilsson | Use 'finger' for PGP2.3a public key. d7urban at dtek.chalmers.se |------------------------------------------ Chalmers University of Tech. |Lacking the qualities associated with being Gothenburg, Sweden |a female assassin: Assassinessnessless From jamiel at sybase.com Wed May 11 16:31:37 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Wed, 11 May 94 16:31:37 PDT Subject: Fwd>>Internet billing service Message-ID: <9405112132.AA17438@ralph.sybgate.sybase.com> >Date: Wed, 11 May 1994 15:32:21 -0500 >Sender: Computer-assisted Reporting & Research >Subject: Re: Fwd: Internet billing service [nontopical stuff deleted] > "A group of students in the M.S. program in Information Networking > at Carnegie Mellon University have designed and implemented a > prototype of an Internet Billing Service -- an electronic credit > card service for the Internet environment. The service provides > account management, authentication, access control, credit > verification, management reporting, billing and collection services > to network-based service providers." > >Two papers, in Postscript format, are available via anonymous ftp from >"netinfo.ini.andrew.cmu.edu", directory "pub/billing_server". From kryten at shell.portal.com Wed May 11 16:59:45 1994 From: kryten at shell.portal.com (Greg - Kucharo) Date: Wed, 11 May 94 16:59:45 PDT Subject: test please ignore Message-ID: <199405120000.RAA24517@jobe.shell.portal.com> this is a test..please ignore. -- Greg Kucharo kryten at shell.portal.com University of Maximegalon College of Computer Science This .sig contains much that is apocryphal,or at least wildly inaccurate. From asherman at jacobi.i-kinetics.com Wed May 11 17:04:05 1994 From: asherman at jacobi.i-kinetics.com (Aaron Sherman) Date: Wed, 11 May 94 17:04:05 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <199405112007.QAA15386@galt.sw.stratus.com> Message-ID: <9405112204.AA02647@jacobi.i-kinetics.com> (as a quick asside, what are the current whereabouts of a public key server usable by someone in the US/PKP Empire?) Pot-fund for a lawsuit huh? :-) Seriously, what would the basis of a lawsuit be? I assume it would be the "Phils" (if Phil Karn were interested in perusing this) vs. U.S. with the general claim being that the U.S. govt. was unfairly restricting commerce and trade. Of course, their argument would be that it's a matter of national security. To this the counter argument would run along the lines of: "Exactly WHAT encryption algorithms, here, are not known and used, worldwide." Is this close to the mark? What holes are there in this case (other than the fact that THEY get to make the laws)? I would be very willing to contribute to such an effort if I felt that the goals were clear-cut and reasonably achievable -AJS Aaron Sherman I-Kinetics, Inc. Systems Engineer "Open Systems Stepstones" Voice: (617)661-8181 (x230) 19 Bishop Allen Dr. Fax: (617)661-8625 Cambridge, MA 02139 Pager: (508)545-0584 asherman at i-kinetics.com Key fingerprint = 62 6A 5E EB 6B 2A 46 48 3D 06 01 79 66 A2 87 0C From dat at ebt.com Wed May 11 17:05:25 1994 From: dat at ebt.com (David Taffs) Date: Wed, 11 May 94 17:05:25 PDT Subject: So what do you think... In-Reply-To: <199405112103.OAA18969@netcom.com> Message-ID: <9405120004.AA10743@helpmann.ebt.com> I signed it. I have in the past received from Michael Ward a copy of a paper describing congestion-based pricing models, which seem to work really well for the kinds of things that everybody wants. This letter seems to take such models into consideration, and seems to be more cautionary than reactionary. Obviously, a metered model (like phones) would be inappropriate for Internet, but is probably what phone/cable companies would like to charge, even though it would stifle usage. This letter, while reacting against all usage models, seems to me to leave the door open to more intelligent pricing models, such as the congestion model (e-mail me for details). Thus, it seems to address my concerns, and my fright at the idea of a conventional usage-based model was sufficient to get me to agree to sign the letter, in spite of the fact it doesn't call out congestion-based models explicitly as an alternative. I specifically agree with all the recommendations. The congestion-based pricing model is essentially this (if I remember it correctly): every packet includes how much it would be willing to pay to be sent within a given time frame. The switch sends the packets with the highest bids, but charging them each the amount of the cheapest sent packet. Other packets either wait or get NACK'ed (I forget what happens here). Note that zero is a fine amount to bid -- it just means you wait until the line frees up. Packets have an incentive to actually bid the correct amount they would be willing to pay, but don't get charged if they bid too high. People who care about throughput pay enough to add enough capacity so there is always some slack time. It really seems to me to work like a charm. I've got a paper on this (with references to further papers) if anyone is interested. Date: Wed, 11 May 1994 14:03:21 -0700 From: lile at netcom.com (Lile Elam) about this letter? Would you sign it? -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---------- Forwarded message ---------- Date: Wed, 11 May 1994 12:37:27 -0400 (EDT) From: Michael Ward To: niiregional-l at rain.org Subject: Letter to NSF re: Internet Pricing Distributed to TAP-INFO, a free Internet Distribution List (subscription requests to listserver at essential.org) TAXPAYER ASSETS PROJECT - INFORMATION POLICY NOTE May 7, 1994 - Request for signatures for a letter to NSF opposing metered pricing of Internet usage - Please repost this request freely The letter will be sent to Steve Wolff, the Director of Networking and Communications for NSF. The purpose of the letter is to express a number of user concerns about the future of Internet pricing. NSF recently announced that is awarding five ... From klbarrus at owlnet.rice.edu Wed May 11 17:32:02 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Wed, 11 May 94 17:32:02 PDT Subject: Message Havens (research havens, remailer usage) Message-ID: <9405120031.AA14268@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- > I saw it and thought it quite good. As to why nobody [...] > commented.... I wrote an essay on how the "bad posts drive out the > good," that is, the trivial chatter and net.repartee posts Well, I am glad somebody read my post, admist the heavy and sometimes irrelevant traffic... >being flaky (the "Joe College remailers." one might call them), these Ah, sorry about the mixup in nomenclature - I like "Joe College" as a name actually, reminds me of Snoopy ;) Funny, but I was going to describe something I've been kicking around for a while, something in between a remailer and a data haven (a different service I could try setting up after getting a slip connection, or on an existing account, etc.). But as I sifted through list mail today I see you did it for me! > 1. Investigate ways to create an "anonymous Web site," that is, a > WWW site that can be reached only through a system of remailers. > Actually, due to the slow response (else traffic analysis is a big > danger), this would be more like a "CryptoGopher." (But gopher is > being subsumed into the Mosaic/lynx model, I suspect, and will be > obsolete soon.) Actually, I based my idea on gopher and called it a "message haven". Basically, write some scripts which accept incoming mail and file it into a gopher accessible hierarchy. Then, anybody could connect up and browse for messages. For example, if you wanted to contact Pr0duct Cypher, you could encrypt a message with his key and send it to the message haven. Leave your own public key in the message and he can respond the same way. People could use anonymous remailers to send in messages, and use pseudonyms to protect their privacy. (The service would allow you to specify the name you want your message filed under, and both parties would have to agree on details such as this, etc. The haven could even accept digital cash - say by default messages are only kept for a day but you can pay for extensions.) An advantage would be no mail is sent out, so there (hopefully) won't be anybody complaining about receiving harrassing mail, a common objection to anonymous mail. Bandwidth may be saved (as opposed to sending to usenet or a mailing list to reach one person, all mail would just go to the haven). How is privacy preserved? Well, it's kinda ugly but you borrow a trick from Mr. Slippery ("True Names") and browse the entire message database, buffering all messages and later extracting what's relevant to you. This way even if gopher logs are kept, exactly what message interested you is undeterminable (since you read them all). If your net connection is monitored, no information can be derived since you took it all. (Note: this could be impractible, perhaps there is a better way?) The reason why I based this on gopher since I have some experience with gopher from helping the run the cypherpunks gopher site. Chael tells me that eventually all the files will be moved out of my home directory into the same directory used by anonymous ftp. Which would free up my disk space (running near quota ;) and allow people to retreive files with ftp. More important, I would have space to try some other crypto experiment, like this message haven. Why only messages? Largely due to disk space restrictions, I would hope that messages would tend to be short (shorter than 1000 graphic or sound files, etc.) Well, does this sound useful? Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdF4xoOA7OpLWtYzAQFwqgP+IccxFxK1fTb5YYzO+kJOt3CjJik0mdq+ pgJQr35wTgpOZb0vv5eEqUAzey870/IeWjP2m+0w90vh5oX9lbSrlkXlR3c+4jL8 6/kB2BqGQKi1ekbCWEg3v4heZPJaZxqG47sZ34xA0iHQ+D4nJIiQoF88WUNzkVzR b7PjQ779TME= =DdU5 -----END PGP SIGNATURE----- From karn at qualcomm.com Wed May 11 18:34:49 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 11 May 94 18:34:49 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <9405112204.AA02647@jacobi.i-kinetics.com> Message-ID: <199405120134.SAA18449@servo.qualcomm.com> >To this the counter argument would run along the lines of: > "Exactly WHAT encryption algorithms, here, are not known and > used, worldwide." >Is this close to the mark? What holes are there in this case (other >than the fact that THEY get to make the laws)? Given that they already allowed the exact same information to be exported in print form, there is the question of whether it is constitutional to discriminate on the basis of the medium of expression. In other words, this case comes pretty close to what groups like EFF were originally created to protect. Phil From jkreznar at ininx.com Wed May 11 18:51:06 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 11 May 94 18:51:06 PDT Subject: So what do you think... In-Reply-To: <199405112103.OAA18969@netcom.com> Message-ID: <9405120150.AA21150@ininx> -----BEGIN PGP SIGNED MESSAGE----- > about this letter? Would you sign it? In a word, no. Here's why: > We are very concerned about any movement toward usage based > pricing on the Internet, I am too. It's going too slowly. I wouldn't be here if the present trend toward usage based pricing didn't exist. To the extent that the Internet is still funded through taxation (expropriating the fruits of another's toil without his consent), I feel that I am receiving stolen property by using the Internet. Civility and decency demand that this situation be ended as soon as possible. > These discussion groups and > distribution lists are the backbones of democratic discourse on > the Internet, and it is doubtful that they would survive if > metered pricing of electronic mail is introduced on the Internet. Any more doubtful than that a newspaper or a magazine would survive? > Usage based pricing would also introduce a wide range of problems > regarding the use of ftp, gopher and mosaic servers, since it > conceivable that the persons who provide "free" information on > servers would be asked to pay the costs of "sending" data to > persons who request data. Conceivable, perhaps. A much more likely model would appear to be that the requester would have to pay the bill, just as when buying a book or a journal. > We are also concerned about the types of accounting mechanisms > which may be developed or deployed to facilitate usage based > pricing schemes., which raise a number of concerns about personal > privacy. Few Internet users are anxious to see a new system of > "surveillance" that will allow the government or private data > vendors to monitor and track individual usage of Information > obtained from Internet listserves or fileserves. I certainly share with you this concern. This underscores the importance of anonymous digital cash and other technologies which enable untraceable trading on the Internet. * * * There's also the pragmatic consideration that he who pays the piper gets to call the tune. If you don't want your neighbor interfering with your Internet use of cryptography, for example, then don't make him pay the bill for that use by acting to perpetuating your use of his tax money. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdGKssDhz44ugybJAQHkBQQAszXkh31KU6yRVpV18/L9eLJ4f8ee0wKW t3i1eHZe/iRqF8NYxdPbH69wq1GsPUySYi8mwBQLe27nDMAbZ9vyz/Eete1EKIua slghqkDcEYeTkh+RgpxDNIYVDNSdj4DOCi7EDGm8ErpklWedtD2RhJB0gaqVb3Q8 xoRwtaGcqyo= =sPWy -----END PGP SIGNATURE----- From tcmay at netcom.com Wed May 11 18:53:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 May 94 18:53:09 PDT Subject: NSA & State Fears ITAR Lawsuits Message-ID: <199405120153.SAA27799@netcom.com> With the talk about Phil Karn's latest encounter with the ITAR (International Trafficking in Arms Regulations) issue over Schneier's source code diskette, I thought I'd pass on an interesting comment I heard recently. Someone who's had dealings with the NSA and State over these issues saw some memos, but was not allowed to make copies of them, which indicated that State's lawyer's were very concerned that an ITAR case involving software *not* ever reach the courts, because they felt the government's case was very weak and that a probable loss would be a serious setback in other areas. Make of this what you wish, but I should note that Jim Bidzos or someone like him (I just don't remember whom) at the 2nd RSA Conference, January 1993, said something very similar to this. Namely, that the government has generally avoided ITAR cases involving written material and similar material because of the shaky Constitutional basis. (Shipping a few packing crates full of mag tapes of weapons designs, nuclear secrets, etc., would probably be prosecuted, but shipping a couple of diskettes of C code, based on and essentially identical (no matter what the letter to Phil K. says) to the code published in a freely available book, sounds like precisely the kind of ITAR case the governments fears the most.) Note however, that I am not prepared to make myself a test case here! Anybody who does so, should, in my opionion, be "judgement proof" (to use Duncan Frissell's term). (Suing the government is less dangerous, but probably pointless....and maybe not even possible. A "test case" would probably involved someone very publically and very in-your-facedly exporting the diskettes and then awaiting an ITAR prosecution. Which might never come...no precedent would be established, the ITAR laws would not be changed.) Just my opinion here, but I'm not sure this case is central to the real issues. I applaud Phil for trying to get the diskettes ruled exportable, but fighting a long legal battle is not necessarily a high priority, as I see things. (Usual caveats about people doing whatever they want to do, about Cypherpunks not being an organized group and hence can't have official projects, blah blah.) Good luck! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Wed May 11 19:10:37 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 11 May 94 19:10:37 PDT Subject: Here they come... In-Reply-To: <9405111428.AA12782@snark.imsi.com> Message-ID: <9405120211.AA18998@ah.com> The Times has two beat reporters for cyberspace. They are Peter Lewis and John Markoff. Not quite. I met Peter Lewis at CFP-94. He has the official cyberspace beat, which was just created this year. Markoff reports on the same issues, but is not assigned to that beat. Markoff's pieces in the times show remarkable understanding of the issues, but Lewis's make it seem like he's never even logged in. I encourage people to feed Markoff their interesting scoops and tips, and for people being interviewed by Lewis to ask why Markoff isn't covering a piece. I would suggest it would be more profitable to educate Mr. Lewis rather than to hold another's reputation over his head. Eric From tcmay at netcom.com Wed May 11 19:37:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 May 94 19:37:09 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate Message-ID: <199405120237.TAA17015@netcom.netcom.com> (I sent this out on Saturday, apparently just after the Great Outage began. I never saw it, so I presume few if any of the rest of you did either. While we're only 200-strong now, down from our 700+ peak recently, I suppose the most diligent and interested readers have by now managed to get back on the list. The alternately clued readers will have to miss this one.) Cypherdenizens, I guess it's a fact of cyberspace that well-reasoned, well-written posts don't get the followup responses that clueless, inflammatory, or otherwise controversial posts do. This has been driven home to me recently as I sort many thousands of posts and many hundreds of threads accumulated these last 19 months (and I deleted some of the true crap long ago, so my sample is skewed toward the good stuff!). I look at recent examples, like the analysis by Greg Broiles of what "Cyperpunks write code" means, and I see no follow-ups. I look at the thoughtful words of Harry Bartholomew, including a book review, of what can go wrong in software and what this means for crypto protocol tools, and I see no follow-up commnents. I look at Ray Cromwell's detailed presentation of his WEB-based remailer, and I see only comments by a few of us (me, Hal Finney, as I recall). Plenty of similar examples. What is going on? Without getting into particulars, clueless posts generate flurries of denunciations, "your mother codes in Fortran" insults, and alien abduction responses. A nobody name Nabalandian drools all over the list, mailbombs us, and generates several dozen responses. (Including from me, so I'm not blameless.) The Detweiler Perversion nearly brought the list to its knees for over two months recently. (And lesser flame wars, involving Thomas Tso, Xenon, and now Nabalandian, have similarly distracted us.) Cypher version of Gresham's Law: bad posts drive out good posts. (The same is being seen in talk.politics.crypto, with the neverending Sternlight vs. Everybody Else dominating the traffic by a factor of 20-to-1. Detweiler recently reappeared (as tmp at netcom.com) and is back to debating _himself_ and answering his own delusional posts.) Some fine work is being done, both by those who are posting here and by those who are apparently holding their counsel for the time being. But the crumb bum posts are definitely winning out. To be sure, posts by the stronger posters--who I won't name now--can still generate significant debate, but not nearly as well as the inflammatory posts can. (Part of this is predictable: the stronger posts are often technically deeper, meaning that more of the reading population feels unable to add signicantly.) I hope there's something we can do about it. I may start reposting, at not too frequent intervals, interesting articles from the past. "Golden Oldies," I called them on the Extropians list. Newcomers to the list often publically speculate that the old-timers are not "interested" in debating what drew them, the newcomers, to the list in the first place....things like Clipper, PGP, the loss of privacy, etc. What they may not realize is that many of us have spent literally many hundreds of hours writing articles for this list. That we have no wish to repeat the widely-accepted reasons for why Clipper is bad, or why RSA has not been broken, or why income taxes are about to become obsolete, is not surprising. While I'm not predicting the imminent death of the Cypherpunks list, it seems clear we have to stop the slide into inconsequential chatter and paranoid speculation. Cypherpunks write code. Or at least they work on ways to *make things happen*. They don't fall into the trap both the Marxists and the Libertarians have fallen into, of idly discussing theory and hoping that somehow the glorious future will arrive. Cyperpunks understand that the genie of strong crypto is out of the bottle and that a relatively small number of people working on new tools and capabilities can produce a phase shift of immense proportions in the world. There's work to be done, and I know of no other groups even one tenth as prepared as we are to do this work. Let us get on with it. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at soda.berkeley.edu Wed May 11 19:52:53 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Wed, 11 May 94 19:52:53 PDT Subject: No Subject Message-ID: <199405120252.TAA00270@soda.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- Date: Wed, 11 May 1994 14:09:13 -0800 From: norm at netcom.com (Norman Hardy) There was a long article in April 11, 1994 Forbes: "AUCTIONING THE AIRWAYS", by George Gilder". It had a supprising amount of technical information about a new technology similar to spread spectrum. The article has a "too cheep to meter" flavor that I do not agree with but it does present some interesting information and ideas. It is about 43k bytes and is available via anonymous ftp at netcom.com:/pub/Silk/auction.txt By all means, please triple or quadruple check any alleged `data' coming from George Gilder. No matter what you might think of Susan Faludi, she has documented a tremendous amount of misrepresentation and outright lying on the part of Mr. Gilder. In *many* cases, very simple follow up on his attributions reveals that he has his head firmly wedged up his ass. Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdGWPRVg/9j67wWxAQEg2wP/ZzTtjzZ0SNiuEKV9SNI0XcOpKGQuUWnm OFqM8ZX2GZwEOI59vQhE8Up9OFKXAJEvALDSIqzb2jxEJvxOp5onXHLCeRD8sgZ1 vt8u9Ns9WjdzXSlm8OldkvU+20oHhWIX7bJdVYG4JkO7X6sn9yagzS1oJFgRsMW5 lTU4u49VkdQ= =mkpr -----END PGP SIGNATURE----- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```$]S^P;+]AB?X9TW6\8WR:^P&2':U$*B?=.'X4H1"CCQM(F<(6Y-[4XT G.L)4B3H-S> Message-ID: <199405120239.WAA00421@orchard.medford.ma.us> Someone who's had dealings with the NSA and State over these issues saw some memos, but was not allowed to make copies of them, which indicated that State's lawyer's were very concerned that an ITAR case involving software *not* ever reach the courts, because they felt the government's case was very weak and that a probable loss would be a serious setback in other areas. Is there any chance that these memos would be subject to release under the FOIA? - Bill From sommerfeld at orchard.medford.ma.us Wed May 11 19:56:36 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Wed, 11 May 94 19:56:36 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <199405120134.SAA18449@servo.qualcomm.com> Message-ID: <199405120233.WAA00415@orchard.medford.ma.us> Does anyone think it would be worthwhile to go through the rigamarole of CJ requests for "intermediate" cases? Or is that just splitting hairs? I can think of a couple... though setting these up would, of course, require the cooperation of Bruce Schneier: - diskettes containing either all the source in one big file (with page breaks), or one file per "page" as found in the book. or - diskettes containing PostScript (or similar) source for the appendix (where one has to parse the PostScript to get the program text out) or even the whole book... (Bruce Schneier or his publisher might have a problem with this, though..). or - diskettes containing .TIFF or .GIF images of the pages from the appendix -- machine readable, but not easily compileable w/o character recognition software. I'm waiting for someone like Markoff to run a story with the headline "Goverment Agency Rules Only Americans Can Type". - Bill From dwitkow at eis.calstate.edu Wed May 11 20:26:49 1994 From: dwitkow at eis.calstate.edu (David T. Witkowski) Date: Wed, 11 May 94 20:26:49 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate Message-ID: <9405120326.AA14746@eis.calstate.edu> I agree that there is a lot of "static". In fact, I'm choosing to leave the cypherpunks list for that reason. Simply put, I'm spending a lot of time reading posts, many good, but some clueless. Example: Ten minutes after someone posted the location of PGP 2.5 we got three posts asking "Where can I get PGP 2.5?" and subsequent responses of "Yeah, me too!" The original poster had a legitimate question, assuming that he had JUST signed onto the list, but he could have directed his questions towards the original announcer, but those subsequent "votes" for information were completely unnecessary. These kinds of problems are inherent in the structure of network communication. (I long for the creation of artificial intelligence twit-filter daemons to help me separate the wheat from the chaff. Read David Brin's 'Earth' for an interesting portrayal of the future of such beasts.) Perhaps lessons can be found in the Usenet world. Knowing the location of some cypher-oriented FAQs and FTP sites upon subscription to this list might defer some of the more trivial traffic. Inclusion of some net-iquette guidelines in the list-server welcome message might defer even more. To be relevant, such things would have to be updated frequently, meaning more work for the keepers, but I think that the subsequent distillation of list traffic would pay off in better, more effective posting. In fairness, I'd have to say that I've learned many things in the past three days. But the original reason I joined this list was to ask for information on basic analog voice encryption techniques, a request that went completely unanswered. I find the subject interesting, I just can't justify the time I'm spending sorting through 40+ posts per day. ...dtw ---------------------------------------------------------------- Notice of address change: Please send mail to the following: dwitkow at eis.calstate.edu (Mail sent to dwitkows at nermal.santarosa.edu will be forwarded) ---------------------------------------------------------------- Transmitted via modified Eudora 1.4.2 over LINUX host dialup! ---------------------------------------------------------------- Finger dwitkows at nermal.santarosa.edu for PGP key ---------------------------------------------------------------- From dwomack at runner.utsa.edu Wed May 11 20:29:33 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Wed, 11 May 94 20:29:33 PDT Subject: Bad debates... Message-ID: <9405120329.AA00843@runner.utsa.edu> Mr. May wrote an excellent piece regarding the lack of in-depth discussion of code...and, I believe he's put his finger on the problem when he mentions that the majority don't feel capable of adding to the post; indeed, I fear I may be guilty of hubris for commenting on the posting of someone who clearly knows far more than do I about crypto. Continuing the theme, I've just bought a copy of applied crypto...and even after Data Structures II and Assembly Language I, it's tough sledding. I still can't fix the PGP makefile to compile for the Sun4 machine at the university (although, thanks to this list, I was able to find an already compiled version). The problem, if I may say so, is that code at this level of complexity may be achievable for full-fledged cypherpunks...but it is not yet for those of us who remain mere "wanna-be's". This is, I suspect, why cryptography is not spreading as rapidly as we would prefer. Keep in mind that the better programs, while technically elegant, just aren't user friendly. As as example of what is being dealt with, I have a friend with a new 486DX 50Mhz machine with a 300 Meg drive...and he only uses it for one application. Word Perfect 5.0. I just installed Compuserve for him. And, this is a really intelligent person, he's just not computer oriented. He needs PGP, SecureDrive, and so forth, but he doesn't understand how to use them. How many others are out there, just like him? I suspect a bunch. To get crypto 'out there' it is going to have to be very, very easy to use...and with instructions equal to a single double spaced page (or less) ... all of this is just MHO. So, I probably won't be reasonably able to make intelligent comments on the in-depth posts for *_at-least_* a year; but, I DO know how to delete the more tedious posters! ;-) Since I do pick up a lot from the posts, I do hope Mr. May (and others) won't get TOO discouraged... Regards From sameer at soda.berkeley.edu Wed May 11 21:50:52 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Wed, 11 May 94 21:50:52 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate In-Reply-To: <199405120237.TAA17015@netcom.netcom.com> Message-ID: <199405120448.VAA03068@infinity.hip.berkeley.edu> Good post. Here's a reply. =) Tim said: > > What is going on? > You have a good summary of what's going on. Personally I've found it useful to create a filter for my cypherpunks mail to send posts from people whom I respect more into a seperate folder such that the signal-to-noise ratio in that folder is higher. When I have more time I read the folder with the lower signal-to-noise ratio, but I often do not have those resources. I don't really have to deal with bad posts because I don't see most of them unless I have some extra time on my hands... Others interested in rational discussion and debate and actual-doing-things might find this a useful technique. From klbarrus at owlnet.rice.edu Wed May 11 21:51:52 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Wed, 11 May 94 21:51:52 PDT Subject: Message Havens Message-ID: <9405120451.AA27627@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- > People could use anonymous remailers to send in messages, and use > pseudonyms to protect their privacy. It occured to me that perhaps getting messages to a message haven won't require anonymous mail to protect privacy (who you are communicating with. You would still need to use a remailer to hide the fact you are using the message haven!). In each message, the author could specify what to name the next reply. If messages are encrypted, then all a watcher would see is incoming messages from various people, but not be able to figure out who is reading what message, and what messages are responses to what other messages. This would require the service to reject unencrypted messages, which would be easy enough. But it would still require people to "download" everything and sift through it at home, to hide what messages they are interested in. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdG1c4OA7OpLWtYzAQH2MQP/f5M/4QHHHl8qg85ikGCkmFiN6wrs+DHc 3iIpogSO5oj/tJZ0xnHzky8B3Ll2rjmHgW+vH5hxTONw+2TZ5+5aFjJbqCs1pL1a rYFFyUP6AOj3809G1gSuLwa85iw5jY5fT/JZsMH82uL2v5i2839jQDZo1SCHff/1 77gQgjP9Agk= =7p6A -----END PGP SIGNATURE----- From norm at netcom.com Wed May 11 21:53:21 1994 From: norm at netcom.com (Norman Hardy) Date: Wed, 11 May 94 21:53:21 PDT Subject: MIT TOC SEMINAR--ADI SHAMIR--MONDAY--MAY 16--4:15pm Message-ID: <199405120453.VAA01484@netcom.netcom.com> At 10:07 5/11/94 -0700, Paul E. Baclace wrote: >I'm very curious as to how humans can directly decode encrypted >pictures. Do they stare at it for 10 minutes and go "ah, there >it is". ... About 10 years ago there was a Scientific American article about visual encypherment. The decoder required no computing hardware. A one time pad was available at both ends in the form of an array of 1000 by 1000 random black or white pixels in the form of a transparency. When it was time to code a black and white image an array of pixels were produced with each pixel being black with a probility proportional to the darkness at that point of the 'plain-image'. That was exclusive ored with the one time pad. This yielded a random set of black and white pixels and was transmitted physically by insecure courrier. It it reached the destination it would ideally be exclusive ored with the other copy of the one time pad. The receiver could more easily align the cypher-image with the one time pad and see a fairly good image. This yields the 'and' function in place of the 'xor' and provides about half of the image quality in the information theortic sense. From adam at bwh.harvard.edu Wed May 11 21:55:37 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 11 May 94 21:55:37 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <199405120233.WAA00415@orchard.medford.ma.us> Message-ID: <199405120455.AAA00840@duke.bwh.harvard.edu> Bill Sommerfeld: | Does anyone think it would be worthwhile to go through the rigamarole | of CJ requests for "intermediate" cases? Or is that just splitting | hairs? Actually, I was batting around the idea earlier of reading the code onto audio tape. Clear that, then clear a written transcript of the tape, then try to clear an electronic copy of the transcript. The audio tape would clearly not be 'easily compilable' which is the pseudo logic they provide for allowing the paper & not the disks. The written transcript is probably no different from the book. The interesting change, I think, comes from calling your listings a transcript of the spoken word. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From hfinney at shell.portal.com Wed May 11 23:01:31 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 11 May 94 23:01:31 PDT Subject: State Dept Response to my second CJ request Message-ID: <199405120602.XAA23141@jobe.shell.portal.com> There is a problem with these "hair splitting" approaches to avoiding the ITARs (they accept the book; they reject the disks, so we ask to send some- thing that is halfway between the book and the disks, etc.). There is a well-known fallacy (whose fancy name I don't remember) which says that even though night and day change gradually from one to the other, and you can't really draw a line separating night from day, that doesn't change the fact that night is different from day. We may establish that hitting someone with a baseball bat is against the law, and hitting them with a feather is not; then we proceed to ask whether hitting them with a pillow is against the law, and so on. At some point the law is forced to make an absurd decision that hitting someone with item X is illegal while hitting them with Y is not, but X is almost the same as Y. Does this prove that no amount of assault is illegal? No. It just means that lines are not always easy to draw. In the same way, it is not easy to draw a line between a book which is protected by the first amendment and a program which a person can sit down and run to get military grade cryptography. But that does not lead to a strong legal argument that all cryptographic software is export- able, IMO. Hal From hfinney at shell.portal.com Wed May 11 23:06:50 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 11 May 94 23:06:50 PDT Subject: Message Havens Message-ID: <199405120607.XAA23381@jobe.shell.portal.com> Karl's idea about message havens is interesting, but I don't fully follow how it differs from the anonymous pools we discussed last year (one such pool is being run from the extropia site, I believe). With a message pool the receivers sift through all of the messages to see which they can decrypt with their own public key. Messages can be sent to the pool via anonymous remailers. One problem is that there may not be too many subscribers to any one pool, so there is not much protection to the users. With a protocol more similar to WWW or gopher you might have a larger population of users, although again you don't have any guarantee of how many other people are downloading all of the messages. The other variant on this idea we have discussed is to use Usenet, as we have seen when people post encrypted messages to Pr0duct Cypher on alt.security.pgp. This seems to me to be an inefficient way to send mail (sending it to thousands of sites just to get to one person) but it certainly seems to provide good cover to the receiver. He could be literally any of probably tens of thousands of readers of that newsgroup. Hal From tcmay at netcom.com Wed May 11 23:31:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 May 94 23:31:32 PDT Subject: NSA & State Fears ITAR Lawsuits In-Reply-To: <199405120239.WAA00421@orchard.medford.ma.us> Message-ID: <199405120631.XAA12122@netcom.com> > Someone who's had dealings with the NSA and State over these issues > saw some memos, but was not allowed to make copies of them, which > indicated that State's lawyer's were very concerned that an ITAR case > involving software *not* ever reach the courts, because they felt the > government's case was very weak and that a probable loss would be a > serious setback in other areas. > > Is there any chance that these memos would be subject to release under > the FOIA? > > - Bill I have no idea. I can provide the name of my source to someone who wants to pursue it further (seriously pursue it, the way John Gilmore and Lee Tien have pursued their FOIAs) and my source can say where he was allowed to view the docs but not make copies. That might provide clues. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jdwilson at gold.chem.hawaii.edu Thu May 12 00:35:32 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 12 May 94 00:35:32 PDT Subject: encrypted telnet - care to assist this user? Message-ID: ---------- Forwarded message ---------- Date: Wed, 11 May 1994 23:49:13 GMT From: Jon Zeeff To: Multiple recipients of list TCP-IP Subject: encrypted telnet Does anyone have a telnet/telnetd that encrypts the conversation? Key management is not really a concern for my application. From Richard.Johnson at Colorado.EDU Thu May 12 01:15:13 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Thu, 12 May 94 01:15:13 PDT Subject: State Dept Response to my second CJ request In-Reply-To: Message-ID: <199405120814.CAA05246@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- Hal Finney mentions that the law is often forced to make absurd distinctions between OK and illegal acts, simply because the line must be drawn somewhere. It's a good point, and worth keeping in mind. It seems obvious to me that, for purposes of ITAR regs., the Dept. of State and Dept. of Defense here in the USA have drawn the line between printed text (OK) and ASCII text files on electronic media (illegal to export). Their line selection is probably based upon their interpretation of the self-contradictory ITAR regs. However, just because one part of "the law" has drawn a particular line, we shouldn't assume that line to be the final word. If we do indeed believe that electronic expression and electronic publishing are the moral and constitutional equivalents of paper publishing, there should be no line at all. A lawsuit could force the line-drawers to officially recognize this fundamental democratic truth. Richard -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLdHzPfobez3wRbTBAQHvVAP+KHGCFgSlMStgbomhggwSQeiymdOSpk03 xmNhds+VBcqb1m7ddzvp659Yqcwc+MmBoQrJ9d3rELYD4mxxLvYAwCinaJf04Arx SYr69+K0MHTvsKG2ilv8gTUaAdUzTkIgIE06S4+4gdkp4LH4UoEyH42QEAx3vvso fw/Boyqxp+k= =Yhex -----END PGP SIGNATURE----- From mlshew at netcom.com Thu May 12 01:55:01 1994 From: mlshew at netcom.com (Mark Shewmaker) Date: Thu, 12 May 94 01:55:01 PDT Subject: No Subject Message-ID: <199405120854.BAA10685@netcom.com> Version 0.1--This will change in case of conflicts, etc. I'll post V1.0 on Wednesday 5/18/94. This is version 0.1 of this file. For the most recent version, try the following: o finger mlshew at netcom.com, to read my .plan. (This file.) o get "plan" by ftp in netcom.com:/pub/mlshew This was originally sent to the cypherpunks and extropians lists. If you would like to meet informally with other readers of these lists during next week's COMDEX, I would suggest meeting Tuesday (5/24/94) at noon, directly above the food court in CNN Center--------->+ | | Map: (Badly out of scale and oversimplified to make sense | for walkers but not drivers) | | | | | | | -------------------+ +---------------------------------|-------------- Marietta Street | -------------------+ +---------------------------------|-------------- | | | +----------------+ | | +----------+ +-------V-----------+ | World Congress | | | | The Omni | | CNN Center | | Center (COMDEX)| | | +----------+ | (Food Court here) | | Walk this way like the rest of the mobs of people | +----------------+ | | +-------------------+ | Inter- | +--------------------+ |national| | MARTA Rail Station| | Blvd. | | (The local subway) | | | +--------------------+ | | | | Lots of very expensive parking here for those | | who want to drive directly to COMDEX in the | | middle of incredible traffic and raise their More Parking | | blood pressure instead of taking a shuttle from | | their hotel, or parking at a free-parking MARTA | | lot and taking MARTA in, as is the sensible | | way to go about it. (For those who haven't been to an Atlanta COMDEX before, the CNN food court is a place where almost every COMDEX attendee is likely to eat at least once during the week. If you happen to forget, loose, or never receive the ASCII map originally above this paragraph, any random person you might ask for directions can probably point you in the direction of the "CNN Center food court.") The court is in the center of the floor you will (likely) come in on. So don't go getting confused when you see smaller sets of restaurants and tables and chairs as you enter. That's not the central court. You won't miss it, just keep going in. (Of course, you won't have much choice in the matter: There will be a mob of hungry Comdex attendies behind you, and stopping in their path is simply not a viable option.) Go to the food court, and look up. You will see a single pedestrian walkway one floor above you. That is where we'll all be. Take yourself and your food up one floor, and enjoy the pleasant conversation. (Note that up on the walkway there's no place to put your food, but that's okay, because there's no place down in the food court either--it's _really_ crowded. Down there there's hardly a place to stand, much less sit, but go up one floor, and it's a virtual dessert.) I'd like to make a publicly available list that includes the following. (To be appended to this file.) o Persons coming to Spring Comdex, interested in attending a meeting such as this, and wishing to let that and related information be known to the world. o Whether they can make the noon Tuesday meeting. o Where they heard this announcement. o Good/bad days and times. Be specific but brief. Please include this in any event, so if 3 people say only Wednesday, and 7 don't bother to mention that Wednesday is impossible for them, that I don't switch to Wednesday. No guarantees of course. o Personal interests. (Explained below) o Misc. other information they want known to the world. If you would like to enter or modify yourself in such a database, modify and mail a form such as one at the end of this file to mlshew at netcom.com, with this subject line or "comdex meeting info". Feel free to also add in: o Any job openings you know about. (Esp. EE/DSP/Programming) :-) If you would like to tell me and everyone to expect one more person, just mail the form with a number "1" in the "Name" column, so you needn't broadcast your name. If you'd like to tell no one anything and just show up, that's okay too. I'll append the information (edited!) to the end of this file. As to why I included a field about interests, it will allow everyone to mull over everyone else's idea of what would be nice to talk about, the theory being that it might help conversation naturally bend towards topics all are interested in. As to the other information, it's also to help other people who might want to get together to do so if they don't want to go to this meeting. (Or to remember remember to bring that book they borrowed from another person three years ago.) It is not a "vote" on what time the get-together will be. Appended are two sample forms (since this is the first version: V0.1). Delete everything else, put in your own info, and mail it back to me. See you soon! Mark Shewmaker mlshew at netcom.com Noon Tue. OK? Name Where heard Can Schedule at Interests ------------------------------------------------------------------------------- Y Mark Shewmaker extropians Flexible all days Schelling points of mlshew at netcom.com cypherpunks lunch meetings near conventions Thinks this is a great place to meet, and a nice place to watch everyone come and go. Need an employee? Apply now before prices go up. ------------------------------------------------------------------------------- N One fake anonymous never tell MWF 10-2 Mental Cryptography person just as an example I just kind of feel silly telling everyone that I'm going to be there; I look forward to meeting you there, though. ------------------------------------------------------------------------------ From upham at cs.ubc.ca Thu May 12 02:03:49 1994 From: upham at cs.ubc.ca (Derek Upham) Date: Thu, 12 May 94 02:03:49 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate Message-ID: <199405120903.AA24972@grolsch.cs.ubc.ca> > Cypher version of Gresham's Law: bad posts drive out good posts. > (The same is being seen in talk.politics.crypto, with the neverending > Sternlight vs. Everybody Else dominating the traffic by a factor of > 20-to-1. Detweiler recently reappeared (as tmp at netcom.com) and is back > to debating _himself_ and answering his own delusional posts.) Let's face it: Usenet is inherently broken. There are two ways to filter for content: filter at the newsgroup source via moderators, or filter at the newsgroup destinations via killfiles. Moderating does seem to get rid of most of the cruft, but the moderators are required to read every post that comes through, and, worse, make judgements with some degree of impartiality (which is not always possible). On the other side, kill files are useful, but only to a certain degree. Blocking sertain key words in subjects doesn't help against topic drift; blocking Sternlight won't help you in the slightest when umpteen other people respond to his posts. The situation for most mailing lists is just as bad. Anyone can send a post to a mailing list, and there are usually no moderators to enforce content. A reader's only recourse is another kill file---and most mail killing facilities are pretty lousy when compared with their Usenet counterparts. The only thing mailing lists have going for them is that they tend to be less obvious than newsgroups. Harder to find. To fix them problem, then, we either have to either improve the kill files or improve the moderation. Personalized AI filters (see Moran's "The Long Run") will be spiffy when they arrive, but they're not going to be arriving any time soon. This leaves moderation. If we increase the number of moderators, we can reduce the load on each and take into account as many tastes as possible. In the best case, the moderators would consist of all the readers of the newsgroup. How would this work? Assume we're running a mailing list (Usenet v.2.0 will be just a special case of a mailing list). All posts are sent to the central site. The mailing list software picks one e-mail address from all of the list receivers, and forwards the post to that e-mail address (keeping the original post on file). The forwarded post will have a subject line something like: Subject: Post ACK, list cypherpunks, msg #435A77CF with the post contained in the body. The receiver reads the post, then replies to it. The reply subject line will be: Subject: Re: Post ACK, list cypherpunks, msg #435A77CF and the body will contain "ACK" or "NAK" or "post" or "dump" or whatever. This goes back to the list maintainer, who can check that: * The message in question is in fact outstanding. * The person who sent back the evaluation was the one who was supposed to. * Other sordid details. If the message was approved, it goes to everyone. Otherwise, the original poster is informed that the post did not meet standards. We might even want to forward the evaluation body to the original poster; this would allow the evalutors to send comments explaining why the post was rejected. The nice thing about this technique is that the more people a person pisses off, the less likely it is that his or her posts will ever see the light of day. Even better, aware readers can nip MAKE.MONEY.FAST and Green Card Lottery posts in the bud. Something very similar to this exists now in the Internet Oracle, so distributed moderation ought to be possible. I suspect that the mail- handling features could be incorporated entirely into "procmail" and "SmartList" (a filter program and a mailing list program), although the databases would need C maintenance programs for efficiency. I'll go to bed and await comments. Derek From gtoal at an-teallach.com Thu May 12 04:16:39 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 12 May 94 04:16:39 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate Message-ID: <199405121116.MAA23115@an-teallach.com> You have a good summary of what's going on. Personally I've found it useful to create a filter for my cypherpunks mail to send posts from people whom I respect more into a seperate folder such that the signal-to-noise ratio in that folder is higher. When I have more time I read the folder with the lower signal-to-noise ratio, but I often do not have those resources. I don't really have to deal with bad posts because I don't see most of them unless I have some extra time on my hands... Others interested in rational discussion and debate and actual-doing-things might find this a useful technique. Ditto. Actually I gateway c'punks straight into a local 'mail.cypherpunks' group, with the hack script below (there might be an easier way, but I had the code around anyway). First, I created a user called 'cypher', then gave it this .forward: suilven% cd ~cypher suilven% cat .forward "|mail2news mail.cypherpunks cypherpunks at toad.com" Since I'm running the smrsh security wrappers, mail2news has to be in the special smrsh directory, /usr/adm/sm.bin. mail2news: #!/usr/contrib/bin/taintperl # # mail2news - Incredibly simple program to take a mail message from # stdin and insert it into a moderated newsgroup so you can # read mailing list messages via news instead of mail. # # Usage: mail2news # # Author: Stephen Hebditch # # Operation: # 1. Create a new local group (e.g. orbital.lists.uri) with moderated # status to contain the local messages. # 2. Make sure the newsgroup isn't going to propagate outside your # system. # 3. Modify mailpaths (C News) or moderators (INN) so that your local # replies get sent back to the mailing list. # 4. Use a mail filter program (such as comes with elm) to divert # messages arriving from the list to this program instead. # # Add local config info here # Make secure (from 'perl' man page) $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; $ENV{'IFS'} = '' if $ENV{'IFS'} ne ''; $path = $ENV{'PATH'}; # Not tainted $domain = "suilven.an-teallach.com"; $rnews = "/bin/rnews"; $update = "/usr/local/bin/op updatetrn"; $user = "news"; # If badly installed, news will get the replies $newsgroup = $ARGV[0]; if (!$newsgroup) { die ("No newsgroup name supplied\n"); } $replyaddr = $ARGV[1]; if (!$replyaddr) { $replyaddr = $user; } $body = 0; $kill = 0; $subject = 0; open (NEWS, "|$rnews") || die ("Can't run $rnews: $!\n"); print (NEWS "Newsgroups: $newsgroup\nPath: $domain!not-for-mail\n"); print (NEWS "Followup-To: poster\nReply-To: $replyaddr\n"); while () { chop; if (!$body) { if (/^Subject:\s+(.*)$/io) { if ($1 ne "") { $subject++; print (NEWS "$_\n"); } } # Add here any headers you wish to kill elsif (/^(Received|Return-Path|X400-Received|Newsgroups|Path|To|Reply-To):/io) { $kill++; } elsif (/^From\s.*$/io) { } elsif ((/^\s.*$/io) && ($kill)) { } elsif ($_ eq "") { $body++; if (!$subject) { print (NEWS "Subject: \n") } print (NEWS "Approved: news@$domain\n\n"); } else { $kill = 0; print (NEWS "$_\n"); } } else { print (NEWS "$_\n"); } } close (NEWS); system($update); exit (0); From perry at snark.imsi.com Thu May 12 04:34:36 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 12 May 94 04:34:36 PDT Subject: Here they come... In-Reply-To: <9405120211.AA18998@ah.com> Message-ID: <9405121133.AA15339@snark.imsi.com> Eric Hughes says: > I would suggest it would be more profitable to educate Mr. Lewis > rather than to hold another's reputation over his head. Probably a better idea than the one I listed. Perry From perry at snark.imsi.com Thu May 12 04:36:27 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 12 May 94 04:36:27 PDT Subject: NSA & State Fears ITAR Lawsuits In-Reply-To: <199405120239.WAA00421@orchard.medford.ma.us> Message-ID: <9405121135.AA15349@snark.imsi.com> Bill Sommerfeld says: > Someone who's had dealings with the NSA and State over these issues > saw some memos, but was not allowed to make copies of them, which > indicated that State's lawyer's were very concerned that an ITAR case > involving software *not* ever reach the courts, because they felt the > government's case was very weak and that a probable loss would be a > serious setback in other areas. > > Is there any chance that these memos would be subject to release under > the FOIA? Probably. They would probably make excellent ammo in an ITAR lawsuit if they actually existed and State actually "found" them in fulfilling the FOIA request. I would suggest that someone with experience in directing FOIA requests get details from Tim and then try to extract the memos in question. Perry From werner at mc.ab.com Thu May 12 04:36:38 1994 From: werner at mc.ab.com (werner at mc.ab.com) Date: Thu, 12 May 94 04:36:38 PDT Subject: State Dept Response to my second CJ request Message-ID: <9405121136.AA19890@werner.mc.ab.com> >Date: Wed, 11 May 1994 15:37:01 -0400 >From: "Perry E. Metzger" > >I'd say the obvious next step is a lawsuit -- at this point there is >standing and little point in accomodating the clowns. > >I've already offered Phil a donation towards this suit, and if he >chooses to pursue it I encourage others to donate money towards it as >well. In my opinion there is no more important action this year in the >area of cryptography than Phil's export license request. Please let us know if such a suit is filed. I will gladly contribute. tw From perry at snark.imsi.com Thu May 12 04:38:51 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 12 May 94 04:38:51 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <199405120455.AAA00840@duke.bwh.harvard.edu> Message-ID: <9405121138.AA15358@snark.imsi.com> Adam Shostack says: > Bill Sommerfeld: > > | Does anyone think it would be worthwhile to go through the rigamarole > | of CJ requests for "intermediate" cases? Or is that just splitting > | hairs? > > Actually, I was batting around the idea earlier of reading the > code onto audio tape. Frankly, the case seems airtight right now. The government is contending that only Americans can type. The position is so idiotic as to be untenable. I don't think there is any need for additional rigamarole -- Phil should appeal the current ruling and then take them to court as is. Perry From perry at snark.imsi.com Thu May 12 04:46:06 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 12 May 94 04:46:06 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <9405121138.AA15358@snark.imsi.com> Message-ID: <9405121145.AA15394@snark.imsi.com> "Perry E. Metzger" says: > Frankly, the case seems airtight right now. The government is > contending that only Americans can type. The position is so idiotic as > to be untenable. I don't think there is any need for additional > rigamarole -- Phil should appeal the current ruling and then take them > to court as is. I realized that I sounded overoptimistic in what I just said. Let me clarify. Courts may of course find against us, but the case is as strong as it can possibly get right now -- no better opportunity is going to arise. Perry From paul at hawksbill.sprintmrn.com Thu May 12 05:22:18 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Thu, 12 May 94 05:22:18 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <9405121145.AA15394@snark.imsi.com> Message-ID: <9405121324.AA28888@hawksbill.sprintmrn.com> > > "Perry E. Metzger" says: > > Frankly, the case seems airtight right now. The government is > > contending that only Americans can type. The position is so idiotic as > > to be untenable. I don't think there is any need for additional > > rigamarole -- Phil should appeal the current ruling and then take them > > to court as is. > > I realized that I sounded overoptimistic in what I just said. Let me > clarify. > > Courts may of course find against us, but the case is as strong as it > can possibly get right now -- no better opportunity is going to arise. > Perry's right. Even articles in the popular press and telecommunications trade rags are questioning the policies of key escrow and cryptographic export policy. - paul From m5 at vail.tivoli.com Thu May 12 05:41:00 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 12 May 94 05:41:00 PDT Subject: NSA & State Fears ITAR Lawsuits In-Reply-To: <199405120153.SAA27799@netcom.com> Message-ID: <9405121240.AA13957@vail.tivoli.com> Timothy C. May writes: > A "test case" would probably involved someone > very publically and very in-your-facedly exporting the diskettes and > then awaiting an ITAR prosecution. Perhaps some national organization with a modicum of media prominence could make this move. It'd make a more impressive CNN tidbit. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From m5 at vail.tivoli.com Thu May 12 05:51:40 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 12 May 94 05:51:40 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <199405120602.XAA23141@jobe.shell.portal.com> Message-ID: <9405121251.AA13977@vail.tivoli.com> Hal writes: > In the same way, it is not easy to draw a line between a book which is > protected by the first amendment and a program which a person can sit > down and run to get military grade cryptography. But that does not > lead to a strong legal argument that all cryptographic software is export- > able, IMO. Though I agree that the feather/pillow/stick/club scenario is unrealistic, I disagree that it applies in this case. The ITAR regulations are being enforced around a situation that's essentially a technological accident. The difference between an exportable piece of software printed with ink on a page and one in human-readable ASCII on a diskette is defined solely by the state of technology. If, tomorrow, some company began selling a $99.95 scanner with built-in OCR translation software, then there would really be no difference whatsoever. To return to the original analogy, it would put the "court" in a position of having to declare an assault with an oaken bat illegal, but one with a hickory bat OK. There is a similar lack of distinction between source code and machine code. If I introduce a computer system whose primary interface includes a C interpreter, then in some ways the source code *is* machine code. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From jims at Central.KeyWest.MPGN.COM Thu May 12 05:51:52 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 12 May 94 05:51:52 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate In-Reply-To: <199405120237.TAA17015@netcom.netcom.com> Message-ID: <9405121251.AA08297@Central.KeyWest.MPGN.COM> > > Some fine work is being done, both by those who are posting here and > by those who are apparently holding their counsel for the time being. > But the crumb bum posts are definitely winning out. > > To be sure, posts by the stronger posters--who I won't name now--can > still generate significant debate, but not nearly as well as the > inflammatory posts can. (Part of this is predictable: the stronger > posts are often technically deeper, meaning that more of the reading > population feels unable to add signicantly.) Tim, You are right about the excess fluff on the list, of course. I also think a very good explanation is what you and another poster have mentioned about the "masses" being or feeling unable to contribute to such a technical matter. Everyone can respond to a jerk though. There are three points I'd like to make: 1. The technical posters should strive to talk to the masses and not each other. It's the same old catch 22 of "The professor has a PhD and knows his stuff, but he can't talk to students on their level." Why not set up a tutorial posting where someone who intimately understands crypt tries to explain some of the basics to those of us who are along for the ride instead of studying for the Grand Master of the Universe Degree in Cryptography and Math. Perhaps your "golden oldie" idea is a step in the right direction. Of course, this assumes the techies are mostly interested in helping newbies become techies. If their intention is to send info back and forth among themselves please tell us so we can look elsewhere for instructional help. 2. Many people on the list are time-challenged :) A short post from J.Random Jerk is much easier to read than a 5 page eloquent speach from you which, although it contains very good information, is difficult to "hang with". Some of the more knowlegable people here have a tendency to ramble and make their postings flowery and they lose us normal folks that want to read "just the good stuff". 3. We are human and it is human, or at least societally inborn, to argue back when insulted. We all have to continually remind ourselves to ignore the jerks and not jump back. If everyone ignores them they will go away. (as an aside: Nalbandian isn't some punk kid! He's an older person in his mid 50's. It's a shame to see someone who has that many years of experience to act that way, but they do sometimes and we just have to learn to ignore them all. << Yes, Tim, I know I am among the worst flamers here sometimes, but I'm trying >> ) Please don't take this as an insult. It is only meant as MY OPINION of what's "wrong" with the list and what could be improved. Take care Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From perry at snark.imsi.com Thu May 12 06:03:19 1994 From: perry at snark.imsi.com (Perry E. Metzger) Date: Thu, 12 May 94 06:03:19 PDT Subject: NSA & State Fears ITAR Lawsuits In-Reply-To: <9405121240.AA13957@vail.tivoli.com> Message-ID: <9405121302.AA15486@snark.imsi.com> Mike McNally says: > Timothy C. May writes: > > A "test case" would probably involved someone > > very publically and very in-your-facedly exporting the diskettes and > > then awaiting an ITAR prosecution. > Perhaps some national organization with a modicum of media prominence > could make this move. It'd make a more impressive CNN tidbit. We have a test case already. Phil Karn being denied an export license will be sufficient for standing as soon as he's exhausted his administrative appeals. Perry From whitaker at dpair.csd.sgi.com Thu May 12 07:06:30 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Thu, 12 May 94 07:06:30 PDT Subject: More Gilder pointers Message-ID: <9405120705.ZM9466@dpair.csd.sgi.com> There's also a good interview in May '94 *Upside* with Gilder. "Upside" bills itself as "The Business Magazine for the Technology Elite", and is not a bad deal even for the $4.95 cover price (its primary competitor seems to be the $14.95 *Red Herring*, another technology-sector business magazine aimed at investors). I'm reading his 1989 bestseller "Microcosm": pick it up if you can find it. It's excellent. Gilder is a rare economist. He doesn't simply put forth solid free market arguments. He doesn't simply jump on the technology bandwagon. He knows science, and tells a whopping good story. For instance: I hadn't known that Andrew Grove (Intel CEO) was Hungarian, and had escaped Communist rule by crawling through the mud into Austria. America is full of incredible success stories. "Fibersphere" is his latest, in which he makes his controversial "death of television" and "dark fiber" arguments. I've only read excerpts in other Forbes articles, but it looks worth picking up. -Russell --- Forwarded mail from norm at netcom.com (Norman Hardy) To: cypherpunks at toad.com There was a long article in April 11, 1994 Forbes: "AUCTIONING THE AIRWAYS", by George Gilder". It had a supprising amount of technical information about a new technology similar to spread spectrum. The article has a "too cheep to meter" flavor that I do not agree with but it does present some interesting information and ideas. It is about 43k bytes and is available via anonymous ftp at netcom.com:/pub/Silk/auction.txt --- End of forwarded mail from norm at netcom.com (Norman Hardy) -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From frissell at panix.com Thu May 12 07:22:54 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 12 May 94 07:22:54 PDT Subject: Here they come... Message-ID: <199405121422.AA27660@panix.com> Eric Hughes wrote: H >Not quite. I met Peter Lewis at CFP-94. He has the official H >cyberspace beat, which was just created this year. Markoff reports H >on the same issues, but is not assigned to that beat. H > H > Markoff's pieces in the times show remarkable understanding of the H > issues, but Lewis's make it seem like he's never even logged in. H > H >I would suggest it would be more profitable to educate Mr. Lewis H >rather than to hold another's reputation over his head. H > H >Eric Lewis wasn't that hard to talk to at CFP'94. He used to write the Executive Computer column in the Sunday Times so I've followed his stuff for years. I didn't see any problems with his Anarchy in Cyberspace article on Monday. He was mostly talking about bad manners which exist on Internet and equally in the over-governed realms of the real world. Nothing new there. He is trying to interpret Cyberspace for the masses. His job is not to be inside talking out. Perhaps he could have talked about the problems potential regulators would face but that would be writing his article for him. DCF --- WinQwk 2.0b#1165 From sinclai at ecf.toronto.edu Thu May 12 07:24:33 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Thu, 12 May 94 07:24:33 PDT Subject: Message Havens In-Reply-To: <9405120451.AA27627@flammulated.owlnet.rice.edu> Message-ID: <94May12.102413edt.13411@cannon.ecf.toronto.edu> Downloading the whole message base to scan for one's messages will place a massive load on net.resources, and probably a prohibitive load on most people's terminals. This scheme should avoid this nescessity: Alice wishes to write a message anonymously to Bob. They have agreed in previous communications that their tag is the string "foo". Alice writes her messages, and encrypts it with Bob's public key. She then prepends the tag. It looks like this: Tag: foo --- Begin Pgp Message --- zxcvm,/asdfjk;qup .... iuerpw,d,fy --- End Pgp Message --- Next, she encrypts this with the gopherhole's public key. The resulting message is posted to the gopherhole, where it is decrypted and made available for all to download. Now, Bob enters the gopherhole and instructs it to download all messages with the tag of "foo". To thwart trafic volume analysis, he also downloads messages with tags "bar", "baz" and "quux", which he then discards. Problems: The gopherhole must be trusted not to divulge which posts came from who, and it's key must not be compromized. A tap on Bob's line shows that he /may/ have a connection with the "foo" tag. However, the only person that knows anything about that tag is Alice. Thus, the other party in the conversation must colaborate in an attack, probably ruining her anonymity. Comments? From mech at eff.org Thu May 12 07:41:08 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 12 May 94 07:41:08 PDT Subject: PGP 2.5 available from Electronic Frontier Foundation ftp site Message-ID: <199405112046.QAA22081@eff.org> With the early May announcement of the availability of the new version of PGP (Pretty Good Privacy) a free encryption program for email and other files, EFF has decided to provide PGP and other cryptographic material to users of the Internet. EFF applauds and congratulates the PGP development team, MIT (who initially made PGP 2.5 available), and RSA Data Security (patent holders of the RSA and RSAREF encryption code) for coming to an agreement and providing this new version of the most popular email encryption program in the world - a free version that is finally legal in the US. Previous versions of PGP arguably violated US patent law, with the exception of ViaCrypt's commercial PGP 2.4, but the new 2.5 is built upon the free RSAREF encryption functions, rather than the previous RSA functions which required a special licensing arrangement for use in applications like PGP. Despite the patent & licensing issues being resolved, PGP is still not legally exportable from the United States (except to Canada), due to ITAR export restrictions which categorize cryptographic materials as weapons of war. Thus, EFF can only make PGP and other crypto tools and source code available to US and Canadian nationals currently residing in the US or Canada and connecting to EFF's site from a US or Canadian site. PGP and similar material is available from EFF's ftp site in a hidden directory, and only to Americans and Canadians. Access to this directory can be obtained by reading and following the instructions in the README.Dist file at: ftp.eff.org, /pub/Net_info/Tools/Crypto/ gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ PGP can only be obtained from EFF via ftp currently. Gopher and WWW access to the material itself is not supported at this time. Only the DOS and Unix versions of PGP 2.5 have been released so far. The Unix version is in source code form, and so can be readily ported to VMS, NeXT and many other operating systems. A Macintosh version has yet to be released. If you would like to see US export restrictions on cryptography removed, please send a message supporting Rep. Cantwell's export reform act (bill HR3627) to cantwell at eff.org, ask your Representatives to co-sponsor this bill, and ask your Senators to co-sponsor Sen. Murray's companion bill (S1846) in the US Senate. Congress contact information is available from ftp.eff.org, /pub/EFF/Issues/Activism/govt_contact.list -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From unicorn at access.digex.net Thu May 12 08:16:09 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 12 May 94 08:16:09 PDT Subject: Message Havens In-Reply-To: <94May12.102413edt.13411@cannon.ecf.toronto.edu> Message-ID: <199405121515.AA10780@access3.digex.net> > > Downloading the whole message base to scan for one's messages > will place a massive load on net.resources, and probably > a prohibitive load on most people's terminals. This scheme > should avoid this nescessity: > > Alice wishes to write a message anonymously to Bob. They have > agreed in previous communications that their tag is the string "foo". > Alice writes her messages, and encrypts it with Bob's public key. > She then prepends the tag. It looks like this: > > Tag: foo > --- Begin Pgp Message --- > zxcvm,/asdfjk;qup > .... > iuerpw,d,fy > --- End Pgp Message --- > > > Next, she encrypts this with the gopherhole's public key. The > resulting message is posted to the gopherhole, where it is decrypted > and made available for all to download. > > Now, Bob enters the gopherhole and instructs it to download all > messages with the tag of "foo". To thwart trafic volume analysis, > he also downloads messages with tags "bar", "baz" and "quux", which > he then discards. Why can't gopherhole send a random number of messages with a user selected cap? Bob just sends one tag request encrypted with gopherhole's public key, and gets between 5 and [User cap] messages. Even better, (Light bulb) Bob can send the number of messages he is currently equipped to filter along with the tag and gopherhole can modify this just a touch +/- 10% say just to keep Bob from getting lazy and asking for the same number all the time. Bob can then filter the tags himself with procmail or something. Just seems simpler and easier on the user while harder on traffic analysis. > > Problems: > The gopherhole must be trusted not to divulge which posts > came from who, and it's key must not be compromized. Same as remailers really. Perhaps there is a way to chain message havens? > A tap on Bob's line shows that he /may/ have a connection with > the "foo" tag. However, the only person that knows anything > about that tag is Alice. Thus, the other party in the conversation > must colaborate in an attack, probably ruining her anonymity. With the right randomization and frequent tag changes, it is hard to associate bob with any tag. This problem becomes increasingly difficult if one introduces randomly generated tags and pgp messages and if the user keeps the message cap high (25-30). Bandwidth simply cannot be saved if the attacker is getting the downlink from gopherhole if you are using a tag system like this. The user just has to deal with 30 messages to best avoid the traffic analysis on this side. A tap on bob's line reveals that he may have a connection with any of 25-30 real or imaginary tags. One less thing to go on if you are an attacker, fake tags are a real headache. Some clever filtering method for tags would be a nice touch. All lowercase, all between four and seven letters and nouns or something...? > Comments? > Nice structure. -uni- (Dark) From sinclai at ecf.toronto.edu Thu May 12 08:23:00 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Thu, 12 May 94 08:23:00 PDT Subject: Message Havens In-Reply-To: <199405121515.AA10780@access3.digex.net> Message-ID: <94May12.112238edt.13425@cannon.ecf.toronto.edu> > Why can't gopherhole send a random number of messages with a user selected > cap? > > Bob just sends one tag request encrypted with gopherhole's public key, and > gets between 5 and [User cap] messages. Even better, (Light bulb) Bob > can send the number of messages he is currently equipped to filter along > with the tag and gopherhole can modify this just a touch +/- 10% say just > to keep Bob from getting lazy and asking for the same number all the time. > Bob can then filter the tags himself with procmail or something. Just seems > simpler and easier on the user while harder on traffic analysis. Of course! If the gopherhole already has a keypair, it may as well be used as much as possible. Good idea. > With the right randomization and frequent tag changes, it is hard to > associate bob with any tag. This problem becomes increasingly difficult > if one introduces randomly generated tags and pgp messages and if the > user keeps the message cap high (25-30). Bandwidth simply cannot be > saved if the attacker is getting the downlink from gopherhole if you are > using a tag system like this. The user just has to deal with 30 messages > to best avoid the traffic analysis on this side. A tap on bob's line > reveals that he may have a connection with any of 25-30 real or imaginary > tags. One less thing to go on if you are an attacker, fake tags are a > real headache. Some clever filtering method for tags would be a nice > touch. All lowercase, all between four and seven letters and nouns or > something...? Yeah, it certainly isn't trivial to attack. However, I'd like to make sure that it's proveably hard. I'll sit down tonight and try to muddle through it. > -uni- (Dark) Doug From lstanton at sten.lehman.com Thu May 12 08:26:28 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Thu, 12 May 94 08:26:28 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate In-Reply-To: <199405120903.AA24972@grolsch.cs.ubc.ca> Message-ID: <9405121526.AA00699@sten.lehman.com> In message <199405120903.AA24972 at grolsch.cs.ubc.ca>you write: > special case of a mailing list). All posts are sent to the central > site. The mailing list software picks one e-mail address from all of > the list receivers, and forwards the post to that e-mail address I like the general idea of distributing the load of moderating a list, but would make a few changes. Instead of picking a moderator at random, might it not work better to pick some percentage of the list (say 5%) and then post the message only if more than half of those chosen as moderators, and who respond within an hour, approve? The trouble with random single moderators are many, but worst would probably be time-delay. If the chosen moderator for a message is busy, sick, or away from their desk messages could be delayed for days. The problem gets even worse if a delayed message is then approved, and posted out of sequence. Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPokAVQIFEC2u0NyIwD3rAd2buQEB4ggB/R72gmWG FJACaoxKijfLZYEiyGOZI3xB6oQSOsV4D1EZ1jVn7UV0Orh4hCbm/bcJbacA5qCh UkfTwFPq1qvM4mC0J0xpbm4gSC4gU3RhbnRvbiA8bHN0YW50b25Ac2hlYXJzb24u Y29tPg== =HQq9 -----END PGP PUBLIC KEY BLOCK----- From nobody at soda.berkeley.edu Thu May 12 08:26:34 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Thu, 12 May 94 08:26:34 PDT Subject: PGP 2.5 available from Electronic Frontier Foundation ftp site Message-ID: <199405121526.IAA14160@soda.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- From: Stanton McCandlish Date: Wed, 11 May 1994 16:46:49 -0400 (EDT) Despite the patent & licensing issues being resolved, PGP is still not legally exportable from the United States (except to Canada), due to ITAR export restrictions which categorize cryptographic materials as weapons of war. Thus, EFF can only make PGP and other crypto tools and source code available to US and Canadian nationals currently residing in the US or Canada and connecting to EFF's site from a US or Canadian site. I was under the impression that NAFTA is the reason that Canada is included. Am I misinformed? If NAFTA is the reason, isn't Mexico equivalent to Canada in this context? Could someone clarify this aspect of the export situation, or perhaps point me at a document that explains the situation? Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdJIuBVg/9j67wWxAQEebAP/flhqUugfCUJ9at1nI8kCbkXiF10NYfcE s+1+ZFNnvz16gwI/O7nEfrIHKQl6mqmqT8T4e2JCsMiw7uM7L3vYIKHJvRek45gk /6JoUE7sjVb8nyvyct9sKeExAGqKFLxAAsOZfYno88qOMAE4nc3QRxMoqLb3XDbI EbxPLyo8T/s= =RqOv -----END PGP SIGNATURE----- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```$YS^P;+]AB?X9TW6\8WR:>P&2'9,7.YM5[D--('+[6(0O]013 at CTWLQ FKWZ$M2G9>G1>/=5O1[0U.E)J&63=DHF($P$KX#I8T]5&9!GFQ]@` ====Encrypted-Sender-End==== From sinclai at ecf.toronto.edu Thu May 12 08:33:30 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Thu, 12 May 94 08:33:30 PDT Subject: PGP 2.5 available from Electronic Frontier Foundation ftp site In-Reply-To: <199405121526.IAA14160@soda.berkeley.edu> Message-ID: <94May12.113316edt.13421@cannon.ecf.toronto.edu> > I was under the impression that NAFTA is the reason that Canada is > included. Am I misinformed? If NAFTA is the reason, isn't Mexico > equivalent to Canada in this context? Could someone clarify this > aspect of the export situation, or perhaps point me at a document that > explains the situation? > > Zeke I believe not. The ITAR regulations have been around for a lot longer than NAFTA. I would speculate that it is because the US and Canada have traditionally exchanged a lot of military technology and hardware, e.g. NORAD. From lstanton at sten.lehman.com Thu May 12 08:38:32 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Thu, 12 May 94 08:38:32 PDT Subject: State Dept Response to my second CJ request In-Reply-To: <9405121145.AA15394@snark.imsi.com> Message-ID: <9405121538.AA00727@sten.lehman.com> In message <9405121145.AA15394 at snark.imsi.com>you write: > Frankly, the case seems airtight right now. The government is > contending that only Americans can type. The position is so idiotic as > to be untenable. I don't think there is any need for additional > rigamarole -- Phil should appeal the current ruling and then take them While the courts can always rule whatever they want to, there are hopeful signs. I was having dinner with a Federal Judge last weekend, who made the mistake of asking me "Just what is the internet I keep hearing about." By the end of the night we had covered everything through the ITAR. The classification of crypto as munitions struck him as absurd, he liked the cryptography as an envelope for email analogy, and volunteered that "people who think only those with something to hide need privacy are fools." Judges tend to have brains, and are educatable. This is where, ultimately, the battle for free crypto will be won or lost. Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPokAVQIFEC2u0NyIwD3rAd2buQEB4ggB/R72gmWG FJACaoxKijfLZYEiyGOZI3xB6oQSOsV4D1EZ1jVn7UV0Orh4hCbm/bcJbacA5qCh UkfTwFPq1qvM4mC0J0xpbm4gSC4gU3RhbnRvbiA8bHN0YW50b25Ac2hlYXJzb24u Y29tPg== =HQq9 -----END PGP PUBLIC KEY BLOCK----- From ph at netcom.com Thu May 12 09:11:28 1994 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 12 May 94 09:11:28 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate In-Reply-To: <199405120903.AA24972@grolsch.cs.ubc.ca> Message-ID: <199405121611.JAA10782@netcom.com> >> Cypher version of Gresham's Law: bad posts drive out good posts. >> (The same is being seen in talk.politics.crypto, with the neverending >> Sternlight vs. Everybody Else dominating the traffic by a factor of >> 20-to-1. Detweiler recently reappeared (as tmp at netcom.com) and is back >> to debating _himself_ and answering his own delusional posts.) > Let's face it: Usenet is inherently broken. > ... > To fix them problem, then, we either have to either improve the kill > files or improve the moderation. > ... > In the best case, the moderators > would consist of all the readers of the newsgroup. > ... > The mailing list software picks one e-mail address from all of > the list receivers, and forwards the post to that e-mail address > (keeping the original post on file). > ... You're on the right track here. Moderation doesn't have to be based in censorship. It can be based on advice. Instead of picking random list receivers to moderate, readers should choose their own moderators. As a moderator reads the latest messages on the list, he or she can mark each one as junk or not junk. This causes advice messages to be sent to their subscribers. The subscribers can use mail programs which process the advice and only show messages which have passed. ("If all three of my moderators say a message is junk, then don't read it, otherwise, show me.") Each moderator can operate, in effect, a mini-mailing list. When digital money becomes available, moderators can charge for their services. One problem with mailing lists is that there isn't much feedback. It's very easy to get enthused and post a "me too" message without realizing that nobody wants to read it. If you notice that various moderators are consistently panning your articles, you will learn to do better work. Corruption of moderators is easily managed as every message they comment on is available for inspection. Hard working readers can ignore all advice by the moderators if they like. Real life example: I have wondered for some time about the articles that don't make it into comp.risks. This is a great newsgroup, but one has to be suspicious of its relationship to SRI. Are "radical" articles culled while "sane and reasonable" articles by D. Denning are passed on? It would be reassuring to be able to sift through the rejects. Peter From mlshew at netcom.com Thu May 12 09:34:01 1994 From: mlshew at netcom.com (Mark Shewmaker) Date: Thu, 12 May 94 09:34:01 PDT Subject: Lunch Tuesday at Atlanta COMDEX 5/24/94 Message-ID: <199405121633.JAA13453@netcom.com> Version 0.1--This will change in case of conflicts, etc. I'll post V1.0 on Wednesday 5/18/94. (This is version 0.1 of this file. For the most recent version, try the following: o finger mlshew at netcom.com, to read my .plan. (This file.) o get "plan" by ftp in netcom.com:/pub/mlshew This was originally sent to the cypherpunks and extropians lists.) If you would like to meet informally with other readers of these lists during next week's COMDEX, I would suggest meeting Tuesday (5/24/94) at noon, directly above the food court in CNN Center--------->+ | | Map: (Badly out of scale and oversimplified to make sense | for walkers but not drivers) | | | | | | | -------------------+ +---------------------------------|-------------- Marietta Street | -------------------+ +---------------------------------|-------------- | | | +----------------+ | | +----------+ +-------V-----------+ | World Congress | | | | The Omni | | CNN Center | | Center (COMDEX)| | | +----------+ | (Food Court here) | | Walk this way like the rest of the mobs of people | +----------------+ | | +-------------------+ | Inter- | +--------------------+ |national| | MARTA Rail Station| | Blvd. | | (The local subway) | | | +--------------------+ | | | | Lots of very expensive parking here for those | | who want to drive directly to COMDEX in the | | middle of incredible traffic and raise their More Parking | | blood pressure instead of taking a shuttle from | | their hotel, or parking at a free-parking MARTA | | lot and taking MARTA in, as is the sensible | | way to go about it. (For those who haven't been to an Atlanta COMDEX before, the CNN food court is a place where almost every COMDEX attendee is likely to eat at least once during the week. If you happen to forget, loose, or never receive the ASCII map originally above this paragraph, any random person you might ask for directions can probably point you in the direction of the "CNN Center food court.") The court is in the center of the floor you will (likely) come in on. So don't go getting confused when you see smaller sets of restaurants and tables and chairs as you enter. That's not the central court. You won't miss it, just keep going in. (Of course, you won't have much choice in the matter: There will be a mob of hungry Comdex attendies behind you, and stopping in their path is simply not a viable option.) Go to the food court, and look up. You will see a single pedestrian walkway one floor above you. That is where we'll all be. Take yourself and your food up one floor, and enjoy the pleasant conversation. (Note that up on the walkway there's no place to put your food, but that's okay, because there's no place down in the food court either--it's _really_ crowded. Down there there's hardly a place to stand, much less sit, but go up one floor, and it's a virtual dessert.) I'd like to make a publicly available list that includes the following. (To be appended to this file.) o Persons coming to Spring Comdex, interested in attending a meeting such as this, and wishing to let that and related information be known to the world. o Whether they can make the noon Tuesday meeting. o Where they heard this announcement. o Good/bad days and times. Be specific but brief. Please include this in any event, so if 3 people say only Wednesday, and 7 don't bother to mention that Wednesday is impossible for them, that I don't switch to Wednesday. No guarantees of course. o Personal interests. (Explained below) o Misc. other information they want known to the world. If you would like to enter or modify yourself in such a database, modify and mail a form such as one at the end of this file to mlshew at netcom.com, with this subject line or "comdex meeting info". Feel free to also add in: o Any job openings you know about. (Esp. EE/DSP/Programming) :-) If you would like to tell me and everyone to expect one more person, just mail the form with a number "1" in the "Name" column, so you needn't broadcast your name. If you'd like to tell no one anything and just show up, that's okay too. I'll append the information (edited!) to the end of this file. As to why I included a field about interests, it will allow everyone to mull over everyone else's idea of what would be nice to talk about, the theory being that it might help conversation naturally bend towards topics all are interested in. As to the other information, it's also to help other people who might want to get together to do so if they don't want to go to this meeting. (Or to remember remember to bring that book they borrowed from another person three years ago.) It is not a "vote" on what time the get-together will be. Appended are two sample forms (since this is the first version: V0.1). Delete everything else, put in your own info, and mail it back to me. See you soon! Mark Shewmaker mlshew at netcom.com Noon Tue. OK? Name Where heard Can Schedule at Interests ------------------------------------------------------------------------------- Y Mark Shewmaker extropians Flexible all days Schelling points of mlshew at netcom.com cypherpunks lunch meetings near conventions Thinks this is a great place to meet, and a nice place to watch everyone come and go. Need an employee? Apply now before prices go up. ------------------------------------------------------------------------------- N One fake anonymous never tell MWF 10-2 Mental Cryptography person just as an example I just kind of feel silly telling everyone that I'm going to be there; I look forward to meeting you there, though. ------------------------------------------------------------------------------ From ecarp at netcom.com Thu May 12 09:47:23 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 12 May 94 09:47:23 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate In-Reply-To: <199405121611.JAA10782@netcom.com> Message-ID: How about auto-moderation? I came up with this idea a while back for automatically moderating mailing lists. Here's how it works: A newsgroup is set up as moderated, and the posts are emailed to the moderator (as usual). The "moderator" is a mail-to-news gateway that posts the articles if the author isn't on the disapproved list, and also automatically cancels articles that don't have the right "approved" header and aren't digitally signed by the moderator. If a person becomes a nuisance, people send their votes in to the moderator-robot, and it tallies the votes. If within XXX days more thumbs down votes are received than thumbs up votes, the person is placed on the disapproved list. The main advantage is, it's fast and easy to set up. Comments? Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From GERSTEIN at SCSUD.CTSTATEU.EDU Thu May 12 09:56:51 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Thu, 12 May 94 09:56:51 PDT Subject: Hasta la vista, baby! Message-ID: <940512125621.20200a8f@SCSUD.CTSTATEU.EDU> Well Cypherpunkers, As the semester comes to an end, I have to sign off the list to prevent the unwanted buildup of "list-mail-itis". Therefore, I must say good-bye, for now. I will sign off the list in a day or so, but until then, I have a (hopefully) simple question for you.... Does anyone know how to make a kill file for VAX/VMS? I know it's not really pertinent to this topic, but I know that all of you guys (and gals) are pretty experienced, so I hope that someone knows. Let me know via private mail if you can help me out. Adam Gerstein GERSTEIN at SCSU.CTSTATEU.EDU -=-=-=- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLc0c/AT73QJlKKVlAQGV5QIAmusRN0C58o/ScjA1/V7Mq77XurUi3Ktk XZfUXkk6yLJtxtKj5kIddxMiJISfRLbNFvKkAv7LFbYDAdI0RYpnxg== =vEVx -----END PGP SIGNATURE----- From nobody at soda.berkeley.edu Thu May 12 09:57:32 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Thu, 12 May 94 09:57:32 PDT Subject: Mykotronx Message-ID: <199405121657.JAA20657@soda.berkeley.edu> The latest Mykotronix dirt, pulled off of my source just last week. Scattered information, but perhaps this can be assembled with the other information to create a better profile. !(myko) ------------- TELEDYNE SYSTEMS COMPANY MYKOTRONX METROLOGY DEPT. 357 VANNESS WAY TORRANCE, CA FIELD SERVICES METROLOGY CALIBRATION SERVICE SPER PROPOSAL MET $2,000.00 $2,000.00 5/2/93 1 LOT $2,000.00 PLEASE MAKE RECALL PERIOD ONE (1) YEAR FOR EACH ITEM UNLESS ADVISED BY MYKOTRONX, INC. ATTN: DEAN BURNGART (881)886-2211/(881)717-6881 William H. Doy 1eTRWR2 20041 Space Park Redondo Beach, CA 90278 Bobby Daniels Caremella Mestriannatot Tim Hauersperger Bob Todd Rick Oberbbndorf Roger Brouwer Chris Curren Kathleen Fairley Rod Fujikawa Roger Brouwer Mike Furusawa Bill Greenfield Gerald Krause Russell Matsui Margaret McNeil Chris Curren Joe Heindl Jesse Mirilesie Landi Riley Rod Fujikawa Glenn Higuchi Scott Mobdderly Rick Oberndorf Wendy Goble Jason Moku Sam Morrissette Roy Usui Paul Smith Bob Todd Mr. Ed Martin AEROJET 1100 W Hollyvale Street Azusa, CA 91702 8403 Destruct Security Labels $106.78 4-5-93 One Hundred six dollars and 78/100*** Modern Data 4-5-93 Richard Takahashi Rob Ertgray GERALD KRAUSE JAN DOLPHIN 408-432-8180 SPY R US 2280 ZANKER ROAD, SUITE 207 SAN JOSE, CA 94135 6203 LITRONICK INDUSTRIES 2950 Redhill Ave. Costa Mesa, CA 92626 NCJ03078 FD70322040601 Myk-5 Ground Unit Serial Number s146 and l652EA $64,910 $93,820 10110111101 Acceptance Test Procedure/Test Report Report 2EA --J.Liaci AFCSC/LMJYP 4-8-93 BOB TO DDJ.LIACI210977-2356AFCSC/LMJYP Kelly AFB 250 Hall Blvd, Suite 112 San Antonio, TX 78243-7061 RJAMESLICCACIAFCSC/LMJYP Kelly AFB 250 Hall Blvd, Suite 112 San Antonio, TX MR JOHN WIMPY AFCSC/LMMLC Building 2028, Room 208 San Antonio, TX 78243-5000 NATIONAL SECURITY AGENCY Elkridge Landing Road Linthicum, MD 21090-2902 Checkfree Corporation Problem Resolution Department P.O. box 987 Columbus, OH 43216-0897 RALPH O'CONNELL 1401 Woodbridge Road Baltimore, MD 21228 3939 S. Figureora Street Los Angeles, CA 90037 Ms. Hazel M. Smith MS:W3-7534 Harris Corporation GISD P.O. Box 98000 Melbourne, FL 32902 Mr. Vito DiGigilio VLSI Technology, Inc. 634 Balboa Blvd., Suite 100 Encino, CA 91316 R. Takahashi Mykotronx, Inc. 357 VanNess Way uite 200 Torrance, CA 90501 Contract Administrator 210977-2821 HQAFIC/LECCS 306 Wakkanai St., Suite 1 San Antonio, TX 78243 Defense Investigative Service Industrial Security Field Office(S53LB) Attention: Barry W. Hash 3605 Long Beach Blvd., Suite 405 Long Beach, CA 90807-4013 R. Todd Lee George 408 629-2880 938 Foothill Drive San Francisco CA 95123 Franchise Tax Board P.0.Box 942840 Sacramento, CA 94240-000 John C. Droge 414 Sixth Street Hermosa Beach, CA 902540 Mr. Tom Black GLANTZ & BLACK 25043 Narbonne Avenue Lomita CA 90717 Maryland Procurement Office 7318 Parkway Drive South Hanover, MD 21076 ---- VLSI Technologies, Inc. 6345 Balboa Blvd. Bldg #1 Suite 100 Encino, CA 91316 Attn: Dr. Freeman PE4-18-93 PD4-12-93 $75,000.00 4-14-93 Seventy-five thousand dollars and no/100 **** Mykotronx, Inc. Payroll Account #731081567 ---- Mr. Tom Black Glantz & Black 25043 Narbonne Avenue Lomita, Ca 90717 14 April 1993 Dear Tom, Per your request attached has is a list of our sales from 1-1-93 through 3-13-93. I've marked the items as Government or Non-government. If you have any questions or need additional information, please call me on (310)533-8100. Sincerely, Patti ---- Maryland Procurement Office Attn: N22144(CEB)(MDA 904-92-G-0354/J.0.5001) 9800 Savage Road Fort George G. Meade, MD 20755-6000 Cryptographic Support Center Logistics Management Branch 250 Hall Blvd., Ste 311 San Antonio, TX 78243-0760 ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```%AS^P;+]AB?X9TW6\8WR:*P&2&#E66'?22E^>4!79;]2Q5!'U$< nobody says: Is there someone out there who would like to act as a broker (for a small fee, natch), so that I can maintain rigorous anonymity while trading? This seems like a good way to earn some ghostmarks! I'm sure *someone* will take you up on this offer. Alternatively, you could perhaps do business through the penet remailer...? mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From karn at qualcomm.com Thu May 12 10:02:17 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 12 May 94 10:02:17 PDT Subject: PGP 2.5 available from Electronic Frontier Foundation ftp site In-Reply-To: <199405121526.IAA14160@soda.berkeley.edu> Message-ID: <199405121701.KAA24683@servo.qualcomm.com> Zeke, Read the ITARs. They're available by anonymous FTP from ftp.cygnus.com as /pub/export/itar.in.full. There's a special section on exports to Canada. Basically, most defense articles are exempt from ITAR export licensing requirements to Canada; exceptions include things like nuclear weapons components. However, there's apparently still a reporting requirement, and I wonder how this applies to anonymous FTP... Phil From blancw at microsoft.com Thu May 12 10:06:51 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 12 May 94 10:06:51 PDT Subject: FW: CEI's Internet Guide Message-ID: <9405121608.AA08376@netmail2.microsoft.com> >From: Competitive Enterprise Institute The Competitive Enterprise Institute is pleased to announce: THE VIRTUAL HAND CEI'S FREE-MARKET GUIDE TO THE INFORMATION SUPERHIGHWAY Now, under one cover, all the Internet places of interest to free-marketeers. Do you want to find the complete electronic text of "The Wealth of Nations"? How many places can *you* list where you can discuss the words of Ayn Rand? (The Virtual Hand can name five.) Do you want to know the latest in conservative or libertarian politics, or would you rather sit around griping about gun control? All this -- and more! -- is available from the Competitive Enterprise Institute. TABLE OF CONTENTS 1. Policy chatter (mainly Republican and Libertarian politics) 2. Cultural and philosophical (Objectivism, free-market literary journals, "fan" newsgroups, electronic books) 3. Student-oriented (college groups) 4. Single-issue forums (taxes, land rights, firearms, telecommunications policy, education, health care, feminism, law, Congressional reform, kids' rights) 5. Of local interest (statewide free-market groups) 6. Internet addresses of free-market groups 7. Miscellaneous 8. Other computer systems (BBS'es) 9. Government resources (how to get White House press releases, text of legislation, Federal Register, C-SPAN schedules, etc.) To get your very own copy of "The Virtual Hand," send $5 to: Alexander "Sasha" Volokh Policy Analyst Competitive Enterprise Institute 1001 Connecticut Ave. NW Suite 1250 Washington, DC 20036 From koontzd at lrcs.loral.com Thu May 12 10:19:01 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Thu, 12 May 94 10:19:01 PDT Subject: San Jose Mercury News Washington News in Brief Blurb Message-ID: <9405121718.AA01718@io.lrcs.loral.com> Thursday May 12, 1994 ELECTRONIC SNOOPING TAKES SHARP UPTURN Wiretaps and electronic monitoring by federal agents, primarily against suspected drug traffickers, grew by a third during the first year of the Clinton administration, the largest increase in a decade. [N722] From ph at netcom.com Thu May 12 10:28:07 1994 From: ph at netcom.com (Peter Hendrickson) Date: Thu, 12 May 94 10:28:07 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate In-Reply-To: Message-ID: <199405121728.KAA00443@netcom.com> > How about auto-moderation? I came up with this idea a while back for > automatically moderating mailing lists. Here's how it works: > ... > If a person becomes a nuisance, people send their votes in to the > moderator-robot, and it tallies the votes. If within XXX days more thumbs > down votes are received than thumbs up votes, the person is placed on the > disapproved list. > The main advantage is, it's fast and easy to set up. Comments? This would be easy to set up, but instead of discarding message from "disapproved" people I would suggest just tagging which messages are sent by "approved" people and which are not. That way all of the information still gets out there, even if it's unpopular. Peter From mmarkley at microsoft.com Thu May 12 10:32:23 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Thu, 12 May 94 10:32:23 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate Message-ID: <9405121633.AA10150@netmail2.microsoft.com> | | How about auto-moderation? I came up with this idea a while back for | automatically moderating mailing lists. Here's how it works: | | A newsgroup is set up as moderated, and the posts are emailed to the | moderator (as usual). The "moderator" is a mail-to-news gateway that | posts the articles if the author isn't on the disapproved list, and | also automatically cancels articles that don't have the right "approved" | header and aren't digitally signed by the moderator. | | If a person becomes a nuisance, people send their votes in to the | moderator-robot, and it tallies the votes. If within XXX days more thumbs | down votes are received than thumbs up votes, the person is placed on the | disapproved list. | | The main advantage is, it's fast and easy to set up. Comments? Sounds like a very easy scheme to break. Say I suddenly decide that I don't like your posts or Tim Mays posts. I can get you kicked off by using anonymous accounts to say that you're a nuisance. It seems to me that leaving the list open is better than trying to control it. An example of the danger of automation has already been shown on this list. Last week someone unsubscribed everybody using the automatic features of the remailer. I'd rather have access to all of the posts and make my own decisions about the contents rather than have a potential for one aggrevated individual take out some meaningful content because of a personal vendetta. Mike | | Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 | Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi | If you want magic, let go of your armor. Magic is so much stronger than | steel! -- Richard Bach, "The Bridge Across Forever" | | ===================================================== Mike Markley I'm not a Microsoft spokesperson. All opinions expressed here are mine. ===================================================== | From ecarp at netcom.com Thu May 12 10:42:43 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 12 May 94 10:42:43 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate In-Reply-To: <9405121633.AA10150@netmail2.microsoft.com> Message-ID: <199405121742.KAA21666@netcom.com> > | How about auto-moderation? I came up with this idea a while back for > | automatically moderating mailing lists. Here's how it works: > | > | A newsgroup is set up as moderated, and the posts are emailed to the > | moderator (as usual). The "moderator" is a mail-to-news gateway that > | posts the articles if the author isn't on the disapproved list, and > | also automatically cancels articles that don't have the right "approved" > | header and aren't digitally signed by the moderator. > | > | If a person becomes a nuisance, people send their votes in to the > | moderator-robot, and it tallies the votes. If within XXX days more thumbs > | down votes are received than thumbs up votes, the person is placed on the > | disapproved list. > | > | The main advantage is, it's fast and easy to set up. Comments? > > Sounds like a very easy scheme to break. Say I suddenly decide that I > don't like your posts or Tim Mays posts. I can get you kicked off by > using anonymous accounts to say that you're a nuisance. It seems to me It's not as easy as you might think. How many anonymous accounts can you get? There are only so many anon servers, and for each anon account you have to have a different real account, all it buys you is your vote registers twice instead of once. And anonymous votes can always be blocked - since just the vote tallies are sent out, you don't really buy anything by being anonymous. > that leaving the list open is better than trying to control it. An > example of the danger of automation has already been shown on this > list. Last week someone unsubscribed everybody using the automatic > features of the remailer. I'd rather have access to all of the posts > and make my own decisions about the contents rather than have a > potential for one aggrevated individual take out some meaningful > content because of a personal vendetta. Then that's your decision to make, but others have a different view. I, for one, don't want to see a bunch of inane posts from XYZ, so I put them in my filter file to be discarded. That will work for individuals, but to prevent the list from being flooded by malicious users, it seems that some sort of control would be appropriate. Nothing would stop someone from emailing uuencoded core dumps to the list, of course, but the first time they did it, I think that enough people would be pissed off that they'd vote to throw them off. Not that they couldn't receive, they just can't post. As I mentioned before, but want to make clear to you, no one individual would be able to carry out a personal vendetta against another unless they had a means to obtain many, many accounts and generate anonymous accounts for each of them. And, as I said before, anonymous votes could be just thrown away. -- Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From collsc at snowbird.aud.alcatel.com Thu May 12 10:44:09 1994 From: collsc at snowbird.aud.alcatel.com (Scott Collins) Date: Thu, 12 May 94 10:44:09 PDT Subject: San Jose Mercury News Washington News in Brief Blurb Message-ID: <9405121743.AA21360@snowbird.aud.alcatel.com> > > Thursday May 12, 1994 > > ELECTRONIC SNOOPING TAKES SHARP UPTURN > > Wiretaps and electronic monitoring by federal agents, > primarily against suspected drug traffickers, grew by a > third during the first year of the Clinton administration, > the largest increase in a decade. > [N722] > This from the same Administration which rationalizes its attempts to emasculate cryptography by citing the need for and widespread use of such methods. Coincidence? You decide. +--------------------------------------------------------------------------+ |Scott Collins Alcatel Network Systems| |collsc at aud.alcatel.com Richardson, Texas| | Even if my employers agreed with this, they would never admit it. | | GCS d? -p+ c++@ l u e- m* s+/ n- h+ f? g-(+++) w+@ t-- r- y? | +--------------------------------------------------------------------------+ From harry at starbase.sj.unisys.com Thu May 12 10:51:07 1994 From: harry at starbase.sj.unisys.com (harry at starbase.sj.unisys.com) Date: Thu, 12 May 1994 10:51:07 -0700 Subject: Postal Service and IRS mull national identity cards (fwd) Message-ID: <9405121745.AA09141@ctnews2.sj.unisys.com> I know you are interested in electronic privacy issues, so I thought you would like to see the following article. Yikes! -- Harry Subject: Postal Service and IRS mull national identity cards Forwarded-by: bostic at vangogh.CS.Berkeley.EDU (Keith Bostic) Forwarded-by: kole at hydra.convex.com (John P. Kole) Forwarded-by: cavasin at bach.convex.com (Vince Cavasin) >From Digital Media, May 9, 1994. EVER FEEL LIKE YOU'RE BEING WATCHED? YOU WILL.... Postal Service and IRS mull national identity cards, Clinton to sign orders Digital Media has learned that the Clinton administration is debating not if, but how, to create a card that every American will need in order to interact with any federal government agency. Combined with two potential executive orders and the Postal Service's designs on putting its stamp on personal and business electronic transactions, the card could open a window on every nuance of American personal and business life. The wrangling among the administration, the U.S. Postal Service, the Internal Revenue Service and Department of Defense, emerged into the public eye at this April's CardTech/SecureTech Conference. The gathering of security experts was convened to discuss applications for smart card and PCMCIA memory card technologies in business and government. The Postal Service, at the conference presented a proposal for a "general purpose U.S. services smartcard," which individuals and companies would use to authenticate their identities when sending and receiving electronic mail, transferring funds and interacting with government agencies, such as the I.R.S., Veterans Administration and the Department of Health and Human Services. President Clinton is also considering signing two executive orders that would greatly expand the government's access to personal records, including an order that would allow the I.R.S. to monitor individual bank accounts and automatically collect taxes based on the results, said sources close to the White House. The collection service will be presented as a convenient way to avoid filling out a tax return. The White House did not respond to requests for comments about this report. The Post Office: We deliver for you. The Postal Service's U.S. Card would be designed to use either smart cards (plastic cards with an embedded microprocessor carrying a unique number that can be read by a electromagnetic scanner and linked to computerized records stored on a network) or PCMCIA cards, which can contain megabytes of personal information. (You've probably seen this type card in AT&T's "You Will" ad campaign, which shows a doctor inserting a woman's card in a reader in order to access a recording of a sonogram). The Postal Service said it is considering AT&T and other companies' smart card technologies. In a slide presentation at the conference, Postal representative Chuck Chamberlain outlined how an individual's U.S. Card would be automatically connected with the Department of Health and Human Services, the U.S. Treasury, the I.R.S., the banking system, and a central database of digital signatures for use in authenticating electronic mail and transactions. The U.S. Card is only a proposal, Chamberlain insists. Yet the Postal Service is prepared to put more than a hundred million of the cards in citizens' pockets within months of administration approval, he said. "We've been trying to convince people [in the different agencies] to do just one card, otherwise, we're going to end up with two or three cards," said Chamberlain. He said in addition to the healthcare card proposed by President Clinton last year, various government agencies are forwarding plans for a personal records card and a transactions (or "e-purse") card. Chamberlain said the I.R.S in particular is pursuing plans for an identity card for taxpayers. Don't leave home without it. Though he did not name the U.S. Card at the time, Postmaster General Marvin Runyon suggested that the Postal Service offer electronic mail certification services during testimony before the Senate Governmental Affairs Subcommittee in March. The proposal is clearly intended as a way to sustain the Postal Service's national role in the information age, since it would give the agency a role in virtually every legally-binding electronic transaction made by U.S. citizens. For instance: % When sending or receiving electronic mail, U.S. Card users would be able to check the authenticity of a digital signature to screen out impostors. % Banking transactions (notably credit card purchases) that depend on authentication of the participants identities and an audit trail, would be registered in Postal Service systems. % Veterans, or for that matter college students and welfare recipients, could check their federal benefits using the identification data on their U.S. Cards. % Visitors to an emergency room would have instant access to medical records at other hospitals, as well as their health insurance information. These examples may seem benign separately, but collectively they paint a picture of a citizen's or business's existence that could be meddlesome at best and downright totalitarian at worst. Will buying a book at a gay bookstore with a credit card that authenticates the transaction through the Postal Service open a Naval officer up to court martial? If you have lunch with a business associate on a Saturday at a family restaurant, will the IRS rule the expense non-deductible before you can even claim it? "There won't be anything you do in business that won't be collected and analyzed by the government," said William Murray, an information system security consultant to Deloitte and Touche who saw Chamberlain's presentation. "This [National Information Infrastructure] is a better surveillance mechanism than Orwell or the government could have imagined. This goddamned thing is so pervasive and the propensity to connect to it is so great that it's unstoppable." Deep Roots; Deep Pockets; Long History. Chamberlain said the Postal Service has been working for "a couple years" on the information system to back up the U.S. Card. He said the project was initiated by the Department of Defense, which wanted a civilian agency to create a national electronic communications certification authority that could be connected to its Defense Messaging System. Chamberlain said the Postal Service has also consulted with the National Security Agency, proponents of the Clipper encryption chip which hides the contents of messages from all but government agencies, like law enforcement. The National Aeronautics and Space Administration's Ames Research Laboratories in Mountain View, Calif. carried out the research and development work for Clipper. "We're designing a national framework for supporting business-quality authentication," said John Yin, the engineer heading up the U.S. Card- related research for NASA Ames' advanced networking applications group. "This is not specifically with just the Postal Service. We'll be offering services to other agencies and to third-party commercial companies that want to build other services on the card." For example, VISA or American Express could link their credit services to the U.S. Card. Yin, who works on Defense Messaging Systems applications, said his group has collaborated with "elements of Department of Defense" for the past year, but would not confirm the participation of the National Security Agency, a Department of Defense agency. The NSA is specifically prohibited from creating public encryption systems by the Computer Security Act of 1987. Yin also would not comment on the budget for the project, which other sources said was quite large and has spanned more than two years. A false sense of security? According to Yin, the cards would allow individuals or businesses to choose any encryption technology. "It's not our approach to say, 'Here's the standard, take it our leave it,'" he said. "We're not trying to create a monopoly, rather it's an infrastructure for interoperability on which a whole variety of services can be built." Yet, NASA, which is a participant in the CommerceNet electric marketplace consortium will "suggest" to its partners that they adopt the U.S. Card certification infrastructure, he said. The reality is that government agencies' buying power usually drives the market to adopt a particular technology -- not unlike the way the Texas Board of Education, the largest single purchaser of textbooks in the U.S., sets the standard for the content of American classroom curricula. Since, the administration has already mandated use of Clipper and its data-oriented sibling, the Tesserae chip, in federal systems it's fairly certain that the law enforcement-endorsed chips will find their way into most, if not all, U.S. Cards. Even in the unlikely event that one government agency should weather the pressure and pass on the Clipper chip, it's still possible to trace the source, destination, duration and time of transactions conducted between Clippered and non-Clippered devices. "Most of this shift [in privacy policy] is apparently being done by executive order at the initiative of bureaucracy, and without any Congressional oversight or Congressional concurrence, " Murray said. "They are not likely to fail. You know, Orwell said that bureaucrats, simply doing what bureaucrats do, without motivation or intent, will use technology to enslave the people." EDITOR'S NOTE: Digital Media has filed a Freedom of Information Act request for Clinton and Bush Administration, Postal Service, NSA, Department of Defense, NASA, I.R.S. and other documents related to the creation of the U.S. Card proposal. -- Mitch Ratcliffe Copyright 1994 by Mitch Ratcliffe and Seybold Publications. Digital Media: A Seybold Report 444 De Haro St., Ste. 128 San Francisco, Calif. 94107 415.575.3775 dmedia at netcom.com Mitch Ratcliffe Editor in Chief 415.575.3775 office 206.581.1892 home godsdog at netcom.com From ebrandt at jarthur.cs.hmc.edu Thu May 12 11:28:33 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Thu, 12 May 94 11:28:33 PDT Subject: remailer abuse Message-ID: <9405121828.AA18300@toad.com> The jarthur remailer is presently down because of a twit who blitzed much of Caltech and JPL with a car-repair ad. A Caltech postmaster has advised me that he has moved on to using rebma. Remailer admins who don't need this kind of hassle may wish to block messages with "BARKEV'S AUTO CENTER" in the body. Eli ebrandt at hmc.edu finger for PGP key. From jim at bilbo.suite.com Thu May 12 12:13:09 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 12 May 94 12:13:09 PDT Subject: Message Havens Message-ID: <9405121909.AA28859@bilbo.suite.com> > Downloading the whole message base to scan for one's > messages will place a massive load on net.resources, and > probably a prohibitive load on most people's terminals. > Here's an alternative to using tags that need to be agreed upon in advance: I call it "Indexed Message Pools" The key ideas: Each message sent to the message pool will be encrypted in the recipient's public key. (nothing new here) The Subject: line for the message will be the MD5 hash of the message body. For each message sent, the sender will also send a small, fixed length "index message" encrypted with the recipient's public key. The index message will contain the MD5 hash of the full message (and a confounder?). The Subject: line for the index message will contain an unencrypted copy of the message hash. The index message will go into an index pool. Instead of downloading the entire message pool to check for messages, you download the index pool (should be smaller in size). You would attempt to decrypt each index message (should be quicker). A decryption will yield something that looks like a hash of a full message. Compare this with the contents of the index message's Subject: line to detect a successful decryption. To get the full message, send a request to the message pool server. The request will contain a list of message hashes. One of the hashes will be for the message that was sent to you, the other hashes are chosen randomly from the collection of index messages you couldn't decrypt. The message pool server will send you the messages that have Subject: lines containing the hashes you sent in the request. You discard all the messages that are not for you, decrypt the one that *is* for you, and there you have it. This idea scales up a bit, although not greatly. I can imagine a network of message pools that maintain a distributed index pool among themselves. You can obtain the complete index pool from any of the message pool servers. In this scenario, a index message would contain the message hash plus the address of the message pool that is holding the associated message. Small detail: To avoid downloading sections of the index pool you've already seen, the client-side software will need to maintain a timestamp or something to keep track of the last index message you've seen. Pass this timestamp to the message pool server to request all index messages since "timestamp". Comments welcome, Jim_Miller at suite.com From Richard.Johnson at Colorado.EDU Thu May 12 13:06:34 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Thu, 12 May 94 13:06:34 PDT Subject: NSA Chief Counsel in Wired, to appear on AOL Message-ID: <199405122006.OAA11345@spot.Colorado.EDU> The guy in charge of marginalizing crypto users and privacy seekers for the NSA, Stuart Baker, tries his hand at logical arguments with a minimum of name-calling. Do his arguments stand up? Not really. Note how he avoids the issue of how easy it's getting for authorities to do 'drift-net' fishing - trotting out the tired old 'no new capabilities' line. He also seems to believe that requiring court authorization for wiretaps provides good protection against their abuse (NSA has its own pet court). ------- Forwarded Message Copyright and distribution policy attached to the end of document. FYI. X-within-URL: http://www.wired.com/Etext/2.06/Features/nsa.clipper.html NSA'S CHIEF COUNSEL TO APPEAR ONLINE Stewart A. Baker, Chief Counsel for the National Security Agency and featured writer in WIRED 2.06 will host a Q&A session on the Clipper Chip. He will appear on America Online in Center Stage (from AOL type keyword: "center stage") on Thursday May 26, 1994, from 7-9 p.m. EST. Baker is the NSA's top lawyer and supports the Clipper Initiative. He worked briefly as Deputy General Counsel of the Education Department under President Jimmy Carter. His article "Don't Worry Be Happy" refutes seven myths of key escrow encryption and is a WIRED Exclusive. _________________________________________________________________ DON'T WORRY BE HAPPY Why Clipper Is Good For You By Stewart A. Baker, Chief Counsel for the NSA _________________________________________________________________ With all the enthusiasm of Baptist ministers turning their Sunday pulpits over to the Devil, the editors of WIRED have offered me the opportunity to respond to some of the urban folklore that has grown up around key escrow encryption -- also known as the Clipper Chip. Recently the Clinton administration has announced that federal agencies will be able to buy a new kind of encryption hardware that is sixteen million times stronger than the existing federal standard known as DES. But this new potency comes with a caveat. If one of these new encryption devices is used, for example, to encode a phone conversation that is subject to a lawful government wiretap, the government can get access to that device's encryption keys. Separate parts of each key are held by two independent "escrow agents," who will release keys only to authorized agencies under safeguards approved by the attorney general. Private use of the new encryption hardware is welcome but not required. That's a pretty modest proposal. Its critics, though, have generated at least seven myths about key escrow encryption that deserve answers. MYTH NUMBER ONE: Key escrow encryption will create a brave new world of government intrusion into the privacy of Americans. Opponents of key escrow encryption usually begin by talking about government invading the privacy of American citizens. None of us likes the idea of the government intruding willy-nilly on communications that are meant to be private. But the key escrow proposal is not about increasing government's authority to invade the privacy of its citizens. All that key escrow does is preserve the government's current ability to conduct wiretaps under existing authorities. Even if key escrow were the only form of encryption available, the world would look only a little different from the one we live in now. In fact, it's the proponents of widespread unbreakable encryption who want to create a brave new world, one in which all of us -- crooks included -- have a guarantee that the government can't tap our phones. Yet these proponents have done nothing to show us that the new world they seek will really be a better one. In fact, even a civil libertarian might prefer a world where wiretaps are possible. If we want to catch and convict the leaders of criminal organizations, there are usually only two good ways to do it. We can "turn" a gang member -- get him to testify against his leaders. Or we can wiretap the leaders as they plan the crime. I once did a human rights report on the criminal justice system in El Salvador. I didn't expect the Salvadorans to teach me much about human rights. But I learned that, unlike the US, El Salvador greatly restricts the testimony of "turned" co-conspirators. Why? Because the co-conspirator is usually "turned" either by a threat of mistreatment or by an offer to reduce his punishment. Either way, the process raises moral questions -- and creates an incentive for false accusations. Wiretaps have no such potential for coercive use. The defendant is convicted or freed on the basis of his own, unarguable words. In addition, the world will be a safer place if criminals cannot take advantage of a ubiquitous, standardized encryption infrastructure that is immune from any conceivable law enforcement wiretap. Even if you're worried about illegal government taps, key escrow reinforces the existing requirement that every wiretap and every decryption must be lawfully authorized. The key escrow system means that proof of authority to tap must be certified and audited, so that illegal wiretapping by a rogue prosecutor or police officer is, as a practical matter, impossible. MYTH NUMBER TWO: Unreadable encryption is the key to our future liberty. Of course there are people who aren't prepared to trust the escrow agents, or the courts that issue warrants, or the officials who oversee the system, or anybody else for that matter. Rather than rely on laws to protect us, they say, let's make wiretapping impossible; then we'll be safe no matter who gets elected. This sort of reasoning is the long-delayed revenge of people who couldn't go to Woodstock because they had too much trig homework. It reflects a wide -- and kind of endearing -- streak of romantic high-tech anarchism that crops up throughout the computer world. The problem with all this romanticism is that its most likely beneficiaries are predators. Take for example the campaign to distribute PGP ("Pretty Good Privacy") encryption on the Internet. Some argue that widespread availability of this encryption will help Latvian freedom fighters today and American freedom fighters tomorrow. Well, not quite. Rather, one of the earliest users of PGP was a high-tech pedophile in Santa Clara, California. He used PGP to encrypt files that, police suspect, include a diary of his contacts with susceptible young boys using computer bulletin boards all over the country. "What really bothers me," says Detective Brian Kennedy of the Sacramento, California, Sheriff's Department, "is that there could be kids out there who need help badly, but thanks to this encryption, we'll never reach them." If unescrowed encryption becomes ubiquitous, there will be many more stories like this. We can't afford as a society to protect pedophiles and criminals today just to keep alive the far-fetched notion that some future tyrant will be brought down by guerrillas wearing bandoleers and pocket protectors and sending PGP-encrypted messages to each other across cyberspace. MYTH NUMBER THREE: Encryption is the key to preserving privacy in a digital world. Even people who don't believe that they are likely to be part of future resistance movements have nonetheless been persuaded that encryption is the key to preserving privacy in a networked, wireless world, and that we need strong encryption for this reason. This isn't completely wrong, but it is not an argument against Clipper. If you want to keep your neighbors from listening in on your cordless phone, if you want to keep unscrupulous competitors from stealing your secrets, even if you want to keep foreign governments from knowing your business plans, key escrow encryption will provide all the security you need, and more. But I can't help pointing out that encryption has been vastly oversold as a privacy protector. The biggest threats to our privacy in a digital world come not from what we keep secret but from what we reveal willingly. We lose privacy in a digital world because it becomes cheap and easy to collate and transmit data, so that information you willingly gave a bank to get a mortgage suddenly ends up in the hands of a business rival or your ex-spouse's lawyer. Restricting these invasions of privacy is a challenge, but it isn't a job for encryption. Encryption can't protect you from the misuse of data you surrendered willingly. What about the rise of networks? Surely encryption can help prevent password attacks like the recent Internet virus, or the interception of credit card numbers as they're sent from one digital assistant to another? Well, maybe. In fact, encryption is, at best, a small part of network security. The real key to network security is making sure that only the right people get access to particular data. That's why a digital signature is so much more important to future network security than encryption. If everyone on a net has a unique identifier that others cannot forge, there's no need to send credit card numbers -- and so nothing to intercept. And if everyone has a digital signature, stealing passwords off the Net is pointless. That's why the Clinton administration is determined to put digital signature technology in the public domain. It's part of a strategy to improve the security of the information infrastructure in ways that don't endanger government's ability to enforce the law. MYTH NUMBER FOUR: Key escrow will never work. Crooks won't use it if it's voluntary. There must be a secret plan to make key escrow encryption mandatory. This is probably the most common and frustrating of all the myths that abound about key escrow. The administration has said time and again that it will not force key escrow on manufacturers and companies in the private sector. In a Catch-22 response, critics then insist that if key escrow isn't mandated it won't work. That misunderstands the nature of the problem we are trying to solve. Encryption is available today. But it isn't easy for criminals to use; especially in telecommunications. Why? Because as long as encryption is not standardized and ubiquitous, using encryption means buying and distributing expensive gear to all the key members of the conspiracy. Up to now only a few criminals have had the resources, sophistication, and discipline to use specialized encryption systems. What worries law enforcement agencies --what should worry them -- is a world where encryption is standardized and ubiquitous: a world where anyone who buys an US$80 phone gets an "encrypt" button that interoperates with everyone else's; a world where every fax machine and every modem automatically encodes its transmissions without asking whether that is necessary. In such a world, every criminal will gain a guaranteed refuge from the police without lifting a finger. The purpose of the key escrow initiative is to provide an alternative form of encryption that can meet legitimate security concerns without building a web of standardized encryption that shuts law enforcement agencies out. If banks and corporations and government agencies buy key escrow encryption, criminals won't get a free ride. They'll have to build their own systems -- as they do now. And their devices won't interact with the devices that much of the rest of society uses. As one of my friends in the FBI puts it, "Nobody will build secure phones just to sell to the Gambino family." In short, as long as legitimate businesses use key escrow, we can stave off a future in which acts of terror and organized crime are planned with impunity on the public telecommunications system. Of course, whenever we say that, the critics of key escrow trot out their fifth myth: MYTH NUMBER FIVE: The government is interfering with the free market by forcing key escrow on the private sector. Industry should be left alone to develop and sell whatever form of encryption succeeds in the market. In fact, opponents of key escrow fear that businesses may actually prefer key escrow encryption. Why? Because the brave new world that unreadable encryption buffs want to create isn't just a world with communications immunity for crooks. It's a world of uncharted liability. What if a company supplies unreadable encryption to all its employees, and a couple of them use it to steal from customers or to encrypt customer data and hold it hostage? As a lawyer, I can say it's almost certain that the customers will sue the company that supplied the encryption to its employees. And that company in turn will sue the software and hardware firms that built a "security" system without safeguards against such an obvious abuse. The only encryption system that doesn't conjure up images of a lawyers' feeding frenzy is key escrow. But there's a second and even more compelling reason why the key escrow initiative can't fairly be characterized as interfering with private enterprise: The encryption market has been more or less created and sustained by government. Much of the market for encryption devices is in the public sector, and much of the encryption technology now in widespread use in the private sector was funded, perfected, or endorsed by the federal government. And not by accident, either. Good encryption is expensive. It isn't just a matter of coming up with a strong algorithm, although testing the strength of an algorithm can be enormously time-consuming. The entire system must be checked for bugs and weaknesses, a laborious and unglamorous process. Generally, only the federal government has been willing to pay what it costs to develop secure communications gear. That's because we can't afford to have our adversaries reading our military and diplomatic communications. That's led to a common pattern. First, the government develops, tests, or perfects encryption systems for itself. Then the private sector drafts along behind the government, adopting government standards on the assumption that if it's good enough for the government's information, it's good enough to protect industry's. As encryption technology gets cheaper and more common, though, we face the real prospect that the federal government's own research, its own standards, its own purchases will help create the future I described earlier -- one in which criminals use ubiquitous encryption to hide their activities. How can anyone expect the standard-setting arms of government to use their power to destroy the capabilities of law enforcement -- especially at a time when the threat of crime and terror seems to be rising dramatically? By adopting key escrow encryption instead, the federal government has simply made the reasonable judgment that its own purchases will reflect all of society's values, not just the single-minded pursuit of total privacy. So where does this leave industry, especially those companies that don't like either the 1970s-vintage DES or key escrow? It leaves them where they ought to be -- standing on their own two feet. Companies that want to develop and sell new forms of unescrowed encryption won't be able to sell products that bear the federal seal of approval. They won't be able to ride piggyback on federal research efforts. And they won't be able to sell a single unreadable encryption product to both private and government customers. Well, so what? If companies want to develop and sell competing, unescrowed systems to other Americans, if they insist on hastening a brave new world of criminal immunity, they can still do so -- as long as they're willing to use their own money. That's what the free market is all about. Of course, a free market in the US doesn't mean freedom to export encryption that may damage US national security. As our experience in World War II shows, encryption is the kind of technology that wins and loses wars. With that in mind, we must be careful about exports of encryption. This isn't the place for a detailed discussion of controls, but one thing should be clear: They don't limit the encryption that Americans can buy or use. The government allows Americans to take even the most sophisticated encryption abroad for their own protection. Nor do controls require that software or hardware companies "dumb down" their US products. Software firms have complained that it's inconvenient to develop a second encryption scheme for export, but they already have to make changes from one country to the next -- in language, alphabet, date systems, and handwriting recognition, to take just a few examples. And they'd still have to develop multiple encryption programs even if the US abolished export controls, because a wide variety of national restrictions on encryption are already in place in countries from Europe to Asia. MYTH NUMBER SIX: The National Security Agency is a spy agency; it has no business worrying about domestic encryption policy. Since the National Security Agency has an intelligence mission, its role in helping to develop key escrow encryption is usually treated as evidence that key escrow must be bad security. In reality, though, NSA has two missions. It does indeed gather intelligence, in part by breaking codes. But it has a second, and oddly complementary, mission. It develops the best possible encryption for the US government's classified information. With code breakers and code makers all in the same agency, NSA has more expertise in cryptography than any other entity in the country, public or private. It should come as no surprise, therefore, that NSA had the know- how to develop an encryption technique that provides users great security without compromising law enforcement access. To say that NSA shouldn't be involved in this issue is to say the government should try to solve this difficult technical and social problem with both hands tied behind its back. MYTH NUMBER SEVEN: This entire initiative was studied in secret and implemented without any opportunity for industry or the public to be heard. This is an old objection, and one that had some force in April of 1993, when the introduction of a new AT&T telephone encryption device required that the government move more quickly than it otherwise would have. Key escrow was a new idea at that time, and it was reasonable for the public to want more details and a chance to be heard before policies were set in concrete. But since April 1993, the public and industry have had many opportunities to express their views. The government's computer security and privacy advisory board held several days of public hearings. The National Security Council met repeatedly with industry groups. The Justice Department held briefings for congressional staff on its plans for escrow procedures well in advance of its final decision. And the Commerce Department took public comment on the proposed key escrow standard for 60 days. After all this consultation, the government went forward with key escrow, not because the key escrow proposal received a universally warm reception, but because none of the proposal's critics was able to suggest a better way to accommodate society's interests in both privacy and law enforcement. Unless somebody comes up with one, key escrow is likely to be around for quite a while. That's because the only alternative being proposed today is for the government to design or endorse encryption systems that will cripple law enforcement when the technology migrates -- as it surely will -- to the private sector. And that alternative is simply irresponsible. For more information on the Clipper standard you can access WIRED's Clipper archive via the following WIRED Online services. * WIRED Infodroid e-mail server: Send e-mail to infodroid at wired.com containing the words "send clipper/index" on a single line inside the message body. * WIRED Gopher: Gopher to gopher.wired.com and select "Clipper Archive." * WIRED on World Wide Web: http://www.wired.com select "Clipper Archive." * WIRED on America Online: The keyword is WIRED. * WIRED on the Well: Type "go wired" from any "OK" prompt. _________________________________________________________________ Stewart A. Baker is the National Security Agency's top lawyer. He worked briefly as Deputy General Counsel of the Education Department under President Jimmy Carter, and he practiced international law at Steptoe & Johnson, in Washington, DC. He has been at the NSA since 1992. _________________________________________________________________ WIRED Online Copyright Notice Copyright 1993,4 Ventures USA Ltd. All rights reserved. This article may be redistributed provided that the article and this notice remain intact. This article may not under any circumstances be resold or redistributed for compensation of any kind without prior written permission from Wired Ventures, Ltd. If you have any questions about these terms, or would like information about licensing materials from WIRED Online, please contact us via telephone (+1 (415) 904 0660) or email (info at wired.com). WIRED and WIRED Online are trademarks of Wired Ventures, Ltd. ------- End of Forwarded Message From tcmay at netcom.com Thu May 12 13:16:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 12 May 94 13:16:23 PDT Subject: Archives, FAQ, and Why Things are the Way they Are Message-ID: <199405122016.NAA25186@netcom.com> (This message has two parts. First, a discussion of archives, the FAQ, etc. Second, why encryption and remailers have been such successes and why things like digicash and other more exotic protocols have not.) I received half a dozen requests for ftp posting of articles, for archive sites, etc. This was in response to my comment about "golden oldies." We are in a tower of Babel these days. Dozens of computer platforms, from mainframes to workstations to Macs to Windows to Amigas. Dozens of mail programs (hence the fragmented support for something so basic as PGP), dozens of newsreaders, dozens of etc. The point: There is no easy solution to the problem of how newcomers can come up to speed on this list. Some miscellaneous points: * Yes, a FAQ would help. I am working on one. A long one, as is my wont. I hope to have a version out soon for comments and further submissions. I expect to either put it up for ftp at my site, or at the soda/csuu(?) site, or to just mail it to folks who request to be early commenters (I don't want the early versions ricocheting through cyberspace). * However, many people are demonstrably unwilling or unable to read the sci.crypt FAQ (else why some of the questions we get?) or to acquire Schneier. ("What's Schneier?" is one of the FUQs--Frequently Unanswered Questions.) * My best articles (in my opinion) and the best articles of others are scattered in 200 folders/directories, arranged thematically. I use Eudora's sorting capabilities to sort the mail into topics I think are related (such as Crypto/Technical/One Time Pads). Then I index the articles with "On Location," which allows me to pull up each article that has key words, such as "uranium" anywhere in the message. My own personal research tool. I mention this because I have no plans to collect these articles (either mine or those of others) and put them up for ftp access. Just too much work for too little gain. * Newcomers should be patient. Read the list for a while. I notice that one newcomer has announced that he is leaving the list after 3 days (!!) because his question on analog encryption went unanswered. Oh well. * The "Cypherpunks Archives" comes up from time to time. While we all have our own personal archives (I have 40 MB of Eudora files devoted more or less to Cypherpunks), many believe a browsable archive of _all_ posts would be nice. - this has some downsides: inspection by prosecutors and the like for seditious, infringement-inducing posts, etc. (Yes, they could subscribe and see much the same things, but making a browsable site accessible to one and all seems risky, given the political climate.) Also, the 50 or 100 MB (rough estimate) of Cypherpunk mail would be unreadable except in dribbles and dabs. (The Bible is only 10 MB!) - and recall that Cypherpunks has no budget, no organized structure, and no means of accomplishing such goals as making archives available except insofar as the volunteer efforts of folks like Hugh Daniel and Eric Hughes go. And the toad.com machine is John Gilmore's personal machine, for which we should be thankful we have any access to at all. - a real archive, maintained by real people, would require time commitments and budgetary commitments I don't see materializing anytime soon. * Meanwhile, we face the "tower of Babel." Only text messages, like this one, cut across all systems, all mailers, all readers, and can be encrypted (into _other_ text blocks, which is why some interoperability exists at all). Many things that are "possible" in the malleable and Protean world of computers simply never gets done. For while many things are "possible," time and energy limits mean these things don't get done. To the Unix jocks who send me their idea of helpful messages, suggesting that I use MIME-compliant agents and HTML URLs for the FAQ (or somesuch...), or that a few pages of perl would fix these problems....thanks, but no thanks! (I get a fair number of messages suggesting that my complaints about foo would vanish if I gave up the Macintosh and adopted the One True Way, be it BSD, or XWindow, or perl, or whatever.) (I do have access to "lynx," a stunning character-based form of Mosaic, and I've been cruising around webspace with this. But I intend to distribute the FAQ as a simple text doc, not as a WWW/Mosaic/HTML/URL/lynx thingamajig. I know this will be disappointing to some fraction of you, but we can't all be pioneers with arrows in our backs. I actually have some expectation that WWW and Mosaic are the Next Big Thing, and that groups like our list will eventually migrate to webspace, with Cypherpunks being a virtual meeting place in webspace. But not in the next year or two.) AND NOW FOR SOMETHING COMPLETELY DIFFERENT,... One final word: My point about only the text block being the lingua franca of e-mail and the Internet (with a few images and sound files gaining strength) is an important clue to what works and what doesn't work in the world of crypto: * simple encryption works because everybody conceptually understands the concept of the encrypted message, which remains a text block. * remailers have worked for the same reason: everybody understands the idea of readdressing a letter, and the underlying data structure for the system remains a text block. * other protocols, like digicash, reputation servers, anonymous markets, and so on, have languished because of the tower of Babel effect--too many layers of protocol communication, negotiation, and cross-platform incompatibilities. And the "semantics" of these protocols are far from clear. (Try playing the roles of Banker, Customer, and Shop in a 3-entity digital cash protocol, with messages, signatures, blinded signatures, and "money objects" flowing back and forth. It gets confusing, even to those who've pored over the Chaum papers. Now try to _automate_ the protocol to run with little human intervention on a mix of platforms, e-mail systems, etc. This is the "protocol problem" that I happen to think needs a _lot_ more work. A big C or perl problem will not necessarily be the solution.) So, our early successes (use of encryption and remailers) is not too surprising, and that's why these successes came early on. What's next is a much harder problem. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cyber1 at io.org Thu May 12 13:19:04 1994 From: cyber1 at io.org (Cyber City) Date: Thu, 12 May 94 13:19:04 PDT Subject: low-quality posts Message-ID: Derek Upham wrote: > There are two ways to filter for content: filter at the newsgroup > source via moderators, or filter at the newsgroup destinations via > killfiles. Moderating does seem to get rid of most of the cruft, but > the moderators are required to read every post that comes through, > and, worse, make judgements with some degree of impartiality (which is > not always possible). There's a simpler solution. Using the majordomo hack I posted earlier, mail from known abusers would be bounced to the moderator for his approval or rejection. This would be a small volume, which should be within the capabilities of one moderator. It's important to note that even abusive posters have their moments of lucidity. For example, one or two of Detwelier's posts were actually worth reading. So a wholesale and automatic filtering would be wrong. As for the marginal stuff, it should be passed for redistribution, and the end-users should be educated on means to do their own filtering. For example, here's a simple scheme to employ the filter distributed with ELM: .forward file: "|/path/to/filter -vo $HOME/.elm/filter-errors" .elm/filter-rules file: if (from = "lassie") then save "~/mail/nal" if (to contains "cypherpunks") then save "~/mail/Cypher" -- Alex Brock From perry at imsi.com Thu May 12 13:25:06 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 12 May 94 13:25:06 PDT Subject: The Wisdom of Stuart A. Baker Message-ID: <9405122024.AA09857@bacon.imsi.com> Says Stewart A. Baker, Chief Counsel for the NSA, writes in Wired: MYTH NUMBER TWO: Unreadable encryption is the key to our future liberty. Of course there are people who aren't prepared to trust the escrow agents, or the courts that issue warrants, or the officials who oversee the system, or anybody else for that matter. Rather than rely on laws to protect us, they say, let's make wiretapping impossible; then we'll be safe no matter who gets elected. This sort of reasoning is the long-delayed revenge of people who couldn't go to Woodstock because they had too much trig homework. It reflects a wide -- and kind of endearing -- streak of romantic high-tech anarchism that crops up throughout the computer world. Don't you just love the finely tuned reasoning here? The absense of ad hominem attacks? This is obviously a rapier sharp logician we have here. I, for one, doubt I could ever produce any counterarguments. We must implement a police state, ladies and gentlemen, because its opponents were more interested in studying than in goofing off at a famous rock festival. I see no possible counterargument. Perry Metzger Who's bothered to read his history books instead of making fun of people who know how to read. From dat at ebt.com Thu May 12 13:31:45 1994 From: dat at ebt.com (David Taffs) Date: Thu, 12 May 94 13:31:45 PDT Subject: more from RISKS Message-ID: <9405122031.AA11666@helpmann.ebt.com> More from Risks... Amos Shapir's point below is well taken -- if indeed computer capacity is growing exponentially, which from all accounts it seems to be, then any code can be broken in linear time! ------------------------------ RISKS-LIST: RISKS-FORUM Digest Weds 11 May 1994 Volume 16 : Issue 05 ------------------------------ Date: Tue, 10 May 1994 15:37:05 -0400 From: pcw at access.digex.net (Peter Wayner) Subject: Re: Elevators, Car bumpers and Cryptography... I once talked to a major elevator company about doing just what the Schindler Elevator Corp. is accused of doing by the Toronto government. (RISKS-16.04). The company told me that they were in the habit of selling the elevators at a loss so they could make up the money in service contracts. Then they found themselves battling independent service companies who undercut their prices. They hoped to use cryptography to lock out any other service provider without the right key. Of course, this loss-lead approach is common in many businesses. Car companies often sell their cars at a low price and hope to make it up selling spare parts later. That is why I discovered that a spare bumper for my car cost over $500. The difference is that other companies are now making duplicate parts. The major automakers can try and discourage them, but they can't lock them out of the business. Cryptographic locks, though, are a different story. They probably can't be broken in a reasonable amount of time. (See also 16-04) I'm not sure of the case law on this, but I would suspect that it might fall under questionable or illegal trade practices. At least in the US. ------------------------------ Date: Tue, 10 May 94 19:33:36 PDT From: Fredrick B. Cohen Subject: Re: Bellcore cracks 129-digit RSA encryption code (RISKS-16.04) I think a lot of people are missing the real point about the RSA. On my pocket PC, I can create a code that requires 5,000 MIP years to break in a matter of seconds. If I am willing to use several more seconds, I can make a code that takes 10^25 MIPS years to break. Compare this to any other encryption scheme, and you will find that the workload amplification of the RSA is quite good. And Shannon told us in 1949 that any non-perfect information transform can be broken with enough cyphertext - and developed the concept of workload for evaluating cryptosystems. If we want perfect cryptosystems we know how to get them, but it requires secure distribution. On the other hand, the RSA provides any degree of complexity we wish to generate (finite) and a fantastic complexity amplification factor, and the advantages of a dual public key system that can be used for both encryption and authentication. The point is that the RSA has not been broken, rather it has shown just how much of a David is required to defeat a given Goliath. After all, in terms of that story, David would have been a MIP second and Goliath 5,000 MIP years in relative sizes for a break-even fight. I'll take that David any day. FC ------------------------------ Date: 11 May 1994 15:19:01 GMT From: amos at CS.HUJI.AC.IL (Amos Shapir) Subject: Re: Bellcore cracks 129-digit RSA encryption code (RISKS-16.04) > So where does the 40 quadrillion figure come from? It comes from this very table. 10^9 is a billion, not a trillion, in the US system, and 40 quadrillion is 4 x 10^16, which is even less than what I get by interpolating to 425 bits (can anyone who has access to the original RSA article verify this?). There seems to be an interesting risk here: most encryption methods rely on "hard" problems, i.e. problems whose "brute force" solutions require computation resources which are an exponential function of the key length. But in a world in which computing power grows exponentially, such problems can be solved in polynomial (or even linear) time! Amos Shapir, The Hebrew Univ. of Jerusalem, Dept. of Comp. Science. Givat-Ram, Jerusalem 91904, Israel +972 2 585706,586950 amos at cs.huji.ac.il ------------------------------ From karn at qualcomm.com Thu May 12 13:42:42 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 12 May 94 13:42:42 PDT Subject: Encryption metaphor in Monty Python Message-ID: <199405122042.NAA25065@servo.qualcomm.com> Recently I watched Monty Python and the Holy Grail again for the Nth time. At the very end of the movie, as the police arrest King Arthur and Sir Bedevere and break up the attack against the French castle, one of the officers accosts a knight. Grabbing the knight's shield, the officer says "Hey, that's an offensive weapon, that is!" I'd say that pretty much sums up the government's attitude toward cryptography, doesn't it? :-) Phil From greg at ideath.goldenbear.com Thu May 12 13:48:51 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 12 May 94 13:48:51 PDT Subject: Case law re ITAR and export control Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I've been reading more about export controls, and found these cases which may be of interest: US v Elder, 579 F.2d 516 (9th Cir, 1978). Prohibition on export of technical data includes provision of assistance to foreign manufacturers of items which would be on the Munitions List if manufactured domestically. This prohibition does not interfere with First Amend. free speech protection when narrowly interpreted to apply only to tech. data "significantly and directly related" to items on the Munitions List. Conviction under 22 USCA 1934 (since repealed, but similar to 22 USCA 2778, which applies now) requires that where tech data has both military and nonmilitary uses, prosecution must establish accused knew or had reason to know of its application towards a prohibited purpose. US v Van Hee, 531 F.2d 354 (6th Cir, 1976). Personal knowledge can constitute "technical data" for purposes of regulations restricting export of munitions. Exemption applying to "public domain" technical data applies only to technical data in published form. Exemption for public domain tech data must be claimed at time of export, not at trial, and package/letter must be marked as claimed exempt. US v. Donas-Botto, 363 F.Supp 191 (E.D.Mich, S.D. 1973). "Technical data" as used in the ITAR includes "technical knowledge", and its transmission is not protected by the First Amendment. The US also claims the right to prosecute for violations of the ITAR committed by non-citizens while located in foreign countries, even where the subject matter is owned by a foreign government. See US v Evans, 667 F.Supp 974 (S.D.N.Y, 1987) for a chilling story indeed. I'm going to be on vacation for a few weeks, and probably won't be checking the list; in order to avoid misunderstanding, the summaries above are my own and I believe they're accurate. I haven't found anything which overturns or disagrees with the above. My own ideas about "freedom of speech" don't match the above, but that's probably not surprising. My questions about the above: o When does export take place? When the technical data leaves the country, or when it is transferred to a foreign party? (my guess is the latter, at least with respect to "technical knowledge") o Do I need a license from the State Department if I know how to do RSA and I want to go bar-hopping in Tijuana? (just kidding, but there's a real question in there somewhere.) Discussion on the list about export regulation has focussed on violations of the ITAR; but prosecution is also possible under 22 USC 2778, with maximum penalties of $1M and 10 years in prison. Ouch. If there's going to be an LA-area C-punks meeting, will someone please send E-mail? -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLdKAqX3YhjZY3fMNAQEXWQP9H+WGzXZYki4BXYJI1C4dYQItXHIxAj/9 rKpu5qvnLk3F/cG+vwBB7d6C9g/hRAJQwYSxw1OEI/GG4Es6rqDmpaD7oQeu+mX0 IV/B89gUQuP/YbARLlgH2nTbpxk8gXNQnRDXQlhjJzIzs+yiRGrL9ggTNfNTYh9R AOkTBh7aRTg= =/0G2 -----END PGP SIGNATURE----- From perry at imsi.com Thu May 12 13:54:50 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 12 May 94 13:54:50 PDT Subject: Yet Another T-Shirt Proposal Message-ID: <9405122054.AA10102@bacon.imsi.com> Should I ever run in to Stewart A. Baker, I want to be wearing a T-Shirt that says "I oppose Clipper because I'm a bitter guy who couldn't go to Woodstock". (Actually, something pithier would be nice, but you get the idea. Maybe "Mad at the NSA for making me do my Trig Homework"?) Perry From karn at qualcomm.com Thu May 12 13:59:30 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 12 May 94 13:59:30 PDT Subject: NSA Chief Counsel in Wired, to appear on AOL In-Reply-To: <199405122006.OAA11345@spot.Colorado.EDU> Message-ID: <199405122058.NAA25125@servo.qualcomm.com> > What worries law enforcement agencies --what should worry them -- is a > world where encryption is standardized and ubiquitous: a world where > anyone who buys an US$80 phone gets an "encrypt" button that > interoperates with everyone else's; a world where every fax machine > and every modem automatically encodes its transmissions without asking > whether that is necessary. In such a world, every criminal will gain a > guaranteed refuge from the police without lifting a finger. Well, I guess we now know what our mission is as cypherpunks. :-) Phil From jims at Central.KeyWest.MPGN.COM Thu May 12 14:07:20 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 12 May 94 14:07:20 PDT Subject: NSA Chief Counsel in Wired, to appear on AOL In-Reply-To: <199405122006.OAA11345@spot.Colorado.EDU> Message-ID: <9405122107.AA11279@Central.KeyWest.MPGN.COM> > > This sort of reasoning is the long-delayed revenge of people who > couldn't go to Woodstock because they had too much trig homework. It Give this tired, ancient metaphor a break. [... the next paragraph starts:] > The problem with all this romanticism is that its most likely Then he says we are overboard on the romanticism. Sheesh. [.. the public sector] > drafts along behind the government, adopting government standards on > the assumption that if it's good enough for the government's > information, it's good enough to protect industry's. But Clipper NEVER claimed to be good enough for the government's info! As far as I know the description was that it was to be used for "sensitive but not classified info" and as such it's not good enough for the REAL secrets. The scary thing is that unless someone were informed by a group such as the c'punk list they would buy his babble fairly easily. Shoot, I combed it with such an awareness and it still ALMOST sounds convincing. It scares me when they can get on TV and tell the public "Clipper is good because..." and spout this or some similar argument and we on the other side of the issue can only tell our friends and a few computer types via news groups and mailing lists. In general that American public is gullible and would buy this drivel. Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From catalyst-remailer at netcom.com Thu May 12 14:19:12 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Thu, 12 May 94 14:19:12 PDT Subject: The Wisdom of Stuart A. Baker Message-ID: <199405122118.OAA16153@netcom.com> > Says Stewart A. Baker, Chief Counsel for the NSA, writes in Wired: But not for long... I understand he's resigned, and will be leaving NSA tomorrow (Friday, May 13th). Wonder what his next illustrious position will be... ------------------------------------------------------------------- From karn at qualcomm.com Thu May 12 14:22:02 1994 From: karn at qualcomm.com (Phil Karn) Date: Thu, 12 May 94 14:22:02 PDT Subject: Case law re ITAR and export control In-Reply-To: Message-ID: <199405122121.OAA25217@servo.qualcomm.com> >My questions about the above: >o When does export take place? When the technical data leaves > the country, or when it is transferred to a foreign party? > (my guess is the latter, at least with respect to "technical > knowledge") >o Do I need a license from the State Department if I know > how to do RSA and I want to go bar-hopping in Tijuana? > (just kidding, but there's a real question in there > somewhere.) See ITAR section 120.17 for the answers to both questions: @ 120.17 -- Export. Export means: (1) Sending or taking a defense article out of the United States in any manner, except by mere travel outside of the United States by a person whose PAGE 19 58 FR 39280, *39285 FOCUS personal knowledge includes technical data; or (2) Transferring registration, control or ownership to a foreign person of any aircraft, vessel, or satellite covered by the U.S. Munitions List, whether in the United States or abroad; or (3) Disclosing (including oral or visual disclosure) or transferring in the United States any defense article to an embassy, any agency or subdivision of a foreign government (e.g., diplomatic missions); or (4) Disclosing (including oral or visual disclosure) or transferring technical data to a foreign person, whether in the United States or abroad; or (5) Performing a defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad. (6) A launch vehicle or payload shall not, by reason of the launching of such vehicle, be considered an export for purposes of this subchapter. However, for certain limited purposes (see @ 126.1 of this subchapter), the controls of this subchapter may apply to any sale, transfer or proposal to sell or transfer defense articles or defense services. From eagle at deeptht.armory.com Thu May 12 14:27:34 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Thu, 12 May 94 14:27:34 PDT Subject: NSA Cheif Counsel in Wired (Rebuttal) Message-ID: <9405121426.aa10070@deeptht.armory.com> -----BEGIN PGP SIGNED MESSAGE----- A little further along in the AP story on the record level of Clinton Administration wire taps, Micheal J. Sniffen states: In a section on surveillances completed in 1993, the report said the longest and most expensive federal eavesdropping was accomplished by a microphone placed inside a New Jersey lawyer's office in a racketeering case. The microphone actually operated 435 days, overhearing a total of 65 people, at a cost of $517,673. ...The government said in court, "the purpose of utilizing the law offices ... was to evade electronic surveillance by fraudulently creating the appearance that these were legally proper meetings." This microphone recorded conversations in the office, not the telephone. As I stated to Dr. Dorthy Denning of Georgetown University, escrowed encryption is unnecessary for surveillance. In addition to "bugs", intellegence agencies also provide long range listening technology to the enforcement agencies like the FBI and DEA. Organized criminals don't use the phone to discuss business, it can be tapped. This sort of blows a hole in Stuart Baker's arguments for escrowed encryption being necessary in law enforcement. The next time he offends someone with his tired trig joke, I would hope that he is ask to rebut this. As well as to estimate how many conversations and participants are actually involved in the given figure of 333 1993 "wiretaps." Long range listening was found to fall under federal "wiretap" rules in the Smalldone case in Denver during the summer of 1982. Try to FOIA that info. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdKerV/ScHuGXWgVAQFziAQAuYTNTKjaqTWaOO3C42yKCWLM7+kU1gXp 4sGxHGQKfsDP333zLNA+ETGuVfs6si5YQVbsnlGVdS/v36oZp8bUj/8MgWYKLj66 1jRNf4mPl0Mb5LL7InrUwjKCqmOb/GLuHK7F0cHzZbsBE2FkmIqi27AcgJ/8nMxl lFiBbzWrBk4= =I+yV -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From wex at media.mit.edu Thu May 12 15:02:02 1994 From: wex at media.mit.edu (Alan Wexelblat) Date: Thu, 12 May 94 15:02:02 PDT Subject: MIT cypher talk Message-ID: <9405122201.AA20513@spike.media.mit.edu> [email joanne at theory.lcs.mit.edu for more info] > Thursday, May 19, 1994 > Refreshments at 4:00pm, Talk at 4:15pm in NE43-518 > > ``A Minimal Model for Secure Computation'' > by Uriel Feige > Weizmann Institute > > ABSTRACT > >We consider a minimal scenario for secure computation: Parties $A$ and >$B$ have private inputs $x$ and $y$ and a shared random string $r$. >$A$ and $B$ are each allowed to send a single message to a third party >$C$, from which $C$ is to learn the value of $f(x,y)$ for some >function $f$, but nothing else. We show that this model is >surprisingly powerful: every function $f$ can be securely computed in >this fashion. If the messages are required to be of polynomial size, >then we exhibit an efficient protocol for any function $f$ computable >in nondeterministic logspace. Using a computational notion of >security, we exhibit efficient protocols for any polynomial-time >computable function $f$, assuming the existence of one-way functions. >The above results generalize to the case where there are more than two >parties with private inputs. > >The minimalistic nature of our model makes it easy to transform >positive results achieved in our model to other more general models of >secure computation. It also gives hope for lower-bound proofs. We >give an alternative characterization of our model in terms of graph >embeddings, and use this to show that for most Boolean functions on >$\{0,1\}^n\times\{0,1\}^n$, the need to hide just one of the input >bits from $C$ requires a communication overhead of $n$ bits. \medskip > >Joint work with Joe Kilian and Moni Naor. > >Host: Michel Goemans From mech at eff.org Thu May 12 15:07:30 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 12 May 94 15:07:30 PDT Subject: NSA's Baker to debate key escrow live on AOL, May 26 Message-ID: <199405122206.SAA01575@eff.org> ________ begin fwd ________ NSA'S CHIEF COUNSEL TO APPEAR ONLINE Stewart A. Baker, Chief Counsel for the National Security Agency and featured writer in WIRED 2.06 will host a Q&A session on the Clipper Chip. He will appear on America Online in Center Stage (from AOL type keyword: "center stage") on Thursday May 26, 1994, from 7-9 p.m. EST. Baker is the NSA's top lawyer and supports the Clipper Initiative. He worked briefly as Deputy General Counsel of the Education Department under President Jimmy Carter. His article "Don't Worry Be Happy" refutes seven myths of key escrow encryption and is a WIRED Exclusive. ______ end fwd __________ [NOTE: chances are that's actually EDT not EST.] -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From lile at netcom.com Thu May 12 15:27:20 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 12 May 94 15:27:20 PDT Subject: Smart cards Message-ID: <199405122227.PAA11821@netcom.com> I thought you might want to see this. It does talk about the clipper so I hope people will note mind seeing it posted here... I hadn't thought things could get this bad... sigh... -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From koontzd at lrcs.loral.com Thu May 12 15:28:44 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Thu, 12 May 94 15:28:44 PDT Subject: NSA Chief Counsel in Wired, to appear on AOL Message-ID: <9405122227.AA02095@io.lrcs.loral.com> >From: "Jim Sewell" > > >> >[.. the public sector] >> drafts along behind the government, adopting government standards on >> the assumption that if it's good enough for the government's >> information, it's good enough to protect industry's. > > But Clipper NEVER claimed to be good enough for the government's info! > As far as I know the description was that it was to be used for "sensitive > but not classified info" and as such it's not good enough for the REAL > secrets. In the interest of keeping weak arguments from being battered down latter, it is entirely possible that the cryptographic algorithm used in clipper (SKIPJACK) is identical to that found in the CCEP type 1 devices (KG-84, STU-IIIs, KY-57/8s, etc.). What may make the clipper chip unsuited for classified traffic is that it is not type 1 certified (control processor code reviewed, failure mode analysis, etc.) and does not require centralized key distribution - the clipper chips have the ability to have the correct Cryptographic Check Word (CCW) read back when attempting to load a home grown key, Type 1 devices simply go to an error state, insisting that only 'state sponsored' keys be used. What is involved is the encryption of a known plaintext pattern, the resulting ciphertext is subsampled (3 bytes), which is the CCW. (It is almost a certainty that if the crypto algorithm in clipper were identical, that the plaintext values are different.) The lack of rigidly checked hardware implementations, and screening of the keys could be the major differences between a clipper chip and one for classified traffic. One of the CCEP crypto modules is supposed to have unit IDs embedded in transmissions, and most of them do remote rekeying, which may have been subborned for the remainder of the LEAF. The check word in the LEAF fits in nicely with checking the validity of a new key received from the distant end. The unit ID is required for a centralized key distribution scheme. In other words it may not be that the cryptographic algorithm is not good enough to protect classified data, rather that the key selection process and hardware implementation are not certified for classified data. One can image that this could be told to certain elected representatives in classified briefings, and used to discount this one argument, and by extension other arguments. One should be willing to stipulate that the cryptographic algorithm is not the weakness, rather that the escrow aspect is what is objectionable. From mech at eff.org Thu May 12 15:35:05 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 12 May 94 15:35:05 PDT Subject: NSA Cheif Counsel in Wired (Rebuttal) (fwd) Message-ID: <199405122234.SAA02438@eff.org> Forwarded message: Subject: Re: NSA Cheif Counsel in Wired (Rebuttal) Date: Thu, 12 May 1994 14:26:52 -0700 (PDT) From: Jeff Davis To: eff-activists at eff.org (eff-activists mailing list) -----BEGIN PGP SIGNED MESSAGE----- A little further along in the AP story on the record level of Clinton Administration wire taps, Micheal J. Sniffen states: In a section on surveillances completed in 1993, the report said the longest and most expensive federal eavesdropping was accomplished by a microphone placed inside a New Jersey lawyer's office in a racketeering case. The microphone actually operated 435 days, overhearing a total of 65 people, at a cost of $517,673. ...The government said in court, "the purpose of utilizing the law offices ... was to evade electronic surveillance by fraudulently creating the appearance that these were legally proper meetings." This microphone recorded conversations in the office, not the telephone. As I stated to Dr. Dorthy Denning of Georgetown University, escrowed encryption is unnecessary for surveillance. In addition to "bugs", intellegence agencies also provide long range listening technology to the enforcement agencies like the FBI and DEA. Organized criminals don't use the phone to discuss business, it can be tapped. This sort of blows a hole in Stuart Baker's arguments for escrowed encryption being necessary in law enforcement. The next time he offends someone with his tired trig joke, I would hope that he is ask to rebut this. As well as to estimate how many conversations and participants are actually involved in the given figure of 333 1993 "wiretaps." Long range listening was found to fall under federal "wiretap" rules in the Smalldone case in Denver during the summer of 1982. Try to FOIA that info. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdKerV/ScHuGXWgVAQFziAQAuYTNTKjaqTWaOO3C42yKCWLM7+kU1gXp 4sGxHGQKfsDP333zLNA+ETGuVfs6si5YQVbsnlGVdS/v36oZp8bUj/8MgWYKLj66 1jRNf4mPl0Mb5LL7InrUwjKCqmOb/GLuHK7F0cHzZbsBE2FkmIqi27AcgJ/8nMxl lFiBbzWrBk4= =I+yV -----END PGP SIGNATURE----- -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From hayden at krypton.mankato.msus.edu Thu May 12 16:00:50 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 12 May 94 16:00:50 PDT Subject: Yet Another T-Shirt Proposal In-Reply-To: <9405122054.AA10102@bacon.imsi.com> Message-ID: nOn Thu, 12 May 1994, Perry E. Metzger wrote: > Should I ever run in to Stewart A. Baker, I want to be wearing a > T-Shirt that says "I oppose Clipper because I'm a bitter guy who > couldn't go to Woodstock". (Actually, something pithier would be nice, > but you get the idea. Maybe "Mad at the NSA for making me do my Trig > Homework"?) How about one that says: FRONT: The quote by baker Back: NSA agents are dweebs that couldn't get a date in high school. :-) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From bart at netcom.com Thu May 12 16:00:57 1994 From: bart at netcom.com (Harry Bartholomew) Date: Thu, 12 May 94 16:00:57 PDT Subject: LaMacchia case on McNeill-Lehrer Message-ID: <199405122300.QAA16274@netcom.com> In the last third of the show. Reasonably balanced coverage with Mike Godwin of EFF. But focussing on the software piracy issue rather than correctness of the prosecution. From hayden at krypton.mankato.msus.edu Thu May 12 16:02:14 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Thu, 12 May 94 16:02:14 PDT Subject: The Wisdom of Stuart A. Baker In-Reply-To: <199405122118.OAA16153@netcom.com> Message-ID: On Thu, 12 May 1994 catalyst-remailer at netcom.com wrote: > > Says Stewart A. Baker, Chief Counsel for the NSA, writes in Wired: > > But not for long... I understand he's resigned, and will be leaving > NSA tomorrow (Friday, May 13th). > > Wonder what his next illustrious position will be... Coordinator for Woodstock II? :-) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From cdodhner at indirect.com Thu May 12 16:22:55 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Thu, 12 May 94 16:22:55 PDT Subject: Auto-Moderation of mailing list In-Reply-To: <199405121742.KAA21666@netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > As I mentioned before, but want to make clear to you, no one individual > would be able to carry out a personal vendetta against another unless > they had a means to obtain many, many accounts and generate anonymous > accounts for each of them. And, as I said before, anonymous votes could > be just thrown away. Any system administrator, from root at uu.net on down to sysops of lowly fidonet BBSs, or anyone who is uucp connected, can create as many accounts as they wish on thier own system and auto-forge posts/mailings from other (real or non-existant) systems and accounts. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner @ indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 - ------------------------------------------------------------------------------ PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger revolution H.E.A.T. warheads porno kiddiesex export import customs deviant bribe corrupt White House senator congressman president Clinton Gore bootleg assasinate target ransom secret bluprints prototype microfilm agents mole mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges kuwait saddam leader death-threat overlords police hitler furer karl marx mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdKUreKc9MdneB1xAQHsAQP/f59qkbxs394K2rGad10b9SQK9pnmFGUz QAG/maK3Xx2ca3NkhGliFsWGaCEfeBMopsBbjvb12mSaEOj4hFxMrTiXw/q1RPE4 V+KrJU+iBgQgwnJ8OW9nQYBvU7FSFLA9XvPjGhODB1z+PZhBt6T5VzKgBEYRkeXM jVjeDrFLGZk= =PhXT -----END PGP SIGNATURE----- From pkm at maths.uq.oz.au Thu May 12 17:25:48 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Thu, 12 May 94 17:25:48 PDT Subject: MIT TOC SEMINAR--ADI SHAMIR--MONDAY--MAY 16--4:15pm Message-ID: <9405130025.AA24899@axiom.maths.uq.oz.au> > Imvery curious as to how humans can directly decode encrypted > pictures. Do they stare at it for 10 minutes and go "ah, there > it is". > Paul E. Baclace > peb at netcom.com Well... maybe if it was one of those stereographic pictures, it would be a little bit easier. You just have to get your eyes in focus (and that's a bit hard for some people). Pling! You suddenly discover the hidden message, like "HITLER IS ALIVE AND LIVING IN ARGENTINA!" or some other related message. It's in 3-D, so the letters appear to be 5 mm tall! (Reminds me of when Jaws III was out at the cinema. :-)) Of course, you might have to print it out first. Sorry, just me being silly. ======================================================= | Peter Murphy. . Department of | | Mathematics - University of Queensland, Australia. | ------------------------------------------------------- | "What will you do? What will you do? When a hundred | | thousand Morriseys come rushing over the hill?" | | - Mr. Floppy. | ======================================================= From mech at eff.org Thu May 12 17:27:27 1994 From: mech at eff.org (Stanton McCandlish) Date: Thu, 12 May 94 17:27:27 PDT Subject: More FOIA docs online at EFF Message-ID: <199405130026.UAA05346@eff.org> A few new arrivals at ftp.eff.org that may be of immediate interest. The first is a recent bill, scheduled for markup very soon. EFF urges you to ask your Senators to co-sponsor and support this bill. Those following EFF Boardmember John Gilmore's FOIA battle with NSA, the Justice Dept. and other recalcitrant agencies will know why this is so important. For those that don't, the issue in a nutshell is that the original FOIA (Freedom of Information Act) did not adquately cover records that are not in hardcopy format, such as computer files; it granted overly-broad excuses to not release documents, and provided for few penalties for violating FOIA. As a result, secretive agencies have been breaking the law with impunity, vastly exceeding the mandated times in which the law requires them to respond to FOIA requests from citizens, and have been using technicalities, vague passages, and filmy excuses to withold important information that belongs to the American people. This new bill, supported by EFF, aims to correct these problems, and ensure that FOIA works the way it should. The other file is adequately described by it's entry from our /pub/README.changes file, excerpted below. 05/12/94 - added important recent bill supported by EFF: Electronic Freedom of Information Improvement Act (S1782), sponsored by Sens. Leahy & Brown. Please ask your Senators to co-sponsor this bill to "fix the bugs" in FOIA, and prevent agencies from illegally delaying and refusing to release information to the public, and also mandate procedures for dealing with electronic information as well as hardcopy: /pub/EFF/Issues/Activism/FOIA/ e-foia.bill - added 10/4/93 Clinton & Reno memos to heads of Depts. and agencies on FOIA (Freedom of Information Act) issues: /pub/EFF/Issues/Activism/FOIA/foia_clinton_reno_93.memos - Clinton urges agencies to keep pace with their FOIA obligations, saying "I therefore call upon all Federal departments and agencies to renew their commitment to the Freedom of Information Act, to its underlying principles of government openness, and to its sound administration." Something that also may be of interest: - added new E-Mail Policy in Federal Government: Report of the Electronic Mail Task Force Prepared for the Office of Management and Budget, Office of Information and Regulatory Affairs, Apr. 1, 1994 - /pub/EFF/Policy/Govt_online/ federal_email_policy_omb_report -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From gtoal at an-teallach.com Thu May 12 17:34:07 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 12 May 94 17:34:07 PDT Subject: The Wisdom of Stuart A. Baker Message-ID: <199405130034.BAA04466@an-teallach.com> > Says Stewart A. Baker, Chief Counsel for the NSA, writes in Wired: But not for long... I understand he's resigned, and will be leaving NSA tomorrow (Friday, May 13th). Wonder what his next illustrious position will be... Well, I'd put a dollar on him taking up some civilian post where he can influence the acceptance of Clipper through industry. Managing director of an electronics firm. Or head of one of the escrow agencies perhaps. That how things work here in Britain anyway - most of our big company top management are ex spooks. Especially in the armaments and military-related side of things, like aircraft companies. In Baker's case I'd guess a telephone company. Much more likely that or something else civilian than another govt post like NIST or the FCC. G From whitaker at dpair.csd.sgi.com Thu May 12 19:37:39 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Thu, 12 May 94 19:37:39 PDT Subject: My skepticism/promises WAS Re: Mien Beinkpff In-Reply-To: <0097DEAC.BB4F8100.38@Leif.ucs.mun.ca> Message-ID: <9405040905.ZM8870@dpair.csd.sgi.com> On May 4, 8:04am, Bill Garland wrote: > So what else is on the homework list? > > 2. Read Schneier. Heavy into the technical cryptography stuff, to > be sure, but definitely required reading. Many time units. > > 2. b. Do the Errata list. > This last subtask is very important. I remember seeing the first set of errata, and hearing reports of Bruce's (understandable) dismay at the publisher's cavalier treatment of the typography of mathematical formulae. I've only recently gotten a round tuit myself, having perused the first section of a housemate's copy, and am convinced I need my own. I'll have my own Friday afternoon (Stacey's sells it locally), and am wondering if the most recent set of errata are still available from Bruce. I was on a distribution from Bruce for these, and am wondering if the mailing list still exists. > 4. Start a BBS. Well, maybe I can make some money at it, once I get > a machine and some phone lines...but I'm way out in the boonies > here. I'll need a satellite dish internet feed, because I can't > get a commercial one except through academic routes, and I don't > want to go through academic routes and would not be allowed, anyway. > Avoiding academic connections will provide some ammunition when someone tries to drag you into the usual tired "acceptable use" arguments. > 5. Get a Netcom account? Is this possible for a Canadian? I'd > still have to telnet from some supplier here. I'll go for my > own service with my own satellite dish. Investors, anyone? > Ripe market! Send for Prospect-Us. > Netcom? Only if you're a masochist. If you try dialing in, that is. Or doing anything involving finger daemons. Or... > > But, isn't Unix full of security holes? When I set up my own > Netcom company, won't I be hacked? Ray? HELP? Oh yes, I've > got to get into Pr0duct Cypher's product. What's a firewall? > Um, your own "Netcom company"? Netcom is certainly not the best business model for an Internet service provider. Look at the load problems! Their pricing model is very, very poor. You get what you pay for. I have 2 accounts on Netcom (one business, one personal). Dialing into Netcom is useless, so all my mail to those accounts is .forward'd to elsewhere. If you're seriously contemplating a Netcom-like service, ignore the whiners ("But your service costs too much!") and implement a rational pricing model, rather than an all-you-can-eat-for-one-low-price dialup policy. > There's gold in them thar hills. I will be willing to put money > into it, when I get some money. This process of emerging from > bankruptcy and becoming judgement proof is interesting, but it > takes time, and money. Also, discipline. Having proven myself > incompetent at my financial affairs, how dare I speculate upon > starting a bank? Well, there it is. Fuck 'em. Feed em fishheads. > I'm going to do it anyway. I'll even go out on a limb and say > that I'm going to tell you all how I'm going to do it, except > don't expect an answer Real Soon Now. I've still got to figure > out the solution to the duplicate spending problem. > I don't know who you are, but it certainly makes it very difficult for anyone to give you the benefit of the doubt when you publicly admit such a cavalier attitude toward your own finances. Read what you've written above, and ask yourself if it inspires confidence. You say, "Fuck 'em... I'm going to do it anyway..." Well, OK. But talk like that, while a fine display of your Cajones, doesn't inspire me. Good luck to you, though. I'm looking forward to your solution to the duplicate spending problem. That one alone would take a bit of work... > > And please, Tim, We Really Do Need The FAQ. I have heard > you toss out tidbits about the Cyperpunks FAQ. More, please. > We really do value your postings and ideas and caveats and > reputation - nobody else could do it...Tim... > I, too, value Tim's postings. At the Extro-1 conference this last weekend, in a discussion on "The Extropians Virtual Community", it was noted (not a new point) that good posts never draw the responses that objectionable posts do. Herein lie very large and serious issues of incentive engineering, which will not be solved anytime soon. [referring to Tim's discussion of "things we can't buy with tokens":] > Yeah, I've noticed this, too. But I want to buy books, and I want > to sell stuff to my Customers, and I want them to use my cash from > my bank to pay for this stuff. And I want cooperating banks all using > the same INFO_Banque Protocol (TM WmRG right now) to use my cash > and I'll use theirs, and we'll have 700 Cypherpunks and 300 Extropians > start up 1000 new banks all using our own developed and pgp-like-available > software, for a small fee. > If you want this - or anything (desirability aside) - you're going to have to *convince* the rest of us - part of your potential market - why we should want it too. > before I can do that, well, you know...homework... > > Still, if you want to get the ball rolling, send me $10 and I'll > deposit it in trust, sticking my own reputation on the line ... Who are you? Seriously. Do you have a reputation? With whom? Is this reputation salable? > Actually, I don't know if there are any legal implications to > that, because my private company Macronic Systems, Inc. is incorporated > specifically NOT as a bank, because different rules apply to a bank, You don't know, yet you make a solicitation of funds? Oh, yes: different rules *do* apply to banks. You really do need to read into North American banking law. > but my INFO_Banque is not incorporated anywhere. It is a virtual > entity of mine that nobody can get at just yet. Do the authorities know where you sleep? This "virtual entity" is *you*. Are you judgement proof? "Virtual" is such a fashionable buzzword these days. What do you mean by it? > Hell, Tim, I'll > give you all the Thornes you want for $10 - if you still want them! > Be the first one on your block. Just to keep myself honest, my home > address is 28 Warren Place, St. John's, Nfld. Canada A1A 2A1. Now, > wouldn't you trust someone with a postal code like that! I hesitated > at putting that here in a Cypherpunks message, but what the hell... > just tell Detweiller I am armed and dangerous... > Well, I guess I've answered at least part of my own question... they *do* know where you sleep. > Yes, this is fine. But we are talking anonymous money, untraceable > transactions, cryptoanarchy, stuff like that. We know about cheques. > (I wish you yanks could get your spelling right!) > That's Yanques to you, bub. > Agreed - of course. We've got to beat VISA/MC/AMEX/Travellers Cheques > in transaction costs, Have fun trying. Do you mean "cost to credit company" or "cost to end user"? > > HEx is now dormant and will be for a little while yet. > I am expecting to be able to find a place from which to run it > real soon now. The playing field seems to have shifted ... Just *which* business do you plan to focus on? Which one is the one you are chartered as a corporate entity to pursue? If I were a potential investor, I wouldn't put my money onto a raft of promises. I'm not trying to squelch your enthusiasm, but it's damned difficult for a smart and energetic polymath (you sound like one; many of us are) to viscerally accept the necessity of narrow specification and ruthless pursuit of a single goal. You need to do one thing very well, and see if it flies. Otherwise, you will accrete a reputation as a dabbler. > > I have been wanting for months to expound upon these ideas and > seek feedback from Extropians and Cypherpunks regarding what to > do with this reputation market. I will accept any ideas any of > you want to donate... if they are earthshattering and they make > some money for me and my Business Partners/Investors in the long > run, I may even repay with digital cash royalties. Royalties which will buy me how much petrol? How many pairs of trousers? How many copies of the *Economist* or *Playboy*? How many scoops of Baskin Robbins? It has to be cash with backing. Calling it something cool doesn't convince. There need to be fundamentals in place. > > Other uses include digital timestamping - when I can get a > machine and ups and raid box and backup site and security and > all that other stuff I want - I will start offering services > like this. What with all the other ambitions I have mentioned > here in this Mein Beinkpff message/posting, I could easily spend > a few hundred grand getting this together - if I didn't have > a full-time job to do to feed my family, etc etc.... > You've said this a number of times. Are you simply expressing your belief that you'll never really do anything? Then why post at all? Do you have that low an opinion of your own abilities? Do something. Don't complain. Your life is your own. I will be impressed when you *do* something. > yourself, and soon there will be 700 Cypherpunks and 300 Extropians > and all 4 IMP-Interest people all having anonymous remailers and mixes > operating, so any sub-chain of eight INFO_Banque Protocol banks > will virtually HAVE to be reliable for our commerce... > You make some interesting assumptions here. Why? Why should all of the people you list above do these things? > account. Maybe it will at first turn out to be merely digital > cheques, but maybe if Perry lets me in on his secrets and some > of the stuff he has learned from these six-figure guys at > Citibank who are out trying to figure out how to capture this > market, well maybe then we can get somewhere... > Are you willing to pay Perry large amounts of money for consulting? He *might* consider it, if it's cash up front. (Right, Perry?) I suggest you simply dive in and start learning basic economics. Start with Hazlitt's *Economics in One Lesson*, Bastiat's *Economic Sophisms*, anything by Hayek, Mises, and David (the younger) Friedman, for starters. Don't expect someone like Perry to open up to you with "revealed knowledge" which will make it all clear for you. If you're as serious about your Homework as you keep repeating, learn the fundamentals of how the world works. You will then have at least some of the tools to acquire more tools. > But please, sir, can we have more? Please write about Protocol. > Soon. Like, forget the line-by-line response you were going to > make to _this_ message... heh heh. (Opps, I almost said ... > no, I can't repeat it...) One of Tim's many graces is that he rarely makes a practice of the line-by-line response. I wish I could say the same of myself. -- Russell Earl Whitaker whitaker at sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique Mountain View CA (415) 390-2250 ================================================================ #include From klbarrus at owlnet.rice.edu Thu May 12 20:39:53 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 12 May 94 20:39:53 PDT Subject: Message Havens Message-ID: <9405130339.AA04535@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Hal wrote: >Karl's idea about message havens is interesting, but I don't fully >follow how it differs from the anonymous pools we discussed last year Well, the biggest (and maybe the only) difference is mail doesn't leave the haven. It's like a post office box, you have to show up to retrieve your mail. - From my experience running remailers, posts other operators send here, general observations, and various attacks we've all suffered through, it seems like most of the problems/objections we get stem from the fact that anonymous remailers (drum roll...) actually send mail! For example: * Eli just sent a message about somebody who used his remailer to mailbomb something... *this list has been victim to the rantings of various individuals anonymous and otherwise. *somebody forwarded a ClariNet post through Scott Collins' remailer thus causing him difficulty *remailers operators have to fear some fool will remail to whitehouse.gov (or the operatros have blocked that address) *the message pool Miron runs is susceptible to mail bombing I'm not saying we should junk the anonymous remailers and replace them with message havens... it's just a suggestion that may solve a few problems we are having. Until positive reputation filters show up and everybody digitally signs their posts, etc. Digital cash payments for each message stored would greatly reduce the mailbomb problem for message havens as well as anonymous remailers. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdL1ToOA7OpLWtYzAQEoigP+PmJtyybo24swqPD5MaDRhuvwKhhMMfn7 txaTbdVM8mzoKWgKlsB2Sw89ZO2CMl7Rijv4kgmdaxTBL278p7CuescTmRnwYACr ArlH9DSDsM9eXqVq2jLd33J2PBWhBnpn5TdOOUIJZ7B7HrT0KgaIzFv7lGhsBXQy PUh87BWOhE4= =8T8B -----END PGP SIGNATURE----- -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From klbarrus at owlnet.rice.edu Thu May 12 20:53:24 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 12 May 94 20:53:24 PDT Subject: Message Havens Message-ID: <9405130353.AA05022@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- >Downloading the whole message base to scan for one's messages >will place a massive load on net.resources, and probably >a prohibitive load on most people's terminals. I disagree. The only resource that will be hit is the message haven (unlike say every computer in the world that carries the certain usenet group you have chosen to use as a communications vehicle). Geez, think of like a place that offers anonymous ftp. It's resources are hit, but I don't buy the "massive load on net.resources". The only load I can envision being hit on a person's terminal is the time it would take to browse all messages. You have to read each message and have your communications software log in a file, or scrollback/record each one individually. I mean, the info is already coming to your computer, you just have to save it. Maybe the haven could offer a way to get all the days/weeks/whatever files in one big chuck; this is clearly no worse than just ftp'ing a large file. > This scheme should avoid this nescessity: This scheme is precisely what I described earlier! The two users agree on what to name/tag the file, and that's how they get messages to each other. The problem is Bob can't just retreive that one file (if he is concerned about traffic analysis), so he can get them all so a watcher learns nothing. You have suggested downloading a smaller portion of the available message base instead of the whole thing. >The gopherhole must be trusted not to divulge which posts came from >who, and it's key must not be compromized. Alice and Bob can get their messages to the haven via anonymous remailers to avoid problem #1. I didn't envision the message haven even having a key. It isn't needed if they both are encrypting with the other person's key anyway, so I'm not sure what problem #2 is. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdL5hYOA7OpLWtYzAQHx8QQAtlVYJvSGyR0uGq8a8IodCewZNBwSVHou 7YJssBHIBp/I+V+s1fMpBkUSmG6oINu5L/VEeEQXRswHGJJ/F6jLtxkrFlY/kcff XKTqizrroVtemYQpZtjpPowT2eQsdlonewbslZc3Y+GdZfErgCzoiYW2dXIX8tnG yD2OvZKCAYs= =i3Ea -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Thu May 12 21:32:52 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 12 May 94 21:32:52 PDT Subject: Message Havens Message-ID: <9405130432.AA05874@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn wrote: > Why can't gopherhole send a random number of messages with a user > selected cap? I'm taking it that a "gopherhole" is different than the "message haven" I described, so maybe I missed something... but if the "gopherhole" sends out random messages (and presumably the ones you are interested in) then the "gopherhole" will eventually be able to figure out what messages you are interested in. And how would it know what messages you are interested in unless you tell it... it would then need to be able to tie your psuedonym to your real mail address, which defeats the entire purpose of what I described. But then, maybe the design goal of a "gopherhole" is different and I missed it. Maybe I wasn't clear in what the "message haven" offered... I'm trying to get away from the penet style mapping tables, persistent information tying you and your pseudonym, and solve the "unsolicited anonymous mail" problem. The message haven requires no trust, no tables, no information since it just accepts message and files them, and if you retrieve all the message, the haven can't figure out which ones you are interested in! Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdMCx4OA7OpLWtYzAQFEyQQAlF5v1z6/GmU0HE56DDsC+IozQk8QKY8n kWmxC8VzyTq2Gjd1JOjq8MrlnQLok2F0wwJqP2+OVv8PY9iT3D3/tCVOwr2iHFq4 OF26mkwz5neIXyilrXmqhJfGPAhJQsjW5eB7PsoVSZtYkcxbjU83ZAkHGRJ6fEr3 j4tIJ6kvcto= =+ijo -----END PGP SIGNATURE----- From pkm at maths.uq.oz.au Thu May 12 21:41:26 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Thu, 12 May 94 21:41:26 PDT Subject: *Here they come Message-ID: <9405130440.AA08357@axiom.maths.uq.oz.au> Like Lefty, I found the bit about "DEATH TO STATISTS" a bit hard to work out. For one thing, what do you define as "statist"? Does it include minarchists in this definition. I also thought that statism and PC were not synomynous. (Take Patrick Buchanan....) ======================================================= | Peter Murphy. . Department of | | Mathematics - University of Queensland, Australia. | ------------------------------------------------------- | "What will you do? What will you do? When a hundred | | thousand Morriseys come rushing over the hill?" | | - Mr. Floppy. | ======================================================= From klbarrus at owlnet.rice.edu Thu May 12 21:48:37 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 12 May 94 21:48:37 PDT Subject: Message Havens, gopherholes Message-ID: <9405130448.AA06385@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Okay, I think the discussion has forked somewhere along the way to "gopherholes" and "message havens". While I described the message havens, maybe I didn't do so clearly (after all, it's all worked out in my mind!) and I may be overlooking something a fresh perspective will see. But, the advantages of a message haven are: * it doesn't send mail, thus eliminating what are the strongest objections to anonymous mail - you can't harrass somebody * it doesn't require you to tell it what messages you want to retrieve * it doesn't keep a list of pseudonym and true identity mappings, which seems to be required for "gopherhole" operation * it doesn't even need to have a public key: you and your partner can use each other's keys, and in every response to a message, you can specify what to name the next message, and even include a brand new public key if you want, etc. * if you retreive all the messages, the haven can't figure out who you are communicating with (actually, it can't figure out who is communicating with you) Now, about gopherholes: [description of how randomization and tag changes will make it hard to associate pseudonyms and true names] > Yeah, it certainly isn't trivial to attack. However, I'd like to Unless I missed something, you have to tell the "gopherhole" what messages you want to receive. This allows the goperhole to associate your psuedonym and true identity. More comments! About message havens and gopherholes. Nice to see some crypto being discussed ;) Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdMGfYOA7OpLWtYzAQHT2gP9GEpOePu8gUp/u4E37pWF8WhkyFaGwpqw nAkpqhanf8gCOsvPRhk4lvwETZ20hoCRzgR2bZzIq4F4bgtvx659bbElNBZv8kKu 5xYlMm+cV3MCwwTYXaBz7ItIl8ZC6rfQLdc2LAXhvJvjdaxHTpDeySN5l1gTdCII j9SQvUGYG1w= =/NkS -----END PGP SIGNATURE----- From prz at acm.org Thu May 12 23:17:23 1994 From: prz at acm.org (Philip Zimmermann) Date: Thu, 12 May 94 23:17:23 PDT Subject: PGP 2.5 Message-ID: <9405130620.AA09814@columbine.cgd.ucar.EDU> David Sternlight, here are the answers to most of your questions. >Just so I'm absolutely clear, since I want to use PGP but not to take any >legal risks: > >1. Was the person in the administration who approved this empowered to act >for the MIT Corporation? Yes. Jim Bruce, a vice president above Jeff Schiller approved it. Another high level official (another VP) also knew, and I'm under the impression that he was in favor of it, too. The decision was a formal decision by MIT The Institution. Absolutely NOT a low-level person acting on his own. I hope I'm making this point clear enough. >2. Did the MIT legal counsel act with full knowledge of the patent situation >and MIT's relationship with PKP? Of course. With absolutely full knowledge. And extensive review. And careful analysis. And with a formal written legal opinion to MIT. >3. Were the counsel and administration people aware that 2.5 uses >non-published calls to RSAREF? Perhaps you have a different opinion of what "published" means. It is the opinion of MIT and their lawyers that the entry points that PGP uses are published entry points. They were not declared public in previous versions of RSAREF, they were declared static. But now they are declared public in the new RSAREF, even to the point of being included in a header file as public entry points. MIT advised their lawyers of the exact nature of this, and the MIT administration was fully informed, and this issue was discussed to death amongst all responsible parties at MIT before a formal decision was made. >I'm eager to start using PGP2.5, and hope it all works out. I'm puzzled that >Jim Bidzos hasn't acknowledged the non-infringing nature of PGP 2.5 if, in >fact it doesn't infringe. I'm puzzled he hasn't supported 2.5 the way he has Has Bidzos publicly asserted that PGP 2.5 is infringing? If not, then it would not be safe to assume that it is. Silence can be interpreted in a variety of ways. Or not interpreted at all. MIT carries a great deal of moral authority by officially releasing PGP 2.5. I hope this will help defuse your efforts to stamp out PGP. -Philip Zimmermann prz at acm.org From hfinney at shell.portal.com Thu May 12 23:26:17 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 12 May 94 23:26:17 PDT Subject: Message Havens, gopherholes Message-ID: <199405130627.XAA10537@jobe.shell.portal.com> One problem I see with Karl's suggestion (if I understand it) is that there needs to be some pre-arrangement between sender and receiver in order for the receiver to know what "tag" will be used to identify the next message. That way he knows to download it after scanning all the tags (plus, he downloads a certain number of other messages as cover). (In other words, every day he downloads five messages from the message haven. He does this whether he has anything there or not. An eaves- dropper doesn't know how many of the five are for him and how many are just random.) I think it should be possible to have a way of marking a messages as being for a particular user without any pre-arragement, and without any outsider being able to determine which messages are for which user. Simply encrypting some standard constant number with the user's public key would be close to right, although you'd have to find a way to keep the modulus size from leaking out. The main down side to this is that the decryption and tag check might take too long, while Karl's pre-arranged tag idea could be very fast. Perhaps both concepts would be useful in different contexts. Hal From upham at cs.ubc.ca Fri May 13 00:41:06 1994 From: upham at cs.ubc.ca (Derek Upham) Date: Fri, 13 May 94 00:41:06 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate Message-ID: <199405130740.AA15046@grolsch.cs.ubc.ca> Okay, I'll call the moderation method I suggested the ``asymptotic moderation'' method. Some problems that people have with asymptotic moderation: 1> It requires either a trusted subset of the membership to be 1> moderators and the most trusted are also the ones with the least 1> free time, or you trust everyone. I'd hate to send a message to 1> Detweiler to see if he thinks it should be posted or not :) We trust everyone. Let's take a look at the four possible cases here: Good message, good moderator: message accepted. Bad message, good moderator: message denied. Bad message, bad moderator: message denied. Good message, bad moderator: SEND THE MESSAGE AGAIN. If you're confident that your post was good, but rejected out-of-hand by a bad moderator, just send the thing again. It's highly unlikely that the same bad moderator get it the next time around. Obviously bad posts, though, will be rejected by everyone, no matter how many times they get re-posted. And just to be safe, the mailing list program can keep track of rejection slips and refuse posts from obvious abusers (and maybe it could do something similar with the above denial-of-service attack). 2> The trouble with random single moderators are many, but worst would 2> probably be time-delay. If the chosen moderator for a message is 2> busy, sick, or away from their desk messages could be delayed for 2> days. The problem gets even worse if a delayed message is then 2> approved, and posted out of sequence. The mailing list program can detect cases where people are taking too long to reply; those posts can go to a designated list maintainer (or maintainers) for immediate approvial. People who are consistently late will lose moderation privs. Remember that posting out of sequence isn't necessarily a thread-killer---Usenet survived for years with UUCP transfer delays. 3> Instead of picking random list receivers to moderate, readers should 3> choose their own moderators. 3> 3> As a moderator reads the latest messages on the list, he or she can 3> mark each one as junk or not junk. This causes advice messages to be 3> sent to their subscribers. The subscribers can use mail programs which 3> process the advice and only show messages which have passed. ("If all 3> three of my moderators say a message is junk, then don't read it, 3> otherwise, show me.") So now we're back to kill files. Here, though, the kill file rules are based on out-of-band messages that can be received at any time (possibly after you've read the message!). And every user who wants to use the kill file must set up killing software. And there's no guarantee that people would bother to rate every message they read (I've participated in something similar on a BB, and _that_ particular aspect failed miserably). 4> How about auto-moderation? I came up with this idea a while back for 4> automatically moderating mailing lists. Here's how it works: 4> [. . .] 4> If a person becomes a nuisance, people send their votes in to the 4> moderator-robot, and it tallies the votes. If within XXX days more 4> thumbs down votes are received than thumbs up votes, the person is 4> placed on the disapproved list. Pretty good, but it wouldn't do anything to stop those people who create random net addresses and post lone MAKE.MONEY.FAST or Jesus Is Coming!!! messages. And it's a bit too harsh to deal with intermittent flame fests, especially flames from people who are usually productive contributors (you know who you are). 5> There's a simpler solution. Using the majordomo hack I posted 5> earlier, mail from known abusers would be bounced to the moderator 5> for his approval or rejection. This would be a small volume, which 5> should be within the capabilities of one moderator. How do we determine known abusers, and how can we deal with unknown abusers or intermittent flame fests as above? In summary, the aysmptotic moderation method has a couple of benefits. All of the custom code is concentrated in one place; anyone with a mail reader can perform moderation duties. The moderation duties are simple and well-defined. You _know_ when you are being asked to make a critical judgement (instead of judging everything---or more likely, nothing). All of the approval/disapproval information passes through the central site, so that site can keep track of chronic abusers through plain ol' numbers. Finally, since the primary filtering method does not depend on filtering specific users, it works just as well for drive-by posters and for people who are suffering from a temporary lack of control. Derek Derek Lynn Upham University of British Columbia upham at cs.ubc.ca Computer Science Department ============================================================================= "Ha! Your Leaping Tiger Kung Fu is no match for my Frightened Piglet Style!" From remailer-admin at chaos.bsu.edu Fri May 13 05:03:16 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Fri, 13 May 94 05:03:16 PDT Subject: No Subject Message-ID: <199405131204.HAA17095@chaos.bsu.edu> > From: catalyst-remailer at netcom.com > > Says Stewart A. Baker, Chief Counsel for the NSA, writes in Wired: > > But not for long... I understand he's resigned, and will be leaving > NSA tomorrow (Friday, May 13th). > > Wonder what his next illustrious position will be... Managing Editor of Wired? From whitaker at dpair.csd.sgi.com Fri May 13 05:38:44 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Fri, 13 May 94 05:38:44 PDT Subject: Delayed messages! Message-ID: <9405130538.ZM11456@dpair.csd.sgi.com> I have, after 9 days, finally received from the cypherpunks list a message I sent for distribution. This message is being sent 0540 PST 13 May 94. -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From paul at hawksbill.sprintmrn.com Fri May 13 05:54:08 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 13 May 94 05:54:08 PDT Subject: (fwd) Announcement: Mac Crypto Interface Project Message-ID: <9405131355.AA09889@hawksbill.sprintmrn.com> Forwarded message: From: qwerty at netcom.com (-=Xenon=-) Subject: Announcement: Mac Crypto Interface Project Organization: PGP Info Clearinghouse. Date: Thu, 12 May 1994 23:29:54 GMT -----BEGIN PGP SIGNED MESSAGE----- Mac programmers, hello from The Macintosh Cryptography Interface Project. Included here are our "Statement of Purpose", and "Interface Design Sheet". What's public key encryption? It means if anyone encrypts something with your public key, not even they can read it again, only you, using your secret key. Send mail to qwerty at netcom.com with Subject "Bomb me!" for Gary Edstrom's PGP FAQ and -=Xenon=-'s "Here's How to MacPGP!" guides, which are also available from ftp.netcom.com in /pub/qwerty. -======Statement of Purpose======- Phillip Zimmerman's vision of giving the common man a real encryptor, humbly called Pretty Good Privacy (PGP), "Public Key Encryption for the Masses", was an historical event. But while PGP exists for many platforms including the Mac, it's still a command-line beast, and it shows. The current MacPGP is a powerful tool, but unacceptably difficult to use for average Mac users. Welcome to The Macintosh Cryptography Interface Project. MacPGP wont be a "program". It will be like the Trash or the Clipboard. It's going to be part of the Mac itself. A tool to set programmers free, allowing them to easily call upon any function of PGP from their software, and a tool for Mac users to use within any program. OUR GOALS: The ability to use PGP with non-PGP fanatics! Right now this isn't possible. Try it and see. Our emphasis is on the Macintosh, not cryptography. PGP will be a Mac routine, not a hacked port of the latest DOS PGP. The core PGP routines will be incorporated into a "PGP Engine" with minimal or no interface, easily accessed from other programs via AppleEvents. The operation of this engine will be quick and transparent so the privacy and security offered by PGP can become an expectation, not an inconvenience. A simple, user-friendly interface to this Engine will be designed: a smart system-wide menu, which will know what to do. Selecting a file and choosing "Encrypt" will encrypt the file to the user's own public key. No passwords. In a word processor, "Decrypt" will return a selected block of encrypted text to its original form (only with the proper pass phrase!). For e-mail, "Encrypt to...", containing a sub-menu of public keys, will quickly protect an outgoing message from viewing by anyone but its intended recipient. If not in the Finder, the Clipboard will be used automatically. Simple and easy. Eventually programs will incorporate PGP functions as internal, automatic features, accessing the PGP engine directly. The goal, quite simply, is to put strong, usable security into the hands of every Mac user. WHAT WE NEED: You. Programmers, who turn ideas into code. Cryptography? The cryptographic code exists; what we need now are serious Macintosh programmers. We also need non-programmers to help design a user-friendly environment, to help us find problems in our programs, and to contribute ideas that will help us make the high standards of PGP-encryption universally available. Just as we need the most sophisticated Macintosh programmers for this project to fly, we also need the most frustrated and inexperienced users to make sure that we have met our goals. If you wish to help, contact Xenon or Jordyn A. Buchanan as soon as possible. We have established an international mailing list for this Project, in which no crypto code will flow. Work on the interface will be completely independent of the crypto code, meaning no worry for our programmers. Officially the Macintosh Cryptography Interface Project is not even linked to PGP, though we intend to become the official interface for the licensed MacPGP2.5, and the inevitable EuroMacPGP cryto engine. Early on, we will use an unofficial version of MacPGP2.3 which accepts AppleEvents, as our temporary model crypto engine. We need PGP2.5 to be converted into an AppleEvents engine, as an independent project; anyone within the US interested in working on this should also contact us. People in Europe etc. need to create their own AppleEvents MacPGP cryto engine. -======The MCIP Design Sheet======- Two prototype models for this interface have been built, which are available from ftp.netcom.com in /pub/qwerty/MCIP, or by e-mail from -=Xenon=- . One is based on J. W. Walker's OtherMenu, which is also available there. We have a mailing list, where there will be no crypto code. This will free programmers from worries about legal hassles involving crypto politics. If you are a Mac programmer, contact Jordyn Buchanan or -=Xenon=- and we will sign you up and try to agree an a sub-project and specific design. We are also interested in helpful criticism of our design, and its implementation. The OtherMenu paradigm versus our own System Extension is not cast in stone, and needs input from experienced programmers as well as some experience with OtherMenu. Definitions: PlainText is Mac TEXT file or text on the Clipboard. PlainFile means any Mac file, be it a word processor document or a GIF file. CypherText is a text-format PGP message. CypherFile is a binary PGP message, a MacPGP file. The Engine: A dumb PGP cryto engine which accepts AppleEvents, and acts on files or the Clipboard. In the end it should have no interface of its own. This will be created independently of the interface, in both US and non-US versions. The Interface: A system-wide menu next to Balloon Help, making PGP functions available from any application, including the Finder. -=Items in the PGP Menu=- 1) Encrypt/decrypt -- for all types of decryption and for immediate encryption of personal files with the user's public key. Just select a file in the Finder and this command will either decrypt it, asking for a passphrase, or encrypt it with your public key, no questions asked. If the user isn't in the Finder the Clipboard will automatically be used. PGP will figure out if a file is already encrypted or not, and take appropriate action upon it. Additionally, if the option key is held down during passphrase confirmation, decrypted PlainText from the Clipboard will be presented in a window of PGP's text editor (see below). If on decrypting a file on the Clipboard, the output is not PlainText, a Mac binary file will be output to the Desktop, automatically. Within the Finder, holding down the option key while confirming pass phrase entry will launch the decrypted file. On encrypting a personal file, the original plaintext will be securely wiped out. On decrypting a personal file, the original will be deleted. 2) Encrypt to... -- this has a submenu containing the keys on your Public Keyring. If you are not in the Finder, the contents of the Clipboard will be encrypted with the person's public key you select from this menu. If you are in the Finder, the selected file will be encrypted to that person, with a quick dialog box appearing asking for Clipboard or Desktop (and CypherText or CypherFile) output. A TEXT file in the Finder will be treated as text input to PGP, but any other file will be treated as a binary Mac file. At the top of this menu will be Group... which will allow fast single-clicking of multiple recipients from a list. Aliases of single or multiple recipients will also be easy to define, and will appear in a group at the top of this menu. 3) Sign -- If not in the Finder, this will clearsign the contents of the Clipboard (after cutting it to <80 characters per line). If in the Finder, the selected file will be "armored" with a dialog asking for Clipboard (CypherText) or Desktop (and CypherFile or CypherText) output. 4) Keys... -- Dialog box(s) which handles all key management, including a quick button for adding a public key from the Clipboard, or extracting your public key to the Clipboard. The rest is standard, but for the ability to create Aliases for groups of people, the name of the alias then appearing at the top of the Encrypt to... submenu. 5) "Editor..." -- A simple <80 character wide window for typing out (then encrypting) quick e-mail or viewing normal decrypted e-mail. This is for users of simple VT100 terminal emulators, which includes most people using e-mail via modem. The user can choose a font and size, and resize the window vertically. If the window for this editor is active, the PGP menu will act upon text selected in it, or all of the text if no selection has been made. Our goal is to actually have people use this editor for their e-mail drafting and reading. It will also be able to save or append it's contents to a text file, for those of us who keep e-mail logs. 6) "Options..." -- If the user has multiple key-pairs, they can select the one for use in signing things, and for personal encryption. They can select whether to sign things when using "Encrypt to...". They can select the File Type Creator for output text files in the Finder. Any other options will be set here, and be kept in a Preferences file in the Preferences folder (duh). That's it! One menu. No options to choose during the most commonly used operations. Just immediate action after a single menu selection. To demonstrate and elaborate on this interface, here now are presented various actions a user may do. I will use my girlfriend as an example. -=User Actions, Outlined=- 1) Encrypt her diary, which she just wrote using Microsoft Word: She saves the file, selects it in the Finder, and encrypts it with her public key with a single PGP menu selection ("Encrypt/decrypt"). Done. 2) Adds a day's writing to her diary: double clicks her encrypted diary, types her passphase into a dialog box, and hits the return key, to have the CypherFile replaced by a PlainFile. And, since she held down the option key when she hit the return key (OK button), PGP sent an AppleEvent to open that file, so she's already typing new stuff in Microsoft Word. 3) Decrypt the e-mail I sent her: She copies it to the Clipboard, since it's only a couple pages of CypherText. Without leaving her VT102 modem program, she selects "Encrypt/decrypt", is prompted for her pass phrase, and since she holds down the option key when she hits the return key, the PlainText is presented to her in PGP's editor window. I did have to show her how to use Unix "mail" instead of PINE though, since PINE would require saving and then downloading the file, it only being able to show one small block of text at a time in a non-scrollable window. 4) Respond to my e-mail above: She just types away, using the editor's convenient features. She selects her text and simply chooses my name from the PGP "Encrypt to..." submenu. It ends up in the Clipboard, automatically. She's still in her modem program, so she just pastes the CypherText into e- mail. 5) Post a clearsigned announcement to Usenet: "Editor" lets her type it out, then simple selecting "Sign" places the clearsigned message onto the Clipboard. If she is responding to someone else's post, she must copy the original then paste it into the editor. 6) Check a signature from Usenet: Copy the message to the Clipboard and select "Encrypt/decrypt". An alert appears telling her the signature is good or bad. The message is placed on the Clipboard, free of signature. 7) Send a huge Mac file to me, encrypted: She selects it in the Finder, chooses my name from the "Encrypt to" submenu and hits the "PlainText / Desktop" button. She has her modem software autotype the file into e-mail, or uploads it. If it's not too large she can instead hit the "Clipboard" button and just paste it into e-mail. 8) Decrypt a huge CypherText file I sent her in e-mail: she saves it and downloads it, selects it in the Finder and selects "Encrypt/decrypt", and after she types her pass phrase the CypherText is replaced by a PlainFile. 9) Encrypt the message "Meet at midnight, at Nell's, tomorrow!" to a group of people who she is working on a project with. She brings up PGP's editor, types the message, and selects the "Babes" alias, which she earlier defined, from the "Encrypt to" submenu. Her message is automatically encrypted to that group of people, the result being placed on the Clipboard for pasting into e-mail. -=Comments=- 1) PGP is a public key encryptor. No "conventional encryption" is needed in our basic interface, since encrypting a file in your public key is so much easier than having to very carefully type a pass phrase for the encryption step. If someone wants IDEA-only encryption they can use Will Kinney's Curve Encrypt, which does drag-and-drop, they can use the old MacPGP, or they can create their own "Conventionally encrypt" feature to add to our modular interface. 2) Our design is in flux, and flexible. However our singular goal is this: that we can send MacPGP on a floppy to any non-sophisticated Mac user and have them send us a public key within an hour, then start using PGP for e- mail the next day. There will be little in the way of a manual other than as a brief intro on exactly how to quickly set up and use PGP, Balloon Help being enough for most operations. 3) Our interface is a separate project from the cryptography engine. Early on we will use MacPGP2.3aV1.1 which does accept AppleEvents. This will allow us to get started now, as well as have MacPGP2.3aV1.1 take care of features we have not built into the interface yet, such as full key management. 4) Initially we will spool the Clipboard to disk files, then delete them after we have the crypto engine act on them. Later the cryto engine will have an AppleEvent option for using the Clipboard. In the end this will likely have no interface of its own at all, and become a background-only application. 5) We intend to be the official interface for MacPGP2.5, and hope to see PGP2.5 quickly ported to the Mac as an AppleEvents cryptography engine, for use by our interface and any other program such as Mac e-mail programs. 6) J. W. Walker's OtherMenu shareware ($10) may be looked at as a system- wide menu tool kit, to which we can add our routines as CODE resources, placed in the OtherMenu Folder in the System Folder. This will allow us to start getting things done immediately, without any worry about building our own System Extension. OtherMenu is actively maintained by Mr. Walker, who has also been personable in e-mail. We can remove all the extensions that come with OtherMenu, leaving only our own menu items! We can even place our own icon atop our menu. This is a clean solution. CODE resources are trivially made using Think C. Anything that we could do with an application we can do easier with an OtherMenu CODE resource file, and our menu ends up in the system-wide OtherMenu next to Balloon Help. OtherMenu will send any AppleEvent we create for us, as well. There is an OtherMenu Developer Kit available for free, though really such CODE resources are just like any Mac program. These can be had from ftp.netcom.com in /pub/qwerty/MCIP. We may think of OtherMenu as a part of the Mac operating system, which allows us to add any feature to a system-wide menu. As further persuasion, imagine that we had created a system-wide menu for this project, by writing our own System Extension. Further, unbelievably, imagine that we made this Extension able to accept modular plug-in PGP features as simple CODE resources, thus creating a framework for breaking our project into smaller independent projects. Now imagine this is true, and thus take a look at OtherMenu, with a MacPGP icon slapped onto it. Sure it's $10, but it's shareware, and it saves us untold development time and effort. Later, if anyone wishes to assemble our CODE resources into a dedicated System Extension, they are free to do so, though I don't think it will be worth the ten bucks. 7) The interface will be somewhat inflexible in how it does things, which is needed in order to make it very simple. Extraneous features and options will be weeded out unmercifully until the interface is a model of simplicity. Art, if you will. Cryptography fanatics are free to design their own interface to the PGP Engine. 8) We want security of left-over PlainText on the user's hard disk to be handled by PGP, automatically. On encrypting a file for personal use with "Encrypt/decrypt", the original WILL be wiped clean from the hard disk. We should include in our distribution FlameFile by Josh Goldfoot for wiping out Finder files, or all unused hard disk space. In fact, FlameFile can be operated via AppleEvents as well. 9) Since we are developing free software with limited resources and limited time for making an impact, certain compromises have been made compared to a perfect design. OtherMenu is one pleasant compromise. Using MacPGP2.3aV1.1 is not very happy, but will have to do for now. It has the same layout as MacPGP2.3, but is debugged and will accept AppleEvents, in some detail. It will not so far however allow selection of the Clipboard for input/output. The source code for MacPGP2.3aV1.1 is also not yet available, though we will indeed put a large effort into getting it. Another possibility is to write some of our routines as AppleScript applications with Apple's Script Editor, and place them in the OtherMenu folder so they will appear as normal menu items. This would be a temporary quick fix at best. For instance (using "Jon's Commands" for the Finder selection part) the following does work to encrypt a file(s) selected in the Finder to my public key, then wipe the plaintext. tell application "MacPGP" encrypt (finder selection) to "Xenon" quit end tell tell application "FlameFile" open (finder selection) quit end tell 10) Jordyn, -=Xenon=-, as well as others, do have connections with the core PGP development community, for what it's worth. Our main interest is becoming the interface for the next MacPGP. We need our dumb AppleEvents crypto engine to be built from PGP2.5 by a few Mac programmers. If you hadn't suspected it, former MacPGP development is dead, for rather boring reasons. We will help people interested in working on the MacPGP engine in any way we can. There should be two compatible versions, US and international. Since MacPGP development is no longer happening, we need a new group of dedicated people to tackle this, independently of our interface project. 11) An encrypted file will have its name altered, as well as its icon (its type changed to CRYPT too, so a double click will trigger PGP). There are selection dialog boxes and hierarchical menus which show only names, so changing an icon isn't enough. I suggest just *, appended directly to the end of the name, which PGP will not use in any way except as a sign to the user that file is CypherText. 12) No, this interface is not incorporation of PGP into e-mail programs so to make it's operation transparent. The reason for this is the good old VT102 emulator, which so many people use, since that's what came with their modem. People using Macintosh based e-mail programs, will indeed have it easier, once someone links those programs to PGP, so outgoing mail is automatically encrypted, and incoming decrypted. Such uses will still have use for our Finder-based commands however, and their e-mail programs will use the same PGP cryto engine, via AppleEvents. 13) For this project to fly, strong leadership is required. This interface design sheet will be maintained by -=Xenon=-, with equal contribution by Jordyn Buchanan, and SHOULD be followed. Changes to this sheet are easy though: tell us your story of woe, need, or ambition, and we will make changes and issue an update. Alternatively, draft your own sheet ;-). Or get us interested enough in your ideas that we let you take over. This sheet will become very detailed. Given the modularity of this interface, more than one answer to a given problem can be created, with the user choosing favorites. Wherever a conflict in design philosophy arises, the MacPGP USERS, not the programmers will have the greater say. That said, we are looking for creative ideas and damming criticism so we know we are thinking straight. 14) PGP will be free. Why are we doing this? Because ViaCrypt isn't doing it. Unless their MacPGP is System software, free, with source code, we have little interest in ViaCrypt as the answer to how to be able to get our friends to use PGP with us, today. We simply want PGP to become something we no longer think about, so we can get on with our lives instead of struggling with the problem of getting others to use it with us. That shall remain our goal and only purpose. 15) This project is in its infancy. Jordyn and -=Xenon=- are not yet skilled Mac programmers, which in fact gives us an advantage in designing an interface. We are here to reflect what the needs of users are, and to provide organization and resources for this project. We are here by default, there being no competition. However, and especially since this interface project is free from legal and political hassles, we need strongly motivated and highly skilled Mac fanatics to take our design and make it real. 16) The modularity of this interface will allow addition of special-purpose features to PGP, such as Stealth PGP which strips PGP messages down so far you can't tell them from noise, steganography, Magic Money functions (Pr0duct Cypher's PGP-based money system), or anonymous remailer chaining. In fact, without easy to use interfaces for these systems being available for the Mac (and Windows), steganography, digital cash, and chaining of encrypted anonymous remailers will remain obscure toys. 17) The PGP cryto engine, though not mentioned in detail herein, will become a plaything for programmers who wish to create their own PGP-based applications such as for sending credit card orders via e-mail, creating local encrypted networks, making PGP encryption a transparent feature of steganographs, or transparent incorporation of PGP into Mac-based e-mail readers. We need to know what such programmers want out of the engine, since our needs are simple. The engine is not slave to our interface design, and should be pursued for its own sake. We simply hope to show that it should be kept simple, perhaps with no interface of its own and run only by AppleEvents (and thus AppleScript etc. if desired). A separate design effort will be needed, mainly to simply define the required AppleEvent structures that will negate the need for its own interface. One thing I'd love is the ability to define a "safe" folder, the contents of which would be encrypted, always, unless they were open. Then my diary could sit in there, and get encrypted as soon as I was done writing and saved it from my word processor. This could be a System Extension, always watching that folder. With the PGP crypto engine, the writer of such an Extension would not have to worry about any crypto code. 18) It's time to stop waiting for PGP3.0 to be released, since our interface relies only on the most simple of concepts for AppleEvents it will send, and altering AppleEvents is easy. If and when PGP3.0 arrives, our interface will be ready, and porting PGP3.0 to the Mac will thus be much easier. -=Critical Path=- Anyone can take it upon themself to work on these. 1) Get source code for MacPGP2.3aV1.1 and alter it to accept the Clipboard as an input/output option, which it already can do, if operated manually. Till then we will spool the Clipboard to disk and have MacPGP2.3aV1.1 act only on files. MacPGP2.3aV1.1 was recently released in Germany, and will act as our temporary model crypto engine. 2) Recruit native Macintosh programmers, and do a job of inspiring them about what this project is about, and why it is important. Also find some frustrated MacPGP users to tell us what they need, though explanations of what e-mail programs they use, and how they would like to interface it with PGP. We should get our literature posted on AOL and Compuserve as well, where many "isolated" programmers live. 3) Learn the ins and outs of J. W. Walker's OtherMenu and write up a tutorial on how to program the Mac this way, then create our interface in independent pieces as CODE resource files. A CODE resource is just a Mac application stripped down a bit, so they are in fact easier than building an application. The modularity of our interface will give people small yet fully functional projects to work on. 4) Independently of our MCIP mailing list, port PGP2.5 to the Mac as a background-only cryto engine, which accepts detailed AppleEvents. Create a Developer's Kit so any Mac programmer can incorporate PGP into their software. 5) Copyright our Interface, which is really just a few externals for OtherMenu, rendering it free. -=Questions=- 1) How will we handle pass phrase recycling during a long but busy e-mail session? We could do without it completely, as an option. 2) Might we allow selection of Macintosh folders full of stuff, then create an archive of the folder to send to PGP? Or should we just encrypt all the files within a selected folder? That's easier. 3) Though this would require some tricks, might we have PGP use the Clipboard indirectly, by automatically copying any selected text from a text editing window of any application to the Clipboard? Or selecting all of the text in a text editing area, if no selection has been made by the user? The could be termed "magic", for it would be like an added feature to that program that you use it in. Just select text then go to the PGP menu. 4) How can we handle a progress dialog box during long operations? The crypto engine itself shouldn't in the end have any interface. So how do we make a legitimate progress indicator? 5) How do we get the name of the file(s) selected when the user is in the Finder? [If we cannot do this, we can substitute Finder activities with drag-and-drop applications on the Desktop. There would be three of these, one for each menu item, "Encrypt/decrypt", "Encrypt to...", and "Sign".] "Jon's Commands", and AppleScript addition is able to get this info, though the author said he had to delve into undocumented data structures to find it. He seemed willing to help, or we could just use his addition. 6) What will happen if the user is in the Finder, but has selected nothing, or has accidentally selected like their entire hard disk, which is quite common to accidentally do? On the other hand, it wont be too uncommon for someone to wish to encrypt the entire contents of a floppy, or even a hard disk. A dialog box will be needed if the folder selected is a disk. Obviously, there should be a responsive "Cancel" button/command-. option while the encryption progress window is on the screen, which should return all files to their original condition (that's what "Cancel" means). What if they have nothing selected? A dialog box will appear saying they haven't selected anything, with "Clipboard" being default, and "Cancel" as an option. -=Comparison of MacPGP2.3 to the New MacPGP=- 1) To encrypt a file on my hard disk, that I just wrote with a word processor: OLD: 1) Start up MacPGP, and wait for it to fire up (~4 seconds), 2) Command-key and wait for dialog (1 second), 3) Command-D to get to Desktop and click-click click-click click-click click-click click-click click-click click-click to dig up my file deep on my hard disk (~5 seconds), 4) select my public key from the list and hit OK if I am not using "conventional encryption" (which I am NOT since nobody, including myself, can stand typing a damn pass phrase SUPER carefully for an ENCRYPTION step with risk of full data loss on making a typo), (3 seconds), 5) gaze at a HUGE dialog box of 13 buttons and three text edit boxes, selecting "treat source as Macintosh file", "wipe original", "don't sign" and gaze again to make sure I don't have someone else's public key accidentally chosen, and finally hit "Do it" (~4 seconds), 6) wait while staring at a UNIX/DOS screen scrolling text at me instead of a normal Macintosh progress box, 7) quit MacPGP. NEW: Click on the file from the Finder and select "Encrypt/decrypt" from the PGP menu. Decryption is IDENTICAL, except for prompting for a pass phrase, and the option of simply double-clicking on the encrypted file. 2) To encrypt a file to someone else: OLD: SEE ABOVE 7 STEPS! NEW: Place my message on the Clipboard with two standard keystrokes, select the person's name in the PGP "Encrypt to" submenu, and paste it into e- mail. 3) To send short quick e-mail: OLD: 1) Start up a damn word processor and copy the message to the Clipboard, then SEE ABOVE 7 STEPS. NEW: 1) Call up PGP's little text editor in an instant, without leaving my e-mail program, type my message and choose the person's name in the "Encrypt to" menu of PGP. The editor shuts down and the encrypted message ends up in the Clipboard, ready to paste into e-mail. 4) Decrypt short e-mail I just got: OLD: Copy it to the Clipboard and then SEE ABOVE 7 STEPS, and then start up a damn word processor and Paste the PlainText into a document so I can read it! NEW: Copy it to Clipboard and hit "Encrypt/decrypt", holding down the option key so it appears in PGP's text editor window for my viewing pleasure. 5) Add a key to my public keyring. OLD: Copy it to Clipboard, start up a word processor, save it as text-only. Start up PGP, "Add keys...", click-click, click-click, then click-click, click-click, click-click, click-click to find my pubring.pgp. Then say, no, I don't want to certify the key myself. NEW: Copy it to Clipboard, choose "Keys..." from the PGP menu without leaving my e-mail software, click on a button that says "Add key from Clipboard". Done, and I'm back in e-mail. Jordyn Buchanan -=Xenon=- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdKCHQSzG6zrQn1RAQGrAQP+Mw9dJz4vIhnFb8s+CwL84QG3qo5rdYFE 78B4VlA/brOlWmXj6SApn0Yd+l+cLSmezZbLnnumOysk5ZXaTGbOVdv+gN6Ur4lZ 6Nk5pQ+UZNpoM3XBrsCu7k+b0opkMrEkgPv5IfMIQDTJuOOyRryispBjuaS9YuAT QueTCgnbJWA= =olym -----END PGP SIGNATURE----- From pgpkeys at wasabi.io.com Fri May 13 06:10:20 1994 From: pgpkeys at wasabi.io.com (PGP Slave Key Server) Date: Fri, 13 May 94 06:10:20 PDT Subject: KEYSERVER UPGRADE ANNOUNCEMENT Message-ID: <199405130654.GAA10422@wasabi.io.com> The keyserver at wasabi.io.com has been upgraded to cover the new format of pgp2.5 output and its 8 character Key IDs. It will continue to serve keys requested by 6 character ID for a short while, but the 6 character key database will not be refreshed with new keys. After a week or two we will remove the old data and all requests must be for 8 character Key IDs. If you have a reference to your key at wasabi in your .signature, please find the longer form of your key ID and update your sig file. Thank you. The Mgt. From whitaker at dpair.csd.sgi.com Fri May 13 06:26:39 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Fri, 13 May 94 06:26:39 PDT Subject: Delayed messages! In-Reply-To: <9405130538.ZM11456@dpair.csd.sgi.com> Message-ID: <9405130625.ZM11554@dpair.csd.sgi.com> On May 13, 5:38am, Russell Whitaker wrote: > Subject: Delayed messages! > I have, after 9 days, finally received from the cypherpunks list a message I > sent for distribution. > To cut short the obvious replies, I'd already checked all the pending sendmail queues at SGI. This, and the fact that delayed-delivery notification is on here, made me suspect and the problem was not local. > This message is being sent 0540 PST 13 May 94. > ... and received a couple of minutes later (my header's timestamps are different; local clock variations). > -- > Russell Earl Whitaker whitaker at csd.sgi.com > Silicon Graphics Inc. > Technical Assistance Center / Centre D'Assistance Technique / > Tekunikaru Ashisutansu Sentaa > Mountain View CA (415) 390-2250 > ================================================================ > #include > > > > >-- End of excerpt from Russell Whitaker -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From cs000rrs at selway.umt.edu Fri May 13 07:26:26 1994 From: cs000rrs at selway.umt.edu (Ryan R Snyder) Date: Fri, 13 May 94 07:26:26 PDT Subject: Anonymous pool? Message-ID: Could someone please e-mail to me the address of the Anonymous Pool listserv? Ryan Snyder, Consultant |--->Finger me for my PGP public key.<--- ___ University of Montana CIS| |\ /| CS000RRS at SELWAY.UMT.EDU | Copyright 1994 by Ryan R. Snyder. | 0 | RYE at ILLUMINATI.IO.COM | |/_\| RYE at CYBERSPACE.ORG | From sommerfeld at orchard.medford.ma.us Fri May 13 07:37:25 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Fri, 13 May 94 07:37:25 PDT Subject: Cypherpunks Goals: Bad debate drives out good debate In-Reply-To: <199405130740.AA15046@grolsch.cs.ubc.ca> Message-ID: <199405131426.KAA00262@orchard.medford.ma.us> There's an additional "failure" case you didn't consider: bad message, bad moderator: message accepted. - Bill From mpj at netcom.com Fri May 13 07:37:59 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Fri, 13 May 94 07:37:59 PDT Subject: Where to get PGP Message-ID: <199405131434.HAA14825@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 12 May 1994 by Mike Johnson) WHAT IS THE LATEST VERSION? The latest BETA TEST version for DOS and Unix is 2.5 (Uses RSAREF 2.0 for U. S. Patent compliance, even though the original RSA code written by Philip Zimmermann runs faster). The latest commercial versions are 2.4 (both Viacrypt and BSAFE versions). The latest freeware Mac version for which source code is available is 2.3 The latest freeware Mac version (source code not public) is 2.3aV1.1 (written by Christoph_Pagalies at hh2.maus.de) The latest Amiga version is 2.3a2 The latest fully released freeware version for all other platforms is 2.3a WHERE CAN I GET VIACRYPT PGP? If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest information I have from them on compiled versions are: PGP 2.4 for MS-DOS PGP 2.4 for Unix (several different platforms) PGP 2.4 for WinCIM CSNAV Mac version expected late this summer. ViaCrypt David A. Barnhart, Product Manager 2104 West Peoria Avenue Phoenix, Arizona 85029 Tel: (602) 944-0773 Fax: (602) 943-2601 E-mail: viacrypt at acm.org Credit card orders only. (800)536-2664 (8-5 MST M-F) WHERE CAN I GET THE BETA TEST PGP 2.5 FROM MIT (USES RSAREF 2.0)? MIT-PGP 2.5 is for U. S. use only (due to some archaic export control laws), but interoperates with PGP 2.3 and 2.3a. This is the right version to use if you want to use it for personal (not for services you get paid for) electronic mail privacy in the USA and Canada. To get it from the source at MIT: 1. Read ftp://net-dist.mit.edu/pub/PGP/license.txt and agree to it. 2. Telnet to net-dist.mit.edu and log in as getpgp. 3. Answer the question and write down the directory name listed. 4. QUICKLY end the telnet session with ^C and ftp to the indicated directory on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get the distribution files (pgp25.zip, pgp25doc.zip, and pgp25src.tar). If the hidden directory name is invalid, start over at step 2, above. You can also get PGP 2.5 from: csn.org/mpj ftp://csn.org/mpj/I_will_not_export/crypto_???????/pgp/pgp25.zip ftp://csn.org/mpj/I_will_not_export/crypto_???????/pgp/pgp25src.tar See ftp://csn.org/mpj/README.MPJ for the ??????? See ftp://csn.org/mpj/help for more help on negotiating this site's export control methods. ftp.netcom.com/pub/mpj ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp25.zip ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp25src.tar See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ??????? See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this site's export control methods. TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com containing the word HELP in the body of the message for instructions. You will have to work quickly to get README.MPJ then the files before the ??????? part of the path name changes again (several times a day). ftp.eff.org Follow the instructions found in README.Dist that you get from one of: ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ Colorado Catacombs BBS Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, etc. v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps 8 data bits, 1 stop, no parity, as fast as your modem will go. Use ANSI terminal emulation, of if you can't, try VT-100. Free access to PGP. If busy or no answer, try again later. Log in with your own name, or if someone else already used that, try a variation on your name or pseudonym. You can request access to crypto software on line, and if you qualify legally under the ITAR, you can download on the first call. Download file names: pgp25.zip (DOS version with documentation) pgp25src.tar (Unix version and source code) pgp25doc.zip (Documentation only -- exportable) (303) 938-9654 (Boulder, Colorado number forwarded to Longmont number) (303) 678-9939 (Longmont, Colorado number) Verified: This morning. Other BBS and ftp sites will no doubt pick it up rapidly after the beta test is completed. Please send bug reports concerning PGP 2.5 BETA to pgp-bugs at mit.edu. If you obtain a copy of this beta release code, please keep checking http://web.mit.edu for the announcement of the final release, so that you can update your copy of PGP2.5. WHERE TO GET PGP 2.3a (RELEASED FROM NEW ZEALAND) The freeware version of PGP is intended for noncommercial, experimental, and scholarly use. It is available on thousands of BBSes, commercial information services, and Internet anonymous-ftp archive sites on the planet called Earth. This list cannot be comprehensive, but it should give you plenty of pointers to places to find PGP. Although the latest freeware version of PGP was released from outside the USA (New Zealand), it is not supposed to be exported from the USA under a strange law called the International Traffic in Arms Regulations (ITAR). Because of this, please get PGP from a site outside the USA if you are outside of the USA. This data is subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Thanks to Gary Edstrom and Hugh Miller for providing part of this data. FTP sites: ftp.ee.und.ac.za /pub/crypto/pgp soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) Verified: 21-Dec-93 ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ghost.dsi.unimi.it /pub/crypt Verified: 21-Dec-93 ftp.tu-clausthal.de (139.174.2.10) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) black.ox.ac.uk (129.67.1.165) /src/security/pgp23A.zip (MS-DOS executables & docs) /src/security/pgp23srcA.zip (Unix, MS-DOS, VMS, Amiga sources, docs, info on building PGP into mailers, editors, etc.) /src/security/pgp23A.tar.Z (Same as PGP22SRC.ZIP, in Unix tar format) /src/security/macpgp2.3.cpt.hqx (Macintosh version) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) csn.org /mpj/README.MPJ contains variable directory name -- read this first. /mpj/help explains how to get to hidden directory containing PGP /mpj/I_will_not_export/crypto_???????/pgp/ contains current PGP /mpj/I_will_not_export/crypto_???????/pgptools/ contains related tools /mpj/I_will_not_export/crypto_???????/ contains other crypto info. /mpj/public/pgp/ contains PGP shells, faq documentation, etc. ftp.netcom.com /pub/dcosenza -- PGP for several platforms + some shells and steganography utilities. /pub/gbe/pgpfaq.asc -- frequently asked questions answered. /pub/mpj (see README.MPJ -- similar layout to csn.org//mpj) /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ, Steganograpy software list. MacUtilites for use with MacPGP. Stealth1.1 + other steganography programs. Send mail to qwerty at netcom.com with the subject "Bomb me!" to get the PGP FAQ and MacPGP guide if you don't have ftp access. nic.funet.fi (128.214.6.100) /pub/crypt/pgp23A.zip /pub/crypt/pgp23srcA.zip /pub/crypt/pgp23A.tar.Z van-bc.wimsey.bc.ca (192.48.234.1) /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip ftp.uni-kl.de (131.246.9.95) qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) StealthPGP: The Amiga version can be FTP'ed from the Aminet in /pub/aminet/util/crypt/ as StealthPGP1_0.lha. Also, try an archie search for PGP using the command: archie -s pgp23 (DOS Versions) archie -s pgp2.3 (MAC Versions) ftpmail: For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. For the ftp sites on netcom, send mail to ftp-request at netcom.com containing the word HELP in the body of the message. World Wide Web URLs: (Thanks to mathew at mantis.co.uk) UNIX PGP 2.3a Compiles best with GCC 2.4.x or higher. A straight port from DOS, so hardened UNIX users find it a bit chatty. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.tar.Z * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.tar.Z * _NL:_ ftp://svin02.info.win.tue.nl/pub/misc/pgp23A.tar.gz * _SE:_ ftp://ftp.sunet.se/pub/security/tools/crypt/pgp23A.tar.gz * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.tar.Z * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23A.tar.Z * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.tar.Z * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.tar.Z * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23A.tar.gz _________________________________________________________________ MS-DOS PGP 2.3 Program * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.zip * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.zip * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.zip * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23A.zip * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.zip * _IT:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.zip * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23A.zip Source code Designed to compile with Turbo C; compiles fine with Microsoft Visual C++ also. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23srcA.zip * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23srcA.zip * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23srcA.zip * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23srcA.zip * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23srcA.zip * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23srcA.zip * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23srcA.zip _________________________________________________________________ MACPGP 2.3 A slightly souped-up port of PGP to the Mac. Has help menus and other goodies, but is still not a real Mac application. However, it works. Note that the version 2.3 release of MacPGP contains the major bug-fix which was later added to UNIX/DOS PGP 2.3. There was therefore no need for a MacPGP 2.3A release; version 2.3 already had the bug fix by the time it was released. There is no MacPGP 2.3A. Program * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/macpgp2.3.cpt.hqx * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz Source code Requires Think C. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx -- version 2.2 only * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/macpgp2.3src.sea.hqx.pgp * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h qx.pgp Documentation PGP is rather counter-intuitive to a Mac user. Luckily, there's a guide to using MacPGP in ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP. _________________________________________________________________ OS/2 PGP You can, of course, run the DOS version of PGP under OS/2. Program * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp22os2.zip -- version 2.2 only, native binaries * _DE:_ ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23os2 A.zip Source code * _DE:_ ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23src A.zip _________________________________________________________________ AMIGA PGP * _UK:_ ftp://ftp.demon.co.uk/pub/amiga/pgp/pgp21ami.lha -- version 2.1 only * _DE:_ ftp://faui43.informatik.uni-erlangen.de/mounts/rzsuna/pub/aminet/u til/crypt/pgp21ami.lha -- version 2.1 only * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_2.lha * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_2.lha Source * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a2_src.lha * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a2_src.lha _________________________________________________________________ ARCHIMEDES PGP * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a _________________________________________________________________ DOCUMENTATION ONLY Want to know more about PGP, but too scared to download the actual program in case the Feds bust down your door? Fetch this. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23docA.zip * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23docA.zip _________________________________________________________________ FOREIGN LANGUAGE MODULES These are suitable for most PGP versions. Italian * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp-lang.italian.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.italian.t ar.gz Spanish * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp-lang.spanish.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.t ar.gz German * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt Swedish * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt _________________________________________________________________ OTHER SITES Some cryptographic software is available from ftp://van-bc.wimsey.bc.ca/pub/crypto/software/. They're worried about ITAR regulations, so you'll have to read the README file and proceed from there. BBS sites: Colorado Catacombs BBS (See also the entry above for PGP 2.5) (303) 938-9654 (Boulder, Colorado number forwarded to Longmont number) (303) 678-9939 (Longmont, Colorado number) Verified: This morning. Hieroglyphics Voodoo Machine (Colorado) DOS, OS2, and Mac versions. (303) 443-2457 Verified: 5-2-94 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Carrying RIME, Throbnet, Smartnet, and Usenet Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel PGP 2.3A has been posted to the FidoNet Software Distribution Network and should on most if not all Canadian and U.S. nodes carrying SDN software. It has also been posted on almost all of the major private North American BBS systems, thence to countless smaller boards. Consult a list of your local BBSes; most with a sizeable file inventory should carry the program. If you find a version of the PGP package on a BBS or FTP site and it does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. ARCHIE WHO? Here is the result of an archie search for file names containing "pgp" (not case sensitive) on 5/2/94. The search was limited to 300 matches, because, as you can plainly see, lots of people value their privacy. Note that archie will not find all relevant files at some sites, like the one at csn.org/mpj properly, due to the export control nonsense, but it does find the directory where the PGP documentation is kept. Host gipsy.vmars.tuwien.ac.at Location: /pub/misc FILE -rw-r--r-- 209409 May 7 1993 pgp22.zip FILE -rw-r--r-- 451114 Jul 23 1993 pgp23.tar.gz Host swdsrv.edvz.univie.ac.at Location: /network/misc/Mosaic/Unix/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 21:02 pgp-dec FILE -r--r--r-- 530 Apr 11 21:02 pgp-enc Location: /os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host plaza.aarnet.edu.au Location: /micros/amiga/aminet/comm/mail FILE -r--rw-r-- 137861 Jan 26 08:04 PGPMIP.lha FILE -r--rw-r-- 1878 Jan 26 08:04 PGPMIP.readme Location: /micros/amiga/aminet/util/crypt FILE -r--rw-r-- 305056 Dec 26 22:41 PGPAmi23a2_src.lha FILE -r--rw-r-- 5569 Dec 26 22:41 PGPAmi23a2_src.readme FILE -r--rw-r-- 342426 Dec 26 22:41 PGPAmi23a_2.lha FILE -r--rw-r-- 820 Dec 26 22:41 PGPAmi23a_2.readme FILE -r--rw-r-- 96585 Sep 30 1993 PGPAmi23aplus.lha FILE -r--rw-r-- 712 Sep 30 1993 PGPAmi23aplus.readme FILE -r--rw-r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -r--rw-r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -r--rw-r-- 55993 Mar 21 04:41 PGPSendMail2_0.lha FILE -r--rw-r-- 1455 Mar 21 04:41 PGPSendMail2_0.readme FILE -r--rw-r-- 17141 Feb 28 19:23 StealthPGP1_0.lha FILE -r--rw-r-- 1198 Feb 28 19:23 StealthPGP1_0.readme Location: /micros/pc/garbo/pc/crypt FILE -r--r--r-- 209679 Mar 7 1993 pgp22.zip FILE -r--r--r-- 62885 Oct 9 00:00 pgpfront.zip FILE -r--r--r-- 71330 Jan 4 15:00 pgpshe30.zip Location: /micros/pc/garbo/pc/source FILE -r--r--r-- 521820 Mar 7 1993 pgp22src.zip Location: /micros/pc/garbo/windows/util FILE -r--r--r-- 13825 Sep 3 1993 pgpwin11.zip Location: /usenet/FAQs/alt.answers DIRECTORY drwxr-xr-x 512 Apr 18 09:56 pgp-faq Location: /usenet/FAQs DIRECTORY drwxr-xr-x 512 Apr 18 10:09 alt.security.pgp Location: /usenet/FAQs/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 09:45 pgp-faq Host luga.latrobe.edu.au Location: /archive-disk2/os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host sunb.ocs.mq.edu.au Location: /PC/Crypt FILE -r--r--r-- 219951 Sep 14 1993 pgp23.zip Host nic.switch.ch Location: /mirror/Mosaic/Mosaic-source/Mosaic-2.4/auth FILE -rw-rw-r-- 520 Apr 11 23:02 pgp-dec FILE -rw-rw-r-- 530 Apr 11 23:02 pgp-enc Location: /mirror/atari/Utilities FILE -rw-rw-r-- 280576 Apr 15 16:18 pgp23ab.lzh FILE -rw-rw-r-- 29526 Apr 15 16:18 pgpshl06.zip Location: /mirror/os2/all/diskutil FILE -rw-rw-r-- 1946 Mar 16 1993 pgp22.txt Location: /mirror/vms/DECUS/vlt93b/vltextra FILE -rw-rw-r-- 192196 Mar 19 1993 pgp22.zip FILE -rw-rw-r-- 481215 Mar 19 1993 pgp22src.zip Location: /mirror/vms/DECUS/vms92b/hkennedy FILE -rw-rw-r-- 187758 Dec 14 1992 pgp21.zip FILE -rw-rw-r-- 433713 Dec 14 1992 pgp21src.zip Host gatekeeper.dec.com Location: /.0/BSD/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--rw-r-- 478 Jun 24 1993 pgp Location: /.0/BSD/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 16 23:10 pgp Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 13:20 pgp-dec FILE -r--r--r-- 530 Feb 8 13:20 pgp-enc Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 11:38 pgp-dec FILE -r--r--r-- 530 Apr 8 11:38 pgp-enc Location: /.3/net/infosys/mosaic/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 14:02 pgp-dec FILE -r--r--r-- 530 Apr 11 14:02 pgp-enc Host hpcsos.col.hp.com Location: /mirrors/.hpib1/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 00:10 pgp Host qiclab.scn.rain.com Location: /pub/mail FILE -rw-r--r-- 537455 Jan 18 1993 pgp-2.1.tar.Z Host world.std.com Location: /src/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 8192 Apr 21 02:43 PGP Location: /src/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools/PGP FILE -r--r--r-- 71064 Jan 13 16:57 pgpshe30.zip Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 21:20 pgp-dec FILE -r--r--r-- 530 Feb 8 21:20 pgp-enc Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 18:38 pgp-dec FILE -r--r--r-- 530 Apr 8 18:38 pgp-enc Location: /src/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 21:02 pgp-dec FILE -r--r--r-- 530 Apr 11 21:02 pgp-enc Host quepasa.cs.tu-berlin.de Location: /.cdrom0/security FILE -r-xr-xr-x 71064 Mar 5 11:51 pgpshe30.zip Host sun.rz.tu-clausthal.de Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 19:56 pgp Location: /pub/atari/misc/pgp FILE -rw-r--r-- 280454 Oct 11 00:00 pgp23ab.lzh Location: /pub/msdos/utils/security FILE -rw-rw-r-- 209679 Jun 21 1993 pgp22.zip Location: /pub/unix/admin/security DIRECTORY drwxrwxr-x 512 Sep 19 1993 pgp Location: /pub/unix/admin/security/pgp FILE -rw-rw-r-- 209409 Mar 12 1993 pgp22.zip FILE -rw-rw-r-- 521550 Mar 12 1993 pgp22src.zip FILE -rw-rw-r-- 219951 Jun 23 1993 pgp23.zip FILE -rw-rw-r-- 680985 Sep 19 1993 pgp23A.tar.Z FILE -rw-rw-r-- 221332 Sep 19 1993 pgp23A.zip FILE -rw-rw-r-- 88070 Sep 19 1993 pgp23docA.zip FILE -rw-rw-r-- 998 Sep 19 1993 pgp23sigA.asc FILE -rw-rw-r-- 547178 Sep 19 1993 pgp23srcA.zip Host hermes.hrz.uni-bielefeld.de Location: /.mnt1/systems/os2/all/diskutil FILE -r--r--r-- 1946 Mar 16 1993 pgp22.txt Host sun1.ruf.uni-freiburg.de Location: /misc FILE -rw-r--r-- 680985 Mar 11 14:15 pgp23A.tar.Z Host rzsun2.informatik.uni-hamburg.de Location: /pub/doc/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 05:15 pgp-faq Location: /pub/security/tools/crypt DIRECTORY drwxr-xr-x 512 Feb 18 22:05 pgp Location: /pub/security/tools/crypt/pgp FILE -r--r--r-- 449455 Jun 21 1993 pgp23.tar.gz FILE -rw-rw-r-- 17798 May 26 1993 pgputils.zip Host askhp.ask.uni-karlsruhe.de Location: /pub/aegee/tmp FILE -rw-rw-r-- 103448 Mar 12 17:18 pgp23A.zip Location: /pub/infosystems/mosaic/Mosaic-source/Mosaic-2.4/auth FILE -rwxr--r-- 520 Apr 11 23:02 pgp-dec FILE -rwxr--r-- 530 Apr 11 23:02 pgp-enc Host ftp.uni-kl.de Location: /pub1/unix/security DIRECTORY drwxrwxr-x 512 Feb 24 1993 pgp Location: /pub1/unix/security/pgp FILE -rw-rw-r-- 536118 Dec 10 1992 pgp21.tar.Z FILE -rw-rw-r-- 187758 Dec 10 1992 pgp21.zip FILE -rw-rw-r-- 436302 Dec 10 1992 pgp21src.zip FILE -rw-rw-r-- 92405 Feb 19 1993 pgprtest.tar.Z FILE -rw-rw-r-- 17798 Feb 5 1993 pgputils.zip Location: /pub3/amiga/aminet/comm/mail FILE -rw-rw-r-- 137861 Jan 26 14:04 PGPMIP.lha FILE -rw-rw-r-- 1878 Jan 26 14:04 PGPMIP.readme Location: /pub3/amiga/aminet/util/crypt FILE -rw-rw-r-- 305056 Dec 27 04:41 PGPAmi23a2_src.lha FILE -rw-rw-r-- 5569 Dec 27 04:41 PGPAmi23a2_src.readme FILE -rw-rw-r-- 342426 Dec 27 04:41 PGPAmi23a_2.lha FILE -rw-rw-r-- 820 Dec 27 04:41 PGPAmi23a_2.readme FILE -rw-rw-r-- 96585 Oct 1 00:00 PGPAmi23aplus.lha FILE -rw-rw-r-- 712 Oct 1 00:00 PGPAmi23aplus.readme FILE -rw-rw-r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -rw-rw-r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -rw-rw-r-- 55993 Mar 21 20:41 PGPSendMail2_0.lha FILE -rw-rw-r-- 1455 Mar 21 20:41 PGPSendMail2_0.readme FILE -rw-rw-r-- 118058 Apr 15 10:20 PGP_german_docs.lha FILE -rw-rw-r-- 234 Apr 15 10:20 PGP_german_docs.readme FILE -rw-rw-r-- 17141 Mar 1 12:23 StealthPGP1_0.lha FILE -rw-rw-r-- 1198 Mar 1 12:23 StealthPGP1_0.readme Host minnie.zdv.uni-mainz.de Location: /pub/amiga/util/aminet/crypt FILE -r--r--r-- 305056 Dec 27 03:41 PGPAmi23a2_src.lha FILE -r--r--r-- 5569 Dec 27 03:41 PGPAmi23a2_src.readme FILE -r--r--r-- 342426 Dec 27 03:41 PGPAmi23a_2.lha FILE -r--r--r-- 820 Dec 27 03:41 PGPAmi23a_2.readme Location: /pub/atari/misc DIRECTORY drwxr-xr-x 512 Dec 30 17:56 pgp Location: /pub/atari/misc/pgp FILE -rw-r--r-- 280454 Oct 11 00:00 pgp23ab.lzh Host von-neum.uni-muenster.de Location: /pub/unix FILE -rw-rw---- 449445 Mar 24 13:04 pgp23.tar.gz Host inf.informatik.uni-stuttgart.de Location: /pub/net FILE -r--r--r-- 680985 Aug 5 1993 pgp23A.tar.Z Host net-1.iastate.edu Location: /pub/netbsd/NetBSD-current/src/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 01:10 pgp Host jhunix.hcf.jhu.edu Location: /pub/public_domain_software/NetBSD/usr/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Jun 9 1993 pgp Host mintaka.lcs.mit.edu Location: /pub DIRECTORY drwxr-xr-x 512 Jun 18 1993 pgp Location: /pub/pgp FILE -rw-r--r-- 312726 Mar 22 1993 macpgp2.2.cpt.hqx FILE -rw-r--r-- 209409 Mar 22 1993 pgp22.zip FILE -rw-r--r-- 521550 Mar 22 1993 pgp22src.zip FILE -rw-r--r-- 219951 Jun 18 1993 pgp23.zip FILE -rw-r--r-- 17798 Mar 22 1993 pgputils.zip Host josquin.media.mit.edu Location: /pub FILE -rw-r--r-- 321424 Nov 30 20:27 pgp Host archive.egr.msu.edu Location: /pub DIRECTORY drwxr-xr-x 512 Mar 9 18:58 pgp Host xanth.cs.odu.edu Location: /pub DIRECTORY drwxrwxr-x 512 Apr 27 13:38 pgp Location: /pub/pgp FILE -rw-rw-rw- 221332 Apr 27 13:38 pgp23A.zip Host unixd1.cis.pitt.edu Location: /users/i/n/infidel/.Backup/httpd/support/auth FILE -rwxr-xr-x 1019 Jan 24 16:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 16:42 pgp-enc Location: /users/i/n/infidel/httpd/support/auth FILE -rwxr-xr-x 1019 Jan 24 16:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 16:42 pgp-enc Host arthur.cs.purdue.edu Location: /pub/pcert/tools/unix DIRECTORY drwxr-xr-x 512 Jul 31 1993 pgp Location: /pub/pcert/tools/unix/pgp FILE -r--r--r-- 209409 Mar 7 1993 pgp22.zip FILE -r--r--r-- 521550 Mar 7 1993 pgp22src.zip Location: /pub/pcert/tools/unix/virus/misc FILE -rw-r--r-- 19277 Feb 23 1993 pgputils.zip Host tehran.stanford.edu Location: /www/httpd_1.2/support/auth FILE -rwxr-xr-x 1019 Jan 24 13:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 13:42 pgp-enc Host relay.cs.toronto.edu Location: /pub/usenet/news.answers DIRECTORY drwxr-xr-x 512 Apr 22 04:51 pgp-faq Host uceng.uc.edu Location: /pub/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 8192 Apr 20 22:43 PGP Location: /pub/wuarchive/doc/EFF/EFF/Policy/Crypto/Tools/PGP FILE -r--r--r-- 71064 Jan 13 11:57 pgpshe30.zip Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 16:20 pgp-dec FILE -r--r--r-- 530 Feb 8 16:20 pgp-enc Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 14:38 pgp-dec FILE -r--r--r-- 530 Apr 8 14:38 pgp-enc Location: /pub/wuarchive/packages/NCSA/Web/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 17:02 pgp-dec FILE -r--r--r-- 530 Apr 11 17:02 pgp-enc Host server.uga.edu Location: /pub/msdos/mirror/security FILE -r--r--r-- 71064 Feb 3 15:36 pgpshe30.zip Host mrcnext.cso.uiuc.edu Location: /pub/faq/usenet-by-group/alt.answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Location: /pub/faq/usenet-by-group DIRECTORY drwxr-xr-x 1024 Apr 26 13:08 alt.security.pgp Location: /pub/faq/usenet-by-group/news.answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:07 pgp-faq Location: /pub/faq/usenet-by-hierarchy/alt/answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Location: /pub/faq/usenet-by-hierarchy/alt/security DIRECTORY drwxr-xr-x 1024 Apr 26 13:08 pgp Location: /pub/faq/usenet-by-hierarchy/news/answers DIRECTORY drwxr-xr-x 1024 Apr 26 08:08 pgp-faq Host zaphod.ncsa.uiuc.edu Location: /Web/Mosaic-source/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 11 21:02 pgp-dec FILE -rwxr-xr-x 530 Apr 11 21:02 pgp-enc Host f.ms.uky.edu Location: /pub2/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Dec 17 02:10 pgp Host pith.uoregon.edu Location: /pub/Solaris2.x/src/httpd_1.1/support/auth FILE -rwxr-xr-x 1019 Jan 24 21:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 21:42 pgp-enc Host pc.usl.edu Location: /pub/msdos/crypto FILE -rw-r--r-- 187758 Jan 14 1993 pgp21.zip FILE -rw-r--r-- 436302 Jan 14 1993 pgp21src.zip FILE -rw-r--r-- 219951 Jun 23 1993 pgp23.zip Host emx.cc.utexas.edu Location: /pub/mnt/source/www/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 11 12:57 pgp-dec FILE -rwxr-xr-x 530 Apr 11 12:57 pgp-enc Location: /pub/mnt/source/www/NCSA_httpd_1.2/support/auth FILE -rwxr-xr-x 1019 Jan 24 15:42 pgp-dec FILE -rwxr-xr-x 552 Jan 24 15:42 pgp-enc Host tolsun.oulu.fi Location: /pub/unix FILE -r--r--r-- 521550 Jun 16 1993 pgp22src.zip Host gogol.cenatls.cena.dgac.fr Location: /pub/util FILE -rw-r--r-- 534661 Jan 7 1993 pgp-2.1.tar.Z Host grasp1.univ-lyon1.fr Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.2/auth FILE -r--r--r-- 315 Feb 8 22:20 pgp-dec.gz FILE -r--r--r-- 319 Feb 8 22:20 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.3/auth FILE -r--r--r-- 315 Apr 8 20:38 pgp-dec.gz FILE -r--r--r-- 319 Apr 8 20:38 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/mirrors/unix/Mosaic/source/Mosaic-2.4/auth FILE -r--r--r-- 315 Apr 11 23:02 pgp-dec.gz FILE -r--r--r-- 319 Apr 11 23:02 pgp-enc.gz Location: /pub/nfs-mounted/ftp.univ-lyon1.fr/usenet-stats/groups/alt FILE -rw-r--r-- 2500 Apr 5 09:39 alt.security.pgp Host ns.urec.fr Location: /pub/reseaux/services_infos/WWW/ncsa/Mosaic-source/Mosaic-2.4/auth FILE -rw-rw-r-- 520 Apr 11 21:02 pgp-dec FILE -rw-rw-r-- 530 Apr 11 21:02 pgp-enc Host granuaile.ieunet.ie Location: /ftpmail-cache/ie/tcd/maths/ftp/src/misc DIRECTORY drwxr-xr-x 512 Dec 2 11:43 pgp Location: /ftpmail-cache/uk/co/demon/ftp/mac DIRECTORY drwxr-xr-x 512 Mar 10 04:01 MacPGP Host walton.maths.tcd.ie Location: /news/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 03:45 pgp-faq Location: /pub/msdos/misc FILE -rw-r--r-- 227625 Apr 18 14:47 pgp23.zip Location: /pub/sboyle DIRECTORY drwxr-xr-x 512 Apr 25 20:20 pgp Location: /src/misc DIRECTORY drwxr-xr-x 512 Apr 21 14:52 pgp Location: /src/network/Mosaic-2.4/auth FILE -rwxr-xr-x 520 Apr 18 12:21 pgp-dec FILE -rwxr-xr-x 530 Apr 18 12:21 pgp-enc Host ghost.dsi.unimi.it Location: /pub/security/crypt FILE -rw-r--r-- 3012 May 15 1993 MacPGP.bugfix.README FILE -rw-r--r-- 45446 May 18 1993 MacPGP2.2.bugfix.sit.hqx FILE -rw-r--r-- 299477 May 18 1993 MacPGP2.2.sit.hqx FILE -rw-r--r-- 27882 Aug 11 1993 hint_trick_pgp00.gz FILE -rw-r--r-- 312726 Mar 20 1993 macpgp2.2.cpt.hqx FILE -rw-r--r-- 422851 Jul 3 1993 macpgp2.3.cpt.hqx FILE -rw-r--r-- 1027543 Jul 21 1993 macpgp2.3src.sea.hqx.pgp FILE -rw-r--r-- 12873 Feb 5 18:22 pgp-lang.italian.tar.gz FILE -rw-r--r-- 91281 Jan 22 12:41 pgp-lang.spanish.tar.gz FILE -rw-r--r-- 680985 Jul 22 1993 pgp23A.tar.Z FILE -rw-r--r-- 231 Jul 26 1993 pgp23A.tar.Z.sig FILE -rw-r--r-- 221332 Jul 26 1993 pgp23A.zip FILE -rw-r--r-- 300 Jul 26 1993 pgp23A.zip.sig FILE -rw-r--r-- 51241 Dec 24 19:31 pgp23ltk.zip FILE -rw-r--r-- 547178 Jul 26 1993 pgp23srcA.zip FILE -rw-r--r-- 232 Jul 26 1993 pgp23srcA.zip.sig FILE -rw-r--r-- 3709 Dec 4 15:02 pgpclient.gz FILE -rw-r--r-- 14209 Nov 29 10:46 pgpd.tar.gz FILE -rw-r--r-- 62619 Oct 27 00:00 pgpfront.zip FILE -rw-r--r-- 13689 May 10 1993 pgpmenu.zip FILE -rw-r--r-- 71064 Jan 22 11:59 pgpshe30.zip FILE -rw-r--r-- 142993 Feb 5 18:55 pgptools.zip FILE -rw-r--r-- 17798 Feb 8 1993 pgputils.zip FILE -rw-r--r-- 13825 Sep 20 1993 pgpwin11.zip FILE -r--r--r-- 1043163 Feb 15 12:54 public-keys.pgp FILE -r--r--r-- 1042460 Feb 15 05:39 public-keys.pgp.old Host isfs.kuis.kyoto-u.ac.jp Location: /BSD/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Jun 24 1993 pgp Location: /BSD/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 16 23:10 pgp Location: /ftpmail/ftp.dit.co.jp/pub/security/tools FILE -rw-rw-r-- 422851 Apr 21 21:57 macpgp2.3.cpt.hqx Location: /ftpmail/ftp.nig.ac.jp/pub/security DIRECTORY drwxrwxr-x 512 Dec 18 04:31 PGP Location: /ftpmail/ftp.nig.ac.jp/pub/security/PGP DIRECTORY drwxrwxr-x 512 May 22 1993 MacPGP FILE -rw-rw-r-- 521550 May 20 1993 pgp22src.zip FILE -rw-rw-r-- 680985 Dec 18 04:29 pgp23A.tar.Z FILE -rw-rw-r-- 231 Dec 18 04:31 pgp23A.tar.Z.sig Host theta.iis.u-tokyo.ac.jp Location: /pub1/security/docs/news.answers DIRECTORY drwxr-xr-x 512 Apr 28 17:33 pgp-faq Location: /pub1/security/tools FILE -rw-r--r-- 422851 Mar 6 01:16 macpgp2.3.cpt.hqx FILE -rw-r--r-- 451124 Oct 17 00:00 pgp23.tar.gz FILE -rw-r--r-- 680985 Feb 20 23:06 pgp23A.tar.Z FILE -rw-r--r-- 231 Feb 20 23:06 pgp23A.tar.Z.sig Location: /pub2/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -rw-r--r-- 478 Jun 24 1993 pgp Host news.cfi.waseda.ac.jp Location: /pub2/FreeBSD/FreeBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Jun 24 1993 pgp Host rena.dit.co.jp Location: /pub/security/docs/news.answers DIRECTORY drwxr-xr-x 512 Mar 1 16:53 pgp-faq Location: /pub/security/tools FILE -rw-r--r-- 422851 Mar 6 01:16 macpgp2.3.cpt.hqx FILE -rw-r--r-- 451124 Oct 17 00:00 pgp23.tar.gz FILE -rw-r--r-- 680985 Feb 20 23:06 pgp23A.tar.Z FILE -rw-r--r-- 231 Feb 20 23:06 pgp23A.tar.Z.sig Host mtecv2.mty.itesm.mx Location: /pub/Mosaic/NCSA-Mirror/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 12 03:02 pgp-dec FILE -r--r--r-- 530 Apr 12 03:02 pgp-enc Location: /pub/usenet/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:06 pgp-faq Host ftp.germany.eu.net Location: /pub/comp/atari-st/mint FILE -rw-rw-r-- 2102 Sep 21 1993 pgp23ast.zip Location: /pub/comp/atari-st/utils FILE -rw-rw-r-- 280576 Apr 20 15:42 pgp23ab.lzh FILE -rw-rw-r-- 29526 Apr 20 15:42 pgpshl06.zip Location: /pub/comp/msdos/local/utils DIRECTORY drwxr-xr-x 512 Jul 12 1993 pgp Location: /pub/comp/msdos/local/utils/pgp FILE -rw-r--r-- 449445 Jul 12 1993 pgp23.tar.gz FILE -rw-r--r-- 219951 Jul 12 1993 pgp23.zip Location: /pub/comp/msdos/mirror.garbo/crypt FILE -rw-r--r-- 209679 Mar 7 1993 pgp22.zip FILE -rw-r--r-- 62885 Oct 9 00:00 pgpfront.zip FILE -rw-r--r-- 71330 Jan 4 13:00 pgpshe30.zip Location: /pub/comp/msdos/mirror.garbo/source FILE -rw-r--r-- 521820 Mar 7 1993 pgp22src.zip Location: /pub/comp/os2/mirror.ftp-os2/2_x/diskutil FILE -rw-r--r-- 1946 Mar 16 1993 pgp22.txt Location: /pub/comp/os2/mirror.ftp-os2/all/diskutil FILE -rw-r--r-- 1946 Mar 16 1993 pgp22.txt Location: /pub/infosystems/www/ncsa/Web/Mosaic-source/Mosaic-2.4/auth FILE -rw-r--r-- 520 Apr 11 19:02 pgp-dec FILE -rw-r--r-- 530 Apr 11 19:02 pgp-enc Location: /pub/newsarchive/news.answers DIRECTORY drwxr-xr-x 512 Apr 19 04:12 pgp-faq Host mcsun.eu.net Location: /documents/faq DIRECTORY drwxrwxr-x 512 Apr 20 03:51 pgp-faq Host sol.cs.ruu.nl Location: /NEWS.ANSWERS DIRECTORY drwxrwxr-x 512 Apr 18 11:55 pgp-faq Host ugle.unit.no Location: /faq/alt.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:27 pgp-faq Location: /faq/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 07:26 pgp-faq Host csn.org Location: /fruug DIRECTORY drwxr-xr-x 512 Sep 29 1993 PGP Location: /mpj/public DIRECTORY drwxr-xr-x 512 Apr 18 15:09 pgp Location: /mpj/public/pgp FILE -rw-r--r-- 20941 Feb 22 23:07 Here.is.How.to.MacPGP! FILE -rw-r--r-- 687646 Feb 1 07:45 pgp-elm.gz FILE -rw-r--r-- 26905 Feb 22 18:03 pgp-msgs-japanese.tar.gz FILE -rw-r--r-- 88070 Nov 6 17:44 pgp23docA.zip FILE -rw-r--r-- 998 Nov 6 17:44 pgp23sigA.asc FILE -rw-r--r-- 179070 Apr 18 15:08 pgpfaq.asc FILE -rw-r--r-- 44956 Apr 18 15:08 pgpfaq01.asc FILE -rw-r--r-- 44836 Apr 18 15:08 pgpfaq02.asc FILE -rw-r--r-- 44873 Apr 18 15:08 pgpfaq03.asc FILE -rw-r--r-- 45118 Apr 18 15:08 pgpfaq04.asc FILE -rw-r--r-- 3460 Apr 18 15:08 pgpfaq05.asc Host ftp.eff.org Location: /pub/EFF/Policy/Crypto/Tools DIRECTORY drwxr-xr-x 512 Apr 20 02:58 PGP Location: /pub/EFF/Policy/Crypto/Tools/PGP FILE -rw-r--r-- 71064 Jan 13 11:57 pgpshe30.zip Host sune.stacken.kth.se Location: /disk2/OS/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 07:10 pgp Host isy.liu.se Location: /pub/misc DIRECTORY drwxr-xr-x 512 Sep 19 1993 pgp Location: /pub/misc/pgp/2.1 FILE -rw-r--r-- 536118 Jan 11 1993 pgp21.tar.Z FILE -rw-r--r-- 187758 Jan 11 1993 pgp21.zip FILE -rw-r--r-- 436302 Jan 11 1993 pgp21src.zip Location: /pub/misc/pgp/2.2 FILE -rw-r--r-- 209409 Mar 10 1993 pgp22.zip FILE -rw-r--r-- 521550 Mar 10 1993 pgp22src.zip Location: /pub/misc/pgp/2.3 FILE -rw-r--r-- 219951 Jun 17 1993 pgp23.zip Location: /pub/misc/pgp/2.3A FILE -rw-r--r-- 422851 Sep 19 1993 macpgp2.3.cpt.hqx FILE -rw-r--r-- 680985 Sep 19 1993 pgp23A.tar.Z FILE -rw-r--r-- 221332 Sep 19 1993 pgp23A.zip FILE -rw-r--r-- 998 Sep 19 1993 pgp23sigA.asc FILE -rw-r--r-- 547178 Sep 19 1993 pgp23srcA.zip Host lth.se Location: /pub/netnews/news.answers DIRECTORY drwxr-xr-x 512 Apr 18 03:44 pgp-faq Host krynn.efd.lth.se Location: /pub/security FILE -rw-r--r-- 521550 Jul 24 1993 pgp22src.zip Host leif.thep.lu.se Location: /pub/Misc FILE -rw-r--r-- 221332 Jul 23 1993 pgp23A.zip Host ftp.luth.se Location: /pub/NetBSD/NetBSD-current/src/usr.bin/file/magdir FILE -r--r--r-- 478 Dec 17 08:10 pgp Location: /pub/amiga/.1/comm/mail FILE -rw-r--r-- 137861 Jan 26 15:04 PGPMIP.lha FILE -rw-r--r-- 1878 Jan 26 15:04 PGPMIP.readme Location: /pub/amiga/util/crypt FILE -rw-r--r-- 305056 Dec 27 05:41 PGPAmi23a2_src.lha FILE -rw-r--r-- 5569 Dec 27 05:41 PGPAmi23a2_src.readme FILE -rw-r--r-- 342426 Dec 27 05:41 PGPAmi23a_2.lha FILE -rw-r--r-- 820 Dec 27 05:41 PGPAmi23a_2.readme FILE -rw-r--r-- 96585 Oct 1 00:00 PGPAmi23aplus.lha FILE -rw-r--r-- 712 Oct 1 00:00 PGPAmi23aplus.readme FILE -rw-r--r-- 576574 Sep 20 1993 PGPAmiga2_3a.lha FILE -rw-r--r-- 5221 Sep 20 1993 PGPAmiga2_3a.readme FILE -rw-r--r-- 55993 Mar 21 21:41 PGPSendMail2_0.lha FILE -rw-r--r-- 1455 Mar 21 21:41 PGPSendMail2_0.readme FILE -rw-r--r-- 118058 Apr 15 12:20 PGP_german_docs.lha FILE -rw-r--r-- 234 Apr 15 12:20 PGP_german_docs.readme FILE -rw-r--r-- 17141 Mar 1 13:23 StealthPGP1_0.lha FILE -rw-r--r-- 1198 Mar 1 13:23 StealthPGP1_0.readme Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.2/auth FILE -r--r--r-- 520 Feb 8 22:20 pgp-dec FILE -r--r--r-- 530 Feb 8 22:20 pgp-enc Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.3/auth FILE -r--r--r-- 520 Apr 8 20:38 pgp-dec FILE -r--r--r-- 530 Apr 8 20:38 pgp-enc Location: /pub/infosystems/www/ncsa/Mosaic-source/Mosaic-2.4/auth FILE -r--r--r-- 520 Apr 11 23:02 pgp-dec FILE -r--r--r-- 530 Apr 11 23:02 pgp-enc Host cs6400.mcc.ac.uk Location: /pub/src FILE -r--r--r-- 455861 Feb 22 15:38 pgp23A.tar.gz - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8 39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3 1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o 3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD /3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB 9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd 6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+ =BLg5 - -----END PGP PUBLIC KEY BLOCK----- I didn't have to generate a new key to use version 2.5, but I think keys should be changed periodically anyway to limit damages just in case a key got compromised and I didn't know about it. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi3P6L4AAAEEAM4qXLLvN7dOVuEOIMjX3AFB8HtsCeYECF428Z1dVSf8OMGr KbTjGpuy0WvkigHm0yZmfmAdS8GkLReFmwv36TbhYYvjRaTou+qFjC9um9j4UPP3 /337HTEvFC+oVtCcqLVn2Xv0tTO/KB4nfbash8tzPZWn0WUfpQ9rDjx3TioRAAUR tCJNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+tB1tcGo2IDxtcGpv aG5zb0BueXguY3MuZHUuZWR1PokAlQIFEC3P7AA/ZwY8hTPrxQEBmEoD/RJZure0 ghGjOq2qxYIgrd8xebuFEchOQZwInerWd0izjpIMmfh3zlgkgejUhEfPafwCTYg6 BMdbxjNzYwC8/rq/R4EGR6pTe7dJqhvFfvzzLZyjBarX7lw6TJ2Oyt9oFMSQbGwF /BKqc0Ymr/8EmT+JsEDnypepm41otWMyYFfSiQCVAgUQLc/rww9rDjx3TioRAQF0 igQAkRrmuAmF1QLp1gFRxqMLw+dDzAtUjFpUrpvqN8yDu/TS3Ue/GdvBECFCzbcD jA3gGviXBWfRx4w6KRVpqTSsfJt5IvcrTbYGcscIQWHPzqLiq8iu22+Ao2ImcDUB Lu+Z+Wo2Ok00DnvAnzqjXrffo6Eq2qOoGhBlFfStXUCMvbe0HU1pa2UgSm9obnNv biA8bXBqQG5ldGNvbS5jb20+tDBEb24ndCB1c2UgZm9yIGVuY3J5cHRpb24gYWZ0 ZXIgMzEgRGVjZW1iZXIgMTk5NS60I01pY2hhZWwgSm9obnNvbiA8bWlrZWpAZXhh Ynl0ZS5jb20+tDBNaWNoYWVsIFBhdWwgSm9obnNvbiA8NzEzMzEuMjMzMkBjb21w dXNlcnZlLmNvbT60KU1pY2hhZWwgUC4gSm9obnNvbiA8bS5wLmpvaG5zb25AaWVl ZS5vcmc+ =w6Cu - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-938-9654 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLdKNkD9nBjyFM+vFAQFC0wQApwvxO9KIYScX7W6+W+UVPzPBwDDWx1f7 PZLd6ltBHZmsgYFiJxEJ7KXTtAVRLwcJS4/jvmsp1fGBrsg2fo1Ej48Zu1JJb6TY W9M5heasDVeKMoSukF7I4uY0LXUbZyYWfgxlbv2gTgwD9uj3h7PwnhhI5Ou70ll1 rcfs4f4dwE8= =YRGv -----END PGP SIGNATURE----- From sinclai at ecf.toronto.edu Fri May 13 08:33:02 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Fri, 13 May 94 08:33:02 PDT Subject: Message Havens In-Reply-To: <9405130432.AA05874@flammulated.owlnet.rice.edu> Message-ID: <94May13.113250edt.13511@cannon.ecf.toronto.edu> > I'm taking it that a "gopherhole" is different than the "message > haven" I described, so maybe I missed something... A "gopherhole" and "message haven" are the same thing. We were using the term "gopherhole" because it was suggested that gopher be used as the underlying mechanism for a message haven. > but if the "gopherhole" sends out random messages (and presumably the > ones you are interested in) then the "gopherhole" will eventually be > able to figure out what messages you are interested in. And how would > it know what messages you are interested in unless you tell it... it > would then need to be able to tie your psuedonym to your real mail > address, which defeats the entire purpose of what I described. But > then, maybe the design goal of a "gopherhole" is different and I > missed it. Yes. Under this model, a message haven must be trusted. > Maybe I wasn't clear in what the "message haven" offered... I'm trying > to get away from the penet style mapping tables, persistent > information tying you and your pseudonym, and solve the "unsolicited > anonymous mail" problem. The message haven requires no trust, no > tables, no information since it just accepts message and files them, > and if you retrieve all the message, the haven can't figure out which > ones you are interested in! This flavour of message haven would not require persistent tables. A crooked operator /could/ maintain them, but unlike penet they are not required. Every time you log into a message haven, you tell it what tags you are interested in. Here the level of trust is similar to that of a regular remailer. The remailer /could/ keep logs to destroy your anonymity, but we hope it doesn't. I realize this solution is far from ideal. But as I posted before, I don't believe the numbers favour a message haven where everything is downloaded. I have this nagging feeling that there is some very elegant cryptographical way of doing this employing secret sharing, but I can't actually think of how to do it. From johnkc at well.sf.ca.us Fri May 13 08:41:13 1994 From: johnkc at well.sf.ca.us (John K Clark) Date: Fri, 13 May 94 08:41:13 PDT Subject: BOYCOTT AT&T Message-ID: <199405131541.IAA24220@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- It seems that the Government of the USA has been interfering with the free market to reward AT&T , I don't know how much AT&T's support of the Clipper Chip had to do with it but I'm sure it didn't hurt. In the May 13 New York Times: >The AT&T Corporation's winning bid for a $4 billion contract to >modernize Saudi Arabia's phone system ,WHICH HAD BEEN SUPPORTED >BY HEAVY CLINTON ADMINISTRATION LOBBYING , was hundreds of >millions of dollars higher than other bids [...] The huge-scale >deal, which was announced on Monday is the biggest >telecommunications contract in history. I think it's important for company's to realize there is also a downside for supporting Clipper. As a start ,I don't see how any self respecting Cypherpunk or Extropian could use AT&T as their personal long distance carrier . AT&T 's not the only company in bed with the government over Clipper (INTEL) but it is the most visible and the easiest to boycott, MCI and Sprint do a fine job. If 5% of the Internet users quit AT&T it would make other companies think twice before they endorse Clipper. John K Clark johnkc at well.sf.ca.us -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCzAgUBLdOeHX03wfSpid95AQEfMATw08p59yySy+t6yE87anzQF8MThp4gnHuz GXAvOYN4ibQjybLABDYgKXScMUSoBu5bxlI0PdtYIRVzc4SHEBLha7IR01I7ysqE oyIzweQuPC96BRivX0+cIVbNyZRMyegxw2DevyK9YGeHLnz12PaMgFwH5jzfapVO IXvWnkmmYbu4AuT8Ej3r1gPvKRzq4xb7oIOiOVWUpAd+bRElGcE= =rfvk -----END PGP SIGNATURE----- From hfinney at shell.portal.com Fri May 13 08:50:58 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 13 May 94 08:50:58 PDT Subject: List moderation Message-ID: <199405131551.IAA10630@jobe.shell.portal.com> Two comments: First, from his past comments, I think it very unlikely that Eric Hughes will want to see this list moderated. However, he has indicated that he would have no objection to a second list, run by someone else, which took all posts from the CP list and moderated them, filtered them, encrypted them, or whatever. So some site would be needed to run the moderated list. Second, is anyone actually willing and able to do this job? I certainly don't have time. How much delay is the moderation process likely to introduce? How available can the moderators be to handle and process incoming mail? This seems like a potentially very large time commitment by the moderators with little reward. Hal From GERSTEIN at SCSUD.CTSTATEU.EDU Fri May 13 09:10:47 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Fri, 13 May 94 09:10:47 PDT Subject: Message brokering Message-ID: <940513121015.202020c3@SCSUD.CTSTATEU.EDU> Hey Nobody- I could use some GhostMarks, so let's make a deal! Drop me a line Adam Gerstein GERSTEIN at SCSU.CTSTATEU.EDU -=-=-=- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLc0c/AT73QJlKKVlAQGV5QIAmusRN0C58o/ScjA1/V7Mq77XurUi3Ktk XZfUXkk6yLJtxtKj5kIddxMiJISfRLbNFvKkAv7LFbYDAdI0RYpnxg== =vEVx -----END PGP SIGNATURE----- From tcmay at netcom.com Fri May 13 10:17:33 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 13 May 94 10:17:33 PDT Subject: BOYCOTT AT&T In-Reply-To: <199405131541.IAA24220@well.sf.ca.us> Message-ID: <199405131714.KAA25753@netcom.com> John Clark writes: > I think it's important for company's to realize there is also a > downside for supporting Clipper. As a start ,I don't see how any > self respecting Cypherpunk or Extropian could use AT&T as their > personal long distance carrier . AT&T 's not the only company in > bed with the government over Clipper (INTEL) but it is the most ^^^^^^^ > visible and the easiest to boycott, MCI and Sprint do a fine > job. If 5% of the Internet users quit AT&T it would make other > companies think twice before they endorse Clipper. Intel in bed with the government over Clipper? While Intel may own 10-20% of VLSI Technology Inc. (VTI), it is VTI that is manufacturing the MYK-78 and related chips for Mykotronx. A year ago, I talked to the guy who hired me into Intel in 1974, Craig Barrett (who is about to take over Andy Grove's job as President), and informed him of VTI's crummy role in the Clipper deal. I suggested to him that any Intel involvement in Clipper would not help Intel's image amongst computer types. Craig was uncommunicative on this--I got the impression he had no idea what I was talking about. This doesn't mean Intel is not involved, of course, but surely the main culprits are Mykotronx, VTI, and AT&T. Intel gets enough bad press as it is not to be further tarred with the brush of Clipper. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From scheida at earlham.edu Fri May 13 10:48:11 1994 From: scheida at earlham.edu (David Scheidt) Date: Fri, 13 May 94 10:48:11 PDT Subject: Message Havens Message-ID: <0097E5E6.B70F7014.977@earlham.edu> Thus spake SINCLAIR DOUGLAS N : > klbarrus at owlnet.rice.edu (Karl Lui Barrus) writes: >> Maybe I wasn't clear in what the "message haven" offered... I'm trying >> to get away from the penet style mapping tables, persistent >> information tying you and your pseudonym, and solve the "unsolicited >> anonymous mail" problem. The message haven requires no trust, no >> tables, no information since it just accepts message and files them, >> and if you retrieve all the message, the haven can't figure out which >> ones you are interested in! >This flavour of message haven would not require persistent tables. >A crooked operator /could/ maintain them, but unlike penet they are >not required. Every time you log into a message haven, you tell it >what tags you are interested in. Here the level of trust is similar >to that of a regular remailer. The remailer /could/ keep logs to >destroy your anonymity, but we hope it doesn't. > >I realize this solution is far from ideal. But as I posted before, >I don't believe the numbers favour a message haven where everything >is downloaded. I have this nagging feeling that there is some >very elegant cryptographical way of doing this employing secret >sharing, but I can't actually think of how to do it. Couldn't each message have a short header, which is encrypted with the final recipent's public key? When you go to retrieve mail from the haven, you request the complete list of headers (or at least those that are new). If you can decrypt the header, then the message is for you. You then request that those messages, and also some random messages, be sent to you. If the sender uses one or more current-style remailers to send his/her message to the haven, it would much more difficult to work out a map of who is talking to whom. david -------------------------------------------------------------------------------- David Scheidt PGP 2.3 key by email scheida at yang.earlham.edu or finger scheida at earlham.edu "If we don't remember what we do, how will we know who we are?" -Ronald Reagan From sameer at soda.berkeley.edu Fri May 13 11:13:37 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Fri, 13 May 94 11:13:37 PDT Subject: List moderation In-Reply-To: <199405131551.IAA10630@jobe.shell.portal.com> Message-ID: <199405131811.LAA00679@infinity.hip.berkeley.edu> > > Second, is anyone actually willing and able to do this job? I certainly don't > have time. How much delay is the moderation process likely to introduce? > How available can the moderators be to handle and process incoming mail? > This seems like a potentially very large time commitment by the moderators > with little reward. > I would do it starting this summer once I get my real-net-feed running and my public access site up, probably for subscribers to my site only, though. (Hence giving people greater incentive to subscribe to my service, and giving me a benefit from doing it..) [Of course it would be trivial for any one person who's subscribed to my service to redistribute it to others-- but if that is abused and I don't get sufficient income from the activity, then I'll stop doing it.] [BTW: I'm looking at $5/month for a maildrop accessible via the POP protocol. Fully anonymous, all I need is money in advance. (Probably a 2-3 meg quota on the mailspool.. my link isn't very fast nor do I have loads of diskspace at this point) What do people think?] From nate at VIS.ColoState.EDU Fri May 13 11:20:59 1994 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Fri, 13 May 94 11:20:59 PDT Subject: email file server, remailer interface, WIRED Message-ID: <9405131820.AA10934@vangogh.VIS.ColoState.EDU> I would like to announce the completion of my email based fileserver, which takes commands in the same way the remailers do: The main commands are: :: Sends an info file about the server, with command explanations, help and other goodies. :: Of all the strange things, it sends the requested filename send filename :: Sends a list of all available files and their descriptions list I am running one at nate at vis.colostate.edu try it out. I also have a more refined remailer interface package which lets people send mail through the remailer network with a nice WWW forms interface. The scripts are available from my fileserver, send for a list to get the software. A **NON FUNCTIONAL** demo of the interface can be seen at http://monet.vis.colostate.edu/~nate/mailer.html That document also has a link about getting the software, etc. The interesting thing is that this interface will be featured in the netsurf section of the August issue of WIRED magazine! -nate -- +-----------------------------------------------------------------------+ | Nate Sammons | | Colorado State University Computer Visualization Laboratory | | Data Visualization/Interrogation, Modeling, Animation, Rendering | +-----------------------------------------------------------------------+ From hendrix at acs.bu.edu Fri May 13 11:26:29 1994 From: hendrix at acs.bu.edu (Julian Burke) Date: Fri, 13 May 94 11:26:29 PDT Subject: Moderation? Message-ID: <9405131825.AA49030@acs.bu.edu> While I understandand and can relate to much of what has been written about the problems of message volume, and general static, I can't help feeling that something would be lost if moderation were put in place. What is distressing about much of what is written in the press about the net is the attitude and viewpoint from which it is written. It is invariably a round up of the usual deviant suspects and and places an emphasis on any negative aspects of the net that can be found. This viewpoint and coverage can only bring regulation all the sooner. This list however has always seemed to represent the attitude that a little anarchy is a good thing, in opposition to so much of the coverage one sees. It has its problems, but the benefits are what keep everyone tuned in. I would prefer the occasional reminder that "Cypherpunks write code", to a censor by another name. J.Burke From dave at marvin.jta.edd.ca.gov Fri May 13 11:31:52 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto) Date: Fri, 13 May 94 11:31:52 PDT Subject: List moderation In-Reply-To: <199405131811.LAA00679@infinity.hip.berkeley.edu> Message-ID: <9405131830.AA17725@marvin.jta.edd.ca.gov> I oppose moderation. 1) It is a form of censorship. 2) It (inevitably) introduces bias. 3) If you don't like *them* (net.loon, etc.), create a kill file. Dave Otto -- dave at gershwin.jta.edd.ca.gov -- daveotto at acm.org "Pay no attention to the man behind the curtain!" [the Great Oz] From sameer at soda.berkeley.edu Fri May 13 11:35:36 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Fri, 13 May 94 11:35:36 PDT Subject: List moderation In-Reply-To: <9405131830.AA17725@marvin.jta.edd.ca.gov> Message-ID: <199405131833.LAA00917@infinity.hip.berkeley.edu> > > > I oppose moderation. 1) It is a form of censorship. 2) It (inevitably) > introduces bias. 3) If you don't like *them* (net.loon, etc.), create a > kill file. Like I said I already filter the list and generally only read the people that I know will make a post that worth my time to read. I don't propose that an moderated list is set up, but I suspect that I will probably make available a filtered (by message, not by author.. by author would be too easy) version of the list available if I find it profitable. If I suck at the job, then no one will use my filter and it will be moot. (And I'll search for other ways to make my net-service Better Than the Rest[tm]) -Sameer From lstanton at sten.lehman.com Fri May 13 11:40:31 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Fri, 13 May 94 11:40:31 PDT Subject: Moderation? In-Reply-To: <9405131825.AA49030@acs.bu.edu> Message-ID: <9405131841.AA04822@sten.lehman.com> In message <9405131825.AA49030 at acs.bu.edu>you write: > It has its problems, but the benefits are what keep everyone tuned in. > I would prefer the occasional reminder that "Cypherpunks write code", > to a censor by another name. I agree. While moderation could help the signal to noise ratio; I think that the messages not approved should still be posted, just with a standard indicator suitable for filtering by those who wish too. Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPokAVQIFEC2u0NyIwD3rAd2buQEB4ggB/R72gmWG FJACaoxKijfLZYEiyGOZI3xB6oQSOsV4D1EZ1jVn7UV0Orh4hCbm/bcJbacA5qCh UkfTwFPq1qvM4mC0J0xpbm4gSC4gU3RhbnRvbiA8bHN0YW50b25Ac2hlYXJzb24u Y29tPg== =HQq9 -----END PGP PUBLIC KEY BLOCK----- From tcmay at netcom.com Fri May 13 11:52:03 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 13 May 94 11:52:03 PDT Subject: Problem with my Mail (1000 extra lines of junk) Message-ID: <199405131851.LAA08746@netcom.com> Several people have written me to inform me that my last mail message to the list had 1000 lines of extra junk appended at the bottom: 501 macrakis at osf.org~h... 550 Host unknown (Name server: host not found) 501 macrakis at osf.org~h... 550 Host unknown (Name server: host not found) ...etc... I've informed the folks at Netcom. If _this_ message has the same extra junk, then I'll of course cease posting until the problem is fixed. Thanks, --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From dichro at tartarus.uwa.edu.au Fri May 13 11:59:00 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Fri, 13 May 94 11:59:00 PDT Subject: Message Havens In-Reply-To: <0097E5E6.B70F7014.977@earlham.edu> Message-ID: <199405131858.CAA05191@lethe.uwa.edu.au> As regards message havens... Seems to me that you should also have all of the messages to you collated into one block, have some random length padding added, and then encrypt the whole thing and send it back to you. If you have this all done automatically by the server at the haven, then you may not even need to call all of those random other messages down. That is, assuming you trust the sysadmin of that haven, which is probably not the best of ideas. Anyhow, you can do somwthing similar with anonymous remailers. Maybe someone should (or already has) written a client which will take your message, pad it with some extra gibberish, then construct all of the headers necessary (and encrypt several times along the way) to post it along a path of remailers which either the user inputs, or it randomly determines. Seems to me that if you leave the actual routing in the hands of the user, and not at the discretion of the first remailer you send it to, you gain a far more secure transmission. Of course i could be wrong... It would be nice if remailers supported padding from this end as well. ie, insert something like :: Padding: *** and this tells the remailer that, after decrypting the message (presumably it was sent to a remailer that supports encryption) it should discard whatever comes after the ***, or however it happens to be implemented. This gives yet another layer of obfuscation between me and whoever doesn't like me... * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Information wants to be free!" PGP Public key available by finger * #include From tcmay at netcom.com Fri May 13 12:41:31 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 13 May 94 12:41:31 PDT Subject: (fwd) Re: The Implications of Strong Cryptography Message-ID: <199405131940.MAA14711@netcom.com> Here's a message I wrote to talk.politics.crypto, etc., detailing more on "anarchy" (as it relates to crypto anarchy). This may not be "code," but it relates to the implications of strong crypto. Detweiler has been very active in this group, making his usual denunciations and even confirming that tmp = Detweiler (as if there was any doubt). You have been forewarned. --Tim Newsgroups: alt.security.pgp,talk.politics.crypto,alt.politics.datahighway,comp.org.eff.talk From: tcmay at netcom.com (Timothy C. May) Subject: Re: The Implications of Strong Cryptography Message-ID: Date: Fri, 13 May 1994 19:29:40 GMT Russell Nelson (nelson at crynwr.crynwr.com) wrote: : In article tcmay at netcom.com (Timothy C. May) writes: : The combination of world-spanning networks (already here) and strong : cryptography (also here) will change a lot of things. Consulting is : changing, taxation is changing (though the dinosaur's brains hasn't : gotten the signal in all fullness yet), markets will change, and even : espionage will change. The implications are pretty amazing. : Exciting, but scary. Whenever big changes happen in society, people : get scared, hurt and desperate. And when that happens, you get : Hitlers created. Read Toffler's War and Anti-War for a more : pessimistic outlook on things. All the more reason to spread the tools and methods that decentralize power, that effectively reduce the role of nations. I routinely interact with, in speech and in other transactions, people from around the world. They are my true neighbors in cyberspace, not the folks who live across the street from me. Strong crypto is not needed for all aspects of this situation, of course. But strong crypto ensures that central governments cannot easily limit these world-ranging contacts and cannot restrict the nature and number of these transactions. By the way, lest there be any confusion about the term "anarchy," it is not a synonym for everyobody killing everybody else, etc. Rather, the term has a well-established meaning: "no head," as in no "arch" running things. The books we read, the movies we see, etc., are "anarchic" in nature. It doesn't mean we can see any movies we wish, without regard to whether someone has produced them or not, or whether we can pay to get it, and so forth. It means there is not "authority" that decides who gets to see which movies. (Yes, MPAA ratings, obscenity laws...minor deviations, no pun intended.) Our networks of friends are essentially run anarchically. We deal with some people, avoid others, all without "laws." (Yes, laws come into play if we kill our friends, cheat them in business deals, etc. This doesn't change the essential fact that our relationships are handled without guidance from a ruler, a honcho, an "arch.") Many other such example abound. In fact, when I explain what anarcho-capitalism is (a term of art in libertarian circles), and how anarchy means running your own life--with market and other consequences your actions--most people realize that anarchy is actually the norm, that the State has actually minimal involvement (fortunately) in day-to-day decisions. As others have noted, libertarian ideas--shared by many folks, not just "Libertarians"--do not mean a world of houses burning down because fire departments don't exist, and other such ludicrous examples. Imagine a world in which food distribution was handled the way fire and education is now handled (and this has not always so in the U.S.). One would pay taxes, and get officially-approved food at People's Food Distribution Center #5233. What could be more normal? Now imagine someone proposing that food distribution be privatised, that folks ought to pay for what they eat, make their own choices on diet, and choose who to do business with. What a radical idea. Wouldn't everybody starve? Wouldn't this be anarchy? Yes, food distribution in the U.S. today is essentially anarchic. Ironically, my leftist hippie friends (I live near Santa Cruz, one of thee last remaining Meccas for them) understand this point very well: they cherish the ability to grow food up in the mountains and then sell it for whatever price they can get at the weekly Farmer's Market. (They think Safeway is a corporate monopolist, depite heavy competition in the grocery business, but that's another story.) Anarchy is about freedom and choice. It's really the norm, and not nearly as bad as it sounds. I'd say give it a try, but the fact is that you're practicing it right now. Think about it. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From lile at netcom.com Fri May 13 12:52:29 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 13 May 94 12:52:29 PDT Subject: c meeting... Message-ID: <199405131952.MAA27414@netcom.com> What time does the next meeting start? Noon? or !pm? thanks, -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From talon57 at well.sf.ca.us Fri May 13 13:00:20 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Fri, 13 May 94 13:00:20 PDT Subject: 1000 extra lines.... Message-ID: <199405132000.NAA28029@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- Tim May say's, >Several people have written me to inform me that my last mail >message to the list had 1000 lines of extra junk appended at the >bottom: >501 macrakis at osf.org~h... 550 Host unknown (Name server: host not >found) >501 macrakis at osf.org~h... 550 Host unknown (Name server: host not >found) >...etc... >I've informed the folks at Netcom. If _this_ message has the same >extra junk, then I'll of course cease posting until the problem is >fixed. >Thanks, >--Tim For a minute I thought you'd gotten hold of a bad Hypercard....Snow Crash anyone? Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdPbTNCcBnAsu2t1AQHioAP8DHbClMRSkVFxKJcZHLugPu9yfxMno3TM t0nxN1V3TrUAqWcUl+M5EiqH7MiLzC/UzEJjBPcCjg+AnlVvDRw/WdBKCxuOArd5 U5j+i9x6CpnIx1jHzEX2105nxC9AIvn8W9vaX6usDLWXw5foeCBfYl7bE6EdLeDR Bp1VcQc4OzA= =BNqE -----END PGP SIGNATURE----- .\ From cdodhner at indirect.com Fri May 13 13:09:40 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Fri, 13 May 94 13:09:40 PDT Subject: Message Havens, gopherholes In-Reply-To: <9405130448.AA06385@flammulated.owlnet.rice.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Ok, here's my vision: Set up an ftp archive site. Assign it a pgp key pair. Set up one of those ftp-by-mail programs. To send a message to someone, you give it a random name, asciify it, and use a chain of anonymous remailers to deposit it on the ftp site (some crypto-dollars may be required at this point). Included with the main file is a file with the same name but a .txt extension, containing some info that will identify it to the reciever (could be the key id# that it's encrypted to, or something like "the chicken turns grey at dawn" or whatever). When you want to check for messages, you string a message through a few remailers and ftp (it would accept encrypted reply blocks) *.txt back to you... then just grep them to determine the target file and repeat the retreval process... Hmmm.. ok I just realized that this defeats the whole point of the message haven thing, as it also could be used for harrassment... oh well, maybe there'll be a use for it anyway.. but I cant think of it now... damn. Hmm how 'bout this then: just take a message pool like pool-0 or whatever, and set it up so that when it receives a message it throws it onto an ftp site, with a separate file for each day's mail. That way you could ftp once per day and get all the messages at once, and it wouldn't clutter up your mailbox. Sender untraceability due to remailers. Receiver untraceability due to getting all messages. Lack of harrasement potential (can't force someone to ftp something). And resistance to mailbombing attacks with the implimentation of digital postage and storage fees. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner @ indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 - ------------------------------------------------------------------------------ PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger revolution H.E.A.T. warheads porno kiddiesex export import customs deviant bribe corrupt White House senator congressman president Clinton Gore bootleg assasinate target ransom secret bluprints prototype microfilm agents mole mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges kuwait saddam leader death-threat overlords police hitler furer karl marx mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat explosives el salvador m-16 columbia cartel -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdM8g+Kc9MdneB1xAQFaigP/U0BEsElcDfn54B7vgSzsDCvBL/c1cl4t CRbM5YMxVuUDt+eXt09fxDwy93XFJN6eWHNTZvlVgPX36WRrAxZ9EL6hmk4KanfW LqhSo/4B0jFY3I5XFK1JiSWfiI6iu974HHrecVUvK3fjODkNxzse/cdBvAhCtZx9 Bp0TBXlJc7I= =y4YS -----END PGP SIGNATURE----- From nobody at shell.portal.com Fri May 13 13:30:05 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 13 May 94 13:30:05 PDT Subject: Mail to ftp? Message-ID: <199405132031.NAA01771@jobe.shell.portal.com> Is there any way to get a new crypto application up for widespread ftp access while remaining anonymous? Something like a mail to ftp gateway that would do a "put"? Or is there someone here willing to receive an anonymous crypto package and put it up for ftp at the CP site? Thnx. From sinclai at ecf.toronto.edu Fri May 13 14:19:35 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Fri, 13 May 94 14:19:35 PDT Subject: Message Havens In-Reply-To: <199405131858.CAA05191@lethe.uwa.edu.au> Message-ID: <94May13.171923edt.13595@cannon.ecf.toronto.edu> > Seems to me that you should also have all of the messages to you > collated into one block, have some random length padding added, and then > encrypt the whole thing and send it back to you. If you have this all > done automatically by the server at the haven, then you may not even need > to call all of those random other messages down. That is, assuming you > trust the sysadmin of that haven, which is probably not the best of ideas. The only problem I see here is that it requires the message haven know your public key. All sorts of man-in-the-middle attacks become possible here. I don't know that I'd trust a machine to do an intellegent web-of-trust; it can't actually meet people at a conference and swap cards. From lile at netcom.com Fri May 13 15:16:41 1994 From: lile at netcom.com (Lile Elam) Date: Fri, 13 May 94 15:16:41 PDT Subject: PGP 2.5 info... Message-ID: <199405132216.PAA16916@netcom.com> I got this from the WWW. -lile Date: Fri, 13 May 1994 15:09:37 +0800 X-Url: http://web.mit.edu/network/pgp.html MIT PGP Release Beta Test Release of PGP version 2.5 May 9, 1994 The Massachusetts Institute of Technology announces the distribution of PGP version 2.5, incorporating the RSAREF 2.0 cryptographic toolkit under license from RSA Data Security, Inc., dated March 16, 1994. In accordance with the terms and limitations of the RSAREF 2.0 license of March 16, 1994, this version of PGP may be used for non-commercial purposes only. PGP 2.5 strictly conforms to the conditions of the RSAREF 2.0 license of March 16, 1994. As permitted under its RSAREF license, MIT's distribution of PGP 2.5 includes an accompanying distribution of the March 16, 1994 release of RSAREF 2.0. Users of PGP 2.5 are directed to consult the RSAREF 2.0 license included with the distribution to understand their obligations under that license. This distribution of PGP 2.5, available in source code form, is available only to users within the United States of America. Use of PGP 2.5 (and the included RSAREF 2.0) may be subject to export control. Questions concerning possible export restrictions on PGP 2.5 (and RSAREF 2.0) should be directed to the U.S. State Department's Office of Defense Trade Controls. Users in the United States of America can obtain information via FTP from net-dist.mit.edu in the directory /pub/PGP. *** Beta Release Note -- May 7, 1994 *** Today's release of PGP 2.5 is a beta test release, designed to permit users to familiarize themselves with the program and to give us feedback before we make the final release. This version of PGP2.5 has been tested on the following platforms: MSDOS, Sun381i, Solaris 2.X, Ultrix 4.X, Linux, RS6000, HP/UX Over the next few days, we will be testing PGP2.5 on a variety of other systems and collecting bug reports from this release. Please send bug reports to pgp-bugs at mit.edu. If you obtain a copy of this beta release code, please keep checking http://web.mit.edu for the announcement of the final release, so that you can update your copy of PGP2.5. We expect the final release to occur within a week. *** To Get PGP2.5: The directory where PGP2.5 is located is hidden. To get it you need to telnet to "net-dist.mit.edu" and login as getpgp. You will be asked to confirm that you will abide by the terms and conditions of the 3/16/94 RSAREF 2.0 license. The license is in the file "license.txt" in /pub/PGP on net-dist.mit.edu you can see it now by clicking here. From matsb at sos.sll.se Fri May 13 15:56:40 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Fri, 13 May 94 15:56:40 PDT Subject: The Implications of Strong Cryptography In-Reply-To: <199405131940.MAA14711@netcom.com> Message-ID: On 13 May Timothy C. May wrote: > By the way, lest there be any confusion about the term "anarchy," it > is not a synonym for everyobody killing everybody else, etc. Rather, > the term has a well-established meaning: "no head," as in no "arch" > running things. A 100+ years ago the anarchists (Kropotkin et al) were ousted from the mainstream socialist movement (Marx et al) mainly because they opposed strong government. Some years later came a decade of freak murders of several heads of state and other prominent persons by disillusioned anarchists. The image of anarchist = mad assassin has stayed in public mind ever since and will most probably not change in the near future. The original anarchists (tm) strongly denounced not only capitalism but private ownership of everything but your most intimate belongings (and perhaps your house, this was discussed a lot). There are still (dis)organized remnants of the traditional anarchistic movement around, at least in Europe. All this makes the term anarcho-capitalism rather difficult to interpret. Crypto-anarchy, if not more of a joke, might share a similar fate and forever associate to mad/criminal hacking instead of liberty by cipher. > Anarchy is about freedom and choice. It's really the norm, and not > nearly as bad as it sounds. I'd say give it a try, but the fact is > that you're practicing it right now. Think about it. This is true for a literal interpretation of the word, freed of recent historical ballast. Or perhaps my knowledge of the English language is failing me. There might be a big difference between anarchy and anarchism. Anyway, in spite of interpretational difficulties, I welcome the rebirth of anarchism, the political passion of my youth, through strong crypto. //mb From klbarrus at owlnet.rice.edu Fri May 13 17:13:39 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 13 May 94 17:13:39 PDT Subject: Message Havens (fwd) Message-ID: <9405140013.AA07432@flammulated.owlnet.rice.edu> [Douglas asked me to forward this to the list] > I disagree. The only resource that will be hit is the message haven > (unlike say every computer in the world that carries the certain > usenet group you have chosen to use as a communications vehicle). > Geez, think of like a place that offers anonymous ftp. It's resources > are hit, but I don't buy the "massive load on net.resources". You think so? Hm. I'm just pulling numbers out of the air here, but... Let's say the cypherpunk dream is realized, and everyone on the net uses anonymous mail through a message haven. I believe there are 20 000 000 InterNet users right now. Lets say each person sends one piece of mail every day, and also checks the message haven each day. Each day there are twenty million new messages on the message haven. These are downloaded by twenty million people each day. That's 400 trillion messages that the message haven must send each day. Let's say the average size of a message is 1Kb. This gives a total of 3 Petabits a day. At 86400 seconds in a day, this requires a bandwidth of 30 Terabits/second. This is, of course, far beyond practicality. I'm allso being a little silly here, assuming there is only one message haven for the world. With distributed havens the load on each haven decreases. However, the load on each recieving terminal is the same. Each terminal must process 20 Gigabytes of mail to look for messages to the user. Maybe that'll be practical in a few years, but then again in a few years there will be more internet users. > This scheme is precisely what I described earlier! The two users > agree on what to name/tag the file, and that's how they get messages > to each other. The problem is Bob can't just retreive that one file > (if he is concerned about traffic analysis), so he can get them all so > a watcher learns nothing. You have suggested downloading a smaller > portion of the available message base instead of the whole thing. I'm sorry, I must not have read your post carefully enough. I understood there to be no tag outside the encryption wrapper. I thought you were implying attempting decryption of every post on the haven until one worked. My appologies. From klbarrus at owlnet.rice.edu Fri May 13 17:20:11 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 13 May 94 17:20:11 PDT Subject: Message Havens Message-ID: <9405140019.AA07570@flammulated.owlnet.rice.edu> > Let's say the cypherpunk dream is realized, and everyone on the net > uses anonymous mail through a message haven. I believe there are Well, if the cypherpunks "dream" is realized then there won't be a need for message havens since anonymous mail will be accepted net-wide. People wouldn't go after anonymous remailer operators because somebody harrassed another person. But back to the problem at hand... Your analysis is interesting, but so far fetched I'm not going to worry about it. I mean, yes, if the 5 billion people of earth decide to do this, or decide to call each other, or decide to send each other snail mail, everything will collapse. Considering this as a worst case, in my opinion, is a waste for right now, and will deter useful work before it even starts. Planning for this is about as useful as worrying about all 20 million net users will access the same Mosaic page, the same gopher site, the same ftp site, etc. I just don't expect traffic to be that heavy. And I base it on personal experience from running anonymous remailers. Plus, it is ONLY necessary to retreive all messages if you don't want it know who you are communicating with. If you don't care if it is known you communicate with some psuedonym, then you don't have to get all the messages. The primary goal is to not mail messages out since that is where most the complaints against anonymous remailers lie. -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From unicorn at access.digex.net Fri May 13 17:41:26 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 13 May 94 17:41:26 PDT Subject: MacPGP interface project Message-ID: <199405140041.AA08839@access1.digex.net> 1) Get source code for MacPGP2.3aV1.1 and alter it to accept the Clipboard as an input/output option, which it already can do, if operated manually. Till then we will spool the Clipboard to disk and have MacPGP2.3aV1.1 act only on files. MacPGP2.3aV1.1 was recently released in Germany, and will act as our temporary model crypto engine. <- This has proved a serious set back. I would design around MacPGP2.3 v.1.0.5 (or whatever) The V1.1 source code doesn't look like it will be around real soon. Cut your losses, and work on v1.0.5 -uni- (Dark) From Richard.Johnson at Colorado.EDU Fri May 13 17:50:29 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Fri, 13 May 94 17:50:29 PDT Subject: MacPGP interface project In-Reply-To: Message-ID: <199405140050.SAA04192@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- From the keyboard of: Black Unicorn > I would design around MacPGP2.3 v.1.0.5 (or whatever) > The V1.1 source code doesn't look like it will be around real soon. Can someone fill the rest of us in on the true story behind this? Why is the (copylefted) source code to 2.3a V1.1 not available? I figure there must be a reason, but I'm all out of guesses. Richard -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLdQuHPobez3wRbTBAQHqOwQAm56N4SKwIA4Rnjr207g/w5wcA99/u7AB yAEzBicn1lHd7uFFL8WvAEMBF0tNwBBPZENtlQ/3ql3rwCien0gLbFwJD0/j/qUC sntCha/7qvbDj5WXnOLICDzZBtS+gw6zno1oE2ne0wbEfW6u95ttzNEmh/Xxeche soYjfahyZ+I= =ybK+ -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Fri May 13 18:17:01 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 13 May 94 18:17:01 PDT Subject: Message Haven explanation Message-ID: <9405140116.AA09715@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Hm... after reading various replies about the message haven I described, I've concluded my original explanation was terrible and confusing ;) Background: I've noticed that about the only opposition voiced to anonymous mail is the fact somebody can harrass another user (however, they can also be used to forward Clarinet posts, for example). Also, systems such as Julf's, convenient as it is, require tables which map psuedonym to true identity. The message haven is my idea of how to get around these two problems. (I'm not saying Julf is untrustworthy or something, this is just an idea to try out!) The way I see it working is you would create a message containing what you want to say, what to name the next reply, and anything else... perhaps a new public key to encrypt the reply with. You encrypt this message with the public key for whoever you want to communicate with, and send it to the haven with instuctions to file it under a name you specify. Your partner would browse the message haven, and retreive the message. He would frame a response, include what to name the next reply, maybe include another key, etc., encrypt his message with your public key, and send it back to be filed under the name you specified. The very first message to a person would have to be titled something obvious to them (i.e. "To Pr0duct Cypher", "To Deadbeat", "To Wonderer", "To L. Detweiler" or whoever), unless you can pre-arrange this. So far, the haven just accepts messages and files them. Maybe it could take a digital cash payment to file in an area where the message will be available for longer. The haven doesn't even have a public key (unless it runs a bank and has a public key for the bank portion). Now, if the message haven keeps logs of what messages you read, it will be able to figure out who you are communicating with. One possibility is to take all the message, so even if the haven fully logs, it will derive no information. This is only if you actually care that the haven can figure out who you are communicating with. If not, just grab the messages for you. Some people are suggesting retrieving a subset of the messages. Yes, this will work, but only if you take the same subset all the time. For example, you take your messages and message addressed to users A, B, C, and yourself. (There would be a complication if all the other users changed public keys simultaneously). If you don't take the same subset all the time (say you retrieve A, B, C, and yourself once, and then X, Y, Z, and yourself another time. It should be pretty clear who you are!), you expose your identity. Also, you would need to take all the messages of the other users (say A, B, C, and you have 5 messages each. You take all of yours, and just 1 from each of the others. Again, it should be pretty obvious who you are). Maybe the easiest thing to do is simply use a brand new public key every time, then you can take random messages. Indeed, you could even fool the haven into thinking you are communicating with someone else by always retrieving their messages, if you use a new public key each time. Some schemes have been suggested in which you tell the haven what messages you want. It would send them along with some random ones. I don't like this idea since it requires the haven to be able to connect your pseudonym with your true identity, and it's more complicated, as far as the haven goes, and as far as you (if you want to use a new key). And if you are already telling the haven your identity, you may as well just browse it and retrieve the messages intended for you. So, hopefully that is a bit clearer. Comments are welcome! Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdQmYIOA7OpLWtYzAQHIdwP9FHCtdL0XHhGCrLgVoFNNNdiSH8IGvlyO wZq8vvbYtW34uRrEs0nYDchVpEtDpMgrSQdfSFaKrNjg5mdfbqWh9qEeMv1NM91p jtqhYfUHqP1RE/CegET3tunI1h6fqfz91cMIpPc4hGM69OSJZecw8rumwKyxNwC8 cCBBDrb1iMk= =H9K8 -----END PGP SIGNATURE----- From merriman at metronet.com Fri May 13 19:02:18 1994 From: merriman at metronet.com (David Merriman) Date: Fri, 13 May 94 19:02:18 PDT Subject: PGP 2.5 & Remailers Message-ID: <199405140202.AA02751@metronet.com> I was just wondering if there was going to be any hacking done to the anon remailers to allow PGP 2.5 usage, as well as PGP 2.3. If so, how would the headers change (if any), other than the obvious version numbers? Can we expect to see anouncements by various remailers advising as to whether they'll be supporting v2.5? Dave Merriman -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi12VeYAAAEEAOqndSk+w1iAtW1nJDtdajTZEZEOuMjeKoFbXWuMK8H93Ckx Ba6c0Z8+STXtscP2WWKwRUVcrM0iZa2X4/7Z/Brl31aaA4DT6AVoxet3CLY0JUfi FciusBFCfPB6wfDdwABLZAzTd49YDyWI/Fq0MlNJ3JAeTFwhPeJ9eOnzcfP1AAUR tCVEYXZlIE1lcnJpbWFuIDxtZXJyaW1hbkBtZXRyb25ldC5jb20+iQCVAgUQLZxj 0Jmg14VGv4TFAQFNsQP+JdRjafESlDYmLvgmQqxZUE90lct/EIy5C8sIDT7vFt1f FI5PLtFg1xlxl8thrBjfff9GYKOt2WSw6Uw144OCNnIw5l93QR3ueSXWmHqowJ6c Hp8batrO/X3InNj6IDx6bolZzv6+lBz2XimE2SvYXCdU+7OA4CYxMQ6nfPwErdWJ AJUCBRAtdkQq4n146fNx8/UBAaN9BACQu9ILO57cRojTLc22LdDkFeOcmzQ/mvBm oJJaTRRXXm6t7G3a48uNVDuI36d2dcARTE1hYnu+6JFCqUsfLElQu/3NjFeVdHsu ygziv9pYb9vifzcyBuW6IUxiEkHnixIuTxNtOajscw6eJ29hv/o211gjRd3gAb2d RrmWxWkJtg== =8RGj -----END PGP PUBLIC KEY BLOCK----- From anonymous at extropia.wimsey.com Fri May 13 19:24:36 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Fri, 13 May 94 19:24:36 PDT Subject: rec.guns Cross-Post Message-ID: <199405140205.AA06909@xtropia> [Cross-posted from rec.guns regarding the banning of remailered posts] + Date: 11 May 94 14:32:13 + From: john.nieder at tigerteam.org (John Nieder) + To: gun-control at cs.umd.edu [rec.guns] + Subj: [ANON]: Yes or Goodbye! ========================================================= "The Federalist Papers were anonymous posts." -- Anon. ========================================================= I'm so angry I can barely enter this... This question of anon posts is currently the subject of conflict in numerous RTKBA net-venues, and I am sorry to see it come up here. As someone who has carefully followed the encryption/net-privacy/anonymity movement for the past three years, I feel that I am qualified to comment on the issue. To get to the point, _there are no logical arguments against anon posts_. ALL the arguments against them I have heard boil down to one of two roots: <1> Technical ignorance. <2> An adolescent prejudice that anon posting isn't macho. That's _it_. I can't dignify them further. To elaborate: "Real" Names and accounts aren't. Fictitious and virtually untraceable "real" accounts and net identities are trivially generated, particularly with the increasing number of other commercial nets and computer Bulletin Board Systems linked to Internet. Anyone can produce a "good" account in about as much time as it took me to write this. If anyone is bent on making trouble on this or any other group, there is no practical barrier to their efforts, least of all by the banning of remailed posts. Generating new "real" accounts is often easier than using remailers. At least a message from a remailer _says_ it's an anonymous post, and the reader may killfile that From: field if he has an anti-anon bias. "Accountability" is generally illusory anyway, as anyone knows who has tried to silence the many legendary Net Nuisances who have abused Internet to an extent beyond that which we are likely to encounter in rec.guns. If troublemakers want to post mischief, even under their own names, there is very little that can be done about it. If you doubt this, consider the infamous Prodigy "Vito" case. They'll be back. In short, if you think a "real accounts only" policy is any protection against _anything_, you're just dreaming, plain and simple. Further, _remailers provide needed non-anonymizing functions for some users_. Though the parochial Internet mindset assumes that all users are on complex institutional Unix systems, this is simply no longer true; many users are on private home computers, linked through a wide variety of host systems, each with its own limitations. For example: In posting this message, I am limited by the (non-configurable) host software to headers containing only To:, From: and Subject: fields. It is impossible for me to Cc: a netmail reply to a post's author, or include Reference:, Comment:, Reply-To: or any other header field. This is frustrating, but by using some remailers for my reply, I may include these and other standard header fields for enhanced function. I do not use the remailer to anonymize, but merely to post more efficiently - I will include a Reply-To: field with my name in it as well as my sig. Currently, such posts are rejected from rec.guns. There are many other secondary functions for remailers. Use your own imagination. <"Duhhhh...but I betcha _John Wayne_ wouldn't use a remailer!"> A competent explanation of "anonymized digital reputation" as concept is beyond the purview of rec.guns, but I will refer those interested in it to the cypherpunks at toad.com mailing list. Put on your thinking cap, though, as the list principals are smart boys who'll leave you in the dust if you can't keep up. Anyone who wishes a better understanding of the purpose of the anonymity movement should monitor the list for a while. But so what? _Ultimately, all posts stand or fall on their internal merits, no matter what name - if any - is on them_. Ego and identity is utterly irrelevant, or should be. In these anon-post arguments over the past few years, I have noticed those who most oppose anon posts are consistently the same persons who habitually engage in flamewars, ego battles and rants. This cannot be a coincidence. As I have already demonstrated above, remailed posts pose no "threat" to anything beyond what is already present from falsely generated "real" accounts, but the urge to personalize and invest ego (however illusorily) in posts dies hard. The anonymous post has a long and noble history; it says, "Here is a thought - consider it on it's merits, irrespective of how 'important' or obscure its author is." Further, there are legitimate reasons for wishing anonymity in any case. There are many persons whose situations are such that participation in politically-sensitive newsgroups and lists is unwise. On ca-firearms, there was an anonymous poster who was a policeman in a highly politicized, anti-gun PD. His participation on an activist RTKBA list would jeopardize his job (remember Leroy Pyle). Would anyone braying on here about the un-machoness of anon posting wish to support his family when he gets fired because of "manly" non-anon policy preferences? I thought not...funny how that works. "Caution is not cowardice and carelessness is not courage." There is no upside to being personally conspicuous in dangerous political waters. If you want to stick your neck out for no good reason, go right ahead, but don't impose that pointless risk on everyone else just because you don't know any better. < MAKE ENEMIES FAST! > Though the political and civil rights issues at stake in the privacy movement have probably never seriously crossed the minds of 95% of the participants here, they exist nonetheless, and are remarkably related to the RTKBA battle. _There are no more important natural allies to the RTKBA movement on Internet than the computer privacy advocates_. There is substantial overlap in these groups, and the ill-informed banning of remailer use in RTKBA net forums is stupidly antagonistic and insulting to the best friends we have...and right now, we need all the friends we can get, especially ones who are experienced and organized activists in their own right. Such anon codewriters and advocates as Tim May and most other principal encryption/anti-Clipper/remailer activists are vehemently pro-RTKBA, and make their support known at every opportunity. I find it embarrassing that "well-meaning" but ignorant RTKBA list and newsgroup maintainers such as "Magnum" and Jeff Chan have directly insulted them so grievously, without a second's thought or serious consideration. < "It's _my_ list! If you don't like it LEAVE!" > I intend to. I believe in the RTBKA because I dislike folks who compulsively want to dominate others by force of authority and who wish to ban everything they can't understand, or fear because they can't control. The anti-gunners and the anti-privacy people are the _same_. Usually, they are actually the same people (check voting records in Congress), but in any case exhibit identical mindsets. When another user left ca-firearms at shell.portal.com in protest of the anti-anon policy, imposed there not because of any problems caused by anon posts but rather "on principle," he received netmail from two anti-anon users which he forwarded to me when I left the list. Neither one had the least idea of the actual issues and technical considerations enumerated in this message, which was not a surprise. What I found truly sickening was that one idiot went on for his entire post about how a list had to be a "benevolent dictatorship," (oxymoron unnoted) and that anon posts somehow threatened the "order" of the list, and that anon posters were ungrateful and soforth. It was nothing more than a catalogue of irrational bullyings by a control-addict. I do not want to align myself with people like that. Sorry. If anon posts are forbidden on rec.guns - or ca-firearms, or anywhere else - I'm leaving and encourage others to do likewise. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| From tcmay at netcom.com Fri May 13 19:40:18 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 13 May 94 19:40:18 PDT Subject: Raids in Europe...be careful! Message-ID: <199405140240.TAA11068@netcom.com> Here's a report, dated today, that indicates the recent "software piracy" issue (MIT/La Macchia, other sites) may be being used to launch raids. Apparently this guy, in Italy, did not (his claim) have any pirated software on his machine(s), but it was seized by the Italian feds. Other sites, too, I gather. This is only a SPECULATION here: With the Clipper program foundering, and reaction very negative, and government official wringing their hands at their inability to get a handle on things (control), there may be alternate strategies put into play. A crackdown on pirated material could be one avenue. Net porn could be another. And should there be some highly visible case involving encryption, bombers, child porn, terrorists, whatever, action could be swift. Briefly, let me urge you all to carefully think about this. Blatantly illegal material on your systems could play into their hands. No, I don't mean "free speech" issues...attacking _that_ would be a difficult task. I mean pirated software in a location accessible to the outside world, pornographic GIFs or whatever similarly accessible, and so forth. (Someone recently asked if ftp sites could be anonymously loaded (put) with items...this is worrisome, though I'm certainly not accusing that anonymous person of any ill intent. Just with the climate and all...) I'm not playing net.cop. I just think Cypherpunks have enough interesting--and ultimately very important--things to think about without getting caught up in a criminal prosecution of software piracy, child pornography, or the like. Just my personal view, you understand. I hope my concern is premature (I have no doubt that sooner or later there will come a time of collision between Our Side and Their Side, and that we will have to stand against Randall Flagg, DIRNSA). Here's the Italian case: From: zbig at junior.wariat.org (Zbigniew J. Tyrlik) Newsgroups: alt.bbs.unixbbs,alt.bbs.unixbbs.uniboard,comp.org.eff.talk,comp.bbs.misc Subject: Bad news from iItaly Followup-To: alt.bbs.unixbbs Date: 13 May 1994 07:26:13 -0400 Organization: Akademia Pana Kleksa, Public Access Uni* Site Message-ID: <2qvo4l$b5k at junior.wariat.org> Reply-To: staff at ita.it Just received this message from Italy. Anyone know what is going wrong with te world ??? >>> included message: >From ita.it!staff Fri May 13 05:32:27 1994 Return-Path: Received: from relay.iunet.it by wariat.org with smtp(/\==/\ Smail3.1.28.1 #28 .5) id ; Fri, 13 May 94 05:32 EDT for "|/usr/local/bin/filter -o /usr/zbig/.elm/f ilter_error" Received: from ita.UUCP by relay.iunet.it with UUCP id AA02606 (5.65c8/IDA-1.4.4 for zbig at wariat.org); Fri, 13 May 1994 11:36:32 +0200 Received: by ita.it (5.65/ita-mail-drop) id AA09891; Fri, 13 May 94 11:23:03 +0200 From: staff at ita.it (Riccardo Pizzi) Message-Id: <9405130923.AA09891 at ita.it> Subject: Busted!! To: zbig at wariat.org Date: Fri, 13 May 94 11:23:02 EET X-Mailer: ELM [version 2.3 PL11] Status: RO Hi Zbig, things are getting really bad here... On Wednesday, 11th of May, at 3:30 pm, the italian Feds came into my house while I was out of town for a consulting business. They went into my bedroom and seized all my equipment, diskettes, tapes. This action was part of a nationwide raid against software piracy that hit some other 40+ FIDONET sites (yes, they seem to have used a Fido nodelist to find out about sites to investigate). Needless to say, I didn't even had DOS on my disk drives, let alone any copyrighted software. Anyway, they have now all my work of the latest 5 (five) years, including all backup copies of UniBoard and related stuff.. and I don't know if I will be ever able to have all my stuff back. I have also lost my nervous.com email address, but I can be reached here as ; I will try to keep you informed about this (very bad) story. Please, forward this to the alt.bbs.* groups, since I do not have news access here, and am also missing all the email addresses of my customers and friends.. Wish me luck, Rick _\\|//_ ( 0-0 ) -------------------------------o00--(_)--00o------------------------------------ Riccardo Pizzi, SysAdmin Tel: +39 71 204046 I.T.A. Informatica e Fax: +39 71 2073033 Tecnologie Avanzate s.r.l. E-Mail: staff at ita.it -------------------------------------------------------------------------------- From sameer at soda.berkeley.edu Fri May 13 20:09:27 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Fri, 13 May 94 20:09:27 PDT Subject: PGP 2.5 on ftp.csua.berkeley.edu Message-ID: <199405140307.UAA00671@infinity.hip.berkeley.edu> PGP 2.5 is now available at ftp://ftp.csua.berkeley.edu/pub/cypherpunks/pgp/pgp25 -Sameer From GERSTEIN at SCSUD.CTSTATEU.EDU Fri May 13 22:30:26 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (ADAM GERSTEIN, _THE_ MACGURU) Date: Fri, 13 May 94 22:30:26 PDT Subject: IGNORE-NEON Message-ID: <940514013002.20203342@SCSUD.CTSTATEU.EDU> Neon- Here's my pgp key, and I will send the files to the appropriate people. Adam P.S.- What's the best way to contact you? the Alt.? newsgroup you mentioned? -=-=-=-=-=-=- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLc0c/AT73QJlKKVlAQGV5QIAmusRN0C58o/ScjA1/V7Mq77XurUi3Ktk XZfUXkk6yLJtxtKj5kIddxMiJISfRLbNFvKkAv7LFbYDAdI0RYpnxg== =vEVx -----END PGP SIGNATURE----- -=-=-=-=-=- God's last message to his creation: "We apologize for the inconvenience" -D. Adams From sinclai at ecf.toronto.edu Fri May 13 23:54:48 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Fri, 13 May 94 23:54:48 PDT Subject: Penet spoofing Message-ID: <94May14.024854edt.187@cannon.ecf.toronto.edu> Forwarded message: > From anon.penet.fi!daemon Fri May 13 18:40:07 1994 > Date: Fri, 13 May 1994 18:33:08 -0400 > From: daemon at anon.penet.fi (System Daemon) > Message-Id: <9405132233.AA21224 at anon.penet.fi> > To: sinclai at ecf.toronto.edu > Subject: Anonymous code name allocated. > > You have sent a message using the anonymous contact service. > You have been allocated the code name anXXXXX. > You can be reached anonymously using the address > anXXXX at anon.penet.fi. > > If you want to use a nickname, please send a message to > nick at anon.penet.fi, with a Subject: field containing your nickname. > > For instructions, send a message to help at anon.penet.fi. > > I didn't send mail to penet. I'm assuming someone on the list must have forged the post. I'm not amused. Anyone else get this, or did someone think I'm special? From sinclai at ecf.toronto.edu Fri May 13 23:56:33 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Fri, 13 May 94 23:56:33 PDT Subject: Message Havens In-Reply-To: <9405140009.AA07213@flammulated.owlnet.rice.edu> Message-ID: <94May14.025626edt.193@cannon.ecf.toronto.edu> > Your analysis is interesting, but so far fetched I'm not going to > worry about it. I mean, yes, if the 5 billion people of earth decide > to do this, or decide to call each other, or decide to send each other > snail mail, everything will collapse. Considering this as a worst > case, in my opinion, is a waste for right now, and will deter useful > work before it even starts. Agreed. I guess what I was trying to say (though I didn't actually come out and say it) is that the load is O(N^2). While not a problem now, it would be nice to find an O(N) solution. Or, more likely, an O(Nlog(N)). > Plus, it is ONLY necessary to retreive all messages if you don't want > it know who you are communicating with. If you don't care if it is > known you communicate with some psuedonym, then you don't have to get > all the messages. The primary goal is to not mail messages out since > that is where most the complaints against anonymous remailers lie. Indeed. If we go with a restricted message haven, the problem becomes very simple. Maybe we should attempt to get this working first. From wcs at anchor.ho.att.com Sat May 14 01:02:35 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sat, 14 May 94 01:02:35 PDT Subject: Is anyone archiving the list, for those who miss during the interruption? Message-ID: <9405140801.AA25540@anchor.ho.att.com> Well, I got bumped off the list like everyone else, and I assume there will be some useful discussion going on between now and when the mail gods reinstate me, on topics like PGP 2.5 and how the list was hosed. Is anybody saving these somewhere that I could ftp or otherwise retrieve? Thanks; Bill Stewart wcslists at anchor.att.com # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From nobody at shell.portal.com Sat May 14 01:08:57 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 14 May 94 01:08:57 PDT Subject: MAKE.DIGITAL.MONEY.FAST Message-ID: <199405140810.BAA24883@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- HOW TO ADVERTISE AND SELL SERVICES ANONYMOUSLY Now that we have two or more digital banks operating, we face the problem of actually marketing services anonymously. Here is a suggestion on how that can be done. Let's say you have the licence/I.D. information which Black Unicorn collected recently, and you wish to profit from it. Then, in the best traditions of Usenet, you would post a short (anonymous) notice in the misc.forsale newsgroup, stating what the offering is, and asking, say, 12 GhostMarks or 10 DigiFrancs. Of course, the average reader of misc.forsale will be a mite confused by this, so an explanation in the .sig space would be helpful. Something along the lines of, "finger phantom at stein.u.washington.edu for information about MagicMoney". So let's say you have a customer who is willing to pay. Where does he/she send the cash, or just ask for further information? You could use an anonymous server like penet, but as has been shown, there are problems involved in mapping anon i.d.'s to real i.d.'s. Plus as our friend David Sternlight pointed out recently, packets can be traced. Incoming and outgoing traffic can be compared and the routes monitored. In short, there are risks. I suggest a different technique. Use the "Jay Prime Positive Mail Pool". Here is a short description: Send mail to jpp=0x123456 at markv.com, and the mail will be encrypted with the key matching 0x123456, and sent to alt.test with a subject line of "Ignore 0x123456" To add a key, send to jpp=poolnew at markv.com. The body of the message should contain the public key in pgp format. If there is a key clash, a message with the subject "Ignore jpp=poolnew key already in use" Therefore, in your advertisement in misc.forsale, just say, "Interested parties should mail their digital cash certificates to: jpp=0x(your_PGP_number)@markv.com Then just monitor alt.test and rake in the money. And BTW, remember to send Jay Prime your _anonymous_ PGP key (e.g. pseudonym ). -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCdAgUBLdR+Hbhnz857T+PFAQGXpQQ5ARffKZQ/JxriU0+WPD5anuOqE+zYBlRE t12OQKJEDAM8gNnbLHvtnCXFTNfLZUz6Bhb6tNCJalwoiiW40NxA9ubY3IlQUg+u jRaFc2/b0bcQ0DTKRp8ps/J43utmFbQZigW9BWTn6s+330vNpZQG/PsCc79HLSeA lxNqQciIkPj50RFeDKWKwA== =Cq16 -----END PGP SIGNATURE----- From ruf at osiris.cs.uow.edu.au Sat May 14 02:49:09 1994 From: ruf at osiris.cs.uow.edu.au (Justin Lister) Date: Sat, 14 May 94 02:49:09 PDT Subject: Crippler Article in Wired Message-ID: <199405140944.AA19190@osiris.cs.uow.edu.au> I found this article on the WIRED www document server, it will appear in a coming issue of wired. NSA's Chief Counsel to Appear Online Stewart A. Baker, Chief Counsel for the National Security Agency and featured writer in WIRED 2.06 will host a Q&A session on the Clipper Chip. He will appear on America Online in Center Stage (from AOL type keyword: "center stage") on Thursday May 26, 1994, from 7-9 p.m. EST. Baker is the NSA's top lawyer and supports the Clipper Initiative. He worked briefly as Deputy General Counsel of the Education Department under President Jimmy Carter. His article "Don't Worry Be Happy" refutes seven myths of key escrow encryption and is a WIRED Exclusive. Don't Worry Be Happy Why Clipper Is Good For You By Stewart A. Baker, Chief Counsel for the NSA With all the enthusiasm of Baptist ministers turning their Sunday pulpits over to the Devil, the editors of WIRED have offered me the opportunity to respond to some of the urban folklore that has grown up around key escrow encryption -- also known as the Clipper Chip. Recently the Clinton administration has announced that federal agencies will be able to buy a new kind of encryption hardware that is sixteen million times stronger than the existing federal standard known as DES. But this new potency comes with a caveat. If one of these new encryption devices is used, for example, to encode a phone conversation that is subject to a lawful government wiretap, the government can get access to that device's encryption keys. Separate parts of each key are held by two independent "escrow agents," who will release keys only to authorized agencies under safeguards approved by the attorney general. Private use of the new encryption hardware is welcome but not required. That's a pretty modest proposal. Its critics, though, have generated at least seven myths about key escrow encryption that deserve answers. MYTH NUMBER ONE: Key escrow encryption will create a brave new world of government intrusion into the privacy of Americans. Opponents of key escrow encryption usually begin by talking about government invading the privacy of American citizens. None of us likes the idea of the government intruding willy-nilly on communications that are meant to be private. But the key escrow proposal is not about increasing government's authority to invade the privacy of its citizens. All that key escrow does is preserve the government's current ability to conduct wiretaps under existing authorities. Even if key escrow were the only form of encryption available, the world would look only a little different from the one we live in now. In fact, it's the proponents of widespread unbreakable encryption who want to create a brave new world, one in which all of us -- crooks included -- have a guarantee that the government can't tap our phones. Yet these proponents have done nothing to show us that the new world they seek will really be a better one. In fact, even a civil libertarian might prefer a world where wiretaps are possible. If we want to catch and convict the leaders of criminal organizations, there are usually only two good ways to do it. We can "turn" a gang member -- get him to testify against his leaders. Or we can wiretap the leaders as they plan the crime. I once did a human rights report on the criminal justice system in El Salvador. I didn't expect the Salvadorans to teach me much about human rights. But I learned that, unlike the US, El Salvador greatly restricts the testimony of "turned" co-conspirators. Why? Because the co-conspirator is usually "turned" either by a threat of mistreatment or by an offer to reduce his punishment. Either way, the process raises moral questions -- and creates an incentive for false accusations. Wiretaps have no such potential for coercive use. The defendant is convicted or freed on the basis of his own, unarguable words. In addition, the world will be a safer place if criminals cannot take advantage of a ubiquitous, standardized encryption infrastructure that is immune from any conceivable law enforcement wiretap. Even if you're worried about illegal government taps, key escrow reinforces the existing requirement that every wiretap and every decryption must be lawfully authorized. The key escrow system means that proof of authority to tap must be certified and audited, so that illegal wiretapping by a rogue prosecutor or police officer is, as a practical matter, impossible. MYTH NUMBER TWO: Unreadable encryption is the key to our future liberty. Of course there are people who aren't prepared to trust the escrow agents, or the courts that issue warrants, or the officials who oversee the system, or anybody else for that matter. Rather than rely on laws to protect us, they say, let's make wiretapping impossible; then we'll be safe no matter who gets elected. This sort of reasoning is the long-delayed revenge of people who couldn't go to Woodstock because they had too much trig homework. It reflects a wide -- and kind of endearing -- streak of romantic high-tech anarchism that crops up throughout the computer world. The problem with all this romanticism is that its most likely beneficiaries are predators. Take for example the campaign to distribute PGP ("Pretty Good Privacy") encryption on the Internet. Some argue that widespread availability of this encryption will help Latvian freedom fighters today and American freedom fighters tomorrow. Well, not quite. Rather, one of the earliest users of PGP was a high-tech pedophile in Santa Clara, California. He used PGP to encrypt files that, police suspect, include a diary of his contacts with susceptible young boys using computer bulletin boards all over the country. "What really bothers me," says Detective Brian Kennedy of the Sacramento, California, Sheriff's Department, "is that there could be kids out there who need help badly, but thanks to this encryption, we'll never reach them." If unescrowed encryption becomes ubiquitous, there will be many more stories like this. We can't afford as a society to protect pedophiles and criminals today just to keep alive the far-fetched notion that some future tyrant will be brought down by guerrillas wearing bandoleers and pocket protectors and sending PGP-encrypted messages to each other across cyberspace. MYTH NUMBER THREE: Encryption is the key to preserving privacy in a digital world. Even people who don't believe that they are likely to be part of future resistance movements have nonetheless been persuaded that encryption is the key to preserving privacy in a networked, wireless world, and that we need strong encryption for this reason. This isn't completely wrong, but it is not an argument against Clipper. If you want to keep your neighbors from listening in on your cordless phone, if you want to keep unscrupulous competitors from stealing your secrets, even if you want to keep foreign governments from knowing your business plans, key escrow encryption will provide all the security you need, and more. But I can't help pointing out that encryption has been vastly oversold as a privacy protector. The biggest threats to our privacy in a digital world come not from what we keep secret but from what we reveal willingly. We lose privacy in a digital world because it becomes cheap and easy to collate and transmit data, so that information you willingly gave a bank to get a mortgage suddenly ends up in the hands of a business rival or your ex-spouse's lawyer. Restricting these invasions of privacy is a challenge, but it isn't a job for encryption. Encryption can't protect you from the misuse of data you surrendered willingly. What about the rise of networks? Surely encryption can help prevent password attacks like the recent Internet virus, or the interception of credit card numbers as they're sent from one digital assistant to another? Well, maybe. In fact, encryption is, at best, a small part of network security. The real key to network security is making sure that only the right people get access to particular data. That's why a digital signature is so much more important to future network security than encryption. If everyone on a net has a unique identifier that others cannot forge, there's no need to send credit card numbers -- and so nothing to intercept. And if everyone has a digital signature, stealing passwords off the Net is pointless. That's why the Clinton administration is determined to put digital signature technology in the public domain. It's part of a strategy to improve the security of the information infrastructure in ways that don't endanger government's ability to enforce the law. MYTH NUMBER FOUR: Key escrow will never work. Crooks won't use it if it's voluntary. There must be a secret plan to make key escrow encryption mandatory. This is probably the most common and frustrating of all the myths that abound about key escrow. The administration has said time and again that it will not force key escrow on manufacturers and companies in the private sector. In a Catch-22 response, critics then insist that if key escrow isn't mandated it won't work. That misunderstands the nature of the problem we are trying to solve. Encryption is available today. But it isn't easy for criminals to use; especially in telecommunications. Why? Because as long as encryption is not standardized and ubiquitous, using encryption means buying and distributing expensive gear to all the key members of the conspiracy. Up to now only a few criminals have had the resources, sophistication, and discipline to use specialized encryption systems. What worries law enforcement agencies --what should worry them -- is a world where encryption is standardized and ubiquitous: a world where anyone who buys an US$80 phone gets an "encrypt" button that interoperates with everyone else's; a world where every fax machine and every modem automatically encodes its transmissions without asking whether that is necessary. In such a world, every criminal will gain a guaranteed refuge from the police without lifting a finger. The purpose of the key escrow initiative is to provide an alternative form of encryption that can meet legitimate security concerns without building a web of standardized encryption that shuts law enforcement agencies out. If banks and corporations and government agencies buy key escrow encryption, criminals won't get a free ride. They'll have to build their own systems -- as they do now. And their devices won't interact with the devices that much of the rest of society uses. As one of my friends in the FBI puts it, "Nobody will build secure phones just to sell to the Gambino family." In short, as long as legitimate businesses use key escrow, we can stave off a future in which acts of terror and organized crime are planned with impunity on the public telecommunications system. Of course, whenever we say that, the critics of key escrow trot out their fifth myth: MYTH NUMBER FIVE: The government is interfering with the free market by forcing key escrow on the private sector. Industry should be left alone to develop and sell whatever form of encryption succeeds in the market. In fact, opponents of key escrow fear that businesses may actually prefer key escrow encryption. Why? Because the brave new world that unreadable encryption buffs want to create isn't just a world with communications immunity for crooks. It's a world of uncharted liability. What if a company supplies unreadable encryption to all its employees, and a couple of them use it to steal from customers or to encrypt customer data and hold it hostage? As a lawyer, I can say it's almost certain that the customers will sue the company that supplied the encryption to its employees. And that company in turn will sue the software and hardware firms that built a "security" system without safeguards against such an obvious abuse. The only encryption system that doesn't conjure up images of a lawyers' feeding frenzy is key escrow. But there's a second and even more compelling reason why the key escrow initiative can't fairly be characterized as interfering with private enterprise: The encryption market has been more or less created and sustained by government. Much of the market for encryption devices is in the public sector, and much of the encryption technology now in widespread use in the private sector was funded, perfected, or endorsed by the federal government. And not by accident, either. Good encryption is expensive. It isn't just a matter of coming up with a strong algorithm, although testing the strength of an algorithm can be enormously time-consuming. The entire system must be checked for bugs and weaknesses, a laborious and unglamorous process. Generally, only the federal government has been willing to pay what it costs to develop secure communications gear. That's because we can't afford to have our adversaries reading our military and diplomatic communications. That's led to a common pattern. First, the government develops, tests, or perfects encryption systems for itself. Then the private sector drafts along behind the government, adopting government standards on the assumption that if it's good enough for the government's information, it's good enough to protect industry's. As encryption technology gets cheaper and more common, though, we face the real prospect that the federal government's own research, its own standards, its own purchases will help create the future I described earlier -- one in which criminals use ubiquitous encryption to hide their activities. How can anyone expect the standard-setting arms of government to use their power to destroy the capabilities of law enforcement -- especially at a time when the threat of crime and terror seems to be rising dramatically? By adopting key escrow encryption instead, the federal government has simply made the reasonable judgment that its own purchases will reflect all of society's values, not just the single-minded pursuit of total privacy. So where does this leave industry, especially those companies that don't like either the 1970s-vintage DES or key escrow? It leaves them where they ought to be -- standing on their own two feet. Companies that want to develop and sell new forms of unescrowed encryption won't be able to sell products that bear the federal seal of approval. They won't be able to ride piggyback on federal research efforts. And they won't be able to sell a single unreadable encryption product to both private and government customers. Well, so what? If companies want to develop and sell competing, unescrowed systems to other Americans, if they insist on hastening a brave new world of criminal immunity, they can still do so -- as long as they're willing to use their own money. That's what the free market is all about. Of course, a free market in the US doesn't mean freedom to export encryption that may damage US national security. As our experience in World War II shows, encryption is the kind of technology that wins and loses wars. With that in mind, we must be careful about exports of encryption. This isn't the place for a detailed discussion of controls, but one thing should be clear: They don't limit the encryption that Americans can buy or use. The government allows Americans to take even the most sophisticated encryption abroad for their own protection. Nor do controls require that software or hardware companies "dumb down" their US products. Software firms have complained that it's inconvenient to develop a second encryption scheme for export, but they already have to make changes from one country to the next -- in language, alphabet, date systems, and handwriting recognition, to take just a few examples. And they'd still have to develop multiple encryption programs even if the US abolished export controls, because a wide variety of national restrictions on encryption are already in place in countries from Europe to Asia. MYTH NUMBER SIX: The National Security Agency is a spy agency; it has no business worrying about domestic encryption policy. Since the National Security Agency has an intelligence mission, its role in helping to develop key escrow encryption is usually treated as evidence that key escrow must be bad security. In reality, though, NSA has two missions. It does indeed gather intelligence, in part by breaking codes. But it has a second, and oddly complementary, mission. It develops the best possible encryption for the US government's classified information. With code breakers and code makers all in the same agency, NSA has more expertise in cryptography than any other entity in the country, public or private. It should come as no surprise, therefore, that NSA had the know-how to develop an encryption technique that provides users great security without compromising law enforcement access. To say that NSA shouldn't be involved in this issue is to say the government should try to solve this difficult technical and social problem with both hands tied behind its back. MYTH NUMBER SEVEN: This entire initiative was studied in secret and implemented without any opportunity for industry or the public to be heard. This is an old objection, and one that had some force in April of 1993, when the introduction of a new AT&T telephone encryption device required that the government move more quickly than it otherwise would have. Key escrow was a new idea at that time, and it was reasonable for the public to want more details and a chance to be heard before policies were set in concrete. But since April 1993, the public and industry have had many opportunities to express their views. The government's computer security and privacy advisory board held several days of public hearings. The National Security Council met repeatedly with industry groups. The Justice Department held briefings for congressional staff on its plans for escrow procedures well in advance of its final decision. And the Commerce Department took public comment on the proposed key escrow standard for 60 days. After all this consultation, the government went forward with key escrow, not because the key escrow proposal received a universally warm reception, but because none of the proposal's critics was able to suggest a better way to accommodate society's interests in both privacy and law enforcement. Unless somebody comes up with one, key escrow is likely to be around for quite a while. That's because the only alternative being proposed today is for the government to design or endorse encryption systems that will cripple law enforcement when the technology migrates -- as it surely will -- to the private sector. And that alternative is simply irresponsible. For more information on the Clipper standard you can access WIRED's Clipper archive via the following WIRED Online services. WIRED Infodroid e-mail server: Send e-mail to infodroid at wired.com containing the words "send clipper/index" on a single line inside the message body. WIRED Gopher: Gopher to gopher.wired.com and select "Clipper Archive." WIRED on World Wide Web: http://www.wired.com select "Clipper Archive." WIRED on America Online: The keyword is WIRED. WIRED on the Well: Type "go wired" from any "OK" prompt. Stewart A. Baker is the National Security Agency's top lawyer. He worked briefly as Deputy General Counsel of the Education Department under President Jimmy Carter, and he practiced international law at Steptoe & Johnson, in Washington, DC. He has been at the NSA since 1992. WIRED Online Copyright Notice Copyright 1993,4 Ventures USA Ltd. All rights reserved. This article may be redistributed provided that the article and this notice remain intact. This article may not under any circumstances be resold or redistributed for compensation of any kind without prior written permission from Wired Ventures, Ltd. If you have any questions about these terms, or would like information about licensing materials from WIRED Online, please contact us via telephone (+1 (415) 904 0660) or email (info at wired.com). WIRED and WIRED Online are trademarks of Wired Ventures, Ltd. -- +---------------------+--------------------------------------------------+ | ____ ___ | Justin Lister ruf at cs.uow.edu.au | | | \\ /\ __\ | Center for Computer Security Research | | | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-835-114 | | | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 | | |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... | | | LiNuX - the only justification for using iNTeL | +---------------------+--------------------------------------------------+ From jdwilson at gold.chem.hawaii.edu Sat May 14 03:16:08 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Sat, 14 May 94 03:16:08 PDT Subject: message brokering In-Reply-To: Message-ID: On Thu, 12 May 1994, Matt Thomlinson wrote: > Date: Thu, 12 May 1994 10:00:34 -0700 (PDT) > From: Matt Thomlinson > To: cypherpunks at toad.com > Subject: message brokering > > > nobody says: > Is there someone out there who would like to act as a broker (for a small > fee, natch), so that I can maintain rigorous anonymity while trading? > > > This seems like a good way to earn some ghostmarks! I'm sure *someone* > will take you up on this offer. > > Alternatively, you could perhaps do business through the penet remailer...? > > > mt > > > Matt Thomlinson > University of Washington, Seattle, Washington. phone: (206) 548-9804 > Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html > PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu > What about the totally anon remailer reported approx. 1 month ago that allegedly did not record any info nor require any personal info, registration etc? I don't have the post in front of me but perhaps another CP'ster does... -NS From jpp at markv.com Sat May 14 03:52:12 1994 From: jpp at markv.com (jpp at markv.com) Date: Sat, 14 May 94 03:52:12 PDT Subject: MAKE.DIGITAL.MONEY.FAST In-Reply-To: <199405140810.BAA24883@jobe.shell.portal.com> Message-ID: I welcome your use of my anonymous mail pool service, but I suggest you form you nym's key like this: Pr0duct Cypher I do this because there is another remailer still under wraps which will support this format nicely. For help with the pool remailer, send mail to jpp=poolhelp at markv.com. -- --Hey, check this out! You could have an address like-- -- jpp=Pr0duct=Cypher at markv.com or jpp=Blacknet at markv.com For the special price of only !! 6 cans !! worth of DigiFrancs (6df or is it 72df?). (Other curencies will be concidered.) Currently only Blacknet, and Pr0duct Cypher have those very cool address forms. You could join their illustrious ranks! And for 12 cans worth I will offer the address form nym at jpplap.markv.com. Your customers count! So be sure to make their life as easy as posible. Buy a jpp= address today! j' P.S. Just to be really clear, I am neither Blacknet, nor Pr0duct Cypher. From johncla at freenet.scri.fsu.edu Sat May 14 08:12:41 1994 From: johncla at freenet.scri.fsu.edu (John Clark) Date: Sat, 14 May 94 08:12:41 PDT Subject: Penet spoofing In-Reply-To: <94May14.024854edt.187@cannon.ecf.toronto.edu> Message-ID: Yes, I got the same message. I don't know what this is all about John K Clark johnkc at well.sf.ca.us On Sat, 14 May 1994, SINCLAIR DOUGLAS N wrote: > Forwarded message: > > From anon.penet.fi!daemon Fri May 13 18:40:07 1994 > > Date: Fri, 13 May 1994 18:33:08 -0400 > > From: daemon at anon.penet.fi (System Daemon) > > Message-Id: <9405132233.AA21224 at anon.penet.fi> > > To: sinclai at ecf.toronto.edu > > Subject: Anonymous code name allocated. > > > > You have sent a message using the anonymous contact service. > > You have been allocated the code name anXXXXX. > > You can be reached anonymously using the address > > anXXXX at anon.penet.fi. > > > > If you want to use a nickname, please send a message to > > nick at anon.penet.fi, with a Subject: field containing your nickname. > > > > For instructions, send a message to help at anon.penet.fi. > > > > > > I didn't send mail to penet. I'm assuming someone on the list > must have forged the post. I'm not amused. Anyone else get > this, or did someone think I'm special? > From rdmurray at keene.edu Sat May 14 08:39:29 1994 From: rdmurray at keene.edu (R. David Murray) Date: Sat, 14 May 94 08:39:29 PDT Subject: possible anti-mandatory-clipper constitutional angle? Message-ID: I haven't had time to scan the list recently, so someone else may already have brought this up, but in case no one has, I want to launch an anti-clipper meme: A government mandante for key-escrow encryption in all communication devices would be the information-age equivalent of the government requiring private citizens to quarter troups in their home. --David From jim at rand.org Sat May 14 08:54:52 1994 From: jim at rand.org (Jim Gillogly) Date: Sat, 14 May 94 08:54:52 PDT Subject: Penet spoofing In-Reply-To: Message-ID: <9405141554.AA29674@mycroft.rand.org> > John Clark writes: > Yes, I got the same message. I don't know what this is all about I hate to be paranoid, but that seems to be my natural state these days. I'll take a guess: somebody wants to know the mapping between cypherpunk addresses and Finnish anonymous ID's, if any. If you have an anonymous ID registered on penet.fi and you don't have a password registed there, anyone can find your anonymous ID by forging mail from you to themselves via Finland; it will carefully anonymize you and report the message to them; presumably "This is the one I forged from John Clark." or "Test 94.217.johncla" or whatever. If you already had an anonymous account with no password, you wouldn't get notification... but you have one now. I don't know if there's an error msg if you try to send mail with the wrong password. I do have an anon ID (result of replying to some other anonymous poster) with no password, and haven't gotten that message lately. Jim Gillogly Trewesday, 23 Thrimidge S.R. 1994, 15:52 From nobody at soda.berkeley.edu Sat May 14 09:25:30 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Sat, 14 May 94 09:25:30 PDT Subject: possible anti-mandatory-clipper constitutional angle? Message-ID: <199405141625.JAA21754@soda.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- From: Ezekial Palmer Date: Sat May 14 12:15:04 EDT 1994 Date: Sat, 14 May 1994 11:40:47 -0400 (EDT) From: "R. David Murray" Subject: possible anti-mandatory-clipper constitutional angle? A government mandante for key-escrow encryption in all communication devices would be the information-age equivalent of the government requiring private citizens to quarter troups in their home. While I agree with you as to the analogy, a big part of me says "so what?". A major court decision or constitutional amendment that effectively says that electronic info is equivalent to info on paper would go a long way toward rationalizing the situation, but basically there's almost no precedent at all for saying that any civil liberties are protected in the electronic realm and there's a reasonable amount of precedent in the other direction. I suspect that you'd have a lot of trouble convincing the technologically ignorant that something electronic could be at all like quartering troops in your home. A big problem in general is that "the information-age equivalent" isn't something that most people can (or choose to) see. Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdT5ORVg/9j67wWxAQHhEgP9ENyQ6zAVKst8NhpVxGd5CCBlmVWnNg4L m9HI06Z5rOpbawvSMjkBdKXJGKu5ObKrNqrHP6N9s2ZhvDd2Q7gPdMbm9mXHpf7w /uqsVE1a9bHob7F9FDVkz438a4bP8WaEHyZWOdpmvZ+bB7L1ELhuVWyT12vOy61h vfTBj9B1sN4= =VNuc -----END PGP SIGNATURE----- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```$]S^P;+]AB?X9TW6\8WR:^P&2':U$*B?=.'X1J!JJA1M.D\ME8M'?MH GS670];'$("C3!.=DH.!6L_>ISX4,5U)O?EU> -----BEGIN PGP SIGNED MESSAGE----- From: Ezekial Palmer Date: Sat May 14 12:30:09 EDT 1994 To: cypherpunks at toad.com From: Jim Gillogly I don't know if there's an error msg if you try to send mail with the wrong password. Yes, there is. Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdT8shVg/9j67wWxAQHKzwP7BLKiwMrC4LUWTmLFjW70DqzEMSG2+OTQ XDLjkqiGJv240MSLoBI2UqgXNBO5icVeQXSz2xaa5FAaudwY4lOnGjqPSeB4Z3ya uGYgyXdsSuJlIviQpXgD0UDjtrFSxeTKHSDVsnBDuDbMLewLY5T+go1bh9/bhzgh NSUwaL1T84Q= =4Xxm -----END PGP SIGNATURE----- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```%1S^P;+]AB?X9TW6\8WR:&P&2'K1RX_1#HLFQ.-\Y2SL(FRFTXZ`$L` LIC)?Y"CM!W4+'V9W#Y247Y^%FN@\0V"E9K"J##7W at HPFU>1[-WCO@!I5QS\` ====Encrypted-Sender-End==== From klbarrus at owlnet.rice.edu Sat May 14 11:00:07 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 14 May 94 11:00:07 PDT Subject: Message Havens In-Reply-To: <94May14.025626edt.193@cannon.ecf.toronto.edu> Message-ID: <9405141759.AA29918@flammulated.owlnet.rice.edu> SINCLAIR DOUGLAS N wrote: >Agreed. I guess what I was trying to say (though I didn't actually >come out and say it) is that the load is O(N^2). While not a problem >now, it would be nice to find an O(N) solution. Or, more likely, >an O(Nlog(N)). Okay, I think that you are overlooking something which appears obvious (to me) but evidently it is not. I am guilty of skipping over some details. The fact that you take the messages from a haven or several havens or all the havens doesn't allow anybody to figure out if you are actually reading any of the messages! If message havens become popular, then (as you mentioned in a previous post) there may be hundreds set up for people to use. This would decrease the load on each one. If there many message havens to choose from each would only have to serve a few hundred or so people (much like banks). Again, only if you want to hide your pseudonym, you can simply download all the files and foil any logging on the part of the haven. It is NOT necessary to download all the files from ALL the havens. You just use your preferred one. If you get all the files from the haven you use (and ONLY the haven you use), you still leave the haven: a) unable to determine your pseudonym b) unable to figure out if any of the messages are indeed for you The haven would not be able to figure out if anybody is communicating with you since the haven can't be sure you are even reading the messages you grab. And if you do regularly receive messages at one haven, you can pick another one, and get all the message from both. And neither haven would be able to determine what messages you are reading, if any at all. You could get even fancier and communicate back to your friend via a different haven altogether, which you never go to. So before doing a detailed complexity analysis, I think it is best to think about the protocol a bit more. -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From hayden at krypton.mankato.msus.edu Sat May 14 11:14:51 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sat, 14 May 94 11:14:51 PDT Subject: Penet spoofing In-Reply-To: <9405141554.AA29674@mycroft.rand.org> Message-ID: Aren't you allocated an anon ID# at penet if you reply to a person's posting somewhere back to the, in order to assure the double-blind system? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From klbarrus at owlnet.rice.edu Sat May 14 11:15:46 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 14 May 94 11:15:46 PDT Subject: Penet Spoofing Message-ID: <9405141815.AA00592@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- I would like to add that I have evidently been a victim of "penet spoofing" as well, since I too received the following message from penet: >You have sent a message using the anonymous contact service. >You have been allocated the code name anXXXXX >You can be reached anonymously using the address >anXXXXX at anon.penet.fi. Somebody is trying to be clever and forging mail to figure out my penet id (surprise, I don't have one, but now I do). When I got this message, I immediately sent off in an attempt to set my password. I haven't heard back yet, so I don't know if it was successful or not. If the password set fails, then somebody has taken over anXXXXX and I'll be mailing Julf in order to get it removed. Whoever wants to know my penet id... I'll save you some trouble: an4609 - my old (now expired) account elee9sf at menudo.uh.edu an5022 - my old (now expired/locked) account barrus at tree.egr.uh.edu Now, of course, I have a new one, which somebody has thoughtfully started up for me. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdUVG4OA7OpLWtYzAQFZuwP/aEHakMABw1IZhpgvW+VxPgzfJMxNsSD7 MflnwJr70NjZmk22QXgRhNGBMaiZQJHK+pYZZWS+yZihcLZyHKM722ya0FV3SXoe vlJoKxJPBAjkmq98Z7Yqo6Z2k2ZU+ODQ79l4xtL2tSpt0vheVLOVYSJkv7pSbehp mo5EaSNCHZE= =m3Ai -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Sat May 14 11:23:21 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 14 May 94 11:23:21 PDT Subject: Penet spoofing Message-ID: <9405141823.AA00881@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Heh, I forgot the mention my new ID at penet, which was created by somebody trying to figure out mine: >You have sent a message using the anonymous contact service. >You have been allocated the code name an97875. >You can be reached anonymously using the address >an97875 at anon.penet.fi. Since whoever forged the post creating this id knows that an97875 corresponds to klbarrus at owlnet.rice.edu, I have no desire to actually use this account for posting messages. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdUW54OA7OpLWtYzAQG75wP/QqXIk9Dtj5LcUmTn9pMy71QPuzpkQlxa +7ZqaAStCQ0qhljxDDLokxROpAsQTU60A9sJ+urb/hsvGreu5trvOr4wA6f3HxJ0 3kMxaqjh1WbyNTtec0/xfRw6FPp+D2OeACSDwcfn5IMWNyxmYjXiN/MOOh6x1ryK UTwzCbknBWs= =mRu7 -----END PGP SIGNATURE----- From nate at VIS.ColoState.EDU Sat May 14 11:28:05 1994 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Sat, 14 May 94 11:28:05 PDT Subject: email server problem Message-ID: <9405141827.AA17804@vangogh.VIS.ColoState.EDU> Three people named "Duncan" "Matt" and "Michael" were not able to get filelists from my server because the script was not looking for their address like it was supposed to. This problem has now been fixed, and if you could try again, I would be thankful. -nate -- +-----------------------------------------------------------------------+ | Nate Sammons | | Colorado State University Computer Visualization Laboratory | | Data Visualization/Interrogation, Modeling, Animation, Rendering | +-----------------------------------------------------------------------+ From hfinney at shell.portal.com Sat May 14 12:39:27 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 14 May 94 12:39:27 PDT Subject: Message Havens Message-ID: <199405141940.MAA21337@jobe.shell.portal.com> Would it have to be public knowledge which message havens a given pseudonym monitors? Suppose I want to get mail to Pr0duct Cypher; don't I have to know which haven(s) to use? If we have only a (few?) hundred people on each haven then this narrows down the pool of possible real user who are behind that pseudonym considerably. Hal From hughes at ah.com Sat May 14 12:39:27 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 14 May 94 12:39:27 PDT Subject: ADMIN: on penet and on paranoia In-Reply-To: <94May14.024854edt.187@cannon.ecf.toronto.edu> Message-ID: <9405141940.AA27947@ah.com> Paranoia is cryptography's occupational hazard. Recently there has been a small rash of complaints about unwanted assignment of penet pseudonyms. The first reported was simply a description, the most recent assumed that the assignment was the result of someone trying to find out mappings in the penet database. This clear illustration of paranoia setting in demonstrates the nature of the hazard. The effect of paranoia is self-delusion of the following form--that one's possible explanations are skewed toward malicious attacks, by individuals, that one has the technical knowledge to anticipate. This skewing creates an inefficient allocation of mental energy, it tends toward the personal, downplaying the possibility of technical error, and it begins to close off examination of technicalities not fully understood. Those who resist paranoia will become better at cryptography than those who do not, all other things being equal. Cryptography is about epistemology, that is, assurances of truth, and only secondarily about ontology, that is, what actually is true. The goal of cryptography is to create an accurate confidence that a system is private and secure. In order to create that confidence, the system must actually be secure, but security is not sufficient. There must be confidence that the way by which this security becomes to be believed is robust and immune to delusion. Paranoia creates delusion. As a direct and fundamental result, it makes one worse at cryptography. At the outside best, it makes one slower, as the misallocation of attention leads one down false trails. Who has the excess brainpower for that waste? Certainly not I. At the worst, paranoia makes one completely ineffective, not only in technical means but even more so in the social context in which cryptography is necessarily relevant. The problem with assignment of penet ID's was not due to any malicious intervention, but rather someone subscribing to the list with a penet address. Since the list doesn't alter the headers much at all, the originator of a list message is sending indirectly to penet, forwarded through toad. I've swapped the address so this shouldn't happen again. Eric From rishab at dxm.ernet.in Sat May 14 12:57:07 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 14 May 94 12:57:07 PDT Subject: Auto moderation Message-ID: ecarp at netcom.com (Ed Carp): > [ auto moderators ] > > Sounds like a very easy scheme to break. Say I suddenly decide that I > > don't like your posts or Tim Mays posts. I can get you kicked off by > > using anonymous accounts to say that you're a nuisance. It seems to me > > It's not as easy as you might think. How many anonymous accounts can you get? > There are only so many anon servers, and for each anon account you have to have > a different real account, all it buys you is your vote registers twice Do you know how easy it is to fake an address? I occasionally telnet to port 25 and talk SMTP directly, to avoid spooling, but I have to type in the address I want the mail to appear from. There's no way of ensuring that I type in my real address, or _any_ real address at all for that matter. Digitally signed voting? Only works if you restrict yourself to 'known' voters. Net identities are very easy to fake or create. > Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 > Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi That's an _anonymous_ address, right !? -----------------^^^^^^^^^^^^^^^^^^^^^^ ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From rishab at dxm.ernet.in Sat May 14 13:03:25 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sat, 14 May 94 13:03:25 PDT Subject: Moderators, graders and reputations Message-ID: ph at netcom.com (Peter Hendrickson): > Moderation doesn't have to be based in censorship. It can be based > on advice. > > Instead of picking random list receivers to moderate, readers should > choose their own moderators. > > As a moderator reads the latest messages on the list, he or she can > mark each one as junk or not junk. This causes advice messages to be > sent to their subscribers. The subscribers can use mail programs which This is getting closer to a possible working reputation system: Anyone can post their opinion of a particular message, using some standardized grading system, onto the list. These 'grading' posts refer to the 'graded' posts _without_ including the body of the messages. This reference could be to the message id, for instance. The reader's mail software understands 'grading' posts and extracts the grade for any actual post to the same list. The 'grading' posts are not shown to the reader; their votes are attached to the other posts, allowing the reader to decide whether or not to read a particular post based on the attached grades of others. Readers can create their own weightages for the opinions of graders. As anyone can be a grader, a reader has the option of receiving a weighted grade from a large sample of the list. Every grader doesn't then have to look at every post in detail - presumably each post will be read carefully by at least _one_ of them. Grades can, over time, transform into reputations of the posters themselves, at least as far as legible writing is concerned ;) Bugs: the time lag between graders and readers. This might get averaged out over a number of posts; the "bulk" priority causes delays in any case. Besides, I've noticed that posts tend to get answered or thought about within 2-3 days, rather than instantly. Comments? ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From tcmay at netcom.com Sat May 14 13:11:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 14 May 94 13:11:07 PDT Subject: ADMIN: on penet and on paranoia In-Reply-To: <9405141940.AA27947@ah.com> Message-ID: <199405142010.NAA15899@netcom.com> Things are much worse than we thought! Some tentacle has apparently INVADED the account of Eric Hughes, on HIS OWN MACHINE, and is attempting to RENDER US DEFENSELESS by undermining our paranoia. These %*#$%&^@# Cryptoanarchists are TORTURING MY SOUL. > > Paranoia is cryptography's occupational hazard. HA! I call it our ONLY INNOCULATION against the TRUE PARANOIDS (and the Giant Adenoids) who seek our destruction. > This clear illustration of paranoia setting in demonstrates the nature > of the hazard. The effect of paranoia is self-delusion of the (paranoia about paranoia deleted, to protect myself from it) Or, as my friend tmp would plagiarize^H^H^H^H^H put it: > Paranoia creates enlightenment. As a direct and fundamental result, it > makes one more adept at cryptography. At the outside best, it makes one > quicker, as the concentration of attention leads one down new trails. > Who has the excess brainpower for that effort? Certainly I do. At > its best, paranoia makes one much more effective, not only in > technical means but even more so in the social context in which > cryptography is necessarily relevant. Ah, the SICKENING TRUTH finally come out! --name withheld because of paranoia -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hayden at krypton.mankato.msus.edu Sat May 14 13:15:48 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sat, 14 May 94 13:15:48 PDT Subject: ADMIN: on penet and on paranoia In-Reply-To: <199405142010.NAA15899@netcom.com> Message-ID: THE TRUTH COMES OUT! T.C. May is really LD! ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hfinney at shell.portal.com Sat May 14 13:28:16 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 14 May 94 13:28:16 PDT Subject: ADMIN: on penet and on paranoia Message-ID: <199405142029.NAA24035@jobe.shell.portal.com> Paranoia certainly got a boost here, though, by the recent and still unexplained emptying of the subscriber list. Was this actually, as many have speculated, a malicious action by someone taking advantage of the majordomo software, or was there a more prosaic explanation? Or is there no way for even the list managers to know? Clear information is one of the best ways to dispell paranoia. Hal From tcmay at netcom.com Sat May 14 14:02:08 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 14 May 94 14:02:08 PDT Subject: Message Havens, Pools, and Usenet In-Reply-To: <199405141940.MAA21337@jobe.shell.portal.com> Message-ID: <199405142101.OAA21966@netcom.com> > > Would it have to be public knowledge which message havens a given > pseudonym monitors? Suppose I want to get mail to Pr0duct Cypher; don't > I have to know which haven(s) to use? If we have only a (few?) hundred > people on each haven then this narrows down the pool of possible real > user who are behind that pseudonym considerably. > > Hal I must be missing something in this recent debate about "message havens" and "gopherholes." To wit, what happened to the idea of posting anonymously to newsgroups? This is how folks apparently communicated with BlackNet, and it worked (I ought to know). Granted, BlackNet was a small experiment, and message traffic was slight; scaling issues need to eventually be considered, but we're very far from that now. Some points: * Posting to a newsgroups allows piggy-backing on two things: 1. The world-wide distribution (in most cases) of newsgroups. The newsgroups are distributed to zillions of local sites, making attempted analysis of who is checking for messages all the more difficult. 2. Piggy-backing of use of newsreaders. That is, I can use "tin" or whatever to scan alt.w.a.s.t.e or alt.test.gif.ignore for reasonable candidates (more on identifying these below). I can mark some number of them (the ones I really want plus some number of others) for forwarding/downloading/whatever to me. All with existing systems. * How do I know which messages are for me? 1. Maintain the subject line. Not through all remailers, natch. Suggestion: add a field below the "Request-Remailing-To:" line, like so: :: Request-Remailing-To: foo at bar.baz Subject: BlackNet--please read Naturally this would be in the last, innermost encrypted message. None of the earlier remailers could see it. Only the mail-to-Netnews remailer would see it. (A variation: If a Subject line _ever_ is nonblank, it is maintained across remailers. Then the sender can "instantiate" the subject line at whatever stage he wishes and later remailers will "honor" that subject line. Yes, the usual possibilities for abuse, mistrust, etc.) 2. Alternatively, consider a two-part message format: header and body. As Karl, Hal, and others have discussed, a short header (<1K) is still secure but can be decrypted in reasonable time. (This is analogous to the "frame bits," or whatever, that are used to signal the beginning of a message in spread spectrum messages. I don't recollect the exact name of these header bits, but Phil Karn surely will.) Using message pools with existing newsreaders, one can go through all the messages and decrypt the headers. Instead of marking them "read," they essentially get marked as "tried." (For various reasons, I'd recommend calling them "read"--and of course piggybacking on the existing newsreaders.) A two-part PGP format would not be inconceivable. Many messages have multiple parts. (And the Mac uses a "data fork" and "resource fork" format.) And I am unclear on this idea, but it seems plausible that a shortened form of the key agreed upon (the recipient's key) could be used as the title, or the first part of the title. Like the shortened keys ("fingerprints") on business cards and in sigs. (This needs more work, and I may not have explained it here in enough detail. An example may help. Alice wants to communicate with Bob, whose public key she knows (a public key probably generated just for this set of transactions, of course). Its fingerprint is "6h 34 sO 9h 31 gX 3D ....." Alice replies to the pool, and included just the first few digits, or up to half or so. This is enough for Bob to immediately see which messages are probably his (small chance of hash collision), but not enough for others to know his public key (which actually isn't "public" in the conventional sense of being broadcast, though it may be) and thus send their own spoofing messages.) 3. Brute-force. Simply download _all_ messages in a pool and attempt decryption. This may be nearly as fast--and is certainly more straightforward--as the header/body approach. Download the messages and tell your computer to try each one...then walk away and have lunch. Or let it run overnight for truly large batches. Until pool usage gets much larger than it is today, no big deal. And if and when pool usage grows, multiple news groups or pools can be used to increase the "address space." (When the original contact is made, even between anonymous-to-each-other respondents, a "pointer" to another message pool can be made. For example, "Thanks, Unicorn, for responding. Let's continue this in alt.test.images with the subject line of "Just testing this thing--ignore.") 4. Is this bad "Net Citizenship" to use the Usenet this way? Consider that a single jpeg file in alt.sex.pictures may be 5000 lines, and there are many such picture groups, and you'll immediately see that all of the message pool text traffic we could reasonably write in the next 3 years would fit into a couple dozen of these files! (Well, work out the numbers to your own satisfaction--the average Cypherpunks post is 100 lines or so.) 5. I do think the WWW/Mosaic/ftp/lynx approach has merit....and the same points as above apply: - have subject lines, added in only after several remailings have occurred - use a header/body format to allow rapid decryption - possbibly display part or all of the PGP fingerprint, to allow the recipient to see which messages are "his." (I maintain that the public pool/newsreader approach allows for full security; the security comes from the anonymous pick-up of messages, via wide distribution and/or "superset pickup" (your own message plus N others, where N is large or is _all_ messages). Security should not depend on obscurity.) In summary, message pools represent almost no drain on the Usenet or on WWW/Mosaic-type systems. Hence, we should use those systems and piggyback off them whenever possible. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hughes at ah.com Sat May 14 14:17:04 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 14 May 94 14:17:04 PDT Subject: ADMIN: on penet and on paranoia In-Reply-To: <199405142029.NAA24035@jobe.shell.portal.com> Message-ID: <9405142118.AA28117@ah.com> re: on list deletion Or is there no way for even the list managers to know? We don't know what happened to the list, although we suspect a technical problem with full file systems. Clear information is one of the best ways to dispell paranoia. It may dispell the attack of paranoia, but it does nothing to address the underlying mental state, which is what I was talking about. Eric From phantom at u.washington.edu Sat May 14 14:30:04 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Sat, 14 May 94 14:30:04 PDT Subject: magic money html document needed: Attn freelancers Message-ID: The Phantom Exchange is looking for a freelance html'er to create an online series of documents to help direct clients. If you think you have the skills necessary, respond to this note with your compensation price (in ghostmarks, of course). The Phantom Exchange is an equal opportunity employer. ;) mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html PGP 2.2 key available via email, or finger phantom at hardy.u.washington.edu From gtoal at an-teallach.com Sat May 14 14:54:13 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 14 May 94 14:54:13 PDT Subject: To anon remailer operators... Message-ID: <199405142153.WAA06896@an-teallach.com> : From: Karl Lui Barrus : Subject: Message Haven explanation : Background: I've noticed that about the only opposition voiced to : anonymous mail is the fact somebody can harrass another user (however, : they can also be used to forward Clarinet posts, for example). Which reminds me, the remailer operators had better act now to decide what they want to do about the almost inevitable forthcoming net.war where Canter & Siegal take on the world. Chances are the remailers will be abused *heavily* to mailbomb these , and I think it's *very* likely C&S will retaliate by taking them (and anyone else they can identify) to court. (I wouldn't *dare* suggest that this was *why* C&S are taking on the net so aggressively) Perhaps you might block their many addresses, or put general size and number of post limits on the remailers. G PS Someone has already used some sort of anon remailer at anon.spies. wiretap.com to forge an article apparently *from* C&S to one of the porn groups. Anyone know anything about that remailer? From sameer at soda.berkeley.edu Sat May 14 15:01:07 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sat, 14 May 94 15:01:07 PDT Subject: To anon remailer operators... In-Reply-To: <199405142153.WAA06896@an-teallach.com> Message-ID: <199405142200.PAA18293@soda.berkeley.edu> > > Perhaps you might block their many addresses, or put general size > and number of post limits on the remailers. > > G > PS Someone has already used some sort of anon remailer at anon.spies. > wiretap.com to forge an article apparently *from* C&S to one of the > porn groups. Anyone know anything about that remailer? > I am in favor of blocking mail to the c+s addresses. From koontzd at lrcs.loral.com Sat May 14 15:04:10 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Sat, 14 May 94 15:04:10 PDT Subject: BOYCOTT AT&T Message-ID: <9405142200.AA03042@io.lrcs.loral.com> >From: John K Clark > >It seems that the Government of the USA has been interfering >with the free market to reward AT&T , I don't know how much >AT&T's support of the Clipper Chip had to do with it but I'm >sure it didn't hurt. In the May 13 New York Times: > > >The AT&T Corporation's winning bid for a $4 billion contract to > >modernize Saudi Arabia's phone system ,WHICH HAD BEEN SUPPORTED > >BY HEAVY CLINTON ADMINISTRATION LOBBYING , was hundreds of > >millions of dollars higher than other bids [...] The huge-scale > >deal, which was announced on Monday is the biggest > >telecommunications contract in history. > >I think it's important for company's to realize there is also a >downside for supporting Clipper. As a start ,I don't see how any >self respecting Cypherpunk or Extropian could use AT&T as their >personal long distance carrier . AT&T 's not the only company in >bed with the government over Clipper (INTEL) but it is the most >visible and the easiest to boycott, MCI and Sprint do a fine >job. If 5% of the Internet users quit AT&T it would make other >companies think twice before they endorse Clipper. I still have AT&T as a long distance carrier. I have contacted the marketing guys for the clipper phone repeatedly, it doesn't seem to be doing to well, they are desparate for sales leads. This is a subsidiary called AT&T Surety Communications, base in North Carolina. One has to wonder how much damage you can do to them by boycotting AT&T long distance. It would be much more interesting to provide more cost effective competition. One of the TSD-3600c costs $1050, plush the phone interface module. This is more than the $947 for a videophone! There may be a niche market in modifying clipper phones to cure the LEAF information leak as well. The single oddest thing about the announcement, was that they were talking about spending the equivalent of $25K for each new phone subscriber in Saudi Arabia, and still only doubling the number of phone subscribers. Where the heck does all that money go? From gtoal at an-teallach.com Sat May 14 15:18:43 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 14 May 94 15:18:43 PDT Subject: Raids in Europe...be careful! Message-ID: <199405142218.XAA07741@an-teallach.com> : From: "Timothy C. May" : Apparently this guy, in Italy, did not (his claim) have any pirated : software on his machine(s), but it was seized by the Italian feds. : Other sites, too, I gather. : This is only a SPECULATION here: With the Clipper program foundering, : and reaction very negative, and government official wringing their : hands at their inability to get a handle on things (control), there : may be alternate strategies put into play. : A crackdown on pirated material could be one avenue. Net porn could be : another. And should there be some highly visible case involving : encryption, bombers, child porn, terrorists, whatever, action could be : swift. FYI, here's a couple of articles I posted to the uk comms advocacy group some time ago. I was more prohetic in some earlier posts but I didn't keep copies. By the way the headlines about the birmingham porn bust with PHOTOGRAPHS OF CHILDREN AS YOUNG AS TWO!!! were about a month *after* I suggested as much below... I agree with Tim. I don't think it's paranoia to assume that *all* our Governments are trying to regain control over this medium of truly free speech - hurrying to find ways to control us *before* a significant proportion of the population has access and can bypass the national propoganda machines. G >From gtoal Thu Mar 10 19:38:21 1994 To: uk-org-community at demon.co.uk Subject: Re: Don't say you weren't warned. X-Phone: +44 31 662 0366 X-Fax: +44 31 662 4678 X-Organisation: An Teallach Limited Status: RO gt> This is *not* about dirty pictures; Errm, I think you'll find it is (which doesn't mean I consder them dirty - it's your choice of phrase)... gt> it's about Government control of the people. Which again, is hardly the remit of CommUnity then, is it? Go talk to the 'freedom and liberty' brigade. As I said, you went belly-up on civil liberties right from the start; that's why I never joined. It damn well *should* be the remit of CU. The more technology the government has at its disposal for control of the people, the easier it becomes to exercise that control. CU is the only organisation in Britain that has the knowlege and expertise to spot those signs of encroaching technology abuse, and do something about it. Let me spell it out for you. Net.pornography, if it's a crime at all, is a crime carried out depending on jurisdiction either by the supplier (whoever posted the article) or the recipient - the person who displays the file on a screen or printer. The correct attitude for CU to take should be to insist that all other persons in the transaction - network providers, store-and-forward news hosts, the phone company, local BBS's etc - should be in no way culpable for what goes through their hosts. This argument should be extended to all 'data crimes' - copyright violation, slander, passing stolen information, etc. This is something that CU should be fighting for. By turning a blind eye to the initial salvoes from HMG which are specifically aimed at pornography, you make it much harder for yourselves to construct a general argument later, when the govt cracks down on the use of cryptography, or articles posted in the US about the sex life of the royal family, or whistle-blowing articles about government surveillance or if they decide section 28 applies to news spools on public university machines and they ban soc.motss - where exactly does it stop once you let them start? Think for yourself what sort of things happen on the net that scare the govt shitless. Do I have to spell it _all_ out for you? And worse; it only takes *one* of these objections against completely free speech on the net to make it onto the statute books, for HMG to be justified in introducing draconian police-state measures such as automatic scanning of networks and phone lines for 'illegal material'. By the time that framework is in place (more so than it is already I mean, if you know anything about System X and Menwith Hill...) civil liberties in this country will be a fond memory. Not to mention putting impossible pressures on people like demon and pipex to self-censor themselves, the way uknet used to and JIPS still does. Remember, the govt has the gutter press on their side - they're incredibly easily manipulated to splurge "UK UNIVERSITY SUPPLIES PORN TO 2_YR OLDS" or whatever - and the Internet (never mind the kiddy BBS circuit) has no-where near the popular level of awareness that it has in the US. Joe Public is *not* going to give a tinker's damn if we're clamped down on - we're just some poncy rich techno elitists that he doesn't understand and doesn't sympathise with in the slightest. Why should he care that we're up in arms because or networks are being scanned for porno pictures. Especially if we don't seem to care much ourselves. gc> Fortunately by the time it's too late to do anything about it' I'll gc> be outta here. Aaah. A fingers in the air parting shot, eh? Oh well, in that case I'm wasting my time replying to you specifically, but perhaps I can assuage fears that you might raise unnecessarily in others. No no, not at all. I'll be in the country for a few months more, but I'll shortly be emigrating permanently to a country where automatic surveillance the like of which GCHQ enjoys is still a gleam in the eye of their security services, and where they at least have an explicit constitution that can be used to defend liberty, despite it being a hard fight and one that they don't always win. In the UK we're not even given the chance to fight. By 'too late', I didn't mean too late for you to reply to my article, but too late to do anything about the forthcoming crackdown on the nets that I forsee coming within the next couple of years. The Americans have been going about it like a bull in a china shop with their panic Clipper and FBI Wiretap proposals; the UK govt does things more low-key and you won't even realise you've been screwed until after the appropriate legislation has been quietly slipped through and they make some loudly advertised arrests, carefully mentioning how the dastardly criminals were caught by the use of high technology (ie making sure everyone knows it can happen to *you*, and bullying you into giving up whatever it is you were doing - just like the psychology behind TV detector vans...). This whole cryptography business and access to truly uncontrolled media has the spooks and the govt worried, now that a few of the more astute of them are actually starting to *understand* the power it gives to individuals. Never before in the last decade have people been able to communicate their thoughts completely privately, short of physically going to talk to someone. The arrival of strong cryptography means that Big Aunty is no longer omniscient; she's pissed off about it, and she *will* do someting about it. It's up to you guys to stop her. You may think it's none of your business and should be left to the 'freedom and liberty' brigade, but its your freedom and your liberty on the networks that will be the first to be lost. Don't say you weren't warned. I'll drop in from the States in 2000 and see how things are going, if uk.org.community is still allowed to exist that is, and maybe we can all have a big laugh. One way or another. [Makes note: file this post under 're-read-in-jan-2000' :-)] G >From gtoal Wed Mar 23 16:21:21 1994 To: uk-org-community at demon.co.uk Subject: It *can* happen here. X-Phone: +44 31 662 0366 X-Fax: +44 31 662 4678 X-Organisation: An Teallach Limited Status: RO I suggested several months ago that the UK govt was quietly fuming about encryption but wouldn't make a fuss - just casually slipping in some legislation, or busting someone on some odd provision of the existing telecoms act. Well, it hasn't happened here yet, but an identical thing is happening in the Netherlands. I definitely think it's coming soon... I hope CU will have their arguments, information packs, and publicity strategy ready for it, and not be caught with their trousers down. regards G : Newsgroups: comp.org.eff.talk : From: sater at cs.vu.nl (Hans van Staveren) : Subject: The Dutch government plans to ban encryption : Organization: Fac. Wiskunde & Informatica, VU, Amsterdam : Date: Wed, 23 Mar 1994 11:28:27 GMT : Lines: 15 : Last monday a Dutch newspaper reported that a law is on its way : concerning telecommunications. As a minor point in this law encryption : of digital data will be forbidden. : Needless to say the Dutch digital community is in uproar over this at : the moment. It is unclear yet what is going to happen though. The most : frightening thing is that some politicians commented that "This is an : uninteresting small technicality" or words to that effect. : I will report on developments. : Hans van Staveren : P.S. Sorry if you see this twice, also in comp.security.misc, I misposted : On the other hand it is important enough. >From gtoal Tue Apr 19 17:45:43 1994 To: comp-org-eff-talk at demon.co.uk, uk-org-community at demon.co.uk Subject: Re: It *can* happen here. X-Phone: +44 31 662 0366 X-Fax: +44 31 662 4678 X-Organisation: An Teallach Limited Status: RO : * In a message originally to gtoal at an-teallach.com, Oliver Clarke said: : OC> Fortunately the phone-tapping : OC> legislation here is extremely tough (you might be amazed to : OC> hear what procedures have to be gone through to get a full : OC> phone tap in the UK), and the outlawing of encryption can : OC> only be for one reason - so that the transmission can be : OC> monitored. : Coincidentally, I'd just been reading what the Home Office said in : their memorandum of evidence to the HoC committee... : I quote from the HMSO document, page 16, para. 25:- : "While it is generally an offence for a person to intercept any : message in the course of its transmission without a warrant to do so : issued by the Secretary : Of State under Section 2 of the Interception Of Communications Act : 1985, section 1 of the 1985 Act provides a defence against : prosecution for persons intercepting a communication for the purpose : of enforcing the Telecommunications Act and other legislation : relating to the use of telecommunication services. It would : therefore be lawful for the police or any body licensed to run a : telecommunications service, such as British Telecom, to monitor a : public telecommunication system for the purpose of enforcing the : legal prohibition on sending indecent or obscene matter over the telephone." : So, whilst the process of obtaining a Home Office warrant in a case involving : "non-comms" crime might be involved, investigations to detect : offences contrary to s43 Telecommunications Act and any degree of : monitoring the investigating officer wished to engage in, could, : according to this interpretation, proceed _without_ the necessity to : obtain _any_ warrant whatsoever... : Interesting wording though, isn't it? " the 1985 Act provides a : defence ", rather than " the 1985 Act authorises ". I must take a : peek at the Act itself, methinks... : Dave Thank you Dave, that was *precisely* the sort of Government shennanigans I predicted would happen here some months ago, for which people like Creosole had the gall to call me paranoid. Nice to see I can still second-guess the bastards correctly. It may be an old regulation, but the fact that they explicitly mentioned it in this report means they're definitely thinking about brushing it off and using it. As I said a long time ago, the strong encryption stuff hasn't gone unnoticed by our Government. They're more subtle at population control than the Americans - no Clipper here - just beef up some old laws hidden in the Telecom Act, use the technology they already have in place to trawl the phonelines, and make a few spectacular busts -- the 'chilling effect' of that will do the rest of the job for them. You want perhaps to rethink CommUnity's stance on porn/free speech/etc now in light of this big hint on the way things are going from the Home Office? G >From gtoal Tue Apr 19 18:54:50 1994 To: comp-org-eff-talk at demon.co.uk, uk-org-community at demon.co.uk Subject: Re: It *can* happen here. X-Phone: +44 31 662 0366 X-Fax: +44 31 662 4678 X-Organisation: An Teallach Limited Status: RO > From: Dave.Spinks%f106.n440.z2.fidonet.org at nowster.demon.co.uk (Dave Spinks) : Not to mention putting impossible pressures on people like demon and : pipex to self-censor themselves, the way uknet used to and JIPS still : does. (This has already started - demon have recently posted a disclaimer that the newsgroups we subscribe to may in the future be logged...) : Remember, the govt has the gutter press on their side - they're incredibly : easily manipulated to splurge "UK UNIVERSITY SUPPLIES PORN TO 2_YR OLDS" : or whatever - and the Internet (never mind the kiddy BBS circuit) has : no-where near the popular level of awareness that it has in the US. : Joe Public is *not* going to give a tinker's damn if we're clamped down on - : we're just some poncy rich techno elitists that he doesn't understand : and doesn't sympathise with in the slightest. Why should he care that : we're up in arms because or networks are being scanned for porno pictures. : Especially if we don't seem to care much ourselves. This has started too - see the Brum case - every single quotation in fact mentioned that the porn intercepted included photographs of 2-yr olds. (I haven't seen the contents of this server, but I've heard that it was a bootleg mirror of the US "Rusty & Eddie's" BBS, which is most definitely *not* a paedophile BBS. Anyone want to bet it was 99% 'straight' porn and maybe one picture of someone's kid with them at a nudist camp? We're seeing a deliberate propoganda war here - just compare all the quotations in all the different papers - straight from a single source, no critical commentary added anywhere by journalists. : By 'too late', I didn't mean too late for you to reply to my article, : but too late to do anything about the forthcoming crackdown on the : nets that I forsee coming within the next couple of years. The Americans (Make that months...) : [Makes note: file this post under 're-read-in-jan-2000' :-)] Or maybe even April 1994 :-) I thought this article was worth reposting because when I posted it on March 10th, some sanctimonious shit said that such wariness of our wonderful enlightened Tory government was paranoid. I wonder if anyone's opinion of the state of affairs in this country has changed following the events of the last month. To spell it out again: 1) The law referred to above by the Home Office that allows them to trawl data lines for porn will be used. They'll start small, just going for known targets - maybe readers of alt.binaries.erotica groups as supplied to them by the logs of large newsfeed sites. 2) They'll find encrypted files - lots of press publicity will follow 3) They'll demand powers to force disclosure of the plaintext in case there's any porn encrypted. They may not introduce a new law - just find some obscure existing provision of the Telecommunications Act, and beef it up a little 4) The public, in the shape of the X million readers of the tabloids without an opinion to call their own, will go along with this 100% just like they did with that recent abomination over horror videos. 5) CommUnity, who rolled over on the porn issue ages ago, won't be able to field a proper defense because they've already shot themselves in the foot. 6) Newsgroups per se won't be banned, but possession of the offending articles from certain newsgroups will be a criminal offense and people *will* be prosecuted. 7) IP Vendors will voluntarily start blocking newsgroups and NNTP connections, to cover their own perceived liability. 8) A ban on strong encryption will be enforced by using the features of System X exchanges to locate datacomms users who'll then be monitored at random. Enough convictions will discourage others from free speech. G From davehart at eskimo.com Sat May 14 15:19:27 1994 From: davehart at eskimo.com (Dave Hart) Date: Sat, 14 May 94 15:19:27 PDT Subject: Mykotronx Message-ID: FYI -- According to _The Puzzle Palace_, the Maryland Procurement Office is an old, old cover name for NSA. I'm surprised they're still using it. (Yes, I'm replying ot mail that's several days old.) | Maryland Procurement Office | 7318 Parkway Drive South | Hanover, MD 21076 | Maryland Procurement Office | Attn: N22144(CEB)(MDA 904-92-G-0354/J.0.5001) | 9800 Savage Road | Fort George G. Meade, MD 20755-6000 --- davehart at eskimo.com From gtoal at an-teallach.com Sat May 14 15:26:14 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 14 May 94 15:26:14 PDT Subject: To anon remailer operators... Message-ID: <199405142226.XAA08030@an-teallach.com> > Perhaps you might block their many addresses, or put general size > and number of post limits on the remailers. > > G > PS Someone has already used some sort of anon remailer at anon.spies. > wiretap.com to forge an article apparently *from* C&S to one of the > porn groups. Anyone know anything about that remailer? > : I am in favor of blocking mail to the c+s addresses. You'll need this: cslaw at delphi.com cslaw at win.net cslaw at witchcraft.com cslaw at pipeline.com cslaw at netcom.com cslaw at indirect.com (currently disabled) nike at indirect.com (currently disabled) lcanter at delphi.com lcanter at win.net lcanter at witchcraft.com lcanter at pipeline.com lcanter at indirect.com (currently disabled) 76636.443 at compuserve.com L. Canter 73032.164 at compuserve.com M. Siegel cslaw at lcanter.win.net cslaw at msiegel.win.net cslaw at win.net *@pericles.com (Their own new direct host) I may have missed some. They pop up *all over* the place :-( G From hayden at krypton.mankato.msus.edu Sat May 14 15:26:47 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sat, 14 May 94 15:26:47 PDT Subject: To anon remailer operators... In-Reply-To: <199405142200.PAA18293@soda.berkeley.edu> Message-ID: On Sat, 14 May 1994, Sameer wrote: > I am in favor of blocking mail to the c+s addresses. And perhaps FROM as well... ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hayden at krypton.mankato.msus.edu Sat May 14 15:29:26 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sat, 14 May 94 15:29:26 PDT Subject: To anon remailer operators... In-Reply-To: <199405142226.XAA08030@an-teallach.com> Message-ID: nOn Sat, 14 May 1994, Graham Toal wrote: [...multiple dirtbag lawyer addressed deleted...] > I may have missed some. They pop up *all over* the place :-( Sorta like roaches. Hmm. A fitting analogy ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From sandfort at crl.com Sat May 14 15:34:23 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 14 May 94 15:34:23 PDT Subject: ADMIN: on penet and on paranoia In-Reply-To: <199405142010.NAA15899@netcom.com> Message-ID: C'punks, Tim's excellent parody of the "Horn-ed One" gave me an idea. Since Tim has such a good feel for his subject, perhaps he should create a "DRG" (Detweiler Rant Generator). Like the ever-popular jargon generators, it could be used to give our posts a certain je ne sais quoi. Our ordinary posts could be transformed into blank verse odes to ANGUISH, BETRAYAL and IMPOTENCE. (Sorry, I got carried away. Must be catching.) S a n d y P.S. It *was* a parody, wasn't it, Tim? From gtoal at an-teallach.com Sat May 14 15:38:35 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 14 May 94 15:38:35 PDT Subject: Message Havens, Pools, and Usenet Message-ID: <199405142237.XAA08350@an-teallach.com> * Posting to a newsgroups allows piggy-backing on two things: 1. The world-wide distribution (in most cases) of newsgroups. The newsgroups are distributed to zillions of local sites, making attempted analysis of who is checking for messages all the more difficult. I think this is the way to go, and I don't think we need special groups for it either. Tim, just as an experiment, post a message to any group you like (except netcom ones!) with 'gtoal' in it somewhere (innocuously, like in a .sig), and I'll show you how easy it is to find stuff that's addressed to you. Of course, anyone else can find it too - you can't hide that the message was posted, but you certainly can't track who read it. G From gtoal at an-teallach.com Sat May 14 15:45:56 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 14 May 94 15:45:56 PDT Subject: BOYCOTT AT&T Message-ID: <199405142240.XAA08573@an-teallach.com> : The single oddest thing about the announcement, was that they were talking : about spending the equivalent of $25K for each new phone subscriber in Saudi : Arabia, and still only doubling the number of phone subscribers. Where the : heck does all that money go? Into the monitoring equipment. This will be a field-trial for the stuff that the FBI want for the phonetap bill. G From ebrandt at jarthur.cs.hmc.edu Sat May 14 15:46:28 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Sat, 14 May 94 15:46:28 PDT Subject: Penet Spoofing In-Reply-To: <9405141815.AA00592@flammulated.owlnet.rice.edu> Message-ID: <9405142246.AA00470@toad.com> Karl said: > Somebody is trying to be clever and forging mail to figure out > my penet id (surprise, I don't have one, but now I do). I doubt it's a forgery attack. More likely, somebody subscribed to the list under a anXXXX address rather than naXXXX -- possibly intentionally, but probably just by mistake. The effect is that everyone who posts to the list has their headers pseudonymized before their messages are passed to the subscriber. The people who were told they had been given anXXXX addresses were the lucky ones. People who already had unpassworded addresses, and who have unstripped .sigs or other indentifiers, have had their pseudonyms and truenames silently handed to the subscriber. Nasty failure mode. This has happened on the list a few times before. The first or second time was one of the major reasons Julf added the naXXXX capability, as I recall, to let anonymous users safely subscribe to mailing lists. Passwords were intended to stop the forgery attack, but are helpful here too. This mail, for example, should never reach the subscriber in question, because I didn't include my password. A handy stopgap would be for majordomo to screen out anXXXX addresses (better, convert them to naXXXX), and other known double-blinding addresses. The behavior of anon.penet.fi interacts poorly with mailing lists, but we've had that discussion before. Eli ebrandt at hmc.edu From jim at bilbo.suite.com Sat May 14 16:02:12 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 14 May 94 16:02:12 PDT Subject: Message Havens, Pools, and Usenet Message-ID: <9405142259.AA15657@bilbo.suite.com> I agree with Tim May that Usenet newsgroups can do the job of a global message pool. However, it takes too damn long to get a reply. It typically takes 3 to 4 days before I see replies to messages I post to Usenet. I wouldn't want to use Usenet for one-on-one communication. I'd prefer a network of indexed message pools like I described in an earlier post. Jim_Miller at suite.com From ebrandt at jarthur.cs.hmc.edu Sat May 14 16:04:15 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Sat, 14 May 94 16:04:15 PDT Subject: Message Havens, Pools, and Usenet In-Reply-To: <199405142237.XAA08350@an-teallach.com> Message-ID: <9405142304.AA00746@toad.com> > From: Graham Toal > I think this is the way to go, and I don't think we need special > groups for it either. Tim, just as an experiment, post a message > to any group you like (except netcom ones!) with 'gtoal' in it > somewhere (innocuously, like in a .sig), and I'll show you how easy > it is to find stuff that's addressed to you. Mass kibozing is certainly an option for the receiver, but I think this scheme is going to provoke loud complaints from most sysadmins if it ever gets off the ground. I agree with Karl's comments re "havens" that it's unnecessary to look at "if the whole planet did that, the net would implode" scenarios. But sending encrypted private mail to Usenet would become problematic even with light use, a few hundred or a thousand people. A thousand people times 50 messages per day is already 50,000 daily -- what's Usenet's daily traffic these days? And anon.penet.fi has more than a thousand active users, and I get a lot more than 50 messages a day. There are social strictures in place against broadcasting private mail via Usenet, except possibly as a last resort. If you encourage people to put encrypted chunks on every system in the world so one person can read them, you will probably be held in the same regard as Canter and Siegel. If you want to promote this, please don't say anything about "cypherpunks"... Eli ebrandt at hmc.edu From jim at rand.org Sat May 14 16:08:22 1994 From: jim at rand.org (Jim Gillogly) Date: Sat, 14 May 94 16:08:22 PDT Subject: In defense of paranoia in cryptography Message-ID: <9405142308.AA00589@mycroft.rand.org> Yes, excessive paranoia is inefficient. For example, assuming that NSA is godlike could lead people to choose 4K-bit RSA keys, with the associated penalty, when 700 bits or so would be plenty for the near term. However, a successful cryptographer must be cautious at a level that would be judged paranoid in more civilized communities. A trusting cryptographer would accept arguments about how many more keys this new system will accept than there are atoms in the universe (like simple substitution, for example, which allows for 26! different keys). A non-paranoid user of PGP would use a shared UNIX system for all business, since only trusted users and the very rare cracker have access to that system. A non-paranoid cryptographer would put her password into her autoexec.bat file. If you need cryptography, it's because you have enemies. In a world of sweetness and light, it doesn't matter if everybody knows everything about you, because they won't take advantage of that knowledge. In the real world, your data and identity have value, and people may be willing to expend resources to acquire some of that value. You need to estimate how much exclusive use of your data is worth to you, how much your hypothetical enemies are willing to spend to get access to that data, and how cheaply you can defend against that attack. It's been observed that a good programmer will look both ways when crossing to a one-way street. I'll observe that a good cryptographer will not only look both ways, but will also look up and down. Jim Gillogly Trewesday, 23 Thrimidge S.R. 1994, 23:05 From gtoal at an-teallach.com Sat May 14 16:33:41 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Sat, 14 May 94 16:33:41 PDT Subject: Message Havens, Pools, and Usenet Message-ID: <199405142333.AAA10407@an-teallach.com> :> I think this is the way to go, and I don't think we need special :> groups for it either. Tim, just as an experiment, post a message :> to any group you like (except netcom ones!) with 'gtoal' in it :> somewhere (innocuously, like in a .sig), and I'll show you how easy :> it is to find stuff that's addressed to you. :Mass kibozing is certainly an option for the receiver, but I think :this scheme is going to provoke loud complaints from most sysadmins :if it ever gets off the ground. I agree with Karl's comments re Heh. I'd never contemplate such a thing. In practice if I were using such a scheme I'd probably stick to *.test - I was just pointing out that Tim doesn't need to create an alt.w.a.s.t.e group specifically for the traffic. In fact, we *can't* create any such group specifically for the traffic because it wouldn't be carried, and you could trace recipients easily because all the people who talked to each other this way would have to arrange for their own feeds to take the group and get it from each other. (Actually I *had* been giving serious thought to such a scheme for an anonymous fax service I've been thinking about, but thought better of it, because, as you say, the net would want my head for posting 100's of K's of encrypted binaries in alt.test :-) ) G From unicorn at access.digex.net Sat May 14 16:53:20 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 14 May 94 16:53:20 PDT Subject: ADMIN: on penet and on paranoia Message-ID: <199405142353.AA14788@access2.digex.net> -> THE TRUTH COMES OUT! T.C. May is really LD! ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) <- Great, Now I'll have to ammend my complaint.... :) -uni- (Dark) From unicorn at access.digex.net Sat May 14 17:45:05 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 14 May 94 17:45:05 PDT Subject: Forward of sci.crypt web of trust. Message-ID: <199405150044.AA16061@access2.digex.net> Newsgroups: sci.crypt Subject: Re: Announcement: Mac Crypto Interface Project I thought I would forward this to try and provoke discussion: ++++ In article <199405140507.AAA23861 at indial1.io.com>, Terry Ritter wrote: > In strnlght at netcom.com (David > Sternlight) writes: > >>[...] >>Thus PGP will either have to be modified to conform to the PEM Certification >>heirarchy, Apple will have to add web-of-trust provisions to Digisign and > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >>the core system utilities, or PGP Mac users will have to generate their key >>pairs for PGP separately and use them separately from their certified AOCE >>key pair used to sign and authenticate. > >>[...] >>Ripem may shortly be adding the new "web-of-trust" addendum to the RFC on > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >>PEM certificates. Whether Apple will do so or not remains to be seen. > ^^^^^^^^^^^^^^^^ > > I am aware of no formal analysis of "web-of-trust" as a secure > cryptographic protocol. Strangely, sci.crypt has held many huge > discussions on the strength of RSA and IDEA, but few if any on > the relative difficulty of defeating "web-of-trust." > > Failure of "web-of-trust" to identify a "spoofed" invalid key > leaves the PGP design open to "man-in-the-middle" attack. While > many consider such attack unlikely, I wonder just how unlikely > this cheap and easy method would be when compared to the capital > and time required to attack even a 512-bit RSA key. Note that > the Network itself seems almost the ideal resource for the > automatic re-routing of messages needed in such an attack. [...] > "Web-of-trust" is almost certainly the weakest part of the PGP > design. [...] One of the biggest problems I see with the web of trust in PGP, at least in the MAC version, is the difficulty in verifying signed messages. It's just too complicated to be done on a regular basis. This is why it is easy to forge usenet messages now-a-days on the net, no one checks. The other flaw here is characterizing the web-of-trust as a secure cryptograhpic protocol for your analysis. Indeed the social aspects of the web-of-trust model are what your really referring to. If a messages is signed by me, and the signature checks out, the public key having been verified by some physical exchange or a trusted key signature, validity is no longer a cryptographic question. There is little doubt that the message was: 1> Signed by the public key in question. 2> Not altered since. The real question is does the key belong to who it claims to belong to, and has it been compromised? This is a social question, and makes key signatures a shade and not a bit (on/off black/white) question. It now comes down to judgements about the key management practices of the user, and the key signature policy of the key certifiers. A key certificate is not really a cold "certificate of authenticity," it is a voucher, and it's only as good as the authority it comes from. The reason I prefer this over a centralized system is because the potential for compromise of the thousand potential signators on the net is minimal. Because a central authority takes each potential certification application as a blank slate, it has basic unreliabilities that to me are more disturbing. All it takes to compromise a central authority is a forged identification document. If you've been to college you know this is a joke, if you live in LA you have more experience. Why this is more trustworthy than several signatures from diverse, respected net or other personalities is beyond me. What's wrong with the web of trust right now is that it takes a boolean approach to a non-boolean process. Signatures should instead bear some qualifying information, like "know personally" or "physical exchange of key information" or "life long friend." In addition I would like to see a reputation signature as well, a signature that says "not only is this a person who I know personally, but I respect this person's judgement and perspective in intellectual matters." This in conjunction with the strong signature method would make the web-of-trust model much more effective. Regardless, the greater problem is transparency of operation. Once that is accomplished, it will be a trivial matter for forged usenet posts to be rebuked by readers realtime. In short, you need to ask not just: "Is it signed." But: "Is it signed by a public key bearing a key certificate from a user I trust to make good decisions." -uni- (Dark) From koontzd at lrcs.loral.com Sat May 14 18:47:22 1994 From: koontzd at lrcs.loral.com (David Koontz ) Date: Sat, 14 May 94 18:47:22 PDT Subject: AT&T and Saudi Arabia Message-ID: <9405150146.AA03423@io.lrcs.loral.com> > in alt.news-media: >From: Publications-Admin at Whitehouse.Gov (The White House) >Subject: CLINTON: 1994-05-11 President Names Mabus as Ambassador to Saudi Arab >Date: 14 May 1994 08:29:23 -0400 > THE WHITE HOUSE > > Office of the Press Secretary >________________________________________________________________________ >For Immediate Release May 11, 1994 > > PRESIDENT ANNOUNCES INTENT TO NOMINATE RAYMOND EDWIN MABUS > AS AMBASSADOR TO THE KINGDOM OF SAUDI ARABIA > The President today announced his intent to nominate Raymond >Edwin Mabus, Jr., of Mississippi, as Ambassador to the Kingdom of Saudi >Arabia. > "Ray is a good friend who I had the honor of serving with as a >fellow governor. As Governor of Mississippi, he represented the people >of that state with distinction," the President said. "He brings the >leadership and vision he has demonstrated throughout his years of public >service to this critical assignment. I am pleased to nominate him as my >personal representative to Saudi Arabia. " > > Mr. Mabus served as Mississippi's Governor from 1988 to 1992. He >also served as State Auditor of Mississippi and on the staff of a >previous governor. For the past two years, he has managed his own timber >business, worked as a consultant on job training and telecommunications, --------------------------------------------------------- >and was the Chairman of the Commission of the Future of the South. ... Someone want to bet how much money is in whose pocket? From klbarrus at owlnet.rice.edu Sat May 14 18:53:42 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 14 May 94 18:53:42 PDT Subject: ADMIN: on penet and on paranoia In-Reply-To: <9405141940.AA27947@ah.com> Message-ID: <9405150153.AA14358@flammulated.owlnet.rice.edu> Eric Hughes wrote: >Paranoia is cryptography's occupational hazard. Yes, that is indeed the nature of it since many of the protocols are designed to work admist mutually distrusting parties. A degree of suspicion/ paranoia is necessary - for example, digital cash. Another example, a non-suspicious person may be tricked into digitally signing anything (by getting them to sign a blinded document). >the possibility of technical error, and it begins to close off >examination of technicalities not fully understood. I understand this: I was allocated an anonymous id which I didn't intend to request. So maybe it was a technical error, maybe it was somebody trying to figure out my id... in either case the resulting id is useless Presumably, the person subscribing to the list received my message, with the From: field altered to the anonymous id. Since the message contained by name and email address, I don't care if the id was assigned by mistake. > There must be confidence that the way by which this security becomes > to be believed is robust and immune to delusion. Precisely: I beleive my assigned anonymous id to be worthless. I think I follow most of what you are saying; all the same, in this case, technical error or not, malicious person or not, the paranoia is justified. And beleive me, I haven't invested much time into figuring this out. -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From cyber1 at r-node.io.org Sat May 14 19:13:59 1994 From: cyber1 at r-node.io.org (Cyber City) Date: Sat, 14 May 94 19:13:59 PDT Subject: No Subject Message-ID: <199405150213.WAA19812@r-node.io.org> Subject: Re: BOYCOTT AT&T Date: Sat, 14 May 1994 20:07:37 -0400 Reply-To: cyber1 at io.org In-Reply-To: <199405131541.IAA24220 at well.sf.ca.us> Lines: 40 > sure it didn't hurt. In the May 13 New York Times: > > >The AT&T Corporation's winning bid for a $4 billion contract to > >modernize Saudi Arabia's phone system ,WHICH HAD BEEN SUPPORTED > >BY HEAVY CLINTON ADMINISTRATION LOBBYING , was hundreds of > >millions of dollars higher than other bids [...] The huge-scale In a column written for the Toronto Sun today, former Canadian Defense Minister Perrin Beatty went on record as opposing the Clipper chip. His reasoning: "1) American policy can't apply around the world, and foreign companies will build equipment without the chip. Criminals will have ready access to scramblers without trap doors. 2) The code the chip inserts makes it easier to identify information from a particular source. Instead of simply being part of a computerized stew, each piece of data is more recognizable and can be readily decrypted by the electronic key. 3) If Canadian industry must include the chip in products sold in the U.S. and Canada, it will lose business to less buggable equipment from Asia or Europe. 4) The chip could open our diplomatic and commercial secrets to U.S. snooping. The Americans are our best friends and our interests are usually similar. But shouldn't we at least be cautious? 5) The requirement for a court order is fine if procedures are followed and no one breaches security, but what if the system breaks down? Should we rely on only one means of protection?" ..................................................................... My comments: Canada used to have that Saudi Arabia contract, so there may be some economics involved. On the other hand, Mr. Beatty is especially well informed and has shown an interest in privacy issues for some time. -- Alex Brock From sameer at soda.berkeley.edu Sat May 14 19:15:11 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sat, 14 May 94 19:15:11 PDT Subject: To anon remailer operators... In-Reply-To: <199405142226.XAA08030@an-teallach.com> Message-ID: <199405150213.TAA02635@infinity.hip.berkeley.edu> > You'll need this: > Wow.. that's quite a sizeable number. Regarding pericles.com -- I don't have anything against mailbombing that site -- it's their own host, they pay for the disk space and their feed right? Mailbombing them on other sites will make it bad for the owners of the site and the other users of the site who aren't involved with the crap. . . Should probably still stop mail from the remailers though to avoid gettings sued. A class actions suit against c+s on the part of the usenet might be a good idea. (But this is a topic for alt.net-abuse.) From klbarrus at owlnet.rice.edu Sat May 14 19:21:47 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 14 May 94 19:21:47 PDT Subject: havens, pools, usenet Message-ID: <9405150221.AA15434@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- > To wit, what happened to the idea of posting anonymously to > newsgroups? This is how folks apparently communicated with BlackNet, Nothing happened to the idea of posting anonymously to usenet! It's just that it usually draws complaints from people, which at times threaten the existence of the remailers involved. And the fact that the haven doesn't send mail out is an attempt to solve this problem. Besides, the advantage the haven would offer is that it could allow you to pay for more time - say by default messages get tossed out after a day or two, but you could pay for yours to stay around a while longer. Maybe commercial services operate differently, but here at Rice, newsgroups (especially in the alt.* hierarchy) expire lightning fast. Well, all except the rice.* and clari.* heirarchies. Which would pose a difficulty in using certain groups. Like I said, most of the objections I see to anonymous mail are the fact that mail actually arrives at another person mailbox or in a newsgroup. I mean, I was involved in a flame war on comp.admin.policy a while ago, and after exchanging posts and email with a few people, it became clear their only objection to anonymous posts/mail was that mail actually went somewhere or it was a breach of "nettiquette". Tim, I agree with your assessment of "nettiquette"; there are plenty of worse abusers, but all the same, it draws fire which is harmful. If nothing else, lots of other people get irritated. For instance, Serdar Argic seems to survive despite net.abuse, but it irritates hundreds. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdWHFIOA7OpLWtYzAQHOiQP8CQF5Sdj/nf+YbDNuyWgNB8bFrZTW7f1q 3oPsfjdXiJsrmpkb53YeM1iPZr3THAJYX9M8wPOopZOvU9LDVRQhGXOUa7FuIAww 6+lk13ys/1RWFNLhycOmIErz+0+prwp1bBMbxQ7s4Ok5lecXjM8Qkaz356gUhJDc lYHrQkcNN2c= =krV1 -----END PGP SIGNATURE----- From unicorn at access.digex.net Sat May 14 19:57:12 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 14 May 94 19:57:12 PDT Subject: AT&T, Canada, U.S., Clipper In-Reply-To: <199405150213.WAA19812@r-node.io.org> Message-ID: <199405150257.AA12857@access3.digex.net> > > Subject: Re: BOYCOTT AT&T > Date: Sat, 14 May 1994 20:07:37 -0400 > Reply-To: cyber1 at io.org > In-Reply-To: <199405131541.IAA24220 at well.sf.ca.us> > Lines: 40 > [...] > > In a column written for the Toronto Sun today, former Canadian Defense > Minister Perrin Beatty went on record as opposing the Clipper chip. > His reasoning: > > "1) American policy can't apply around the world, and foreign companies > will build equipment without the chip. Criminals will have ready > access to scramblers without trap doors. > > 2) The code the chip inserts makes it easier to identify information > from a particular source. Instead of simply being part of a > computerized stew, each piece of data is more recognizable and can > be readily decrypted by the electronic key. > > 3) If Canadian industry must include the chip in products sold in the > U.S. and Canada, it will lose business to less buggable equipment > from Asia or Europe. > > 4) The chip could open our diplomatic and commercial secrets to U.S. > snooping. The Americans are our best friends and our interests are > usually similar. But shouldn't we at least be cautious? > > 5) The requirement for a court order is fine if procedures are followed > and no one breaches security, but what if the system breaks down? > Should we rely on only one means of protection?" It's interesting to me that these are all arguments most of the anti-clipper types on 'punks have been bringing up from the beginning. Mr. May and another poster have brought up the newbie complaint that no one wants to debate current issues, and another poster again brought up the good post, bad response syndrome. (Sorry I can't provide specific credit) Perhaps this is part of the "problem." Normally 'punks are right on these issues as they develop. There are a few regular "collectors" or "rainmakers" on the list that bring in prospective problems and issues before they hit the mass media with any force. There are others who bring up the issues way in advance only analytically, putting the pieces together to spot the issues before they ever hit the media, or the policy makers. (Note that I don't assert the issues flow in this order :) ) It seems that the 'punks are on top of the issues 3 months to a year in advance consistently. (Perhaps a 1-900 number should be started? The cypherpunk psychic friends network maybe?) This to me is one of the great advantages and bonuses of the nexus between politics and cryptography on the list. (Note that I'm the worst political distraction offender.) By the time most newbies get on the list, and want to talk about current events, they are old and cold on the list. I think sometimes the list forgets the great sources, intellects and perspectives that float about and as a result there isn't a great deal of sympathy for the newbies. Are the cypherpunks a touch spoiled? Regardless, I think Mr. May's idea for the golden oldies is a sound one. No one wants to rehash all the old arguments again and again. I don't know if a FAQ is the right approach or not, I though more like a quick summary of arguments on each side of each issue, or more to Mr. May's structure (I think) the original "essays" on the topics in question. Perhaps majordomo could be convinced to send a pointer to the "FAQ" or "Introduction to cypherpunks" with each subscribe request? > > ..................................................................... > > My comments: Canada used to have that Saudi Arabia contract, so there > may be some economics involved. On the other hand, Mr. Beatty is > especially well informed and has shown an interest in privacy issues > for some time. This is apt analysis. To me the issue is one of Canadian sovereignty and economic independence despite NAFTA and outside the trade relations with America. The worst part of NAFTA for the Canadians (IMHO) was the initial, short-term economic dominance. You can see in the statement that the Canadian's hardly respect or are likely to abide by American market influence when it has little to do with free trade. Make an economic treaty with the United States and you get some U.S. market regulation as well. Even if the treaty is about free trade to begin with. It still interests me that the list can be so on target and attuned to the policy issues as to basically predict the response of non-American governments. Perhaps the policy makers are using the wrong advisors. Then again, it is right in line with American pomposity that the U.S. policy makers either assume the rest of the world will fall in line, assume they have the right analysis and perspective over all the other inputs, or don't care one way or the other. >>Karl L. Barrus: klbarrus at owlnet.rice.edu >>keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 >> >>"One man's mnemonic is another man's cryptography" >> - my compilers prof discussing file naming in public directories One country's geek is another country's policy maker? Or did the former Canadian miss Woodstock too? > > -- > Alex Brock > > -uni- (Dark) From unicorn at access.digex.net Sat May 14 20:24:45 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 14 May 94 20:24:45 PDT Subject: List Filtering. Message-ID: <199405150324.AA13827@access3.digex.net> I have been thinking lately about list filtering, and the moderation methods that have been tossed around on the list of late. I come down against any kind of "negative" moderation. What strikes me as more effective and efficient is a reputational system. Interestingly this ties into my concept of how the "web-of-trust" should work as well. If somehow, the list server could be made to keep track of reputational signatures on some sort of a point scale and tack the result into a header like "X-Posters-Reputation-Grade: A-." The result would be easy filtering, a lack of active censorship, and less user work overload to make the system work. Of course this is by no means a new idea. If I could remember who has suggested this point on the list before, I'd credit you... sorry. I don't have a firm idea of how reputational signatures would be "valued" but it seems to me that positive systems are a better idea the negative ones for a few reasons: Negative systems allow blacklisting. In any system, if I have three or four accomplices, it's easy to spoil whoever I have personal conflicts with. Negative systems just aren't "nice." If you can't say something good about someone.... :) Negative systems don't account for perspective as well: While anyone can find something poor to say about someone, it is probably more instructive of a poster's "worth" if a few people can say something good. Additionally, in a hybrid system where negative systems and positive systems are balancing (one users positive vote of reputation is offset by anothers negative one) the filtering tends to be content based rather than merit based. For example, just because I post about political and distractingly political issues occasionally, a list user like, oh I dunno, let's call him Mr. M., might give me and F or a D. While someone who particularly likes my posts, even when they are distracting, and approves of my ability of analysis and perspective, no longer has much impact on my rating. Simply, in a positive system: If your a complete idiot, you'll never get any real reputational certificates. If your a poster of worth, and you just tend to annoy some of the regulars, you'll still get some positives. It would be nice if PGP had a system to account for a reputational rating of a users key management and security practices as well. -uni- (Dark) From mcable at Emerald.tufts.edu Sat May 14 21:12:29 1994 From: mcable at Emerald.tufts.edu (Matthew Cable) Date: Sat, 14 May 94 21:12:29 PDT Subject: Public Key Servers Message-ID: I'm looking to set up a public key server at phantom.com, supporting both 2.3 and 2.5 keys. Who should I contact for information and source to work from? With the moving of BAL's server to 2.5, i figure we could use another server here on the east coast. Thanks! *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* mcable@[jade,emerald,cs].tufts.edu \|/ wozz at wozz.ext.tufts.edu Matthew Cable <0-0> wozzeck at mindvox.phantom.com MTUC Jackson Labs ----o00-O-00o----- http://www.cs.tufts.edu/~mcable/ Tufts University GCS/MU -d+ -p+ c++++ l++ u++ e+ m++(*) s++ !n h+ f* g+ w++ t+ r- y+ *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* From anonymous at extropia.wimsey.com Sat May 14 23:13:12 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Sat, 14 May 94 23:13:12 PDT Subject: [ANON] War in rec.guns Message-ID: <199405150551.AA13213@xtropia> <> ||To: gun-control at cs.umd.edu -=> Quoting Stan Young to All <=- SY> This is a public forum. It is a place for standing up and being SY> counted. If you haven't posted here before, and you don't wish to be SY> "known" as someone with interests in this area, don't post - period. Ah, "The John Wayne Syndrome" again! Re-check my posts for my comments. In any case, you are imposing your value judgment on someone else's purely personal decision, which of course is out of line. In any case, how do you know a "real" account is indeed "real"? You don't, and you can't. SY> Those who think that an "anonymous" posting site provides any SY> protection at all are, sadly, seriously in error. Note that your name SY> is still available "before" the post gets to the "anonymous" site - SY> and anyone sufficiently motivated to collect the data will be able to SY> trace it back to you. Completely and totally untrue! My "technical ignorance" point again... Before embarrassing yourself by making such statements, you should educate yourself about current anon remailer tech. What you say is only true for the first-generation trivial remailers such as Penet's, used for trivial anonymity. The current chained, encrypted Cypherpunks remailers are, as far as can be determined, absolutely unbreakable except _possibly_ (and only theoretically) by a high intensity, highly expensive attack by the NSA or by an internal physical security breach. These are complicated and sophisticated programs. If you think you can defeat them, there are lots of folks who would love for you to try. There is no evidence that anyone has, and there have been notable cases where Law Enforcement has tried to break the tech and failed (Followup to cypherpunks at toad.com). SY> If you have secrets you want to keep, the best way to do it is to keep SY> your mouth shut, your profile low, and your fingers off the keyboard. Frankly, if anyone should shut up, it'd be the people who don't know what they're talking about...but that would cut down the traffic in rec.guns to about six posts a day, I suppose. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| -=> Quoting Magnum at cs.umd.edu to John Nieder <=- Ma> You are responding to Stan Young, and so I'm forwarding your post to Ma> him since I have chosen to reject your post for the whole group. You also, I note, have not been passing on numerous other dissenting messages of which I have received Cc:s. This is an excellent way to engineer the illusion of common consent, however dishonestly. I congratulate you. Unfortunately, you do not have control of the other lists and newsgroups on which I plan to discuss this issue and your personal handling of it. Ma> The issue has been aired and closed, however, and Ma> therefore I see no basis for sending your contempt *for* the group *to* Ma> the group. I think we all pretty much figured this out how you feel Ma> from the last posts anyway. How do you expect me to feel? No one - including you - has answered a single goddam point I made, refuted a claim, or otherwise gave anything faintly resembling an intelligent response. All I have received is a bunch of Cc:s supporting my position, which do not show up on the group, and a few snitty and illiterate pokes from folks who don't like to have their ignorance and prejudice pointed out, and who can't deal with the actual issues. If I'm wrong on this position, show me _why_, don't play chickenshit games with incoming posts to fake a consensus and pretend like I never said anything serious to begin with. That's just contemptable, especially coming from someone so heavily invested in "open" discussion. "Sunlight" or something, wasn't it? Think about it. In the meantime check the following post. The original respondent had the intellectual integrity to admit that my points were valid, but was shook up because I had dared rock the boat by being angry: ======================================================================= Msg#: 2 Pvt Date: 13 May 94 00:11:15 From: John Nieder To: Rt at hpbs2852.boi.hp.com Subj: Re: [ANON]: Yes or Goodby -=> Quoting Rt at hpbs2852.boi.hp.com to John Nieder <=- Rt> Anyway, when I'm as angry about something as you obviously were Rt> when you wrote this, I have difficulty realizing how I sound. I'm just Rt> letting you know the taste your post left in other people's mouths, in Rt> case you were interested. The only things that matter are the points I made. If you can refute them - if what I asserted is inaccurate - you have a case, otherwise save the bandwidth, no offense intended. I meant for the post to sound exactly the way it did. I edited it three times and a fourth for cross-posting. My netmail on this is running about 85% toward enthusiastic agreement, by the way. Of the detractors posting the remaining, dissenting notes, you are the _only_ one who could post two consecutive grammatical sentences. NONE, however, disputed a single point I made in my post. Not _one_, thus nicely proving my hypothesis about anti-anon posters being more interested in personality and conflict than the issues they are obviously unequipped to discuss. Let's face it, there are some prime idiots on these lists and newsgroups who exhibit exactly the same irrational, uninformed, buttheaded bigotry in their attitudes toward the privacy movement (and God knows what else) that Diane Feinstein shows toward guns. These days I'm getting fed up with being steamrollered by small people with little piss-pots of authority who don't know what the hell they're talking about. I'm sick of being expected to _like it_ and respond politely as though I'm dealing with decent, thinking human beings. I've _had_ it, Bro. My take is that if the shoe fits, they can fucking well wear it. JN ... Truth exists independently of ideological imperatives. From sameer at soda.berkeley.edu Sat May 14 23:25:00 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sat, 14 May 94 23:25:00 PDT Subject: Magic Money on a port Message-ID: <199405150411.VAA05280@infinity.hip.berkeley.edu> I wrote a little perl script to put the magic money server on a port. This should help in writing a client program which doesn't require the user to deal with sending repeated messages to the bank. Most of it I just took from the perl manpage. It requires shlock.pl. Please send bug reports. #!/usr/local/bin/perl ($port) = @ARGV; $port = 1992 unless $port; $magicserver = "/home/infinity/nexbucks/s"; $waitlock = "/home/infinity/nexbucks/waiter.pid"; $processlock = "/home/infinity/nexbucks/processor.pid"; require 'sys/socket.ph'; require './shlock.pl'; # First check to see if the process is running unless(&shlock($waitlock)) { print "Process already running\n"; exit; } $sockaddr = 'S n a4 x8'; ($name, $aliases, $proto) = getprotobyname('tcp'); ($name, $aliases, $port) = getservbyname($port, 'tcp') unless $port =~ /^\d+$/; $this = pack($sockaddr, &AF_INET, $port, "\0\0\0\0"); select(NS); $| = 1; select(stdout); socket(S, &PF_INET, &SOCK_STREAM, $proto) || die "socket: $!"; bind(S, $this) || die "bind: $!"; listen(S, 5) || die "connect: $!"; select(S); $| = 1; select(stdout); # Ok the socket has been setup. Fork, wait for the parent lock to die # and then lock again if(fork) { exit; } # Wait for the old process to die sleep 10 unless(&shlock($waitlock)); for (;;) { # print "Listening again\n"; ($addr = accept(NS,S)) || die $!; unless(fork) { # print "accept ok\n"; ($af,$port,$inetaddr) = unpack($sockaddr,$addr); @inetaddr = unpack('C4',$inetaddr); # print "$af $port @inetaddr\n"; $tmpin = "/tmp/mmin." . $$ ; $tmpout = "/tmp/mmout." . $$ ; open(TIN, ">$tmpin") || die $!; print NS "Submit to the Nexus Bank:\n"; while () { print TIN; last if /^-----END/ ; } close(TIN); # Wait for the process lock to stop unless(&shlock($processlock)) { print NS "Please wait for other requests to finish."; do { print NS "." ; sleep 10; } until(&shlock($processlock)); } print NS "order processing."; # Run magic money open(MM, "| $magicserver > $tmpout"); open(TIN, $tmpin); while() { print NS "." ; print MM; } close(TIN); close(MM); print NS "done.\n"; open(OUTPUT, $tmpout); print NS ; close OUTPUT; exit; } } From sameer at soda.berkeley.edu Sat May 14 23:54:19 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Sat, 14 May 94 23:54:19 PDT Subject: Magic Money Client/Server using IPC Message-ID: <199405150644.XAA00453@infinity.hip.berkeley.edu> As I posted only a few hours ago, I have been working on improving the Magic Money interface. I've written a server application for the Magic Money server which allows the server to sit on a port and wait for connections. When a connection comes in it forks and processes the request, by just taking the input, passing it to the 's' server released by Pr0duct Cypher, and then returning the server's output. The client is a front end to Pr0duct Cypher's 'c' program, which handles the communication between the 'c' client and the server running on a socket. I have written the client so that it can be run from any directory, but it looks in ~/.bank for the bank.asc, rand.dat, and other files that the program uses. I just wrote this code today, so I'm sure it lacks many safety checks. If you'd like to point out where it goes wrong, I'd appreciate it greatly. To invoke the server: Edit server.pl and give it the port number you want. Run 'server.pl' in the directory which has the 's' program and the files that the 's' program uses. server.pl will fork and wait on the port specified. To run the client: Create the ~/.bank directory, and put rand.dat and bank.asc in that directory. Edit the client.pl to reflect the port number and the hostname of the server, as well as the location of Pr0duct Cypher's 'c' binary. client.pl -initialize Generates your account. client.pl -incoming [filename] Takes in incoming coins (which someone has given you) either from filename or stdin (if the filename argument is missing) and adds their value to your wallet. (Doing the communication with the server that is necessary) client.pl -extract [filename] Extract coins that you own into filename, or if filename doesn't exist pgp ascii-armor the coins and send them to stdout. client.pl -exchange Exchange your old coins for new ones. server.pl: #!/usr/local/bin/perl # Perl script to attach a Magic Money Server to a port # Sameer ($port) = @ARGV; $port = 1992 unless $port; $magicserver = "s"; $waitlock = "waiter.pid"; $processlock = "processor.pid"; require 'sys/socket.ph'; require './shlock.pl'; # First check to see if the process is running unless(&shlock($waitlock)) { print "Process already running\n"; exit; } $sockaddr = 'S n a4 x8'; ($name, $aliases, $proto) = getprotobyname('tcp'); ($name, $aliases, $port) = getservbyname($port, 'tcp') unless $port =~ /^\d+$/; $this = pack($sockaddr, &AF_INET, $port, "\0\0\0\0"); select(NS); $| = 1; select(stdout); socket(S, &PF_INET, &SOCK_STREAM, $proto) || die "socket: $!"; bind(S, $this) || die "bind: $!"; listen(S, 5) || die "connect: $!"; select(S); $| = 1; select(stdout); # Ok the socket has been setup. Fork, wait for the parent lock to die # and then lock again if(fork) { exit; } # Wait for the old process to die sleep 10 unless(&shlock($waitlock)); for (;;) { # print "Listening again\n"; ($addr = accept(NS,S)) || die $!; unless(fork) { # print "accept ok\n"; ($af,$port,$inetaddr) = unpack($sockaddr,$addr); @inetaddr = unpack('C4',$inetaddr); # print "$af $port @inetaddr\n"; $tmpin = "/tmp/mmin." . $$ ; $tmpout = "/tmp/mmout." . $$ ; open(TIN, ">$tmpin") || die $!; print NS "Magic Money Bank: " . $bank . "\n"; print NS "Feed server\n"; while () { print TIN; last if /^-----END/ ; } close(TIN); # Wait for the process lock to stop unless(&shlock($processlock)) { print NS "Please wait for other requests to finish."; do { print NS "." ; sleep 10; } until(&shlock($processlock)); } print NS "order processing."; # Run magic money open(MM, "| $magicserver > $tmpout"); open(TIN, $tmpin); while() { print NS "." ; print MM; } close(TIN); close(MM); print NS "done.\nServer response\n"; open(OUTPUT, $tmpout); print NS ; close OUTPUT; exit; } } client.pl: #!/usr/local/bin/perl # Perl script to make dealing with the magic money oh so much easier # Sameer require 'sys/socket.ph'; $mmclient = "/usr/local/bin/mmclient" ; $pgp = "/usr/local/bin/pgp" ; $port = 1992; $host = "localhost"; sub connectgrab { local($them, $port, $infile, $outfile) = @_; $sockaddr = 'S n a4 x8'; chop($hostname = `hostname`); ($name, $aliases, $proto) = getprotobyname('tcp'); ($name, $aliases, $port) = getservbyname($port, 'tcp') unless $port =~ /^\d+$/; ($name, $aliases, $type, $len, $thisaddr) = gethostbyname($hostname); ($name, $aliases, $type, $len, $thataddr) = gethostbyname($them); $this = pack($sockaddr, &AF_INET, 0, $thisaddr); $that = pack($sockaddr, &AF_INET, $port, $thataddr); socket(S, &PF_INET, &SOCK_STREAM, $proto) || die "socket: $!"; bind(S, $this) || die "bind: $!"; connect(S, $that) || die "connect: $!"; select(S); $| = 1; select(stdout); # Wait until we get the prompt to start while() { last if /^Feed server$/ ; } # Send the stuff to the server print "Sending to server.\n"; open(INPUT, $infile) || die "can't open $infile: $!"; while() { print S; } close INPUT; # Wait for the server to finish processing.. tell the user it is processing print "Waiting for server to process.\n"; while() { last if /^Server response$/; } # Now grab the server's response open(OUTPUT, "> $outfile") || die "can't open $outfile: $!"; while() { print OUTPUT; } close(OUTPUT); close S; print "Finished with server.\n"; } ## Main ## Deal with user requests # Process incoming money sub processincoming { if($ARGV[0] ne '-') { $ARGV[0] = &expandfile($ARGV[0]); } open(FILE, "> temp.dat") || die "can't create temp.dat: $!"; print FILE <>; close FILE; system("$mmclient temp.dat"); unlink("temp.dat"); &deal; } # Initialize client sub initialize { system("$mmclient -i"); &deal; } # Exchange coins sub exchangecoins { system("$mmclient -x"); &deal; } sub deal { &connectgrab($host, $port, "output.asc", "serverreply.asc"); system("$mmclient serverreply.asc"); # unlink("serverreply.asc"); # unlink("output.asc"); } sub extractcoins { # if($ARGV[0] eq '-') # { # # Error # print "Must specify a filename to extract coins to\n"; # exit; # } if($ARGV[0] ne '-') { $file = &expandfile($ARGV[0]); if( -e $file ) { # Error print "File already exists\n"; exit; } # Check if the file can be made open(FILE, "> $file") || die "Can't create $file: $!"; close FILE; unlink($file); } system("$mmclient -p"); # Now move coins.dat away so that another extraction doesn't mean money # is lost # Send it to another file or stdout if($file) { rename("coins.dat", $file); print "Coins moved to $file\n"; } else { print "Coins going out, ascii armored.\n"; open(COINSDAT, "coins.dat"); open(ASCII, "| $pgp -af 2>/dev/null"); print ASCII ; close ASCII; close COINSDAT; # unlink("coins.dat"); } } sub expandfile { # If a file has a leading / don't add the startdir # otherwise prepend $startdir local($fname) = @_; if(index($fname, '/') == 0) { return($fname); } else { return($startdir . "/" . $fname); } } ######### # THE MAIN ######### # This bit of the program takes the cmdline arguments, etc. $startdir = $ENV{'PWD'}; chdir($ENV{'HOME'} . "/.bank") || die "can't chdir to ~/.bank: $!"; $command = $ARGV[0]; shift; unless($ARGV[0]) { unshift(ARGV, '-'); } &processincoming if $command eq '-incoming'; &initialize if $command eq '-initialize'; &exchangecoins if $command eq '-exchange'; &extractcoins if $command eq '-extract'; From barrett at daisy.ee.und.ac.za Sun May 15 00:34:41 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Sun, 15 May 94 00:34:41 PDT Subject: Penet Spoofing In-Reply-To: <9405141815.AA00592@flammulated.owlnet.rice.edu> Message-ID: > I would like to add that I have evidently been a victim of "penet > spoofing" as well, since I too received the following message from > penet: I have another theory: If an anXXX at anon.penet.fi address subscribes to the mailing list, then everybody who sends mail to the list will be given an anon alias. (Now to wait and see whether I get allocated an anon id from anon.penet.fi in response to this message.) I still say that double-blinding should not be the default action of servers like that at anon.penet.fi. Double blinding is sometimes useful, but one should have to request it explicitly. --apb (Alan Barrett) From jkreznar at ininx.com Sun May 15 03:35:09 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sun, 15 May 94 03:35:09 PDT Subject: PGP 2.5 Warning Message-ID: <9405151034.AA22487@ininx> -----BEGIN PGP SIGNED MESSAGE----- This should be obvious, but probably bears repetition anyway: FREEMAN BEWARE: By switching to PGP 2.5 you would commence to affirm with each message you send that you are a subject of the U.S. State. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdX6JsDhz44ugybJAQG6jAQAhl1UPAH2PjJGOKu75z9Fs398ZKvfOhk4 kGchqD0vCnS0TclVlUErcuCoO39E60tyEVVZKcZ/DQBqf1VpXJ6Or7zi9TaWmBGk 426H3OFKytX3QlMRuEY83+HVLzS6gY0xGYnmVoXjkhNtnQYmZUxkYynQAWezh5yR ef9dv96AsCI= =xW/u -----END PGP SIGNATURE----- From warlord at MIT.EDU Sun May 15 03:39:45 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Sun, 15 May 94 03:39:45 PDT Subject: PGP 2.5 & Remailers In-Reply-To: <199405140202.AA02751@metronet.com> Message-ID: <9405151039.AA02078@bill-the-cat.MIT.EDU> > I was just wondering if there was going to be any hacking done to the anon > remailers to allow PGP 2.5 usage, as well as PGP 2.3. If so, how would > the headers change (if any), other than the obvious version numbers? Can > we expect to see anouncements by various remailers advising as to whether > they'll be supporting v2.5? No hacking necessary. Things should be totally compatible, so long as servers are running at least 2.3a; although 2.5 is recommended. :-) They are compatible. -derek From cdodhner at indirect.com Sun May 15 05:18:56 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Sun, 15 May 94 05:18:56 PDT Subject: Message Haven explanation In-Reply-To: <9405140116.AA09715@flammulated.owlnet.rice.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Background: I've noticed that about the only opposition voiced to > anonymous mail is the fact somebody can harrass another user (however, Well then, just have people anonymously mail messages to the haven, with complete headers etc.. then to check your mail you just ftp over and read the (automaticly maintained) index file for messages that have a "TO: yourname at yoursite.com" header, and don't worry about the 'downloading every message' idea. This is the simplest solution I can think of for the problem you state above, althoug it would be a big improvement if the ftp server had a special command that means "gimme my mail" or something... so a casual browser wouldn't discover the names and email addresses of *everyone* who was receiving anon mail. Happy Hunting, -Chris. ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner @ indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 - ------------------------------------------------------------------------------ PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger revolution H.E.A.T. warheads porno kiddiesex export import customs deviant bribe corrupt White House senator congressman president Clinton Gore bootleg assasinate target ransom secret bluprints prototype microfilm agents mole mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges kuwait saddam leader death-threat overlords police hitler furer karl marx mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat explosives el salvador m-16 columbia cartel -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdXEIOKc9MdneB1xAQFf0wP/dPmtAk+eCcjav4nd6wnETCouOg0QRpi3 5Vk/esFhVCothFlHj/WOdAtdcdmHurJrHWWgkBgCmFWWP7zwuGj0ik7dRMJHLcze CoXbYaN0okYvKY97FokAtyLyPEVKTixOO41xTLhUJG/6Ow5+jqG0xxlMen5KAv5P FlOrFaELqs8= =FtvQ -----END PGP SIGNATURE----- From cdodhner at indirect.com Sun May 15 05:20:09 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Sun, 15 May 94 05:20:09 PDT Subject: MacPGP ease of use In-Reply-To: <199405150044.AA16061@access2.digex.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > Regardless, the greater problem is transparency of operation. > Once that is accomplished, it will be a trivial matter for forged usenet > posts to be rebuked by readers realtime. I was talking to a definite non-cypherpunk friend of mine today, and he and I came up with something that might help some Mac users with pgp... The way we were thinking about it is that in your pgp directory, er, folder, you would have several Icons in adition to pgp it'sself. One would be a picture of a lock, with the name "encrypt" and to encrypt a file you simply "pick up" the file and "drag" it over to "drop" it on the encrypt icon. Poof, encrypted file is produced (sure it would ask for passwords and stuff, and it would ask first who to encrypt it to, with the users own pubkey the default. Another Icon would be a picture of a key with the word decrypt, any cyphertext file droped on it would be decrypted. Another one would be a picture of a fountain pen with the name 'sign', yet another would be a magnifying glass over a piece of paper to 'examine sig' or whatever (yes you nit-pickers, I know that functionaly the decrypt and the sig check are like identicle, but the users have a hard time understanding that sometimes.) The point is that someone with some knowledge of macintosh programing hopefully can create what in unix would be a link to the pgp program, whereby it would just call pgp with certain options enabled depending on what name you called it under... Happy Hunting, -Chris ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner @ indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 - ------------------------------------------------------------------------------ A government mandante for key-escrow encryption in all communication devices would be the information-age equivalent of the government requiring private citizens to quarter troups in their home. --David Murray PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger revolution H.E.A.T. warheads porno kiddiesex export import customs deviant bribe corrupt White House senator congressman president Clinton Gore bootleg assasinate target ransom secret bluprints prototype microfilm agents mole mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges kuwait saddam leader death-threat overlords police hitler furer karl marx mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat explosives el salvador m-16 columbia cartel -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdXaS+Kc9MdneB1xAQHRbQP+NDe9gRMdNPDW/Hp/QV8TzV+m++LwKwrI r9OVM8ayhxYsTCH4ML4dQRPI4IwArbGkPHOul5aF8CFlthMvzcmLIwmv9zPZMAmC 7enswtYVTx55Oooy5sEfc23dX360ZkajqaelxyvHAodz5WD3Cx4tKLRU8GQS00PX l/+v4e5CFeo= =XS9D -----END PGP SIGNATURE----- From rishab at dxm.ernet.in Sun May 15 06:52:20 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Sun, 15 May 94 06:52:20 PDT Subject: CJR, FOIA and non-US citizens Message-ID: I asked various things about non-US citizens and ITAR violations earlier, but haven't seen my post on the list. Anyway, those questions have been answered, more or less, by the discussions on the topic. A related question: can a non-US citizen file a commodoties jurisdiction or FOIA request? Directly, through a US attorney, etc? ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From klbarrus at owlnet.rice.edu Sun May 15 08:45:47 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sun, 15 May 94 08:45:47 PDT Subject: Message Havens In-Reply-To: <199405141940.MAA21337@jobe.shell.portal.com> Message-ID: <9405151545.AA03595@flammulated.owlnet.rice.edu> Hal wrote: >Would it have to be public knowledge which message havens a given >pseudonym monitors? Suppose I want to get mail to Pr0duct Cypher; don't >I have to know which haven(s) to use? If we have only a (few?) hundred >people on each haven then this narrows down the pool of possible real >user who are behind that pseudonym considerably. Hal brings up an excellent point! I forgot to consider this, if there are several message havens, then you need to know what havens your party monitors... Hm... I guess you'd need to start the conversation by broadcasting the initial message to all havens. -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From unicorn at access.digex.net Sun May 15 09:38:16 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 15 May 94 09:38:16 PDT Subject: Baker Rebuke (LONG! BASIC, Vet's Ignore) Message-ID: <199405151637.AA15166@access1.digex.net> -----BEGIN PGP SIGNED MESSAGE----- Here is my assesment of the arguments Mr. Baker presented on the pro- Clipper side. Feel free to post it to usenet if you think it's worthwhile. - - -uni- (Dark) - - ------- Forwarded Message Copyright and distribution policy attached to the end of document. FYI. X-within-URL: http://www.wired.com/Etext/2.06/Features/nsa.clipper.html NSA'S CHIEF COUNSEL TO APPEAR ONLINE Stewart A. Baker, Chief Counsel for the National Security Agency and featured writer in WIRED 2.06 will host a Q&A session on the Clipper Chip. He will appear on America Online in Center Stage (from AOL type keyword: "center stage") on Thursday May 26, 1994, from 7-9 p.m. EST. Baker is the NSA's top lawyer and supports the Clipper Initiative. He worked briefly as Deputy General Counsel of the Education Department under President Jimmy Carter. His article "Don't Worry Be Happy" refutes seven myths of key escrow encryption and is a WIRED Exclusive. _________________________________________________________________ DON'T WORRY BE HAPPY Why Clipper Is Good For You By Stewart A. Baker, Chief Counsel for the NSA _________________________________________________________________ With all the enthusiasm of Baptist ministers turning their Sunday pulpits over to the Devil, the editors of WIRED have offered me the opportunity to respond to some of the urban folklore that has grownup around key escrow encryption -- also known as the Clipper Chip. Recently the Clinton administration has announced that federal agencies will be able to buy a new kind of encryption hardware thatis sixteen million times stronger than the existing federal standard known as DES. But this new potency comes with a caveat. If one of these new encryption devices is used, for example, to encode a phone conversation that is subject to a lawful government wiretap, the government can get access to that device's encryption keys. Separate parts of each key are held by two independent "escrow agents," who will release keys only to authorized agencies under safeguards approved by the attorney general. Private use of the new encryption hardware is welcome but not required. That's a pretty modestproposal. First off, notice the characterization here. The methods used for access to the keys are approved by the attorney general. An administrator appointed by the Executive branch, who has the greatest interest in lax standards, perhaps a greater interest than anyone else in government might. Its critics, though, have generated at least seven myths about key escrow encryption that deserve answers. MYTH NUMBER ONE: Key escrow encryption will create a brave new world of government intrusion into the privacy of Americans. Opponents of key escrow encryption usually begin by talking about government invading the privacy of American citizens. None of uslikes the idea of the government intruding willy-nilly on communications that are meant to be private. But the key escrow proposal is not about increasing government's authority to invade the privacy of its citizens. All that key escrow does is preserve the government's current ability to conduct wiretaps under existing authorities. Even if key escrow were the only form of encryption available, the world would look only a little different from the one we live in now. His argument here hinges on the definitions of expand and preserve. Right now, the government has (it seems) little ability to eavesdrop on electronic messages sent with PGP or RIPEM. Preserving the status quo would preserve the abilities of individuals to maintain unobserved conversations. If indeed the abilities of the government are only to be preserved, why is additional legislation required? Do we fund bold advances in police spending to "preserve" the abilities of the police? Or to expand against some new threat? It's important to distinguish exactly what is being preserved. Is it the "capability" of the government? Or the effect of that "capability?" Consider an example. The government has little trouble looking through blinds with thermal scopes. Citizens begin to use lead based blinds. The government wants to sell blinds that are transparent to thermal scopes and drive lead blinds out of the market. The government is trying to expand the effect here. They only want the ability to see through the blinds, but they will soon have the ability to see through blinds DESPITE the presence of lead blinds. The concept of expansion or preservation is simply moot here. Ask this question instead: Are they REGULATING? Are they LIMITING? In addition, there is no doubt at all that the "transactional data" provided by the LEAF envelope is a new capability. In fact, it's the proponents of widespread unbreakable encryption who want to create a brave new world, one in which all of us -- crooks included -- have a guarantee that the government can't tap ourphones. Yet these proponents have done nothing to show us that the new world they seek will really be a better one. In fact, even a civil libertarian might prefer a world where wiretaps are possible. If we want to catch and convict the leaders of criminal organizations, there are usually only two good ways to do it. We can "turn" a gang member -- get him to testify against his leaders. Or we can wiretap the leaders as they plan the crime. Now were this my position, that law enforcement NEEDS to have wiretap ability, how does Clipper help us? There is no dispute that Clipper will not catch those criminals who use other "commercial" encryption. The NSA answer to this is a petty "Well, we'll catch stupid criminals." It amazes me they even have the audacity to assert this position. Anyone who is going to shell out ~ $1000 for a encrypted phone, is hardly a stupid criminal. I once did a human rights report on the criminal justice system in El Salvador. I didn't expect the Salvadorans to teach me much abouthuman rights. But I learned that, unlike the US, El Salvador greatly restricts the testimony of "turned" co-conspirators. Why? Because the co-conspirator is usually "turned" either by a threat of mistreatment or by an offer to reduce his punishment. Either way, the process raises moral questions -- and creates an incentive for false accusations. Wiretaps have no such potential for coercive use. The defendant is convicted or freed on the basis of his own, unarguable words. As an attorney, I really wish it were this simple. The NSA is trying to insulate this argument from the Constitution. Apparently the courts have other ideas about the pitfalls of wiretapping considering the rather strict rules they have imposed on it. In addition, the argument is not merely about the value of wiretapping. It is the methods employed that are a concern. If the methods are unsound, why are we pouring thousands, millions of dollars (billions if you include DigiTel) into this project? "Stupid" criminals are not the type that need a project like Clipper to get caught. In addition, the world will be a safer place if criminals cannot take advantage of a ubiquitous, standardized encryption infrastructurethat is immune from any conceivable law enforcement wiretap. Even ifyou're worried about illegal government taps, key escrow reinforces the existing requirement that every wiretap and every decryption must be lawfully authorized. The key escrow system means that proof of authority to tap must be certified and audited, so that illegal wiretapping by a rogue prosecutor or police officer is, as apractical matter, impossible. I agree the world would be a safer place if criminals could not take advantage of a standardized encryption structure, but how much better if they can take advantage of a non-standard encryption structure? How does Clipper assure us they cannot take advantage of either? Perhaps it keeps criminals from taking advantage of a standard encryption structure, but so would a 20 bit encryption standard. Mr. Baker's assertion then holds true even if the government creates a secret standard that is never released. The creation of this standard has prevented criminals from taking advantage of a standardized encryption system. Instead they have to resort to non-standard methods, which are more secure anyway. Mr. Baker's statement is thus, entirely without meaning. Regardless, even with Clipper there is no showing how criminals will not be able to take advantage of strong crypto. Even the statistics that the various pro-clipper agencies like to tout show us that the primary focus of wiretapping falls in to some distinct and demonized categories. 1> Drug dealers 2> Terrorists 3> Organized crime "gangs." All of these targets are those most likely to have the resources and organization to purchase non-escrowed cryptography, and the intelligence to use it. Who is honestly going to assert that some drug organization that builds a semi-submersible craft out of an aircraft nose at an expense of millions of dollars to smuggle drugs into the United States is going to just be careless and buy a Clipper phone? That a terrorist organization will continue to use Clipper phones because a lackey tried to get his deposit back at a rental car agency? It is clear that Clipper will do none of these things. Instead it will prevent (assuming only clipper phones are available) only the small time and less resourced offenders from evading capture. Despite all the hype and rhetoric, Clipper is basically an auto thief catcher, a small time dealer working out of his home catcher. MYTH NUMBER TWO: Unreadable encryption is the key to our future liberty. Of course there are people who aren't prepared to trust the escrow agents, or the courts that issue warrants, or the officials who oversee the system, or anybody else for that matter. Rather than rely on laws to protect us, they say, let's make wiretapping impossible; then we'll be safe no matter who gets elected. Note the portrayal of the opposition. All of them are radicals, none are those concerned about the economic consequences, or the international markets, or the potential for United States espionage. None of them are simply worried about the effectiveness of the program, they are all anarchists. This sort of reasoning is the long-delayed revenge of people who couldn't go to Woodstock because they had too much trig homework. It reflects a wide -- and kind of endearing -- streak of romantic high-tech anarchism that crops up throughout the computer world. I won't even dignify this character attack with a response. The reader will judge the value of this argument him or herself The problem with all this romanticism is that its most likely beneficiaries are predators. Take for example the campaign to distribute PGP ("Pretty Good Privacy") encryption on the Internet. Some argue that widespread availability of this encryption will help Latvian freedom fighters today and American freedom fighterstomorrow. Well, not quite. Rather, one of the earliest users of PGP was a high-tech pedophile in Santa Clara, California. He used PGP toencrypt files that, police suspect, include a diary of his contacts with susceptible young boys using computer bulletin boards all over the country. "What really bothers me," says Detective Brian Kennedy ofthe Sacramento, California, Sheriff's Department, "is that there could be kids out there who need help badly, but thanks to this encryption, we'll never reach them." And Clipper will help this problem by? Encouraging smart pedophiles to use it? It's clear this argument either has no merit, or foreshadows a more sinister regulatory action. There are good and bad sides to every technology. This pedophile argument is akin to demonizing baseball bats because they might cause harm. Or forbidding computers with accounting software because bookies might use them. It is in the American tradition to legislate this way. Look at the speed limit, the trends in Tort law. The assault weapons ban. Everything is geared to the worst case. The good or bad of this argument depends on how effective the legislation really is at accomplishing its goal. Here it looks like Clipper, as it stands now, would have done no good. This pedophile knew what was good for him in the face of the law, and Clipper wasn't it. Unless the administration is prepared to put their cards on the table and call for a ban on encryption, this argument has absolutely no place here. If unescrowed encryption becomes ubiquitous, there will be many more stories like this. And perhaps many more freedom fighter stories as well. This argument is based on speculation that the author has assumed in order to prove. Encryption will make the world better because it will be better, in effect. We can't afford as a society to protect pedophiles and criminals today just to keep alive the far-fetched notion that some future tyrant will be brought down by guerrillas wearing bandoleers and pocket protectors and sending PGP-encrypted messagesto each other across cyberspace. Nor then, can we afford as a society to protect the rights of the accused, and privacy in any form to keep alive the far-fetched notion that some future tyrant will be brought down by people with the romantic and old fashioned notion that some two hundred year old document might have some merit. So I propose the Clippered Constitution. This argument relies on your willingness to balance the rights of the people against the need for law enforcement in this particular case. Essentially what Mr. Baker is doing here is asking you to find that the prospect of catching pedophiles (a prospect that is by no means a certainty) is worth the sacrifice in privacy, and the expenditure in cost. The most efficient law enforcement known is a dictatorship, and if we were to carry Mr. Baker's line of argument to it's conclusion, it is only some old fashioned notion that people have rights that stops us from eliminating all or nearly all crime. By Mr. Baker's standards it seems that the exclusionary rule (which forbids the admission of evidence wrongly obtained under the 4th amendment) might as well be removed. Afterall, the guy is obviously guilty, we found him with 6 kilos of coke, so why let him go because our MEANS were not sound? C'mon judge, this is some old fashioned and antiquated notion that the right against unlawful search and seizure is important. The fact is the problem is not approached this way in the United States traditionally, and this argument is really a question of degree, not one of yes or no. MYTH NUMBER THREE: Encryption is the key to preserving privacy in a digital world. Even people who don't believe that they are likely to be part of future resistance movements have nonetheless been persuaded that encryption is the key to preserving privacy in a networked, wireless world, and that we need strong encryption for this reason. This isn't completely wrong, but it is not an argument against Clipper. If you want to keep your neighbors from listening in on your cordless phone, if you want to keep unscrupulous competitors from stealingyour secrets, even if you want to keep foreign governments from knowing your business plans, key escrow encryption will provide all the security you need, and more. I suppose this is provided you trust the government's ability to preserve the security of the escrow, the ability of counterintelligence to catch those who would steal it, the integrity of the government in not exchanging the keys for whatever reason, the likelihood of the government notifying the public if there has been a breach of security, and the procedures of notifying the Clipper user after a warrant has been issued for the key and then no crime has been discovered. This is at the core then, a legal process argument. As long as we give the keys to the right administrator, everything will be just fine. The problem with that is you have to trust the government first, trust a government to set the right standards for the release of keys, trust a government that will never fall into another McCarthyism, never look at another passport file for political reasons, and trust a government that generally has an interest in compromising the system. Even if you trust government as a whole, can you trust the segments of the process? DES is probably more than you need under many of these arguments, the fact is its not everything you need in others. But I can't help pointing out that encryption has been vastlyoversold as a privacy protector. The biggest threats to our privacy in a digital world come not from what we keep secret but from what we reveal willingly. For example, if we give our encryption keys to the government? We lose privacy in a digital world because it becomes cheap and easy to collate and transmit data, so that information you willingly gave a bank to get a mortgage suddenly ends up in the hands of a business rival or your ex-spouse's lawyer. Restricting these invasions of privacy is a challenge, but it isn't a job for encryption. Encryption can't protect you from the misuse of data you surrendered willingly. Why is this so? If there is a standard that is secure from everyone, including the government, why can't I exchange my banking information, my medical information, my whatever? This is a societal question, what encryption CAN be used for is limited only by what the government will allow it to be used for and market forces. All of these applications could conceivably be protected by encryption. All of these applications are thus, victims of potential government intrusions by Clipper. What possible use could the government have for my transactions with my Doctor? This argument also has a ring of, "Since most people are killed with bats, we need not limit guns." Personally, I'd like to see the killings by BOTH reduced, but that doesn't mean I'm going to resort to banning either one, or that I will ignore the one that kills "less." Just because people do their taxes openly, I should be concerned that the government might listen to my phone because I have bigger problems to deal with? Part of this has to do with the lack of "transparency" in encryption systems as well. A completely transparent encryption method would increase privacy as much as any system, be it escrowed or not. Why this mandates Clipper, or somehow makes strong encryption less of an option, is beyond me. What about the rise of networks? Surely encryption can help prevent password attacks like the recent Internet virus, or the interception of credit card numbers as they're sent from one digital assistant to another? Well, maybe. In fact, encryption is, at best, a small partof network security. Currently perhaps, but again, this says nothing of potential does it? Some people, I agree, do not need a high level of privacy, others do. The real key to network security is making sure that only the right people get access to particular data. That's why a digital signature is so much more important to future network security than encryption. I would like to see a digital signature that does not use encryption of some sort. If everyone on a net has a unique identifier that others cannotforge, there's no need to send credit card numbers -- and so nothing to intercept. "If everyone [] had a unique identifier...." "If everyone had a social security number...." And if everyone has a digital signature, stealing passwords off the Net is pointless. That's why the Clinton administration is determined to put digital signature technology in the public domain. It's part of a strategy to improve the security of the information infrastructure in ways that don't endanger government's ability to enforce the law. Digital signature technology can be put in the public domain without the help of the government thank you very much. Curfews don't endanger the government's ability to enforce the law either, but they aren't without drawbacks. MYTH NUMBER FOUR: Key escrow will never work. Crooks won't use it if it's voluntary. There must be a secret plan to make key escrow encryption mandatory. This is probably the most common and frustrating of all the mythsthat abound about key escrow. Mostly because there is no effective counter argument. I do feel sorry for Mr. Baker here, a little. The administration has said time and again that it will not force key escrow on manufacturers and companies in the private sector. In a Catch-22 response, critics then insist that if key escrow isn't mandated it won't work. Again, this presupposes a trust in government. If you look at the words in the original announcements, this is NOT what the government says either. They insist that their program will be voluntary, and there are "currently no plans" to enforce a ban on other encryption. If press releases from the White House are per se reliable, then we have no need of privacy at all since government can be completely trusted. That misunderstands the nature of the problem we are trying to solve. Encryption is available today. But it isn't easy for criminals touse; especially in telecommunications. Why? Because as long as encryption is not standardized and ubiquitous, using encryption means buying and distributing expensive gear to all the key members of the conspiracy. Up to now only a few criminals have had the resources,sophistication, and discipline to use specialized encryption systems. Yes, it is expensive, the cost of an old IBM and a 300 baud modem for example. Certainly no petty thieves will use it. Mr. Baker only points out the counter argument himself here. Clipper is aimed at those who can afford encryption, and those people will have the best there is to offer, namely, not Clipper. What worries law enforcement agencies --what should worry them -- isa world where encryption is standardized and ubiquitous: a world where anyone who buys an US$80 phone gets an "encrypt" button that interoperates with everyone else's; a world where every fax machine and every modem automatically encodes its transmissions withoutasking whether that is necessary. In such a world, every criminal will gaina guaranteed refuge from the police without lifting a finger. And Clipper will solve this how? If anything it hurts the goal of making non-escrow encryption expensive because it generates a market for it, and forces manufactures to undercut government subsidized manufactures. The effect is a drop in cost as the non-escrow manufactures try to keep competitive. This is classic Clinton administration logic, the market will cease to function for as long as it takes for us to implement our policy. The purpose of the key escrow initiative is to provide an alternative form of encryption that can meet legitimate security concerns without building a web of standardized encryption that shuts law enforcement agencies out. If banks and corporations and government agencies buy key escrow encryption, criminals won't get a free ride. They'll have to build their own systems -- as they do now. And their devices won't interact with the devices that much of the rest of society uses. As one of my friends in the FBI puts it, "Nobody will build securephones just to sell to the Gambino family." Your friend in the FBI clearly is a graduate of the Clinton/NSA school of economics. People will build secure phones to sell to who is paying. If that's the Gambino family, I promise some manufactures will be lining up to the promised 2,000 phone order that will result. What a market plus it would be to be the phone the Gambino family uses. Anyone who really wanted security would be impressed; and the sales agents would love the chance to look over their shoulder in the showroom and look about before whispering in the prospective purchasers ear, "The Gambino family just bought 2,000 of these, THAT'S how secure they are." In short, as long as legitimate businesses use key escrow, we can stave off a future in which acts of terror and organized crime are planned with impunity on the public telecommunications system. Of course, whenever we say that, the critics of key escrow trot outtheir fifth myth: And what then, do you make of the legitimate businesses who oppose Clipper, of which there are many? What of the businesses who do business internationally? What of the international fears that Clipper causes. You might look at a recent article in the Toronto (Sun?) which bears the opinion of the former Canadian Minister of Defense on the subject to get a feel for how other countries would welcome such a standard. MYTH NUMBER FIVE: The government is interfering with the free market by forcing key escrow on the private sector. Industry should be left alone to develop and sell whatever form of encryption succeeds in the market. In fact, opponents of key escrow fear that businesses may actually prefer key escrow encryption. Why? Because the brave new world that unreadable encryption buffs want to create isn't just a world with communications immunity for crooks. It's a world of uncharted liability. What if a company supplies unreadable encryption to allits employees, and a couple of them use it to steal from customers or to encrypt customer data and hold it hostage? As a lawyer, I can sayit's almost certain that the customers will sue the company that supplied the encryption to its employees. And that company in turn will suethe software and hardware firms that built a "security" system without safeguards against such an obvious abuse. The only encryption system that doesn't conjure up images of a lawyers' feeding frenzy is key escrow. I fail, as an attorney, to follow this argument. It is clear that it would be hard to hold responsible a software company liable for the "damage" the software causes. It is further hard to see how one could win a suit that can't prove that data is held hostage, and not just random garbage. I don't know many judges that would be interested in holding liability to extend this far for exactly the reason that Mr. Baker cites, it would make business impossible to do in many contexts, not just encryption. Telegraph companies are not, for example, per se liable for a loss in communication that causes thousands, or even millions of dollars in damage. I suppose PGP is somehow responsible for the pedophiles crime? As an accessory? I suppose gun manufactures are responsible for their liability? I suppose we could sue the manufactures of cars used in get- aways? I don't know where Mr. Baker got his law degree, but he doesn't seem to understand the liability limiter of supervening cause. In any event, the company could easily secure itself from liability in the context Baker describes by instituting a company policy that requires users of company lines for company business to turn a copy of their key over. Even father, the company could provide pre-generated keys and keep copies. Why is it that we must constantly rely on government to do that which we can easily accomplish ourselves? But there's a second and even more compelling reason why the key escrow initiative can't fairly be characterized as interfering with private enterprise: The encryption market has been more or less created and sustained by government. Much of the market forencryption devices is in the public sector, and much of the encryptiontechnology now in widespread use in the private sector was funded, perfected, or endorsed by the federal government. I would like to see some evidence here. Indeed the security market is a classic in free markets right now. There are several software vendors, several private buyers, and the costs are driven lower by the very extensive availability of public domain software for strong encryption. Even aside this, Baker himself argues that the need for network security is growing and getting more and more important in the private sector, which Clipper is supposedly designed for. And not by accident, either. Good encryption is expensive. Not PGP, not RIPEM, not IDEA. Good encryption is cheap, and getting cheaper, even in hardware implementations. Patents are on the road to expiration, and licensing agreements are getting looser. If it were so expensive, and if the market is so driven by the public sector, why are you so concerned with: "[A] world where anyone who buys an US$80 phone gets an "encrypt" button that interoperates with everyone else's;" Again we see the Clinton/NSA school of economics in action. There is no market for encryption in the private sector, so us regulating the market in the private sector is really not market regulation. It isn't just a matter of coming up with a strong algorithm, although testing the strength of an algorithm can be enormously time-consuming. The entire system must be checked for bugs and weaknesses, a laboriousand unglamorous process. Generally, only the federal government has been willing to pay what it costs to develop secure communications gear. That's because we can't afford to have our adversaries reading our military and diplomatic communications. That's led to a common pattern. First, the government develops,tests, or perfects encryption systems for itself. Then the private sector drafts along behind the government, adopting government standards on the assumption that if it's good enough for the government's information, it's good enough to protect industry's. A pattern that is fast vanishing, and even gone. A pattern that burned every 3rd world nation that bought into post war encryption distributed by the USA, and every nation that thought DES was ok for diplomatic encryption. As encryption technology gets cheaper and more common, though, weface the real prospect that the federal government's own research, its own standards, its own purchases will help create the future I described earlier -- one in which criminals use ubiquitous encryption to hide their activities. How can anyone expect the standard-setting arms of government to use their power to destroy the capabilities of law enforcement -- especially at a time when the threat of crime and terror seems to be rising dramatically? There is implicit in this statement, a notion that the private sector is screaming out loud for escrowed, and government approved, encryption. I have seen quite the opposite. By adopting key escrow encryption instead, the federal government has simply made the reasonable judgment that its own purchases will reflect all of society's values, not just the single-minded pursuitof total privacy. And this indicates that the government is not engaged in market regulation how? So where does this leave industry, especially those companies that don't like either the 1970s-vintage DES or key escrow? It leaves them where they ought to be -- standing on their own two feet. Companies that want to develop and sell new forms of unescrowed encryptionwon't be able to sell products that bear the federal seal of approval. They won't be able to ride piggyback on federal research efforts. And they won't be able to sell a single unreadable encryption product to both private and government customers. And so they have doubled the market, and twice the variety in product line with the ability to ride out the storm when government cutbacks are in order? Clinton/NSA economics again I suppose. Only this time the markets won't be seperated in terms of export/domestic markets. There can be a price disparity adjustment within the market that serves the manufacturer. Well, so what? If companies want to develop and sell competing, unescrowed systems to other Americans, if they insist on hastening a brave new world of criminal immunity, they can still do so -- as long as they're willing to use their own money. That's what the freemarket is all about. Government subsidizes the manufacture and distribution of a "standard," buys thousands to create a market for them where no market before existed, and then that's what free market is all about? Funny, last time I checked, the United States has been trying to serve DeBeers (For the last five years at least) for doing about the same thing in the diamond market. Of course, a free market in the US doesn't mean freedom to export encryption that may damage US national security. As our experience in World War II shows, encryption is the kind of technology that winsand loses wars. With that in mind, we must be careful about exports of encryption. This isn't the place for a detailed discussion of controls, but one thing should be clear: They don't limit the encryption that Americans can buy or use. The government allows Americans to take even the most sophisticated encryption abroad for their own protection. Nor do controls require that software or hardware companies "dumb down" their US products. They merely have to "dumb down" all their products. Software firms have complained that it's inconvenient to develop a second encryption scheme for export, but they already have to make changes from one country to the next -- in language, alphabet, date systems, and handwriting recognition, to take just a few examples. And they'dstill have to develop multiple encryption programs even if the US abolished export controls, because a wide variety of national restrictions on encryption are already in place in countries from Europe to Asia. And so we will keep the current and highly effective export regulations in place and there will never be a market for strong encryption in either the U.S or abroad. Pure fantasy. MYTH NUMBER SIX: The National Security Agency is a spy agency; it has no business worrying about domestic encryption policy. Since the National Security Agency has an intelligence mission, Read: is a spy agency. its role in helping to develop key escrow encryption is usually treatedas evidence that key escrow must be bad security. In reality, though,NSA has two missions. It does indeed gather intelligence, in part by breaking codes. But it has a second, and oddly complementary,mission. It develops the best possible encryption for the US government's classified information. With code breakers and code makers all in the same agency, NSA has more expertise in cryptography than any other entity in the country, public or private. It should come as no surprise, therefore, that NSA had the know- how to develop an encryption technique that provides users great security without compromising law enforcement access. To say that NSA shouldn't be involved in this issue is to say the government should try to solve this difficult technical and social problem with both hands tied behind its back. Then the super smart NSA shouldn't need to classify the method used in Clipper as no civilian could ever possibly find a weakness in it. MYTH NUMBER SEVEN: This entire initiative was studied in secret and implemented without any opportunity for industry or the public to be heard. This is an old objection, and one that had some force in April of 1993, when the introduction of a new AT&T telephone encryption device required that the government move more quickly than it otherwisewould have. For those not in on the argument, AT&T had a (DES?) based hardware encryption product that looked much like a caller I.D. box which encrypted phone conversation quite well. AT&T was about to market the device, and had produced a large lot ~8,000 units. NSA expressed disapproval, bought the lot up almost entirely and destroyed the units so AT&T wouldn't ruin the upcoming market regulation by flooding the market with "real" encryption. In return (probably) AT&T got the Clipper contract, and one might look at the recent support AT&T has received in contract negotiations with Saudi Arabia from the administration and draw your own conclusions. Key escrow was a new idea at that time, and it was reasonable for the public to want more details and a chance to be heard before policies were set in concrete. But since April 1993, the public and industry have had many opportunities to express their views. The government's computer security and privacy advisory board heldseveral days of public hearings. The National Security Council met repeatedly with industry groups. The Justice Department held briefings for congressional staff on its plans for escrow procedures well inadvance of its final decision. And the Commerce Department took publiccomment on the proposed key escrow standard for 60 days. And despite strong corporate rejection government jumped on the project anyhow. I have not heard any support from the private sector at all, except maybe AT&T and those companies that smell a total ban and are promising to support the new hardware to hold their place in the market. I would like to hear from anyone who has heard otherwise, that is a glowing review of Clipper by a private sector entity. After all this consultation, the government went forward with key escrow, [anyhow] not because the key escrow proposal received a [] warm reception, but because none of the proposal's critics was ableto suggest a better way to accommodate society's interests in both privacy and law enforcement. Read: Public input was meaningless because we are much smarter. Unless somebody comes up with one, key escrow is likely to be around for quite a while. That's because the only alternative being proposed today is for the government to design or endorse encryption systems that will cripple law enforcement when the technology migrates -- as it surely will -- to the privatesector. And that alternative is simply irresponsible. How about stay out of the commercial markets all together? Private sectors are at least as effective at developing standards. Let me summarize Mr. Bakers arguments: 1> Clipper doesn't create any new capability, because we have the ability to do the same intrusive things we could do before. 2> Wiretaps are ok because they are not coercive 3> The radical civil libertarians, who are the only real resistors her, want us to fall into anarchy, so they cant have any good points. 4> Because criminals cannot use standardized encryption, they cannot use encryption 5> Because the keys are escrowed, threat of irresponsible government is reduced. 6> The anti-clipper people are just geeks who missed woodstock, so they can't have any perspective here. 7> Because a pedophile once used PGP, we have to have Clipper. 8> We can't let silly notions that the government might one day exceed its bounds stop us from effective law enforcement. 9> The need for privacy isn't about Clipper, because Clipper provides privacy. 10> Because we reveal so much about ourselves willingly, we don't need encryption anyway. 11> The need for digital signatures mandates Clipper. 12> We are just trying to make strong encryption more expensive for criminals, and just catch the stupid ones. So Clipper will limit crypto to those with big resources, because one would have to be an idiot to want to sell anything to criminals. 13> Government is not interfering with the market because government is and will be the only market provider. 14> Companies won't use strong encryption because there is to much liability in it. 15> The NSA is the best developer of crypto, and no one would ever think of buying anything that does not bear the NSA seal of approval. 16> Because the purchase of escrow encryption by the government is merely an imposition of values on the public, its not market regulation. 17> Software companies have been bemoaning the need to make different standards for exporting crypto so we are going to impose a crippled standard for all crypto and that will solve the problem. 18> The NSA is so good at making codes, we are exactly the people to be doing it, and the other developers aren't as good at screening their methods. Even so, we still need strong encryption because however bad the private developers are, they are threatening to flood the world with encryption we can't break. 19> Since we held pet hearings that looked like a show trial, the public got to choose. 20> Since the public was too stupid to like escrow encryption, we're going to go ahead with it anyhow; but this doesn't mean the public wasn't involved! (This last one rings right up there with, if you don't agree with me, I'll make you agree.) For more information on the Clipper standard you can access WIRED's Clipper archive via the following WIRED Online services. [...] _________________________________________________________________ Stewart A. Baker is the National Security Agency's top lawyer. He worked briefly as Deputy General Counsel of the Education Department under President Jimmy Carter, and he practiced international law at Steptoe & Johnson, in Washington, DC. He has been at the NSA since 1992. _________________________________________________________________ WIRED Online Copyright Notice Copyright 1993,4 Ventures USA Ltd. All rights reserved. This article may be redistributed provided that the article and this notice remain intact. This article may not under any circumstances be resold or redistributed for compensation of any kind without prior written permission from Wired Ventures, Ltd. If you have any questions about these terms, or would like information about licensing materials from WIRED Online, please contact us via telephone (+1 (415) 904 0660) or email (info at wired.com). WIRED and WIRED Online are trademarks of Wired Ventures, Ltd. - - -uni- (Dark) unicorn at access.digex.net -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLdZaMhibHbaiMfO5AQGtgQQAx4OpCeGcqGAwbZyKVIcOC2EkX/IVYl0V wXUss+02Cgm8vbYlwJDQkLNuIcBN6Ij4Vnt55j/zhhLXPXMyqGuunDa+kcUM9ajn 6fiJ78tQC0GZ1ID6WhjMtYfXgMsy0dhadRNvkMUmmjo6j+uQozRnZoIkjkdA32XC oFDNDSXk78Q= =bavc -----END PGP SIGNATURE----- From merriman at metronet.com Sun May 15 09:43:26 1994 From: merriman at metronet.com (David Merriman) Date: Sun, 15 May 94 09:43:26 PDT Subject: U.S. Card Message-ID: <199405151643.AA00280@metronet.com> I've come up with a little .GIF (16K) that equates the U.S. ID card proposal to 1939 Germany (Germany 1939 on top, Star of David under; below that USA 1994, with guesstimate of what a US ID card might look like underneath). I'm hesitant to post it here, so is there an FTP site I can leave it for those who might like to have a look at it? Or would the cypherpunks FTP site be acceptable? Thanks. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTICE: At my sole discretion unencrypted Email may be deleted without a reply being made. PGP preferred. Finger me for PGP 2.3/5 & RIPEM Public Keys. From unicorn at access.digex.net Sun May 15 10:01:28 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 15 May 94 10:01:28 PDT Subject: Canada/Newbie correction Message-ID: <199405151701.AA16447@access1.digex.net> A little while ago I responded to Mr. Brock's forward of the Toronto Sun article about Canada's position on Clipper. I responded that it was surprising and a testimony to the list that most of the arguments made by the policy maker (Former Canadian Defense Minister) were issues we had been discussing from early on. I commented that as issue spotters the 'punks seemed to be 3 months to 1 year ahead of the game on most subjects. I then went on to explain that this might create part of the unfriendly feel of the list for new users, who get on wanting to discuss "current" events that have by this time already been tossed out and around on the list by the 'punks. I fear Mr. Brock was mildly offended by my post. Just to be clear, I never meant to imply that Mr. Brock's post was "behind the times" or in any way unwelcome. Quite the opposite I assure you, the post was a good insight into the mind of a foreign official and a valuable perspective on the arguments in general. Most of my posts are fairly "as they come to my fingers," and as a result structure is often lacking. Hence, I fear the impression that I was persecuting or poking at Mr. Brock somehow. Not so. Please continue to forward such posts Mr. Brock, your taste gets a positive reputation certificate from me! -uni- (Dark) From unicorn at access.digex.net Sun May 15 10:24:52 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 15 May 94 10:24:52 PDT Subject: anon.penet.fi errormessages Message-ID: <199405151724.AA17379@access1.digex.net> I too have fallen victim to the mysterious anon messages. I however get a bounce indicating that my password is wrong. I suspect the following: Somehow someone on the list is asking the list to forward to a penet.fi blind account (anXXXX). Everytime cypherpunks sends a message to this account, the penet site tries to either assign or verify the password on the senders alias. In my case, as I have a long unused account on penet, is this: Message 2: From tcmay at netcom.com Sun May 15 12:39:31 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 15 May 94 12:39:31 PDT Subject: Anonymity, Journalism, and the Legal System Message-ID: <199405151939.MAA25485@netcom.com> Here's an interesting case involving the use of the anon.penet.fi remailer for journalistic purposes, in a sensational trial in Canada that the the Canadian goverment has declared a press ban on. (You may recall that issues of "Wired" were seized because a short article dared to mention the press ban.) The Karla Homolka-Paul Teale case allegedly involves Karla and her husband killing her own sister during forced sex, kidnapping and rituallistically torturing and murdering at least one other woman, videotaping the tortures to show later victims, and--some say--cannibablism. Karla Homolka (known to some as Karla the Kannibal) confessed. The judge in the Teale trial declared a press ban a year or so ago. Since then, several major Usenet newsgroups have--it is said, though I have no way to verify this-been barred in some or all parts of Canada. Ditto for newspapers and magazines. But "information wants to be free," and information is reaching Canadians via many other routes. This is causing calls for crackdowns on the Net. Of direct interest to Cypherpunks. (There are those who talk about Teale's need for a "fair trial." A press blackout for over a year, and the threat that anyone who seeks information or discussed the case will be thrown into the Bastille is not consistent with the ideals of even a semi-free society. In my personal opinion, the evidence against Teale is so heinous, so overwhelmingly convincing, etc., that the trial could and should have been completed in about 2 weeks after their arrest. I favor decriminaling almost everything, of course, and then swiftly and decisively pursuing and punishing murdereres, rapists, thieves, and child molestors. Sounds fair to me.) Anyway, as many of you may not be reading alt.fan.karla-homolka (which is banned in Canada as I hear it...any of our Northern readers want to confirm or refute this?), here's an excellent summary of how some amateur journalists are using Julf's anonymizing service to get the truth out: (Note that the article was also posted via anon.penet.fi) Message-ID: <233332Z11051994 at anon.penet.fi> Newsgroups: alt.fan.karla-homolka From: an52708 at anon.penet.fi (Neal the trial ban breaker) X-Anonymously-To: alt.fan.karla-homolka Organization: Anonymous contact service Reply-To: an52708 at anon.penet.fi Date: Wed, 11 May 1994 23:27:33 UTC Subject: Id Article Lines: 253 This was a particularly well written article that gives some interesting background to the the plight of yours truly and a couple of collegues :> The Electronic Ban Breakers How three computer users are getting information out about the Karla Homolka trial - and why the government can't do a thing about it. by Chad Skelton Word count : 1896 The day after Gordon Domm was arrested for distributing information about the Karla Homolka case, "Abdul" sat in the Ontario legislature, listening intently to the MPPs discuss the publication ban. As Attorney General Marion Boyd fended off criticism about the ban, Abdul sat quietly in the gallery. No one in the legislature that day could have known that while they were discussing a man who had distributed information on the trial to 50 people, Abdul, who is responsible for sending some of that same material to almost a thousand individuals, was watching them all from above. Abdul is one of a hand-full of computer users dedicated to getting information about the Karla Homolka trial out to the public, in a manner which is more quiet, and much more efficient, than anything the many other trial ban breakers have done. With the help of a computer system in Finland, three users known only as Abdul, Neal, and Lieutenant Starbuck, are becoming the most influential players in this illicit trade of information. While newspaper pages are filled with stories on the printed ban breakers, like Gordon Domm, and Frank magazine - the story of these electronic ban breakers hasn't been told. Interviewed for the first time, by any member of the media, the three men gave detailed accounts of their connections to the case, their methods of distribution, and their reasons for getting involved. The first person to tell the electronic community about Karla Homolka and Paul Teale was Neal, who posted information on the case before any of the international press stories broke. Neal, self described resident of cyberspace, and, "freedom fighter", claims to have several direct or indirect connections to the case. These contacts, he claims, include the pathologist's office, a nurse at a Southern Ontario Hospital, and a police officer. Based on the information he received from these sources, Neal posted one of the first notable messages in the "alt.fan.karla-homolka" newsgroup. His message contained details about the killings, the evidence, and the accused - all in sickening detail. Neal delights in the freedom of the electronic network. Asked why the courts instituted a ban, Neal concludes the decision was "wishful longing (on the part of the courts) to be back in the 19th century before the days of the electronic medium." Asked if he thought his actions were criminal, he replied, "There comes a time when you have to resist the tyranny of the state. Did the Americans holding the Boston Tea Party think they were criminals? In the eyes of the British law they were - but in their own, they felt they were fighting to uphold some basic freedoms. And that's what I'm doing!" Neal says he decided to tell the network what he knew to, "get the snowball rolling downhill - if I could post some details, others could perhaps tell what they [knew] as well." And others did. Several people posted rumours and speculation on the case into the Homolka newsgroup. Soon the rumours required some sort of organization, so Lt. Starbuck decided to make a FAQ. FAQ stands for "Frequently Asked Questions". As somewhat of an institution on the network, FAQs serve as useful information files on a given topic. They exist for sex, atheism, movies, and television, just to name a few. But in September of 1993, a different kind of FAQ was created. September saw the debut of, "The Paul Teale/Karla Homolka Frequently Asked Questions List". Lt. Starbuck, the moderator of the FAQ, is a student of Science at a Southern Ontario University. In his mid 20s, Starbuck updates the FAQ regularly as new rumours and information are made available. The latest version, "Version 2.1", was released on February 1st, 1994. Starbuck posts the FAQ on several newsgroups, and sends it out in electronic mail to those that request it. Asked to estimate how far his FAQ has reached he said it was, "impossible to know how many people have seen the FAQ posts in newsgroups like `alt.censorship' and `alt.true-crime', in addition to people who regularly access (other computers that have it available)." Starbuck doesn't claim that all, or even most, of the rumours are true. In fact, even while widely distributing the FAQ, Starbuck believes the rumours may be harmful. "The existence of the ban", he says, "And the speculation that followed it, are just as dangerous as not having (a ban)." Abdul, known as, "the Electronic Gordon Domm", is unquestionably the most influential of the electronic trial ban breakers. In the first few months of the "alt.fan.karla-homolka" newsgroup, Abdul (still using his real name) was one of the most active rumour posters. A student at a Toronto University, in his early 20s, and living in Scarborough - Abdul found himself hearing plenty of rumours about the case, which he quickly posted to the newsgroup. In addition to the rumours, however, he also knew people with connections to the case, including someone he met at a party that knew Karla Homolka's sister Tammy, and a friend whose father was the Durham Region Staff Sergeant. In the beginning, Abdul posted the information he had on the case to as many newsgroups as possible - but this led to mainstream groups, such as "soc.culture.canada" being banned from network sites, angering many people. So, as an alternative, Abdul decided to begin an electronic mailing list, by compiling the electronic mail (e-mail) addresses of people that wanted to be sent information on the case. Newsgroups are like newspapers, and electronic mail is like a private letter. Very few network sites will search e-mail, as they consider it private and confidential. This allowed Abdul a method of getting the information about the case out - even though "alt.fan.karla-homolka" was rapidly being banned at universities and network sites all across the country, including the University of Guelph, Toronto, and Waterloo - and Canada Remote Systems, a computer bulletin board. As he worked out the logistics of the electronic mailing list, Abdul was, as he put it, "getting tired of reciting the FAQ at every party." So he decided that in addition to his electronic efforts to get information out, he would also help to distribute facts about the case in more conventional ways. This led Abdul to collect all the articles and rumours he had on the case, and organize them into one large file he called the, "Teale Tales Digest". Using three printer ribbons, and a full box of computer paper - he printed over 50 copies of the digest. "(I) gave them to everyone I knew, and some I didn't," Abdul recalls, "I left five on the TTC and three in the washrooms of a Toronto university." Talking to people he gave the digest to, he says, "some of their copies have been photocopied up to fifteen times." And while his conventional methods of distributing information match those of his namesake, Gordon Domm, Abdul's most notable breach of the ban was, and is, electronic. When interviewed, Abdul's electronic mailing list was growing at an incredible rate. He claimed to have over 800 e-mail addresses, with 200 of those having signed up within the last week. Having directly given the information to at least 800 people, Abdul believes that he has already been indirectly responsible for giving information on the case to about 10,000 people. A number that is increasing every day as the electronic articles and rumours are printed out, photocopied, and distributed - over and over again. In addition to sending regular updates to interested individuals, Abdul is also equipped to provide computer users with exactly what they want. With computerized copies of everything from the Washington Post article on the trial, to a transcript of the tabloid show "A Current Affair", Abdul has virtually everything that has ever been printed or broadcast in the foreign press about the case. And each article can be requested individually from his electronic mail address. Abdul promotes these articles, and the mailing list, by posting messages in over 30 newsgroups, telling people how to get them. Although what Abdul is doing is on a scale much larger than that of Gordon Domm, or any of the other trial ban breakers, Abdul insists he isn't afraid of being arrested. In fact, all three electronic trial ban breakers said they don't feel they will ever be arrested for what they're doing. This is due mainly to the common link of the electronic trial ban breakers - a computer service in Finland and a Finnish computer user named Julf. Julf is a self-employed businessman living in Helsinki, who runs what is called, "The anon.penet.fi Anonymous Server". The server, originally intended for Scandinavians, allows computer users to post messages and send electronic mail anonymously - by bouncing it off the Finnish system. Traceable electronic mail addresses are replaced with generic anonymous accounts, which conceal the location and name of the sender, making it next to impossible for the messages to be traced back to their original source. Julf's service has existed for over a year. He says his intentions with the server are to, "provide a means for discussion on sensitive topics without having to fear repercussions from peers, employers, totalitarian regimes and fussy mothers." Julf hasn't actively been involved in distributing information on the trial, even though his service is involved in cloaking the information sent by others. Julf, for whom English is a third language, isn't even particularly interested in the case. He only learned about it when computer users complained that his service was being used to post information on the trial. However, as Julf puts it, "it is impossible, and unethical, for me to monitor the over 4000 messages handled by my server every day." Julf says the only way that investigators in Canada could possibly track down Abdul, Neal, Lt. Starbuck, or any other user posting information on the trial, would be to seize his computer, in Helsinki, which contains logs of where mail has been sent. However, Julf isn't concerned. "It would definitely take a Finnish court," he stresses, "And involve a fair bit of international jurisdiction juggling." However, that may all be irrelevant, as it's not even clear as to whether the police, or Attorney-General's office, are actively pursuing the electronic ban breakers. While Abdul, Neal, and Lt. Starbuck are very hard to identify and locate, they are easy to contact through the Finnish server. And all three say they haven't received anything in electronic mail from law enforcement or government agencies. Barbara Krever, of the Attorney-General's Office, refused to comment specifically on the electronic trial ban breakers, saying all potential breaches of the ban brought to the attention of the Attorney General's office are reviewed. Asked whether there were people qualified to deal with the electronic breaches of the ban, Krever refused to "talk about specifics". She also refused to comment when asked why the people mentioned in this article hadn't been contacted. In the meantime, Abdul's electronic mailing list continues to grow. When asked if he had a message for those trying to enforce the ban, Abdul had this to say: "There is no way you can stop us. For years you have tried to regulate us ... Now we can go wherever there is a phone line, without you looking over our shoulder. You'll have to shut down every phone, every radio transmitter, to keep us quiet." ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. -- From tcmay at netcom.com Sun May 15 14:39:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 15 May 94 14:39:23 PDT Subject: I'll be in LA from 5-20 to 5-23 (fwd) Message-ID: <199405152139.OAA05125@netcom.com> Sorry to hit the whole list with this, but 2 out of the 3 recipients to his message bounced my mail (jpp at jpplap (Jay Prime Positive) does not work, and "la-cypherpunks at toad.com" is apparently not the name of the LA Cypherpunks discussion list. Since several of you have asked about an LA meeting, here's my message. Forwarded message: From: tcmay (Timothy C. May) Subject: I'll be in LA from 5-20 to 5-23 To: jpp at jpplap, ghio at andrew.cmu.edu Date: Sun, 15 May 1994 14:32:29 -0700 (PDT) Cc: tcmay (Timothy C. May), la-cypherpunks at toad.com (I'm just guessing that "la-cypherpunks at toad.com" is the right address; if not, could someone forward or respond to the correct list?) I'll be in Hermosa Beach visiting my brother from Friday to Monday, and would (as I have said before) be interested in attending an LA-Cypherpunks meeting, presumably on Saturday the 21st. Others have contacted me about this, but I've told them to watch for the organizers to announce such a meeting. Jay PP has said he'd be willing to host a meeting. The moral on these things, in my experience, is not to wait for some kind of Grand Consensus, there being no voting or debating goint on. As they say, "just do it." Assuming it's on a Saturday, and is not too far away, I'll be there. ("Too far away" might be Riverside, for example.) Even a small gathering (several people) could be useful...perhaps more useful than the mega-meetings of 40 or more people we usually have in the Bay Area. I hope to hear from you folks. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From paul at hawksbill.sprintmrn.com Sun May 15 15:21:07 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 15 May 94 15:21:07 PDT Subject: Italians charged with "Appropriation of Secret Passwords" (et al) Message-ID: <9405152323.AA19837@hawksbill.sprintmrn.com> What, exactly, is "appropriation of secret passwords"? extracted from: Computer underground Digest Sun May 15, 1994 Volume 6 : Issue 41 ------------------------------ Date: Sun, 15 May 1994 11:37:04 -0700 From: Bernardo Parrella Subject: File 2--Fidonet Crackdown in Italy On May 10-12 1994, the first nationwide crackdown on telecom nets was operated by Italian police. Acting after a warrant issued by a Prosecutor in Pesaro, about 60 Bullentin Board Systems throughout the country have been visited and searched by police officials. Dozens of people were formally accused of "distribution of illegally copied software and appropriation of secret passwords" under the law approved by Italian Parliament in January this year. In several cases police officials didn't know what to search for, thus seizing computers, floppy disks, modems along with electric outlets, answering machines, audiotapes, personal effects. The raids also hit private houses and belongings, and in some places sleeping people were abruptly woken up facing machine guns. After searching probably around one third of the entire network - that includes more than 300 BBSes - police officials closed several Fidonet nodes, but no arrests were made. A still inaccurate figure of people were charged with software piracy, and dozens of computers and related devices were seized - along with thousands of floppy disks, CD-Roms, W.O.R.M.S. Moving after a suspected software piracy ring run by people involved in a Fidonet node, the crackdown started in the night between May 10 and 11 in Milano, targeting in the two following days BBSes in Pesaro, Modena, Bologna, Ancona, Pisa and other cities. Fidonet Italia, member of the worldwide Fidonet network, is a non-profit organization devoted to distribution of shareware and freeware programs as well as to electronic forums on topics ranging from technological to social issues. An essential communication tool for several groups and individuals throughout the country, Fidonet Italia became an active multi-cultural vessel and distributor of several different nodes dedicated to specific issues: Peacelink (solidarity, human rights), Cybernet (cyberpunk), Ludonet (games), Scoutnet, Amynet, and others. For thousands of Italian people, Fidonet BBSes today are invaluable tools of information-exchange, social activism and professional activities. The network policy strictly prohibits any distribution of illegally copied software and fraudulent appropriation of secret passwords. Also, Fidonet is one of the few International organizations which has always stated and pursued a clear position against unauthorized copying software. At the moment, the raids seems to be motivated by accusations against two people involved in a Pesaro-based BBS who were using Fidonet contacts to allegedly distribute illegal copies of computer programs. However, there are no reasons for such a vast law enforcement operation. Most likely the prosecutor acted simply on the basis of the Fidonet telephone numbers list (publicly available) owned by the two suspected of software piracy. The vast majority of the people searched don't have any kind of relationship with the suspected, and many of the search warrants stated a generic "conspiracy with unknown" for the crime of software piracy. Particularly, the random and arbitrary seizures of floppy disks and personal computers are completely unmotivated, because every BBS is a completely independent structure and each sysop is running his/her own hardware and software. The seizures will resolve in a great economic loss for these people and their professional activities will be surely affected from negative publicity. Some of them own small computer-related companies while others are physicians, hobbyists, students who risk personal savings to run their services. Because police officials also seized electronic and paper archives containing data and numbers of the people who logged onto Fidonet nodes, it is evident that investigations are going even further - thus violating the constitutional right to privacy. The first result of this crackdown is that many Fidonet operators decided to shut down immediately their systems all over the country, fearing heavier police intrusions in both their public activities and private lives. While the Italian Parliament recently approved specific laws about copyright and piracy of computer software, there are still no rules to protect personal privacy in the electronic medium. This legislative void inevitably makes the sysop the only responsible person about anything happens onto and around his/her own BBS. Fidonet operators do not want and can not be the target of undiscriminated raids that, forcing them to closing down their activities, cause serious damages to themselves as well as to the entire community. In an article published Friday 13 by the newspaper "La Repubblica", Alessandro Marescotti, Peacelink spokesperson, said: "Just when the worldwide BBS scene is gaining general respect for its important role at the community level, in Italy the law hits those networks that have always been strongly against software piracy. Charging dozens of honest operators with unmotivated accusations, the main goal of this crackdown is directed against the social activities of small community nets - thus clearing the space for commercial networking." While terms and figures of the entire operation should still be clarified, on Sunday 15 Fidonet Italia operators will meet in Bologna to study any possible legal counter-action. ------------------------------ - paul From hayden at krypton.mankato.msus.edu Sun May 15 17:13:10 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Sun, 15 May 94 17:13:10 PDT Subject: How good is MIT-PGP 2.5? Message-ID: When 2.5 was first announced a few weeks ago (with the non infamous keyserver announcement), there was some concerns expressed over the political manipulations of the new program and thus, the overall security of the code. To this date I haven't seen any additional commentary on that subject, and I figure that before I recommend locally changing to 2.5, I'd like to find out what exactly was changed from the standpoint of the algoritms and the overall safety of them. No flame please, but I am not a math-oriented person, so please keep it in pseudo-english :-) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From paul at hawksbill.sprintmrn.com Sun May 15 18:00:12 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 15 May 94 18:00:12 PDT Subject: How good is MIT-PGP 2.5? In-Reply-To: Message-ID: <9405160202.AA22493@hawksbill.sprintmrn.com> > > When 2.5 was first announced a few weeks ago (with the non infamous > keyserver announcement), there was some concerns expressed over the > political manipulations of the new program and thus, the overall security > of the code. To this date I haven't seen any additional commentary on > that subject, and I figure that before I recommend locally changing to > 2.5, I'd like to find out what exactly was changed from the standpoint of > the algoritms and the overall safety of them. > > No flame please, but I am not a math-oriented person, so please keep it > in pseudo-english :-) > I can't speak to the issue of the code itself, per se, but it should be beared in mind that it is still in Beta, right? - paul From dichro at tartarus.uwa.edu.au Sun May 15 18:19:30 1994 From: dichro at tartarus.uwa.edu.au (Mikolaj Habryn) Date: Sun, 15 May 94 18:19:30 PDT Subject: Auto moderation In-Reply-To: Message-ID: <199405160118.JAA16479@tartarus.uwa.edu.au> > > Do you know how easy it is to fake an address? I occasionally telnet to port 25 > and talk SMTP directly, to avoid spooling, but I have to type in the address > I want the mail to appear from. There's no way of ensuring that I type in > my real address, or _any_ real address at all for that matter. Actually, it's not quite that easy. You can mail from any username at your site, but if you put in a different site without using helo protocol, it gives an X-Authorization-Warning in the header, which contains your home site. Alternately, if you do use helo, someone can just have a look at the headers of the message, and work out wherethe message was posted from. Then, it's just a question of consulting SMTP and system logs, and the sysadmin has a fair chance of tracing you back. Perhaps you heard of some guy who sent a death threat to the president using this method? They traced him back REAL fast. > > Digitally signed voting? Only works if you restrict yourself to 'known' voters. > Net identities are very easy to fake or create. This i agree with. Any half competent cracker can create and remove hundreds of identities (or more, depending on when some sysadmin notices the suspicious batch job running in bground). There's lots of ways to fake this, so i agree, you'd have to work from a list of registered voters - and hope that no one person is represented on that list too many times. * * Mikolaj J. Habryn dichro at tartarus.uwa.edu.au * "Information wants to be free!" PGP Public key available by finger * #include From ebrandt at jarthur.cs.hmc.edu Sun May 15 19:06:37 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Sun, 15 May 94 19:06:37 PDT Subject: Baker Rebuke (LONG! BASIC, Vet's Ignore) In-Reply-To: <199405151637.AA15166@access1.digex.net> Message-ID: <9405160206.AA18914@toad.com> > From: Black Unicorn > The administration has said time and again > that it will not force key escrow on manufacturers and companies in > the private sector. In a Catch-22 response, critics then insist that > if key escrow isn't mandated it won't work. > > Again, this presupposes a trust in government. If you look at the words > in the original announcements, this is NOT what the government says > either. They insist that their program will be voluntary, and there are > "currently no plans" to enforce a ban on other encryption. Hey, don't let him off this easily. The administration *has* proposed banning strong encryption. They are now soft-pedaling this. IMHO, the single worst aspect of `Clipper' is that it creates an environment within which such a ban is more palatable. "All citizens have encryption available to them, readable only by authorized Peace Officers. So restrictions on non-Clipper encryption only harm child molestors and drug kingpins. You're not a child molestor or a drug kingpin, are you?" Cites on banning encryption: >From the original announcement, 16 April 1993: |Q: If the Administration were unable to find a technological |solution like the one proposed, would the Administration be willing |to use legal remedies to restrict access to more powerful encryption |devices? |A: This is a fundamental policy question which will be considered |during the broad policy review. [ed.: this review has since been |scuttled] ... [the U.S. is not saying] that `every American, as a |matter of right, is entitled to an unbreakable commercial encryption |product.' ... Washington Times, 17 April 1993, "Government picks affordable chip to scramble phone calls": |An administration official said consideration will be given to |banning more sophisticated systems investigators cannot crack, |thereby creating a balance between banning private encryption and |declaring a public right to unbreakable coded communications. Washington Post, 30 May 1993, "Chipping Away At Privacy?", pages H1, H4: |Administration sources say that if the current plan doesn't enable |the NSA and FBI to keep on top of the technology, then Clinton is |prepared to introduce legislation to require use of its encryption |technology, which is crackable by the NSA, and to ban use of the |uncrackable gear. | |"It's an option on the table," said a White House official. Network World, 7 June 1993, p. 6: |NIST Deputy Director Ray Kammer said the government is considering |banning all other encryption and making Clipper Chip mandatory. (no context for this quote; take it for what it's worth) Eli ebrandt at hmc.edu From mgream at acacia.itd.uts.edu.au Sun May 15 19:25:26 1994 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Sun, 15 May 94 19:25:26 PDT Subject: Dr Dobbs "CD ROM" Message-ID: <9405160227.AA27890@acacia.itd.uts.EDU.AU> Curiously; thumbing through the last issue of Dr Dobbs (April 94 -- it just made it into the newsagents here), I notice their CD ROM for sale (well, I've seen it in previous issues, but just thought about the point I'm going to make now). Considering that previous issues of Dr Dobbs have contained cryptographic algorithms (ie. Nov '93 -- scheiner & IDEA), and this CD ROM makes the code available, then how did they get an export license -- if indeed they did ? The order form for the CD ROM states "add $x.xx if outside US or Canada", so their market is clearly international. Does anyone have this CD ROM, is the code in "ready to compile" form, is it all there ? Matthew. -- Matthew Gream Consent Technologies Sydney, (02) 821-2043 M.Gream at uts.edu.au From daemon at anon.penet.fi Sun May 15 09:44:38 1994 From: daemon at anon.penet.fi (daemon at anon.penet.fi) Date: Sun, 15 May 94 19:44:38 +0300 Subject: Anonymous message failed (wrong password) Message-ID: <06bfffe4e64c6912cc318c1214d38f5f@NO-ID-FOUND.mhonarc.org> Sure enough the penet server tracked the message (which I posted to cypherpunks) back to me and sent me the error message thinking that was the right thing to do. Note that had I copied the entire bounced message there is porbably something in it to relate me to my penet anon address. In the case of the other user who was complaining at having been assigned an alias without ever having used the service, this might be the explanation as you likely had no password or account, your mail was not bounced. -uni- (Dark) From johnkc at well.sf.ca.us Sun May 15 20:57:10 1994 From: johnkc at well.sf.ca.us (John K Clark) Date: Sun, 15 May 94 20:57:10 PDT Subject: Quantum Computers and stuff Message-ID: <199405160356.UAA21899@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I found this in the May 6 issue of Science: >At the same press conference where Lenstra and company announced >the defeat of RSA-129,he promised a "surprise" for the next >factoring feat. He hinted at a new, faster algorithm- and >perhaps a test involving a number with quite a few more digits >than 129. Then I found this in the May 7 issue of Science News: >In a startling theoretical result that could call into question >any cryptosystem based on factoring, Peter W Shore of AT&T Bell >Laboratories in Murray Hill, N.J., has just proved that >factoring is "easy" when done on a special type of computer >operating according to quantum mechanical principles . Although >such a quantum computer does not yet exist, this finding has >shaken the cryptographic community. By "easy" I presume they mean solvable in Polynomical time. I'm not saying the writing is on the wall or anything but it might be prudent to start thinking about Diffe-Hellman, perhaps using elliptic curves. John K Clark johnkc at well.sf.ca.us -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCzAgUBLdbskn03wfSpid95AQFZuwTvVug954sJilmhlyR3Sye+LpCB9ktG+erw mfDHBbAUpYC34P/lL81dzekGj7hmMhOIgZklZn7h/XfgCydQihm0e+DHGC9h64nT AI6g2xHI5k/hH9QZRUPjFLwreaFeKX4ARy3rfWEgpGC7g1qqyPnKQi7TBuffyYCV 51NJ9lGzGjuSVIcDdHcGBIoTkMg1T8pH+Yr44jo/MehE86KB+/0= =pxVR -----END PGP SIGNATURE----- From nobody at rebma.rebma.mn.org Sun May 15 21:13:19 1994 From: nobody at rebma.rebma.mn.org (nobody at rebma.rebma.mn.org) Date: Sun, 15 May 94 21:13:19 PDT Subject: Rabin decryption Message-ID: <199405160309.WAA12357@rebma.rebma.mn.org> How do you do Rabin decryption? In the Rabin PK system, your modulus is a Blum integer, a number n of the form p*q, where p and q are primes equal to 3, mod 4. According to Schneier, p. 289, encryption is done by C = M^2 mod n. On the next page, he gives four possible square roots of C: M1 = C^((p+1)/4) mod n M2 = p - C^((p+1)/4) mod n M3 = C^((q+1)/4) mod n M4 = q - C^((q+1)/4) mod n These formulas don't work. Also, note the "p -" and "q -". This is suspicious. If M^2 is C, then (n-M)^2 is also C. I suspect M2 and M4 should have "n -" instead. Try p=7, q=11, n=77. (p+1)/4 is 2, (q+1)/4 is 3. Try M=50, so C=36. M1 = 64; M2 = 20; M3 = 71; M4 = 17. None of these are the original M, and none of them is a square root of 36. Anybody know the right way to do square roots mod a Blum integer? From anonymous at extropia.wimsey.com Sun May 15 22:08:31 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Sun, 15 May 94 22:08:31 PDT Subject: Cryptosystems Journal Message-ID: <199405160451.AA18778@xtropia> Does anyone know where one can read back issues of CryptoSystems Journal? I was looking for Volume 2 Number 2. I tried at several Univeristies but they said only the Library of congress had it. Thanks. From jef at ee.lbl.gov Mon May 16 00:14:22 1994 From: jef at ee.lbl.gov (Jef Poskanzer) Date: Mon, 16 May 94 00:14:22 PDT Subject: a couple of shell scripts for use with PGP Message-ID: <199405160714.AAA09329@hot.ee.lbl.gov> pgpextract: Given one or more keyids or userids, either on the command line or on stdin, extracts the keys and writes them to stdout. Basically just a more useful interface for 'pgp -kxa'. pgpgetweb: Given one or more keyids or userids, either on the command line or on stdin, expands the "web of trust" out to the specified depth and writes the resulting keyids to stdout. You could feed the resulting file to pgpextract to make a subset keyring of only your 'close neighbors'. If I come up with more scripts I'll add them to the sharchive in my ftp dir on netcom. --- Jef #! /bin/sh # This is a shell archive, meaning: # 1. Remove everything above the #! /bin/sh line. # 2. Save the resulting text in a file. # 3. Execute the file with /bin/sh (not csh) to create the files: # README # pgpscripts.1 # Makefile # pgpextract # pgpgetweb # This archive created: Mon May 16 00:11:13 1994 export PATH; PATH=/bin:$PATH echo shar: extracting "'README'" '(536 characters)' if test -f 'README' then echo shar: will not over-write existing file "'README'" else sed 's/^X//' << \SHAR_EOF > 'README' X pgpscripts - shell scripts for using PGP X version of 15may94 X XSome simple scripts that give a more Unix-like interface to some Xof PGP's functions. See the manual entry for more details. X XFiles in this distribution: X README this X Makefile guess X pgpscripts.1 manual entry X pgpextract script X pgpgetweb ... X XTo install: X Unpack the files. X Edit the Makefile to change the configuration options if necessary. X Make install. X XComments to: X Jef Poskanzer jef at netcom.com jef at well.sf.ca.us SHAR_EOF if test 536 -ne "`wc -c < 'README'`" then echo shar: error transmitting "'README'" '(should have been 536 characters)' fi fi # end of overwriting check echo shar: extracting "'pgpscripts.1'" '(744 characters)' if test -f 'pgpscripts.1' then echo shar: will not over-write existing file "'pgpscripts.1'" else sed 's/^X//' << \SHAR_EOF > 'pgpscripts.1' X.TH pgpscripts 1 "15 May 1993" X.SH NAME Xpgpextract, pgpgetweb - shell scripts for using PGP X.SH SYNOPSIS X.B pgpextract X.RI [ keyid... ] X.br X.B pgpgetweb X.I depth X.RI [ keyid... ] X.SH DESCRIPTION X.PP XDescription of each script: X.TP X.I pgpextract XGiven one or more keyids or userids, either on the command line or Xon stdin, extracts the keys and writes them to stdout. Basically Xjust a more useful interface for 'pgp -kxa'. X.TP X.I pgpgetweb XGiven one or more keyids or userids, either on the command line or Xon stdin, expands the "web of trust" Xout to the specified depth and writes the resulting keyids to stdout. XYou could feed the resulting file to X.B pgpextract Xto make a subset keyring of only your 'close neighbors'. X.SH "SEE ALSO" Xpgp(1) SHAR_EOF if test 744 -ne "`wc -c < 'pgpscripts.1'`" then echo shar: error transmitting "'pgpscripts.1'" '(should have been 744 characters)' fi fi # end of overwriting check echo shar: extracting "'Makefile'" '(592 characters)' if test -f 'Makefile' then echo shar: will not over-write existing file "'Makefile'" else sed 's/^X//' << \SHAR_EOF > 'Makefile' X# CONFIGURE: the directory where you want the executables installed XINSTDIR = /usr/local/bin X X# CONFIGURE: the directory tree where you want the man pages installed XMANDIR = /usr/local/man X X# End of configurable definitions. X XSCRIPTS = pgpextract pgpgetweb X Xall: X Xinstall: all X for i in $(SCRIPTS) ; do \ X rm -f $(INSTDIR)/$$i ; \ X cp $$i $(INSTDIR) ; \ X done X rm -f $(MANDIR)/man1/pgpscripts.1 X cp pgpscripts.1 $(MANDIR)/man1 X for i in $(SCRIPTS) ; do ( \ X rm -f $(MANDIR)/man1/$$i.1 ; \ X echo '.so man1/pgpscripts.1' > $(MANDIR)/man1/$$i.1 ; \ X ) done X Xclean: X rm -f core SHAR_EOF if test 592 -ne "`wc -c < 'Makefile'`" then echo shar: error transmitting "'Makefile'" '(should have been 592 characters)' fi fi # end of overwriting check echo shar: extracting "'pgpextract'" '(894 characters)' if test -f 'pgpextract' then echo shar: will not over-write existing file "'pgpextract'" else sed 's/^X//' << \SHAR_EOF > 'pgpextract' X#!/bin/sh X# X# pgpextract - extract multiple pgp keys onto stdout X# X# Copyright (C) 1994 by Jef Poskanzer . X# Permission to use, copy, modify, and distribute this software and its X# documentation for any purpose and without fee is hereby granted, provided X# that the above copyright notice appear in all copies and that both that X# copyright notice and this permission notice appear in supporting X# documentation. This software is provided "as is" without express or X# implied warranty. X Xout=peo.$$ Xkey=pek.$$ Xkeya=${key}.asc Xrm -f ${out} ${keya} Xumask 077 X X( X if [ $# -eq 0 ] ; then X cat X else X while [ $# -ne 0 ] ; do X echo $1 X shift X done X fi X) | ( X while read id ; do X pgp -kxa ${id} ${key} > ${out} 2>&1 X if [ -z "`grep 'Key not found' ${out}`" ] ; then X cat ${keya} X else X echo "Keyid ${id} not found." >&2 X fi X rm -f ${out} ${keya} X done X) SHAR_EOF if test 894 -ne "`wc -c < 'pgpextract'`" then echo shar: error transmitting "'pgpextract'" '(should have been 894 characters)' fi chmod +x 'pgpextract' fi # end of overwriting check echo shar: extracting "'pgpgetweb'" '(1338 characters)' if test -f 'pgpgetweb' then echo shar: will not over-write existing file "'pgpgetweb'" else sed 's/^X//' << \SHAR_EOF > 'pgpgetweb' X#!/bin/sh X# X# pgpgetweb - finds the keyids that comprise the 'web of trust' for X# specified ids X# X# Copyright (C) 1994 by Jef Poskanzer . X# Permission to use, copy, modify, and distribute this software and its X# documentation for any purpose and without fee is hereby granted, provided X# that the above copyright notice appear in all copies and that both that X# copyright notice and this permission notice appear in supporting X# documentation. This software is provided "as is" without express or X# implied warranty. X Xif [ $# -eq 0 ] ; then X echo "usage: $0 depth [keyid...]" >&2 X exit 1 Xfi Xdepth=$1 Xshift X Xids=/tmp/pgwid.$$ Xtodo=/tmp/pgwtd.$$ Xout=/tmp/pgwo.$$ Xrm -f ${ids} ${todo} ${out} Xumask 077 X( X if [ $# -eq 0 ] ; then X cat X else X while [ $# -ne 0 ] ; do X echo $1 X shift X done X fi X) | sort -u > ${ids} Xcat ${ids} > ${todo} X Xecho "Starting with `cat ${ids} | wc -l` keyids." >&2 Xn=0 Xwhile [ ${n} -lt ${depth} ] ; do X cat ${todo} | ( X while read id ; do X pgp -kvv ${id} 2>&1 | egrep '^sig ' | awk '{printf "0x%s\n", $2}' X done X ) | sort -u > ${out} X comm -13 ${ids} ${out} > ${todo} X cat ${ids} >> ${out} X sort -u ${out} > ${ids} X X n=`echo ${n}+1 | bc` X echo "At depth ${n}, `cat ${ids} | wc -l` keyids." >&2 Xdone X Xcat ${ids} Xrm -f ${ids} ${todo} ${out} SHAR_EOF if test 1338 -ne "`wc -c < 'pgpgetweb'`" then echo shar: error transmitting "'pgpgetweb'" '(should have been 1338 characters)' fi chmod +x 'pgpgetweb' fi # end of overwriting check # End of shell archive exit 0 From anonymous at extropia.wimsey.com Mon May 16 00:26:52 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 16 May 94 00:26:52 PDT Subject: [ANON] War in rec.guns Message-ID: <199405160653.AA19402@xtropia> [[Reply-To: john.nieder at tigerteam.org]] -=> Quoting Dputzolu at uxa.cso.uiuc.edu to John Nieder <=- [Nieder to "Magnum"] >You also, I note, have not been passing on numerous other dissenting >messages of which I have received Cc:s. >This is an excellent way to engineer the illusion of common consent, >however dishonestly. I congratulate you. Unfortunately, you do not >have control of the other lists and newsgroups on which I plan to >discuss this issue and your personal handling of it. Dp> Whoa there! This is a very serious accusation here (IMHO). While I Dp> tend to agree with many of the points you make about the subject of Dp> anonymity, I can understand forwarding this particular posting Dp> by the moderator via email instead of posting it to rec.guns, Dp> based on his "kinder, gentler" newsgroup policy. It is my impression Dp> that the moderator tends to try to keep flameage on rec.guns to a Dp> minimum, and your post was quite loaded in that regard. I agree with the point, and believe it or not I much prefer to have things pleasant about me, but when people do ignorant things like banning remailer use (or guns, or encryption...) without any good reason and insult the motives and character of those who use them, it's only reasonable to expect offended parties to yell and cuss. I mean, think about it: Would you be polite to Charles Schumer? Dp> However, you have made quite an accusation. I did see at least Dp> a few posts arguing the pro-anon side (including mine). Look again and see if you got to see Martin Greifer's post or one from a guy named Vetleson (sp?). Greifer's was angry (he was the main objector to the anti-anon policy on ca-firearms who got me radicalized on the issue), but made the valid if - damned obvious - charge that nobody disputed a single point I made supporting remailer use, and Vetleson's explained _why_ he had to use a remailer to get through to the group for technical reasons. I didn't see them in the "digest" the moderator selectively prepared, nor did I see any of the posts that came via remailers (naturally). I didn't see any of the short posts of support, which may not have been considered "worthy" of inclusion either. The incoming headers showed that these had also been posted to rec.guns. The Vetleson post was entered onto a BBS's rec.guns feed, but didn't show up on the net. I didn't save any of these personally (I didn't think I'd have to), but I'll see if I can retrieve them tomorrow from my main feed, though this is probably not possible, as it only saves the last x-number of messages before overwriting. I think I have Greifer's netmail address here somewhere left over from the ca-firearms anon wars, if you want to check with him. Don't know Vetleson's, but can find out [here's Greifer's: martin.greifer at f28.n125.z1.fidonet.org]. Anyway, my mail ran about 80% pro-anon. Obviously, he excluded _mine_, and admitted it. This is exactly what the media does when it wishes to appear "fair" on an issue - tailor the raw response to support the agenda, with a few innocuous dissenting remarks to give the illusion of even-handedness. You'll notice that all anti-anon responses were either butt-kissing "me-too" posts of moderator adulation, or else completely ignored the arguments in my post. Dp> To put it briefly: "Put up or shut up." Hey, why don't we apply that idea to these folks who want to ban anon posts? If you can raise a _valid_ objection, or can refute my points, DO IT!...but they _can't_. Anyway, check with Greifer if you doubt this. If the posts I mentioned showed up in the digest, post them and I'll apologize, but _I_ sure didn't see them there. Did you? Note that the moderator (funny how he doesn't use his name much - I've never seen it, and that seems pretty anon to me) has closed the discussion, so I'm sure that he'll say these posts came in _afterwards_. Frankly, I think he ought to quit the moderator position, as he's unfit. He provides no protection on the newsgroup from endless boneheaded and useless newbie posts about illegal modifications of weaponry, but somehow he finds time to kill 100% legitimate, non-anonymized posts (as Vetleson asserted in his case, I think) of valid and useful content _simply because they come through a remailer_. Obviously, the guy's got his priorities fucked up and I don't see where's he's doing the group much good. I have mixed emotions about the concept of moderated groups anyway, particularly ones where the "moderation" is so quirkily counterproductive. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| From anonymous at extropia.wimsey.com Mon May 16 00:26:59 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 16 May 94 00:26:59 PDT Subject: [ANON] War in rec.guns Message-ID: <199405160652.AA19308@xtropia> [[Reply-To: john.nieder at tigerteam.org]] -=> Quoting Paul at vixen.cso.uiuc.edu to All <=- Pa> Btw, it's only a "war" in your mind. To everyone else involved it's Pa> been a calm discussion of the pros and cons. I have seen no substantive refutation of the points I made in my original post there, BTW, indeed no "discussion" of the _issues_ at all. The only reason it's a "calm discussion" is that the moderator is apparently shortstopping most effective pro-anon posts to the list. He admits to stopping mine and Cc:ed posts I've received netmail do not show up on the group. In short, what you see on the group appears to be what he wants you to see and is not reflective of the actual traffic. Ingenious, huh? If you have an actual, substantive objection to the points I raised in my original post, I'd be pleased to read them. If you missed it on the first time around, I'll send it to you again. So far only _one_ anti-anon correspondent has actually challenged one of my points on a technical matter, but he's factually mistaken. I do applaud him for at least facing the questions on their merits, though. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| From anonymous at extropia.wimsey.com Mon May 16 00:27:04 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 16 May 94 00:27:04 PDT Subject: [ANON] War in ca-firearms Message-ID: <199405160652.AA19294@xtropia> [[Reply-To: john.nieder at tigerteam.org]] -=> Quoting Chan at shell.portal.com to John Nieder <=- Ch> Please don't waste my time with posts like this. Ch> Thanks, Jeff, listen: I admired and respected your efforts running ca-firearms, was grateful for the time you spent on it, and _said_ so, to you and to everyone else. I worked on the Roberti recall, lobbied my legislators and helped others on the list to do the same. All that aside, under the advice of the worst possible people*, you made a policy _mistake_ in ca-firearms policy that has created a tremendous amount of ill-will and divisiveness and little else. It didn't make the list "safe," it didn't promote RTKBA, it didn't do anything constructive; it only alienated a lot of sincere and able people who were otherwise on your side, whether you intended to or not. To my knowledge - and you may correct me if I am wrong - none of the anti-anon people have addressed a single point in the prevailing argument for anon posting, which I roughly outlined in my first protest letter to rec.guns (my subsequent posts there have been censored). They, and you, have not spent any time in reflecting on the pro-anon case or apologized for the explicit insult your policy made toward those who use remailers for legitimate purposes. If for whatever obscure reasons you felt a need to exclude remailed posts from ca-firearms, you could have at least done so tactfully and thoughtfully, which you did not. You haven't tried to do any damage control on this or (to my knowledge) done anything but stonewall the issue. You handled this ineptly, and actions have consequences. In this case, the consequences are the incurred enmity of other pro-RTKBA, pro-privacy persons and groups. Worse than that, you have helped convince quite a few people (judging from my netmail) that there is no material difference between the irrational anti-gun zealots and the irrational anti-privacy bigots in the RTKBA forums - an assumption, I might add, completely reinforced by the anti-anon posts I have seen. As a consequence, these persons have dropped out of the RTKBA fight entirely, in disgust. As one former ca-firearms participant wrote to me, "I'm not going to choose between two groups of control addicts." To that point the guy had been very active in the faxing and calling of representatives, wrote excellent letters and was otherwise a real asset to the cause. Frankly, I'm beginning to think he's right. Usenet rec.guns is the _third_ major firearms forum I have seen disrupted or destroyed by anti-anon policies this year alone. In the first case, the best radical RTKBA forum in all cyberspace was eliminated by anti-gun net administrators employing the selective application of obscure netlaws, notably a widely ignored "real names only" rule. The second was ca-firearms. I hope the next moderator thinks before he acts. JN *The two anti-anon users in whose direct or forwarded e-mail made claims to have influenced your decision were X and Y . What I saw from X was simply psychotic, probably the craziest, most lunatic copy I've seen on Internet in a couple of years. Y 's was worse in its way, containing every petty-authoritarian cliche I know and a few I had forgotten. Needless to say, neither addressed the actual _issues_ or _facts_. If these are the people you let do your thinking for you, you are in deep trouble, my friend. It's one thing to be honestly mistaken or ignorantly well-meaning, but these characters are seriously wedged. [If I decide to cross-post this, I will delete the names of these loose cannon, not that either deserve the courtesy]. From MIKEINGLE at delphi.com Mon May 16 00:50:24 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Mon, 16 May 94 00:50:24 PDT Subject: WinFax has public key Message-ID: <01HCE5R8L5HU935MEZ@delphi.com> The new WinFax 4.0 appears to have public-key encryption. It can, according to the manual, send a binary file as a fax, with encryption and a digital signature on it. Has anyone tried this out? How secure is it? The manual says nothing about how it works, but the encryption is the type used in Microsoft At Work. It allows you to create a key pair and export the public key. --- Mike From jkreznar at ininx.com Mon May 16 03:33:47 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Mon, 16 May 94 03:33:47 PDT Subject: PGP 2.5 Warning Message-ID: <9405161033.AA23099@ininx> -----BEGIN PGP SIGNED MESSAGE----- I wrote: > This should be obvious, but probably bears repetition anyway: > FREEMAN BEWARE: By switching to PGP 2.5 you would commence to affirm > with each message you send that you are a subject of the U.S. State. I have been asked in email what would happen if a person outside the U.S. were to use it. If a person were initially not a subject (``outside'') of the U.S., he would destroy that status in the process of acquiring PGP 2.5. This follows from the MIT announcement: > Date: Mon, 9 May 94 09:32:39 -0400 > From: "Jeffrey I. Schiller" > Subject: MIT Announces PGP 2.5 [...] > This distribution of PGP 2.5, available in source code form, is > available only to users within the United States of America.... > Users in the United States of America can obtain information via FTP [...] For non-commercial use, one has a choice between PGP 2.3a and PGP 2.5. For a ``United States of America'' user, the legality of 2.3a is questioned on patent grounds, but 2.5 is available. For a free (non-national) person, on the other hand, 2.5 is unavailable according to the MIT announcement above, but there is no problem with 2.3a. The situation seems contrived to force each non-commercial PGP user to declare whether he is free or a ``United States of America'' user. Confusion may arise by interpreting ``user in the United States of America'' as a statement about geography rather than one about allegiance. This would be a mistake. The founding documents of the United States of America imply that their government is only of those who consent, so it is clearly a matter of allegiance, not geography. Acceptance of PGP 2.5 is one way to signal such consent, since 2.3a is available. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLddLNcDhz44ugybJAQFoYwQAurznG2insQ74/JaJocPy7fxAqHWkBxSd U94kYU78NFWiv1P4ef9btiaBcCAWNC8LnzR/hVlvsLminRoNX8rDEP+B1wRDp0mR yMJlQ3X34cJYQvpEVwuOLJRvDS74p9r2OcNU9yB+CNEhHw8oIixdLIa/LbJT2ait N1Ny3UjSMQE= =s+8g -----END PGP SIGNATURE----- From rishab at dxm.ernet.in Mon May 16 04:03:58 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 16 May 94 04:03:58 PDT Subject: Penet ID allocated Message-ID: daemon at anon.penet.fi Mon May 16 10:39:28 1994 > You have sent a message using the anonymous contact service. > You have been allocated the code name an98437. > You can be reached anonymously using the address > an98437 at anon.penet.fi. Obviously I'm not going to send anon mail through penet! I guess this is a response to my post to the list yesterday, so someone must have subscribed with their anXXXX address. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From rishab at dxm.ernet.in Mon May 16 04:08:26 1994 From: rishab at dxm.ernet.in (Rishab Aiyer Ghosh) Date: Mon, 16 May 94 04:08:26 PDT Subject: Auto moderation In-Reply-To: <199405160118.JAA16479@tartarus.uwa.edu.au> Message-ID: Mikolaj Habryn writes: > Actually, it's not quite that easy. [to fake addresses through telnet 25] > You can mail from any > username at your site, but if you put in a different site without using > helo protocol, it gives an X-Authorization-Warning in the header, which > contains your home site. Many sites don't do put in an X-Authorization-Warning. At least one site I know allows you to fake a sitename with helo. > Alternately, if you do use helo, someone can just have a look at > the headers of the message, and work out wherethe message was posted > from. Then, it's just a question of consulting SMTP and system logs, and > the sysadmin has a fair chance of tracing you back. Perhaps you heard of > some guy who sent a death threat to the president using this method? They > traced him back REAL fast. Right. But "they" were not an auto moderation script. Remember the context we're discussing this issue... > > Digitally signed voting? Only works if you restrict yourself to 'known' vot > > Net identities are very easy to fake or create. > > This i agree with. Any half competent cracker can create and > remove hundreds of identities (or more, depending on when some sysadmin > notices the suspicious batch job running in bground). There's lots of > ways to fake this, so i agree, you'd have to work from a list of > registered voters - and hope that no one person is represented on that > list too many times. Again, the context is auto-moderation of _open_ mailing lists (such as this one). I doubt that you'd want to restrict posts, approving or disapproving replies to "registered" members. The point is not to censor Nalbandian or Detweiler. There may be some fans out there, and IAC the _reader_ should decide what to look at. The point is to make this decision easier, with friendly advice from the poor souls who actually _read_ all the crap. > * * Mikolaj J. Habryn > dichro at tartarus.uwa.edu.au ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! From perry at imsi.com Mon May 16 04:14:52 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 04:14:52 PDT Subject: The Implications of Strong Cryptography In-Reply-To: Message-ID: <9405161114.AA26487@snark.imsi.com> Mats Bergstrom says: > The original anarchists (tm) strongly denounced not only capitalism > but private ownership of everything but your most intimate belongings > (and perhaps your house, this was discussed a lot). Not true of all, only of some. See, for instance, the writings of Lysander Spooner. (Spooner should be remembered as the anarchist who nearly bankrupted the U.S. Postal Service by starting a competing venture, The American Letter Mail Company -- the private express acts were specifically designed to drive him out of business. I can assure you that Spooner was quite capitalistic.) The louder bomb-throwing 19th century anarchists have, unfortunately, eclipsed memory of the individualist anarchists who followed very much in the tradition of the enlightenment social-contract political theorists and who believed in private property. In any case, this is getting afield of cryptography. Perry From perry at imsi.com Mon May 16 06:17:29 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 06:17:29 PDT Subject: Quantum Computers and stuff In-Reply-To: <199405160356.UAA21899@well.sf.ca.us> Message-ID: <9405161317.AA26681@snark.imsi.com> Bob Silverman claims that Shore's result is largely bullshit. I haven't gotten any details yet, so I don't know for sure, but I'd say at this point panic is not yet in order. Perry John K Clark says: > >In a startling theoretical result that could call into question > >any cryptosystem based on factoring, Peter W Shore of AT&T Bell > >Laboratories in Murray Hill, N.J., has just proved that > >factoring is "easy" when done on a special type of computer > >operating according to quantum mechanical principles . Although > >such a quantum computer does not yet exist, this finding has > >shaken the cryptographic community. > > By "easy" I presume they mean solvable in Polynomical time. I'm > not saying the writing is on the wall or anything but it might > be prudent to start thinking about Diffe-Hellman, perhaps using > elliptic curves. From Christoph_Pagalies at hh2.maus.de Mon May 16 08:30:29 1994 From: Christoph_Pagalies at hh2.maus.de (Christoph Pagalies by way of habs@cmyk.warwick.com Harry Shapiro) Date: Mon, 16 May 94 08:30:29 PDT Subject: macPGP Message-ID: <9405161641.AA07176@cmyk.warwick.com> HH> Since that doesn't allow us to verify the code If heard that argument quite often, but do you really intend to examine all of the sources? I'd have the possibility to, but to be honest: I didn't. I got them with a signature of my predecessor, and I relied on his word. HH> is there a reason for this? Yes, there is. After I got the sources I've lost contact to the other authors of PGP. I don't know whether they've made changes to the sources as well, so I first didn't release MacPGP at all. But after a while I decided to release at least the executables - if someone take the chance to object I'll merge my sources with his. Otherwise I'll release the next version together with the source code. HH> How did you sign them? Did you sign the binhex file or the Mac HH> executeable, etc.? I put the complete stuff for each language into a Compact Pro archive and signed these archives. Then I gathered them all in another (uncompressed) Compact Pro archive. I'll ask the one who put it into the ftp site where to find it. Ciao, Christoph From pdn at dwroll.dw.att.com Mon May 16 08:35:26 1994 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Mon, 16 May 94 08:35:26 PDT Subject: Is the list still active? Message-ID: <9405161534.AA08222@ig2.att.att.com> -----BEGIN PGP SIGNED MESSAGE----- Hello, all! Apologies for the waste of bandwidth, but it's been over a week since I have received any mail from the cypherpunks list. Is anybody out there? Please respond by private e-mail so as to (a) keep the racket on the list down and (b) sidestep a 'cypherpunks' mail trap at my location (if one exists). Noise and all, I find this list interesting - I'd hate to lose it. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn at dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdeSKgvlW1K2YdE1AQH/dgP9HyGkrstmSXRZe/QtMQlMUn4ipeUEJure ZTlcQBuDIyNW4Vqydj/4vZryy/nqlpJo2ODWI4oQBQIUuQuru7BvBTJiPDXObFfo +LLghVaGElGoDSkbuLcv4nBawW9RAG10O/Z17tmmZa2NZdoMzzzzqPRFQIzm838s GQUCn9CGl3A= =w+CC -----END PGP SIGNATURE----- From perry at imsi.com Mon May 16 08:43:58 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 08:43:58 PDT Subject: macPGP In-Reply-To: <9405161641.AA07176@cmyk.warwick.com> Message-ID: <9405161543.AA27175@snark.imsi.com> Christoph Pagalies) (by way of habs at cmyk.warwick.com (Harry Shapiro) says: > HH> Since that doesn't allow us to verify the code > > If heard that argument quite often, but do you really intend to examine > all of the sources? I tend to. I usually only look at diffs between successive versions. In any case, the point is more about the capacity to examine the sources more than anything. Even if one has not personally examined them, the fact that others may examine them is a deterrent to tampering at the release level. I don't believe in releasing cryptography or other security software without sources. Perry From pdn at dwroll.dw.att.com Mon May 16 09:44:14 1994 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Mon, 16 May 94 09:44:14 PDT Subject: List is VERY MUCH alive; Thanks! Message-ID: <9405161627.AA25333@ig1.att.att.com> -----BEGIN PGP SIGNED MESSAGE----- Wow! Not only is the list still active, there are several list members who are quick on the draw! I have resubscribed to the list and have received verification from majordomo, so everything should be set. Many thanks to the folks who responded to my 'S.O.S.' posting earlier this morning. - -- ........................................................................ Philippe D. Nave, Jr. | Strong Crypto: Don't leave $HOME without it! pdn at dwroll.dw.att.com | Denver, Colorado USA | PGP public key: by arrangement. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdeenwvlW1K2YdE1AQHWEwP+MLl5lM7/OkGaJfKlHlFWTQky2PaHvDFr XSxMM+zySMJcXesmgTULvccHEBc53MYRgdf6jdTnGe44EVgxupUWe2BoeSgm/6V9 bkFEfFwuDox51He/VBFE26LasMhoWx9BMgDW+pEfS3LS68jImThUflpN75zsx4tb Id9YGhAr+o8= =qpOS -----END PGP SIGNATURE----- From mg5n+eathv93j40vo0ro1asmhi5ilvwcmzf at andrew.cmu.edu Mon May 16 10:43:22 1994 From: mg5n+eathv93j40vo0ro1asmhi5ilvwcmzf at andrew.cmu.edu (Anonymous) Date: Mon, 16 May 94 10:43:22 PDT Subject: Caller ID info... Message-ID: Forwarded message: > From CRF_STOHLMNR at crf.cuis.edu Mon May 16 09:36:48 1994 > Date: Mon, 16 May 1994 09:37:11 -0500 (CDT) > From: Nathan Stohlmann > Subject: Caller ID info...interesting (a bit to wade through though) > To: jmueller at gac.edu > Message-Id: <01HCEHVJHU4E8Y8IOV at CRF.CUIS.EDU> > Organization: Concordia University Information Systems, River Forest, Il. > X-Vms-To: in%"jmueller at gac.edu" > Mime-Version: 1.0 > X-Mailer: Pathworks MAIL V4.1 > Content-Transfer-Encoding: 7BIT > > > ----- Begin message from IN%"rre at weber.ucsd.edu" 16-May-94 > > From: IN%"rre at weber.ucsd.edu" 16-MAY-1994 08:45 > To: IN%"rre at weber.ucsd.edu" > CC: > Subj: caller ID outrage from the FCC -- time to act > > I've enclosed two messages from the Privacy digest about an outrageous > FCC plan to undermine crucial privacy protections on caller-ID systems > for telephones. Caller-ID exists so that marketing companies can collect > information on unwitting consumers, and those same companies have lobbied > long and hard to eliminate simple, ordinary schemes to give people control > over whether this information is made available from their telephones. > Having lost this battle in many states, they have evidently moved to the > federal level. But time remains for your comments to make a difference. > Please read the enclosed messages, judge for yourself, and act. > > Phil > > Encl: > > Date: Sun, 15 May 94 13:23 PDT > From: privacy at vortex.com (PRIVACY Forum) > To: PRIVACY-Forum-List at vortex.com > Subject: PRIVACY Forum Digest V03 #10 > > PRIVACY Forum Digest Sunday, 15 May 1994 Volume 03 : Issue 10 > > Moderated by Lauren Weinstein (lauren at vortex.com) > Vortex Technology, Woodland Hills, CA, U.S.A. > > ===== PRIVACY FORUM ===== > > The PRIVACY Forum digest is supported in part by the > ACM Committee on Computers and Public Policy. > > > ----------------------------------------------------------------------------- > > Date: Fri, 6 May 94 12:10:59 PDT > From: carl_page at rainbow.mentorg.com (Carl Page @ DAD) > Subject: FCC attacks > > Private Unlisted Phone Numbers Banned Nationwide. > Law Enforcement Explicitly Compromised. > Women's Shelters Security Threatened. > Telephone Rules of 30 States Overturned. > Direct Marketing Association Anticipates Profit. > > The FCC released its Report and Order And Notice of Proposed Rulemaking of > March 29th, 1994 (CC Docket No. 91-281) > > With the arrogance that only federal bureaucrats can muster, the Federal > Communications Commission has turned the clock back on Calling Number ID > and privacy protection rules nationwide. > > Have you ever had any trouble giving a direct marketer your phone number? > You won't any more. Your Per Line Caller ID blocking will be banned, > thanks to the FCC Order which preempts the privacy protections provided by > 30 states. > > The order carefully enumerates the concerns of law-enforcement agencies > which need per-line blocking to do their jobs. It mentions the need > Women's shelters have for per-line blocking. (A matter of life and death > on a day-to-day basis) It mentions that the customers who attempt to keep > unlisted numbers confidential will be certainly be thwarted. (Can one > train all kids and house-guests to dial *67 before every call? Can you > remember to do it yourself?) > > But the Order dismisses all of these problems, and determines that the > greatest good for the greater number will be accomplished if RBOC's can > profit a bit more by selling our numbers and if the direct marketers have > less trouble gathering them. > > The FCC doesn't seem to trust consumers to be able to decide whether they > want per-line blocking. It praises the $40 cost of an automatic *67 dialer > as an appropriate disincentive that will benefit the nation by discouraging > people's choice of per-line blocking. > > There was one part of the order I was pretty happy about, until I read it. > The FCC has also banned the sale of numbers gathered by 800-900 number > subscribers using the ANI system, unless they obtain verbal consent. (Note > that no rules prevent sale of numbers from the presumably blockable CNID > system.) The problem is that the only enforcement of the rule seems to be > that the requirement must be included in the fine print of the ANI sale > contract between the common-carrier and the ANI subscriber. So it seems to > be up to the common-carrier to enforce a rule which is contrary to their > financial interest. How can a person who suffers from publication or sale > of their number recover compensation? > > The FCC is soliciting comments, due May 18th > in their Further Notice Of Proposed Rulemaking on two issues: > > o Whether the Commission should prescribe more precise educational > requirements. > o Whether and how the policies adopted on caller ID should be extended to > other identification services, such as caller party name or CPNI. > > I can think of some suggestions... > > ------------------------------ > > Date: Wed, 11 May 94 02:39:45 EDT > From: johnl at iecc.com (John R Levine) > Subject: FCC order on interstate Caller ID > > [ From TELECOM Digest V14 #208 -- MODERATOR ] > > I picked up a copy of the FCC's Caller ID order, which is available by > FTP as /pub/Orders/Common_Carrier/orcc4001.txt or orcc4001.wp. (Kudos > to the FCC for making this info available so easily and quickly, by > the way.) > > Much of the order is straightforward and not contentious, e.g. > delivering CNID between local and long distance carriers is so cheap > to implement that neither may charge the other for the data. They > also note that per-call blocking is a good idea, and that *67 should > be the universal code to block CNID delivery. > > But the arguments they list against per-line CNID seem, to me, to be > astonishingly specious. > > There are three blocking options 1) per call for anyone, 2) per line > for anyone, and 3) per line for special groups. The FCC thinks, not > unreasonably, that it's a mare's nest to ask the telco to implement 3, > since they have to determine who's in the special groups and who > isn't. Then they say: > > 43. In the NPRM, we tentatively concluded that per line > blocking unduly burdens calling party number based services > overall by failing to limit its applicability to those calls for > which privacy is of concern to the caller. The Commission noted > that even in the case of law enforcement personnel, there may be > a need to maintain calling number privacy on some calls, but that > the same number may be used to telephone other law enforcement > personnel, victims of crimes, cooperative witnesses, and family > or friends. The Commission asserted that in these types of > calls, calling number privacy is not needed and calling number > identification can actually be a valuable piece of information > for both the caller and called parties. The record reflects the > useful nature of CPN based services, and the comments of > Rochester illustrate that callers are likely to be interested in > blocking only a small percentage of their calls. The comments of > USCG illustrate the usefulness of caller ID to emergency > services. In contrast, Missouri Counsel's analogy to unlisted > numbers is inapposite because caller ID only permits parties > called by the calling party to capture the calling party number, > and then only if the calling party has not activated a per call > blocking mechanism. We find that the availability of per call > unblocking does not cure the ill effects of per line blocking. > > Moreover, in an emergency, a caller is not likely to remember to > dial or even to know to dial an unblocking code. For the > foregoing reasons, we find that a federal per line blocking > requirement for interstate CPN based services, including caller > ID, is not the best policy choice of those available to recognize > the privacy interests of callers. Thus, carriers may not offer > per line blocking as a privacy protection mechanism on interstate > calls. We agree that certain uses of captured calling numbers > need to be controlled, and address that issue infra. > > > In other words, per-line blocking is a bad idea because subscribers > are too dumb to unblock calls when they want to unblock them, although > they're not to dumb to block calls when they want to block them. > > In paragraph 47 they note that where per-line blocking is offered, > telcos use *67 as a blocking toggle, so users can't really tell what > *67 does, but it doesn't seem to occur to them that the problem is > easily solved by requiring a different code for unblock than for > block. In paragraph 48 they wave their hands and say that people who > care about privacy can just buy a box for "as little as $40.00 per > unit" that will stuff *67 in front of each call. Thanks, guys. > > The docket number is 91-281, with comments due by May 18th. Comments > must reference the docket number. Send ten copies (yes, 10) to: > > Office of the Secretary > Federal Communications Commission > Washington DC 20554 > > Before you fire off a comment, please get a copy of the order, since > there's a lot of material beyond what I've summarized. For people > without FTP access, I've put them on my mail server. Send: > > send fcc-cnid.txt (for the text version) > > send fcc-cnid.wp.uu (for uuencoded compressed WP version) > > to compilers-server at iecc.com. > > > Regards, > > John Levine, johnl at iecc.com, jlevine at delphi.com, 1037498 at mcimail.com > > ------------------------------ > > End of PRIVACY Forum Digest 03.10 > ************************ > > > ----- End forwarded message > -- Joel Mueller - "Here lies one whose name is writ in water." Keats Check my .plan for my PGP Public Key. I can be reached anonymously at: mg5n+anpj5bfyquai7inqkylpqpndvzwtk4b at andrew.cmu.edu "This must be a Thursday. I never could get the hang of Thursdays." A. Dent From jis at mit.edu Mon May 16 11:04:13 1994 From: jis at mit.edu (Jeffrey I. Schiller) Date: Mon, 16 May 94 11:04:13 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week Message-ID: <9405161804.AA08573@big-screw> -----BEGIN PGP SIGNED MESSAGE----- The beta version of PGP 2.5 is now being removed from MIT file servers. In about a week, MIT will begin distribution of a new release numbered PGP 2.6. PGP 2.6 will incorporate a new version of RSAREF, scheduled for release by RSA Data Security next week, and will also correct bugs that were reported in PGP 2.5. In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions. MIT's intent is to discourage continued use of the earlier infringing software, and to give people adequate time to upgrade. As part of the release process, MIT has commissioned an independent legal review of the intellectual property issues surrounding earlier releases of PGP and PGP keyservers. This review determined that PGP 2.3 infringes a patent licensed by MIT to RSADSI, and that keyservers that primarily accept 2.3 keys are mostly likely contributing to this infringement. For that reason, MIT encourages all non-commercial users in the U.S. to upgrade to PGP 2.6, and all keyserver operators to no longer accept keys that are identified as being produced by PGP 2.3. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQBVAgUBLdezEVUFZvpNDE7hAQGRhAH+KACuaOfMynsL9QGmJpp9ToWEJB+1OFGb whoZbHbw/H268zIrFoCcm24UITcBiIcuSsk3ydpMyFTb/YBgIbzgqQ== =EbV1 -----END PGP SIGNATURE----- From cme at world.std.com Mon May 16 11:13:09 1994 From: cme at world.std.com (Carl M Ellison) Date: Mon, 16 May 94 11:13:09 PDT Subject: change of e-mail address Message-ID: <199405161803.AA08973@world.std.com> I have a new e-mail address, now that I'm leaving Stratus: cme at acm.org This is a remailing address and should be permanent (for life). It replaces cme at stratus.com (in various subdomains) and cme at world.std.com. - Carl P.S. public keys available by finger cme at world.std.com From hayden at krypton.mankato.msus.edu Mon May 16 11:17:39 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 16 May 94 11:17:39 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: <9405161804.AA08573@big-screw> Message-ID: On Mon, 16 May 1994, Jeffrey I. Schiller wrote: > MIT encourages all non-commercial users in the U.S. to upgrade > to PGP 2.6, and all keyserver operators to no longer accept keys that > are identified as being produced by PGP 2.3. But how SAFE is MIT-PGP 2.6? I've yet to read any independent reviews of it. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From snyderra at dunx1.ocs.drexel.edu Mon May 16 11:33:27 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Mon, 16 May 94 11:33:27 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: <9405161804.AA08573@big-screw> Message-ID: <199405161832.OAA05357@dunx1.ocs.drexel.edu> Jeffrey I. Schiller scribbles: > In order to fully protect RSADSI's intellectual property rights in > public-key technology, PGP 2.6 will be designed so that the messages it > creates after September 1, 1994 will be unreadable by earlier versions > of PGP that infringe patents licensed exclusively to Public Key Partners > by MIT and Stanford University. PGP 2.6 will continue to be able to read > messages generated by those earlier versions. So how long do you think it'll take after the release of 2.6 for patches that disable this "feature" to come out? And what about ViaCrypt's PGP 2.4? Bob From sandfort at crl.com Mon May 16 11:35:02 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 16 May 94 11:35:02 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: <9405161804.AA08573@big-screw> Message-ID: Jeffrey Schiller and C'punks, On Mon, 16 May 1994, Jeffrey I. Schiller wrote: > . . . > In order to fully protect RSADSI's intellectual property rights in > public-key technology, PGP 2.6 will be designed so that the messages it > creates after September 1, 1994 will be unreadable by earlier versions > of PGP that infringe patents licensed exclusively to Public Key Partners > by MIT and Stanford University. PGP 2.6 will continue to be able to read > messages generated by those earlier versions. > . . . Does this intentional non-interoperability include ViaCrypt PGP? S a n d y From mech at eff.org Mon May 16 11:47:56 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 16 May 94 11:47:56 PDT Subject: caller ID outrage from the FCC -- time to act (fwd) Message-ID: <199405161843.OAA29584@eff.org> Looks like the 2-pronged assault on privacy from Clipper and Digital Telephony just grew another prong... Forwarded message: Date: Sun, 15 May 1994 21:15:06 -0700 From: Phil Agre To: rre at weber.ucsd.edu Subject: caller ID outrage from the FCC -- time to act I've enclosed two messages from the Privacy digest about an outrageous FCC plan to undermine crucial privacy protections on caller-ID systems for telephones. Caller-ID exists so that marketing companies can collect information on unwitting consumers, and those same companies have lobbied long and hard to eliminate simple, ordinary schemes to give people control over whether this information is made available from their telephones. Having lost this battle in many states, they have evidently moved to the federal level. But time remains for your comments to make a difference. Please read the enclosed messages, judge for yourself, and act. Phil Encl: Date: Sun, 15 May 94 13:23 PDT From: privacy at vortex.com (PRIVACY Forum) To: PRIVACY-Forum-List at vortex.com Subject: PRIVACY Forum Digest V03 #10 PRIVACY Forum Digest Sunday, 15 May 1994 Volume 03 : Issue 10 Moderated by Lauren Weinstein (lauren at vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. ----------------------------------------------------------------------------- Date: Fri, 6 May 94 12:10:59 PDT From: carl_page at rainbow.mentorg.com (Carl Page @ DAD) Subject: FCC attacks Private Unlisted Phone Numbers Banned Nationwide. Law Enforcement Explicitly Compromised. Women's Shelters Security Threatened. Telephone Rules of 30 States Overturned. Direct Marketing Association Anticipates Profit. The FCC released its Report and Order And Notice of Proposed Rulemaking of March 29th, 1994 (CC Docket No. 91-281) With the arrogance that only federal bureaucrats can muster, the Federal Communications Commission has turned the clock back on Calling Number ID and privacy protection rules nationwide. Have you ever had any trouble giving a direct marketer your phone number? You won't any more. Your Per Line Caller ID blocking will be banned, thanks to the FCC Order which preempts the privacy protections provided by 30 states. The order carefully enumerates the concerns of law-enforcement agencies which need per-line blocking to do their jobs. It mentions the need Women's shelters have for per-line blocking. (A matter of life and death on a day-to-day basis) It mentions that the customers who attempt to keep unlisted numbers confidential will be certainly be thwarted. (Can one train all kids and house-guests to dial *67 before every call? Can you remember to do it yourself?) But the Order dismisses all of these problems, and determines that the greatest good for the greater number will be accomplished if RBOC's can profit a bit more by selling our numbers and if the direct marketers have less trouble gathering them. The FCC doesn't seem to trust consumers to be able to decide whether they want per-line blocking. It praises the $40 cost of an automatic *67 dialer as an appropriate disincentive that will benefit the nation by discouraging people's choice of per-line blocking. There was one part of the order I was pretty happy about, until I read it. The FCC has also banned the sale of numbers gathered by 800-900 number subscribers using the ANI system, unless they obtain verbal consent. (Note that no rules prevent sale of numbers from the presumably blockable CNID system.) The problem is that the only enforcement of the rule seems to be that the requirement must be included in the fine print of the ANI sale contract between the common-carrier and the ANI subscriber. So it seems to be up to the common-carrier to enforce a rule which is contrary to their financial interest. How can a person who suffers from publication or sale of their number recover compensation? The FCC is soliciting comments, due May 18th in their Further Notice Of Proposed Rulemaking on two issues: o Whether the Commission should prescribe more precise educational requirements. o Whether and how the policies adopted on caller ID should be extended to other identification services, such as caller party name or CPNI. I can think of some suggestions... ------------------------------ Date: Wed, 11 May 94 02:39:45 EDT From: johnl at iecc.com (John R Levine) Subject: FCC order on interstate Caller ID [ From TELECOM Digest V14 #208 -- MODERATOR ] I picked up a copy of the FCC's Caller ID order, which is available by FTP as /pub/Orders/Common_Carrier/orcc4001.txt or orcc4001.wp. (Kudos to the FCC for making this info available so easily and quickly, by the way.) Much of the order is straightforward and not contentious, e.g. delivering CNID between local and long distance carriers is so cheap to implement that neither may charge the other for the data. They also note that per-call blocking is a good idea, and that *67 should be the universal code to block CNID delivery. But the arguments they list against per-line CNID seem, to me, to be astonishingly specious. There are three blocking options 1) per call for anyone, 2) per line for anyone, and 3) per line for special groups. The FCC thinks, not unreasonably, that it's a mare's nest to ask the telco to implement 3, since they have to determine who's in the special groups and who isn't. Then they say: 43. In the NPRM, we tentatively concluded that per line blocking unduly burdens calling party number based services overall by failing to limit its applicability to those calls for which privacy is of concern to the caller. The Commission noted that even in the case of law enforcement personnel, there may be a need to maintain calling number privacy on some calls, but that the same number may be used to telephone other law enforcement personnel, victims of crimes, cooperative witnesses, and family or friends. The Commission asserted that in these types of calls, calling number privacy is not needed and calling number identification can actually be a valuable piece of information for both the caller and called parties. The record reflects the useful nature of CPN based services, and the comments of Rochester illustrate that callers are likely to be interested in blocking only a small percentage of their calls. The comments of USCG illustrate the usefulness of caller ID to emergency services. In contrast, Missouri Counsel's analogy to unlisted numbers is inapposite because caller ID only permits parties called by the calling party to capture the calling party number, and then only if the calling party has not activated a per call blocking mechanism. We find that the availability of per call unblocking does not cure the ill effects of per line blocking. Moreover, in an emergency, a caller is not likely to remember to dial or even to know to dial an unblocking code. For the foregoing reasons, we find that a federal per line blocking requirement for interstate CPN based services, including caller ID, is not the best policy choice of those available to recognize the privacy interests of callers. Thus, carriers may not offer per line blocking as a privacy protection mechanism on interstate calls. We agree that certain uses of captured calling numbers need to be controlled, and address that issue infra. In other words, per-line blocking is a bad idea because subscribers are too dumb to unblock calls when they want to unblock them, although they're not to dumb to block calls when they want to block them. In paragraph 47 they note that where per-line blocking is offered, telcos use *67 as a blocking toggle, so users can't really tell what *67 does, but it doesn't seem to occur to them that the problem is easily solved by requiring a different code for unblock than for block. In paragraph 48 they wave their hands and say that people who care about privacy can just buy a box for "as little as $40.00 per unit" that will stuff *67 in front of each call. Thanks, guys. The docket number is 91-281, with comments due by May 18th. Comments must reference the docket number. Send ten copies (yes, 10) to: Office of the Secretary Federal Communications Commission Washington DC 20554 Before you fire off a comment, please get a copy of the order, since there's a lot of material beyond what I've summarized. For people without FTP access, I've put them on my mail server. Send: send fcc-cnid.txt (for the text version) send fcc-cnid.wp.uu (for uuencoded compressed WP version) to compilers-server at iecc.com. Regards, John Levine, johnl at iecc.com, jlevine at delphi.com, 1037498 at mcimail.com ------------------------------ End of PRIVACY Forum Digest 03.10 ************************ -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From paul at hawksbill.sprintmrn.com Mon May 16 11:50:36 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 16 May 94 11:50:36 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: <9405161804.AA08573@big-screw> Message-ID: <9405161952.AA27828@hawksbill.sprintmrn.com> > > In order to fully protect RSADSI's intellectual property rights in > public-key technology, PGP 2.6 will be designed so that the messages it > creates after September 1, 1994 will be unreadable by earlier versions > of PGP that infringe patents licensed exclusively to Public Key Partners > by MIT and Stanford University. PGP 2.6 will continue to be able to read > messages generated by those earlier versions. > I suppose that it (also) will not allow upgrade inclusion of a secret key created with these previous versions? If not, I can't imagine many folks will be rushing to upgrade to 2.6. - paul From adam at bwh.harvard.edu Mon May 16 11:53:45 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 16 May 94 11:53:45 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: <199405161832.OAA05357@dunx1.ocs.drexel.edu> Message-ID: <199405161852.OAA11727@spl.bwh.harvard.edu> You wrote: | Jeffrey I. Schiller scribbles: | > In order to fully protect RSADSI's intellectual property rights in | > public-key technology, PGP 2.6 will be designed so that the messages it | > creates after September 1, 1994 will be unreadable by earlier versions | > of PGP that infringe patents licensed exclusively to Public Key Partners | > by MIT and Stanford University. PGP 2.6 will continue to be able to read | > messages generated by those earlier versions. | | So how long do you think it'll take after the release of 2.6 for | patches that disable this "feature" to come out? | | And what about ViaCrypt's PGP 2.4? Well, clearly, 2.6 will have some very bright AI features, so that it will talk to people who'se Key-ID's identify them as being outside of the US, as their versions of PGP are perfectly legal. And 2.4 is legal, if the 2.6 code doesn't recognize that, well, then that code is buggy & will need to be fixed. :) Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From perry at imsi.com Mon May 16 11:56:27 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 11:56:27 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: <9405161952.AA27828@hawksbill.sprintmrn.com> Message-ID: <9405161856.AA27870@snark.imsi.com> Paul Ferguson says: > > In order to fully protect RSADSI's intellectual property rights in > > public-key technology, PGP 2.6 will be designed so that the messages it > > creates after September 1, 1994 will be unreadable by earlier versions > > of PGP that infringe patents licensed exclusively to Public Key Partners > > by MIT and Stanford University. PGP 2.6 will continue to be able to read > > messages generated by those earlier versions. > > > > I suppose that it (also) will not allow upgrade inclusion of a secret > key created with these previous versions? If not, I can't imagine > many folks will be rushing to upgrade to 2.6. Besides, since 2.5 is legal, and doesn't have this "feature", and can be fixed by people at will, I suspect that no one will see any reason to use 2.6... Perry From barrett at daisy.ee.und.ac.za Mon May 16 12:00:53 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Mon, 16 May 94 12:00:53 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: <9405161804.AA08573@big-screw> Message-ID: > In order to fully protect RSADSI's intellectual property rights in > public-key technology, PGP 2.6 will be designed so that the messages it > creates after September 1, 1994 will be unreadable by earlier versions > of PGP that infringe patents licensed exclusively to Public Key Partners > by MIT and Stanford University. PGP 2.6 will continue to be able to read > messages generated by those earlier versions. Are we ever going to be told the details of the deals previously alluded to regarding keyservers and PGP 2.5 (and now presumably also PGP 2.6)? I grow more and more curious. If users inside the USA take to using PGP 2.6 then users outside the USA will, by fair means or foul, have to obtain PGP 2.6 (or at least enough technical data to enable them to independently implement the relevant algorithms). Failing that, they will have to live with the inability to read messages from PGP 2.6 users inside the USA. Sigh. I wonder whether anybody is deliberately fostering a split between USA and non-USA users of PGP. --apb (Alan Barrett) From perry at imsi.com Mon May 16 12:10:37 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 12:10:37 PDT Subject: pgp 2.6 stupidity Message-ID: <9405161910.AA01195@bacon.imsi.com> Personally, I find the PGP 2.6 announcement to be based on an extremely flawed premise. PGP 2.3a and earlier were not American software -- they were written and produced overseas and were IMPORTED into the U.S. They infringe on no patents or copyrights when used overseas. Well, I have lots of correspondants overseas, using perfectly legal software. They cannot legally use PGP 2.6 -- it isn't exportable. Therefore, this idiocy will act to cut me off from my overseas correspondants. I will not be able to use the current version of PGP and still communicate with them. I will therefore be forced to use older versions -- probably repeatedly patched versions of 2.5. Perry From paul at hawksbill.sprintmrn.com Mon May 16 12:21:34 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 16 May 94 12:21:34 PDT Subject: pgp 2.6 stupidity In-Reply-To: <9405161910.AA01195@bacon.imsi.com> Message-ID: <9405162023.AA27956@hawksbill.sprintmrn.com> > > Personally, I find the PGP 2.6 announcement to be based on an > extremely flawed premise. > > PGP 2.3a and earlier were not American software -- they were written > and produced overseas and were IMPORTED into the U.S. > > They infringe on no patents or copyrights when used overseas. > > Well, I have lots of correspondants overseas, using perfectly legal > software. They cannot legally use PGP 2.6 -- it isn't exportable. > > Therefore, this idiocy will act to cut me off from my overseas > correspondants. I will not be able to use the current version of PGP > and still communicate with them. I will therefore be forced to use > older versions -- probably repeatedly patched versions of 2.5. > Personally, I can't see any compelling reason, save legality, for domestic or international users of PGP to upgrade beyond 2.3a. This whole PGP 2.5/2.6 fiasco is ridiculous. - paul From snyderra at dunx1.ocs.drexel.edu Mon May 16 12:33:33 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Mon, 16 May 94 12:33:33 PDT Subject: pgp 2.6 stupidity In-Reply-To: <9405162023.AA27956@hawksbill.sprintmrn.com> Message-ID: <199405161932.PAA15015@dunx1.ocs.drexel.edu> Paul Ferguson scribbles: > > > > Personally, I can't see any compelling reason, save legality, for > domestic or international users of PGP to upgrade beyond 2.3a. > > This whole PGP 2.5/2.6 fiasco is ridiculous. > > - paul > > From sinclai at ecf.toronto.edu Mon May 16 12:38:37 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Mon, 16 May 94 12:38:37 PDT Subject: PGP outside the US Message-ID: <94May16.153825edt.11506@cannon.ecf.toronto.edu> A repeated comment that I see in cypherpunks is that "PGP 2.5 is illegal for use outside the US" and thus communications cannot take place between those in the US and outside using PGP 2.5. However, as I see it PGP 2.5 (or 2.6) is only illegal for use outside the US by US law. Most of us ouside the US really don't care about US law. The only problem is the export of PGP 2.5 from the US, which need only occur once. I can't believe that this hasn't already happened. So: US users can legally use PGP 2.5. Foreign users can also use PGP 2.5 until the US decides to kidnap them. As far as I know there are no laws against sending encrypted traffic across the border. Where lies the problem? -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi2LQpQAAAEEAMHIQtQtNi657RDTxpiBAXIonSlwjQJMM/jHbxLlk+bntkEJ g2y4ymguOpdlfEfnSud170Rnc1u04RoCM2CNBlEaNrjBAFTHXzjR6+X7JJ0rj53j 6Ju9U57GiWp+8e0RP/gUADnsplPZeYBlMpTT7Mt93AM2ZTSxFcyi36CIyUXVAAUR tCdEb3VnIFNpbmNsYWlyIDxzaW5jbGFpQGVjZi50b3JvbnRvLmVkdT6JAJUCBRAt i0PDIQX2Z9wex38BAdLMA/4g7HZQq7d3wC0jWoJL5XP7hiegXLT/8WenhBwL2DrR ILDvw2Pe1LGjBtmx4ynFq0Mplo6rIw/uSbMjMX+8AnF8Tei6tRaKj9N97YwziU2B B7AsLWRAnyAzaVoz2vYTPv0IiEbRguvFEem5yakMIfNM7+3dVlQFL4DSCjr8P4Qa qYkAlQIFEC2LQxnoHJmBi3GtGQEBbn4EAI0BynCzIfZFUaH+SeuoHovwsVt4ahZ9 YlqmwzN9Bfd/O4UKIvvYMQc9WnqmbX+I+LNduimIl/XAnUHANXF2ABcx+lbfw5wf j3U/9tkvfqB2Z4Ogtrf5XLN5wAnX8kaWvEqPiMzmxvPQlHIY75GGzhFCVocyBJV0 pRspTpUraoNR =JT40 -----END PGP PUBLIC KEY BLOCK----- From hayden at krypton.mankato.msus.edu Mon May 16 12:44:00 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 16 May 94 12:44:00 PDT Subject: PGP 2.6 and the future Message-ID: Seems to me, perhaps, that the introduction of 2.6 might be a precursor to RSA legally cracking down on anyone running pre-2.6 versions (accepting that 2.4, viacrypt, is ok). Scarey if you think about it, especially if the RSA folx are in bed with the fed, which doesn't seem that unrealistic considering the political climate. That, coupled witht he fact that no one has yet verified the seciurity of 2.5/2.6 lead me to seriously question the security of this new version, since we are essentially being forced to use it if RSA starts suing everyone, or gets the fed to crack down because of patent infringement. Sorry, just a rambling... ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hayden at krypton.mankato.msus.edu Mon May 16 12:44:56 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 16 May 94 12:44:56 PDT Subject: PGP outside the US In-Reply-To: <94May16.153825edt.11506@cannon.ecf.toronto.edu> Message-ID: On Mon, 16 May 1994, SINCLAIR DOUGLAS N wrote: > As far as I know there are no laws against sending > encrypted traffic across the border. Where lies the > problem? Just wait..... ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From blancw at microsoft.com Mon May 16 12:47:48 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 16 May 94 12:47:48 PDT Subject: pgp 2.6 stupidity Message-ID: <9405161849.AA28299@netmail2.microsoft.com> From: Paul Ferguson Personally, I can't see any compelling reason, save legality, for domestic or international users of PGP to upgrade beyond 2.3a. ........................................... Who/how would anyone know which version is being used? Are there going to be net police checking this out? Blanc From allan at elvis.tamu.edu Mon May 16 13:00:50 1994 From: allan at elvis.tamu.edu (Allan Bailey) Date: Mon, 16 May 94 13:00:50 PDT Subject: PGP 2.6 and the future In-Reply-To: Message-ID: <9405162000.AA00650@elvis.tamu.edu> -----BEGIN PGP SIGNED MESSAGE----- "Robert A. Hayden" writes: >Seems to me, perhaps, that the introduction of 2.6 might be a precursor >to RSA legally cracking down on anyone running pre-2.6 versions >(accepting that 2.4, viacrypt, is ok). How can they crack down on key-servers running only the keymanagement code? I don't think they can, but if they're in cahoots with the FED's then they can do what they want because they have guns. >Scarey if you think about it, especially if the RSA folx are in bed with >the fed, which doesn't seem that unrealistic considering the political >climate. That, coupled witht he fact that no one has yet verified the >seciurity of 2.5/2.6 lead me to seriously question the security of this >new version, since we are essentially being forced to use it if RSA >starts suing everyone, or gets the fed to crack down because of patent >infringement. I'm willing to wager that this 2.6 and maybe 2.5 versions are hacked by the NSA to put in their spiffy key-escrowed backdoor. Anyone think 2.6 *doesn't* have a backdoor added? - -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu Esperanto: MondLingvo, lingvo internacia. ;; spook fodder ;; ;; CIA SDI bomb Waco, Texas PLO Saddam Hussein Peking Clinton explosion ;; Croatian cryptographic nuclear class struggle World Trade Center ;; quiche -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdfQ2019fA0AcDy9AQHdPgP8CdVlF0UY5z2807uJtfqmT71Ne1N+ytKv aXtVryRn2S/zBDLBLpHyv5o1Wxyqr55R1ziFzIDDpB7qoZgwKxw0iK/rIqqvgZ6s 5+QH5OpHl1lUx0YkRryjwPRemV8+RMc1cPKZECVR1FiAzv4TaxVHbl31vU0Obce3 oDSRYIm1PFU= =xUVo -----END PGP SIGNATURE----- From SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil Mon May 16 13:02:57 1994 From: SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil (SGT=DARREN=S.=HARLOW%ISB%MCTSSA at nwsfallbrook3.nwac.sea06.navy.mil) Date: Mon, 16 May 94 13:02:57 PDT Subject: NES Message-ID: <9405162002.AA02343@toad.com> Does anyone have a write-up on NES? I believe that it is based on DES, but I am not sure. It is for a paper that I am writing up. Thanks! Sgt Darren Harlow - Computer Security MCTSSA, Camp Pendleton, USMC Internet: harlowd at nwsfallbrook3.nwac.sea06.navy.mil or another less reliable & slower: harlow at mqg1.usmc.mil Voice: Comm: (619) 725-2970 DSN (Autovon): 365-2970 Fax: Comm: (619) 725-9512 DSN (Autovon): 365-9512 PGP Public key available upon request "The views expressed are my own, and always will be..." From perry at imsi.com Mon May 16 13:04:52 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 13:04:52 PDT Subject: PGP 2.6 and the future In-Reply-To: <9405162000.AA00650@elvis.tamu.edu> Message-ID: <9405162004.AA28139@snark.imsi.com> Allan Bailey says: > I'm willing to wager that this 2.6 and maybe 2.5 versions are > hacked by the NSA to put in their spiffy key-escrowed backdoor. How much are you willing to wager? I'll take the bet at any size. Perry From allan at elvis.tamu.edu Mon May 16 13:13:35 1994 From: allan at elvis.tamu.edu (Allan Bailey) Date: Mon, 16 May 94 13:13:35 PDT Subject: PGP 2.6 and the future In-Reply-To: <9405162000.AA00650@elvis.tamu.edu> Message-ID: <9405162013.AA00693@elvis.tamu.edu> -----BEGIN PGP SIGNED MESSAGE----- "Perry E. Metzger" writes: > >Allan Bailey says: >> I'm willing to wager that this 2.6 and maybe 2.5 versions are >> hacked by the NSA to put in their spiffy key-escrowed backdoor. > >How much are you willing to wager? I'll take the bet at any size. > WAit! Let me correct that statement before I lose my shirt. I'm willing to wager that 2.6 (and maybe 2.5) MIT'd PGP versions are hacked by the NSA to put in a backdoor. ^^^^^^^^^^ (emphasis added.) I'll bet you a C-note, Perry. Now how do you propose to prove or disprove this? - -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu Esperanto: MondLingvo, lingvo internacia. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdfTok19fA0AcDy9AQHKiwP/dtC8MQ40g0mnGrD2gnxDJVG+gtxl4enB u35Gv0Yt7S5IVks+TJoyfv4SGT8tyjDrBbY7+ibOkM38VDsHPpg4IWQlM9I449EZ 9XgvCK5RvMVfBBpruRbQGCjz7b09MsAbUK3R/jerbYS7HwUkMZq7WBk269xDWBy6 sC6eHZGBN+k= =nh85 -----END PGP SIGNATURE----- PS: just make make sure we agree on the definition of "C-note": C-note == $100.00 US From perry at imsi.com Mon May 16 13:25:58 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 13:25:58 PDT Subject: PGP 2.6 and the future In-Reply-To: <9405162013.AA00693@elvis.tamu.edu> Message-ID: <9405162025.AA28191@snark.imsi.com> Allan Bailey says: > I'm willing to wager that 2.6 (and maybe 2.5) MIT'd PGP versions > are hacked by the NSA to put in a backdoor. > ^^^^^^^^^^ (emphasis added.) > > I'll bet you a C-note, Perry. Done for $100. > Now how do you propose to prove or disprove this? The commonly selected way to settle such things is to select a neutral referee to adjudicate based on available evidence. The source code is public, so it should it should be trivial to read it and make a decision as to whether anything untoward has been done. I'll accept any reasonably expert referee -- my selection of choice would be Hal Finney since he is a well known cypherpunk, is strongly familiar with the code and would recognise any tampering. Tampering may be defined given what you are claiming as the presense of what a reasonable cryptographer would refer to as a "back door". If you have any other suggested neutral third parties with requisite skill I'll happily tell you if they are acceptable. Once we've settled on a judge and they've accepted the charge (we may need to pay the person for their time), we present our evidence to the person and allow them to make a decision. I'll happily bet any larger sum, too, if you like. I'd also request that a neutral third party hold the stakes. At your choice the party can be the judge or another individual mutually acceptable. Perry From Richard.Johnson at Colorado.EDU Mon May 16 13:31:28 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Mon, 16 May 94 13:31:28 PDT Subject: How to make fixes stick (Was Re: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week) In-Reply-To: Message-ID: <199405162031.OAA13977@spot.Colorado.EDU> According to Jeffrey I. Schiller, PGP 2.6 will issue broken messages, unreadable by earlier legal versions of PGP (Viacrypt's 2.4 in USA and Canada, and any version outside backward-crypto-land) In summary, how do we make our fixes to this obvious bug stick? (Institutional paranoia on) To me, this change is an obvious step in satisfying the TLA's desire for a segmented crypto market to slow widespread use of strong crypto. On the one side, we have misapplied ITAR regulations preventing export of a worldwide standard. On the other side, we have a wrongly-granted patent preventing use of an imported worldwide standard. PGP is a de-facto worldwide standard, and they're trying to break it. (Institutional paranoia off) From the keyboard of: Adam Shostack > And 2.4 is legal, if the 2.6 code doesn't recognize that, > well, then that code is buggy & will need to be fixed. :) Adam has the right idea. The question is, how do we make such a fix stick? In order to beat the "canonical release" advantage of the broken 2.6, we'll need to spread the word widely (at least until a 2.6-compatible PGP is released and ported to the full range of current platforms by our outside compatriots). Some suggestions for after we create such patches: Letters to computer magazines (Infoworld, Wired, PC Week, etc.) Add entry to PGP FAQ about communicating with non-USA/Canada PGP users Add entry to PGP WWW pages in UK Weekly postings of the patches to alt.security.pgp (from outside NA) Monthly postings of the patches to alt.sources.patches (from outside NA) Press releases in other appropriate newsgroups, repeated Come up with others, particularly for the non-net world. :-) Richard From hayden at krypton.mankato.msus.edu Mon May 16 13:31:58 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 16 May 94 13:31:58 PDT Subject: Hmm Message-ID: Hmm, since I brought up the idea, can I take a flat 10% off the top of any winnings? Sorta a finders fee or someting? Robert "momma needs a new hard drive" Hayden -- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From mech at eff.org Mon May 16 13:33:46 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 16 May 94 13:33:46 PDT Subject: Barlow Liberty Essay Airs on PBS May 17 Message-ID: <199405162031.QAA03662@eff.org> Forwarded message: Date: Mon, 16 May 1994 10:34:42 -0800 From: John Perry Barlow Subject: Barlow Liberty Essay Airs on PBS Tomorrow Night Folks, I commend to your attention a video essay on Liberty which I did for PBS last summer. It will air tomorrow May 17 at 10:00 PM EST (your listings may vary) as part of a program called Declarations. Could I please persuade those of you who re-post to put this in any places where there might be people interested? Thanks much. Enduring, Barlow -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From hayden at krypton.mankato.msus.edu Mon May 16 13:40:10 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 16 May 94 13:40:10 PDT Subject: Combatting 2.6 Message-ID: One of the ways we might be able to get the general public to not want to use the MIT version of 2.5/2.6 would be to get the various professional organizations, such as the EFF or CPSR to take a stand questioning the security and agenda behind 2.6. Just a thought. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From allan at elvis.tamu.edu Mon May 16 13:41:05 1994 From: allan at elvis.tamu.edu (Allan Bailey) Date: Mon, 16 May 94 13:41:05 PDT Subject: PGP 2.6 and the future In-Reply-To: <9405162013.AA00693@elvis.tamu.edu> Message-ID: <9405162040.AA00829@elvis.tamu.edu> "Perry E. Metzger" writes: > >Allan Bailey says: >> I'm willing to wager that 2.6 (and maybe 2.5) MIT'd PGP versions >> are hacked by the NSA to put in a backdoor. >> ^^^^^^^^^^ (emphasis added.) >> >> I'll bet you a C-note, Perry. > >Done for $100. > >> Now how do you propose to prove or disprove this? > >The commonly selected way to settle such things is to select a neutral >referee to adjudicate based on available evidence. The source code is >public, so it should it should be trivial to read it and make a >decision as to whether anything untoward has been done. I'll accept >any reasonably expert referee -- my selection of choice would be Hal >Finney since he is a well known cypherpunk, is strongly familiar with >the code and would recognise any tampering. Well, Hal wanted to bet me too, but you were first. If he's still willing, I'll agree to him also. >Tampering may be defined >given what you are claiming as the presense of what a reasonable >cryptographer would refer to as a "back door". Agreed. >Once we've settled on a judge and they've >accepted the charge (we may need to pay the person for their time), we >present our evidence to the person and allow them to make a decision. Agreed. >I'll happily bet any larger sum, too, if you like. I'm a University programmer/sysadmin. I.e., poor, but with a good InterNet connection. :) >I'd also request >that a neutral third party hold the stakes. At your choice the party >can be the judge or another individual mutually acceptable. Sounds fine with me. If Hal, or another agreed upon judge is willing, I'll send my cheque in. -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu Esperanto: MondLingvo, lingvo internacia. From allan at elvis.tamu.edu Mon May 16 13:42:25 1994 From: allan at elvis.tamu.edu (Allan Bailey) Date: Mon, 16 May 94 13:42:25 PDT Subject: PGP 2.6 and the future In-Reply-To: <9405162013.AA00693@elvis.tamu.edu> Message-ID: <9405162042.AA00837@elvis.tamu.edu> bludy emacs VM doesn't stop you from sending an unsigned message yet. i'm going to have to make a binding for that tonight.... grrr... -----BEGIN PGP SIGNED MESSAGE----- "Perry E. Metzger" writes: > >Allan Bailey says: >> I'm willing to wager that 2.6 (and maybe 2.5) MIT'd PGP versions >> are hacked by the NSA to put in a backdoor. >> ^^^^^^^^^^ (emphasis added.) >> >> I'll bet you a C-note, Perry. > >Done for $100. > >> Now how do you propose to prove or disprove this? > >The commonly selected way to settle such things is to select a neutral >referee to adjudicate based on available evidence. The source code is >public, so it should it should be trivial to read it and make a >decision as to whether anything untoward has been done. I'll accept >any reasonably expert referee -- my selection of choice would be Hal >Finney since he is a well known cypherpunk, is strongly familiar with >the code and would recognise any tampering. Well, Hal wanted to bet me too, but you were first. If he's still willing, I'll agree to him also. >Tampering may be defined >given what you are claiming as the presense of what a reasonable >cryptographer would refer to as a "back door". Agreed. >Once we've settled on a judge and they've >accepted the charge (we may need to pay the person for their time), we >present our evidence to the person and allow them to make a decision. Agreed. >I'll happily bet any larger sum, too, if you like. I'm a University programmer/sysadmin. I.e., poor, but with a good InterNet connection. :) >I'd also request >that a neutral third party hold the stakes. At your choice the party >can be the judge or another individual mutually acceptable. Sounds fine with me. If Hal, or another agreed upon judge is willing, I'll send my cheque in. - -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu Esperanto: MondLingvo, lingvo internacia. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdfadU19fA0AcDy9AQF6MgP+LNU5cbOIko4EyIXc8xkA3h3vQf6UOOIA RsysJhbY8NWjtBZ2yI3yxewrLecb0+448tLmFjuPDM+ZlORcP7OPS30qMOzuO8oe VZC/nWm+SvD2Rgh5T8pI5RjcbD8SLozBlcwMVdvnmEyxngCaRLmlBoMLWqmeom9k RJ6PD0FHYKw= =8pmK -----END PGP SIGNATURE----- From D.J.Crookes at sheffield.ac.uk Mon May 16 13:43:45 1994 From: D.J.Crookes at sheffield.ac.uk (Dave Crookes) Date: Mon, 16 May 94 13:43:45 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: Message-ID: On Mon, 16 May 1994, Alan Barrett wrote: > > If users inside the USA take to using PGP 2.6 then users outside the > USA will, by fair means or foul, have to obtain PGP 2.6 (or at least > enough technical data to enable them to independently implement the > relevant algorithms). Failing that, they will have to live with the > inability to read messages from PGP 2.6 users inside the USA. Sigh. I > wonder whether anybody is deliberately fostering a split between USA and > non-USA users of PGP. I just found PGP 2.5 on a non-USA ftp site. I expect 2.6 will turn up there. Dave From perry at imsi.com Mon May 16 13:46:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 13:46:10 PDT Subject: Combatting 2.6 In-Reply-To: Message-ID: <9405162045.AA28253@snark.imsi.com> "Robert A. Hayden" says: > One of the ways we might be able to get the general public to not want to > use the MIT version of 2.5/2.6 would be to get the various professional > organizations, such as the EFF or CPSR to take a stand questioning the > security and agenda behind 2.6. I'm sure the security is fine. The agenda is probably just Jim Bidzos getting petty revenge for PRZ having annoyed him. I see nothing sinister here, although I do see some things that are stupid. Deliberately sabotaging functionality is not acceptable. Perry From hayden at krypton.mankato.msus.edu Mon May 16 13:50:23 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 16 May 94 13:50:23 PDT Subject: Combatting 2.6 In-Reply-To: <9405162045.AA28253@snark.imsi.com> Message-ID: On Mon, 16 May 1994, Perry E. Metzger wrote: > I'm sure the security is fine. The agenda is probably just Jim Bidzos > getting petty revenge for PRZ having annoyed him. I see nothing > sinister here, although I do see some things that are stupid. Oh, i agree. Security of 2.6 and the agenda are probably just fine, but we've had no independent verification of that security, and revelations of the agenda, and being a paranoid cypherpunk who missed woodstock (sorry couldn't resist), that is an issure that very much concerns me. To push an UNTESTED product with an unknown background forceably to replace something we can trust is something I consider to be sinister. The whole fiasco, from the day the new keyserver restrictions were announced, to the half-hearted neta announcement, to this new one, no not show a program that has been fully tests. As if we are supposed to accept it just because it has the name PGP on it. Homey don't play that. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From barrett at daisy.ee.und.ac.za Mon May 16 13:51:23 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Mon, 16 May 94 13:51:23 PDT Subject: PGP outside the US In-Reply-To: <94May16.153825edt.11506@cannon.ecf.toronto.edu> Message-ID: > Foreign users can also use PGP 2.5 until the US decides to kidnap > them. Yes, but why would we want to? I am reasonably satisfied with my legal copy of PGP 2.3a. I would be happy to upgrade if there were technical reasons for doing so, but I am not happy to downgrade to RSAREF's reportedly inferior implementation of certain important operations. I understand that USA folk are in a different legal position from mine, and may wish to legitimise their PGP use by downgrading. But I am most displeased with what I see as attempts to force me to either downgrade (for no good legal or technical reason) or face an inability to communicate with USA folk who have chosen (for valid legal reasons) to downgrade. --apb (Alan Barrett) From adam at bwh.harvard.edu Mon May 16 13:51:47 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 16 May 94 13:51:47 PDT Subject: PGP 2.6 In-Reply-To: <199405162031.OAA13977@spot.Colorado.EDU> Message-ID: <199405162050.QAA12121@spl.bwh.harvard.edu> Richard Johnson: | Adam has the right idea. The question is, how do we make such a fix | stick? In order to beat the "canonical release" advantage of the | broken 2.6, we'll need to spread the word widely (at least until a | 2.6-compatible PGP is released and ported to the full range of current | platforms by our outside compatriots). I think the way to do it is to 'de-cannonize' the MIT release of the code. That is to say, not make any mention of MIT as an FTp site for it, but instead, make a contrib directory at the top level, with patches & a readme. Then tar that up, perhaps as PGP2.6.1, and put it on soda, EFF, and other major FTP sites. In the "where to get PGP" docs, make no mention of the FTP site at MIT, or perhaps make mention of the fact that it fails to handle releases outside of the US properly, and that this problem is not being fixed for political reasons. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From gtoal at an-teallach.com Mon May 16 13:53:10 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 16 May 94 13:53:10 PDT Subject: PGP outside the US Message-ID: <199405162053.VAA11926@an-teallach.com> So: US users can legally use PGP 2.5. Foreign users can also use PGP 2.5 until the US decides to kidnap them. As far as I know there are no laws against sending encrypted traffic across the border. Where lies the problem? With people like me who commute from the UK to the US regularly and don't particularly look forward to a strip-search and a flashlight up the butt every visit. (Unless the customs officer is *very* cute...) This is why I specifically don't want a copy of 2.5/2.6... - and I can't see any need for it anyway. G From lefty at apple.com Mon May 16 13:53:13 1994 From: lefty at apple.com (Lefty) Date: Mon, 16 May 94 13:53:13 PDT Subject: PGP 2.6 and the future Message-ID: <9405162049.AA29765@internal.apple.com> >Allan Bailey says: >> I'm willing to wager that this 2.6 and maybe 2.5 versions are >> hacked by the NSA to put in their spiffy key-escrowed backdoor. > >How much are you willing to wager? I'll take the bet at any size. I'll pick up any piece of this action which Perry is unwilling, or unable, to cover. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From perry at imsi.com Mon May 16 13:57:06 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 16 May 94 13:57:06 PDT Subject: Combatting 2.6 In-Reply-To: Message-ID: <9405162056.AA28295@snark.imsi.com> "Robert A. Hayden" says: > On Mon, 16 May 1994, Perry E. Metzger wrote: > > > I'm sure the security is fine. The agenda is probably just Jim Bidzos > > getting petty revenge for PRZ having annoyed him. I see nothing > > sinister here, although I do see some things that are stupid. > > Oh, i agree. Security of 2.6 and the agenda are probably just fine, but > we've had no independent verification of that security, Hey, the sources are going to be public. I've already bet $100 that there is nothing wrong with them. Perry From adam at bwh.harvard.edu Mon May 16 14:09:49 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 16 May 94 14:09:49 PDT Subject: PGP outside the US In-Reply-To: <199405162053.VAA11926@an-teallach.com> Message-ID: <199405162109.RAA12306@spl.bwh.harvard.edu> Graham wrote: | This is why I specifically don't want a copy of 2.5/2.6... - and I | can't see any need for it anyway. I need 2.5/2.6 because I would like to officially & unofficially encourage users at the hospital where I work to use PGP. I could not do that when there were possible patent violations hanging over it. With new versions without the legal cloud, I will be able to use PGP for buisness as well as personal use. I consider that to be a major enough win that I was in the process of trying to get several thousand dollars authorized to pay Viacrypt for a 'lab-wide' license that would have covered all the machines I manage. With 2.5 available, we can spend that money on some disks. :) Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From VACCINIA at UNCVX1.OIT.UNC.EDU Mon May 16 15:29:36 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Mon, 16 May 94 15:29:36 PDT Subject: PGP 2.6 incompatibilities Message-ID: <01HCF0JH2QOY001O54@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- First I would like to say that Mr. Bailey is being taken (should have recanted while you had a chance), that being said, it is worth it to get someone to examine the code in a thorough manner. I'll ante up $10 to help alleviate the pain of losing this bet, Mr Bailey. Only good things can come of such a bet in my opinion. Perhaps, the above code analysis will present some new insights into patches and maybe even improvements! Someone wrote the list to say that the RSAREF code in 2.5 is not as good as Phil's, MIT seems to agree since it now has implimented new RSA code "while you wait". I'm not using this new code unless the type of patch Adam Shostack has suggested is implemented, that is, it is fully compatible with previous (i.e. 2.3, 2.3a, 2.4) versions. This attempt at divide and conquer cannot be allowed. I would like to use a PGP which does not violate intellectual property rights (no matter the shaky legal patent grounds, at least here in the U.S.), but I'm not willing to use an "us" (americans, canadians) version of PGP leaving "them" (anyone else) totally incompatible. That just incapacitates all of us. Bring on PGP 2.6a. Scott G. Morham !The First, VACCINIA at uncvx1.oit.unc.edu! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdfjrD2paOMjHHAhAQGSmQQA11SRVxevsL3NNvaBRyYc0yzqLjfxJ3dN 7I2leHc73nRwPwhhUJt2xeooHLlAlOHtLa+FBcbz8E03/vd8aBe7G0t7I4h0pSoB ujT5FRrArqV2x7AlVZquhbRECJ2nhwcIxN862GLvOYYQtIbC7NKvOYCFYMVt0p+x N1/28tvfRD4= =EB2O -----END PGP SIGNATURE----- From grendel at netaxs.com Mon May 16 15:34:19 1994 From: grendel at netaxs.com (Michael Handler) Date: Mon, 16 May 94 15:34:19 PDT Subject: PGP 2.6 and the future In-Reply-To: <9405162000.AA00650@elvis.tamu.edu> Message-ID: <199405162234.SAA03053@access.netaxs.com> > "Robert A. Hayden" writes: > > I'm willing to wager that this 2.6 and maybe 2.5 versions are > hacked by the NSA to put in their spiffy key-escrowed backdoor. > > Anyone think 2.6 *doesn't* have a backdoor added? Yup. In order for ANYONE with sense to trust this release, they're going to have to release the source like they have in previous versions. If there is a backdoor in the code, it will undoubtedly be spotted rather quickly, as there will be hundreds, if not thousands of people going over the code... And if there is a backdoor, it will be quickly eliminated via a patch file. Personally, I'm going to compile the code myself, just to make sure they haven't tried to sneak a backdoor into the binary and not the source... As for patching PGP 2.6 to read previous messages: since RSAREF is going to be changing, I don't know how likely this is. Our best bet would be to include RSAREF 2.0, which I believe can still decode earlier messages, as well as the new RSAREF, and put in code to recognize which version of PGP the message was created with and use the "apppropriate" version of RSAREF. Anyway, this should be a moot point after about two weeks or so, as PGP v2.6 will undoubtedly appear in the rest of the world.. -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server / mail / finger | ========================================================================== From MIKEINGLE at delphi.com Mon May 16 16:01:45 1994 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Mon, 16 May 94 16:01:45 PDT Subject: Fixing pgp 2.6 Message-ID: <01HCF1L2VLIQ935JK8@delphi.com> >In order to fully protect RSADSI's intellectual property rights in >public-key technology, PGP 2.6 will be designed so that the messages it >creates after September 1, 1994 will be unreadable by earlier versions >of PGP that infringe patents licensed exclusively to Public Key Partners >by MIT and Stanford University. PGP 2.6 will continue to be able to read >messages generated by those earlier versions. So it will produce readable messages before Sept 1, 1994? Then there must be an if somewhere in the program to check the date. That should be fix- able with a patch of a few bytes to the object code. The best way to uncripple it would be to distribute a small .exe program which patches your version of PGP in place. Also include the source for the .exe so nobody thinks it does anything evil. We are being divided and conquered. If PGP 2.6 succeeds, our goal of a worldwide strong crypto standard is dead. This needs to be stopped. --- Mike From GERSTEIN at SCSUD.CTSTATEU.EDU Mon May 16 16:12:07 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (GERSTEIN at SCSUD.CTSTATEU.EDU) Date: Mon, 16 May 94 16:12:07 PDT Subject: Ripem Mac, MacPGP and NEON Message-ID: <940516191142.202052af@SCSUD.CTSTATEU.EDU> Hey guys- Can anyone tell me what the latest version of Ripem for the Mac is, as well as where I can find it. Also, does anyone know when MacPGP 2.5 or 2.6 will be available? Reply to either question via private mail as I am no longer on the list :( Neon- Mail me if you did/did not get my post to you. Adam Gerstein GERSTEIN at SCSU.CTSTATEU.EDU From an60011 at anon.penet.fi Mon May 16 17:10:15 1994 From: an60011 at anon.penet.fi (Ezekial Palmer) Date: Mon, 16 May 94 17:10:15 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week Message-ID: <199405162351.AA26497@xtropia> -----BEGIN PGP SIGNED MESSAGE----- Date: Mon, 16 May 1994 14:56:06 -0400 From: "Perry E. Metzger" Besides, since 2.5 is legal, and doesn't have this "feature", and can be fixed by people at will, I suspect that no one will see any reason to use 2.6... I still haven't seen a good reason to stop using 2.3a . . . . Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdgC/hVg/9j67wWxAQE4gQQAgS7erpez7HooIXwHQri0pK3iNPYjAH5d ostRb9+NA9usyJrQ8kC+mQbV67R9dcnqZqivHEx63OXN+Wbo1zy3sZb8W5hs+S8r /cM1FcWJOb9gKVksIFi2DJHP3RljoLHeZQbYJutcTgFhWxokyjOo+rig4gzacfp5 jMlcA3BzXGM= =RyRf -----END PGP SIGNATURE----- From dat at ebt.com Mon May 16 17:11:00 1994 From: dat at ebt.com (David Taffs) Date: Mon, 16 May 94 17:11:00 PDT Subject: PGP 2.6 ??? Message-ID: <9405170010.AA13546@helpmann.ebt.com> What's the story with PGP 2.6? I haven't (yet) gotten any hard information about it -- is there mail I should have gotten but didn't? I'm sure glad MIT put out 2.5, before putting out 2.6. It would have been much worse if they went right to 2.6. It does seem fortuitous that 2.5 ever got released at all, or am I missing something? This whole process backs up the point that the whole cryptography infrastructure is important. Maybe the world will split into 2.6+ and 2.5- camps, with the 2.6+ camps being locked onto a bandwagon they can't get off of. Maybe all software in the future will have 2.6+ built into it, making life really unmanagable for the dwindling 2.5- crowd[sic]. How can you get cryptography to the masses when they all have Clipper? You can't -- if it gets that bad, we've lost the battle (although we can keep our own antique 2.5- copy if we want to, as a relic from the "good old days"). I'd bet that 2.6 doesn't have a backdoor in it, but that 2.7 or 2.8 or 3.9 or 123.456 eventually will... And, as I pointed out before, if the world gets saddled with a key length restriction in whatever evolves to become the standard, eventually that will be equivalent to a back door. Maybe I'm too pessimistic, but how can we fight the infrastructure battle? I'm sore afraid that our brand of crypto is like trying to peddle a new OS to compete with Unix/NT/... -- it just ain't real easy to displace a "standard", flawed though it may be... Any ideas are welcome -- I'm just running a little low now. -- dat at ebt.com (David Taffs) From smrf at mu.sans.vuw.ac.nz Mon May 16 17:46:49 1994 From: smrf at mu.sans.vuw.ac.nz (Smrf.) Date: Mon, 16 May 94 17:46:49 PDT Subject: PGP 2.5 Warning In-Reply-To: <9405161033.AA23099@ininx> Message-ID: On Mon, 16 May 1994, John E. Kreznar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I wrote: > > > This should be obvious, but probably bears repetition anyway: > > > FREEMAN BEWARE: By switching to PGP 2.5 you would commence to affirm > > with each message you send that you are a subject of the U.S. State. > > I have been asked in email what would happen if a person outside the > U.S. were to use it. > > If a person were initially not a subject (``outside'') of the U.S., he > would destroy that status in the process of acquiring PGP 2.5. This > follows from the MIT announcement: So, you are saying that I will be automatically subject to US law if I use this product? Hmmm, wonder what that does in terms of citizenship issues - as far as _I_ am concerned, the only law that has jurisdiction for me is NZ law, and US law can go get hanged, no? On a different note, where are the PKP patents registered, and how? Are they under the Int. Patent Coop. Treaty? If so, they might have some validity here... - Smrf. -- 'I'm out walking the drummer, man!' | robinson_m at ix.wcc.govt.nz # Floyd Pepper | mjrobins at nyx10.cs.du.edu From mcable at Emerald.tufts.edu Mon May 16 18:10:46 1994 From: mcable at Emerald.tufts.edu (Matthew Cable) Date: Mon, 16 May 94 18:10:46 PDT Subject: Key Servers... Message-ID: Question for all of you. With the announcement of the 2.6 release, there is a specific mention of Keyservers which accept 2.6- keys violating RSA's intellectual copyrights... This has coincided with the dissapearence of nearly all the key servers .... Is something afoot? And what do you think RSA has up its sleeve? *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* mcable@[jade,emerald,cs].tufts.edu \|/ wozz at wozz.ext.tufts.edu Matthew Cable <0-0> wozzeck at mindvox.phantom.com MTUC Jackson Labs ----o00-O-00o----- http://www.cs.tufts.edu/~mcable/ Tufts University GCS/MU -d+ -p+ c++++ l++ u++ e+ m++(*) s++ !n h+ f* g+ w++ t+ r- y+ *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* From hfinney at shell.portal.com Mon May 16 18:18:43 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 16 May 94 18:18:43 PDT Subject: Fixing pgp 2.6 Message-ID: <199405170119.SAA03626@jobe.shell.portal.com> I think there are some things being overlooked in this discussion. First, note the strong hint in Schiller's message about operators of key servers who accept pre-2.6 keys being guilty of contributory infringement of the RSA patent. I think we can expect strong legal pressure from RSA to shut down the remaining U.S. key servers, even those which don't use illegal versions of PGP. They succeeded once in shutting down the key servers which used PGP; they will succeed again in shutting down the others due to the contributory infringement threat. For the same reason, hopes of getting a non-RSA-approved "2.6a" (hacked to be backwards compatible with 2.3) widely available in the U.S. are not well founded. FTP sites which hold programs or even patch files to allow 2.6 to interoperate with 2.3 will be targetted by RSA as contributory infringers. In short, the legal advantages PGP 2.6 will have over unapproved versions will be strong enough that it will be widely used in the U.S. However, this does not mean the loss of international encrypted communications. The solution is simple. PGP 2.3a will be patched to be compatible with PGP 2.6. I don't know what we'll call it, "PGP2.3e", perhaps, where "e" is for Europe. 2.3e will have the speed advantages of 2.3a, no copyright problems with RSAREF use, be perfectly legal outside the U.S., and will interoperate with 2.6. Converting from 2.3a to 2.3e will be no more difficult than converting from 2.2 to 2.3 was. Although I hate Jim Bidzos' guts for what he has done to Phil, he holds the legal upper hand for the next few years. The present course does allow for wider use of encryption by the public, which we can all support. Look at it rationally, and 2.6 is a step in the right direction. Hal P.S. It's possible that pre-2.6 keys will not interoperate with 2.6, in which case users of both 2.6 and what I am calling 2.3e will have to generate new keys. This is no great problem; people should make new keys and retire their old ones every year or two anyway, IMO. From nobody at shell.portal.com Mon May 16 18:25:28 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 16 May 94 18:25:28 PDT Subject: Thanks Message-ID: <199405170126.SAA04312@jobe.shell.portal.com> -----BEGIN PGP MESSAGE----- Version: 2.3a hEwCBPvdAmUopWUBAf985O7m3n+Afgt/dV6zZLUlGwhAW/wXjf0wYHsmtjB4Z90R ooBtugnRz3eE7lVVsOiDuzz5YHuZwJjYl3dcuBbLpgAAARrqtboCT90lCj2vBh2u POiKX1tOY1S1uYKR3kyupqESh6bGmRLnP1iMxqe5ugD0ViprEB3vgXt60Bff9ck+ JioW59HH5O4A2VnQU4BjuMroOolX2gXHeIV2gBiSh5uB539HR0f50TrfwuBK4oak oa5C3IrdRDaZt0ul6jty7AmiErYDLodUkoZjU4la48qP0j2AKPDvAsqTkboO+wfl zgjefuw3JaYooLg2e+Drzk259wTLo3S+hWjEJ92Ho0/uNKA48ToLc9Y5X0KC6y/l ZzwsKi0Ugv5WSSll6phD3CWVbwLbgmY8CkrRnarPVt2NX7B7gAGuAXWKp27fYBT6 iBZSXNN+k6kHEMe2K0tqTKJqk5P/Zf5xA56ELlY= =2jIp -----END PGP MESSAGE----- From jamesd at netcom.com Mon May 16 18:26:43 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 16 May 94 18:26:43 PDT Subject: PGP 2.6 ??? In-Reply-To: <9405170010.AA13546@helpmann.ebt.com> Message-ID: <199405170116.SAA21306@netcom.com> David Taffs writes > > Maybe I'm too pessimistic, but how can we fight the infrastructure > battle? I'm sore afraid that our brand of crypto is like trying to > peddle a new OS to compete with Unix/NT/... -- it just ain't real > easy to displace a "standard", flawed though it may be... > > Any ideas are welcome -- I'm just running a little low now. Obviously the rest of the world is not going to accept a standard crippled for the convenience of any one government. If 2.6 is deliberately incompatible, I predict that it will fail. Remember how IBM failed when it tried to change the PC standard. Remember the great Apple III flop. In the unlikely event that "Cypherpunks write code" then cypherpunks will control the standard. It really is that easy.i Standards are set by good products, not by governments or big companies.. -- --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesd at netcom.com | the arbitrary power of the omnipotent state. From anonymous at extropia.wimsey.com Mon May 16 18:27:08 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 16 May 94 18:27:08 PDT Subject: [ANON] War in rec.guns Message-ID: <199405170109.AA27003@xtropia> [[Reply-To: john.nieder at tigerteam.org]] * Original msg to: Thomteach at aol.com -=> Quoting Thomteach at aol.com to John Nieder <=- Th> Frankly, if anyone should be discreet, I wish it would be the folks Th> who use my personal E-mail address. Getting exposed to the message Th> involuntarily is something of a drag. At least when such messages are Th> posted to the rec.guns address, I am left with the _choice_ of whether Th> or not to access the post. Alas, Tom, this is untrue. My posts to rec.guns are being stopped by the moderator, as are at least some of the other pro-anon messages going to the group. I put a Bcc: list up including you and others who had commented on the [ANON] thread there or to me by netmail so you would have an unfiltered source for my posts in the continuing discussion. You may get two more posts from a mailing I already sent out tonight, but in that you are apparently requesting that you receive no more netmail on this I will delete your name. Any others receiving these posts netmail who do not wish to, please let me know and I will delete them from the Bcc: list, with my apologies. If indeed the moderator was following his philosophy of - what was it? - "sunlight" or "openness," in the newsgroup instead of selective suppression of dissenting messages, these mailings would have been unnecessary. Thanks for your patience. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| From unicorn at access.digex.net Mon May 16 18:32:14 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 16 May 94 18:32:14 PDT Subject: pgp 2.6 stupidity In-Reply-To: <9405161910.AA01195@bacon.imsi.com> Message-ID: <199405170131.AA25051@access1.digex.net> [...] > > PGP 2.3a and earlier were not American software -- they were written > and produced overseas and were IMPORTED into the U.S. > > They infringe on no patents or copyrights when used overseas. > > Well, I have lots of correspondants overseas, using perfectly legal > software. They cannot legally use PGP 2.6 -- it isn't exportable. > > Therefore, this idiocy will act to cut me off from my overseas > correspondants. I will not be able to use the current version of PGP > and still communicate with them. I will therefore be forced to use > older versions -- probably repeatedly patched versions of 2.5. Perhaps you should consider adopting the more internation and just as secure Clipper system. This will eliminate all your hastles and it's freely exportable! > > Perry > -uni- (Dark), who would put a smiley in, but it seems no laughing matter. -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From tcmay at netcom.com Mon May 16 18:46:01 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 16 May 94 18:46:01 PDT Subject: AOL for Acronym OverLoading In-Reply-To: <9405162002.AA02343@toad.com> Message-ID: <199405170145.SAA11848@netcom.com> > > Does anyone have a write-up on NES? I believe that it is based on > DES, but I am not sure. It is for a paper that I am writing up. > > Thanks! > > Sgt Darren Harlow - Computer Security The NES has been pretty much replaced by S-NES, the Super-Nintendo Entertainment System. Check it out in any toy store. Oh, you meant something different? This exemplifies what I believe it was Eric Hughes who called it "acronym overloading," or "TLA overlaoding." I have thus dubbed this "AOL," standing for both America OnLine _and_ Acronym OverLoading, thus defining itself by example. Other cases of AOL: LCD -- Least Common Divisor, Liquid Crystal Display CIA -- Culinary Institute of America, Central Intelligence Agency DOE -- Department of Energy, Distributed Objects Everywhere (Sun) ..and probably dozens more --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From unicorn at access.digex.net Mon May 16 18:58:32 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 16 May 94 18:58:32 PDT Subject: Fixing pgp 2.6 In-Reply-To: <01HCF1L2VLIQ935JK8@delphi.com> Message-ID: <199405170158.AA25971@access1.digex.net> > > >In order to fully protect RSADSI's intellectual property rights in > >public-key technology, PGP 2.6 will be designed so that the messages it > >creates after September 1, 1994 will be unreadable by earlier versions > >of PGP that infringe patents licensed exclusively to Public Key Partners > >by MIT and Stanford University. PGP 2.6 will continue to be able to read > >messages generated by those earlier versions. > > So it will produce readable messages before Sept 1, 1994? Then there must > be an if somewhere in the program to check the date. That should be fix- > able with a patch of a few bytes to the object code. The best way to > uncripple it would be to distribute a small .exe program which patches > your version of PGP in place. Also include the source for the .exe > so nobody thinks it does anything evil. We are being divided and conquered. > If PGP 2.6 succeeds, our goal of a worldwide strong crypto standard is dead. > This needs to be stopped. As annoyed with the 2.5-2.6 releases as I have been, (and I hate to say I told you so... but I told you so...) Mr. Ingle turned on something of a light in my head. What happens if we read between the lines? Consider: > >In order to fully protect RSADSI's intellectual property rights in > >public-key technology.... I'm not real confident in the integrity of those involved anymore, nor am I confident that they have the interests of the user at heart, but look at what this might say.... Especially with the next clause, > >PGP 2.6 will be designed so that the messages it > >creates after September 1, 1994 will be unreadable by earlier versions > >of PGP Could it be that they EXPECT to have it changed, and don't care, but still need to protect intellectual property rights. Keep up "appearances" so to speak? Someone should examine the legal problems that might be involved in patching and making available the modified code. If it's anything like the old license, you can do what you like provided you send notice of your change and waive rights to it. I would look into it myself, but I don't know much about the license, nor can I spend the time in the next few months. > > --- Mike > -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From unicorn at access.digex.net Mon May 16 19:07:07 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 16 May 94 19:07:07 PDT Subject: Fixing pgp 2.6 In-Reply-To: <199405170119.SAA03626@jobe.shell.portal.com> Message-ID: <199405170206.AA26216@access1.digex.net> > > For the same reason, hopes of getting a non-RSA-approved "2.6a" (hacked > to be backwards compatible with 2.3) widely available in the U.S. are > not well founded. FTP sites which hold programs or even patch files to > allow 2.6 to interoperate with 2.3 will be targetted by RSA as > contributory infringers. In short, the legal advantages PGP 2.6 will > have over unapproved versions will be strong enough that it will be > widely used in the U.S. I hadn't considered this. My question is answered. > > However, this does not mean the loss of international encrypted > communications. The solution is simple. PGP 2.3a will be patched to > be compatible with PGP 2.6. I don't know what we'll call it, > "PGP2.3e", perhaps, where "e" is for Europe. 2.3e will have the speed > advantages of 2.3a, no copyright problems with RSAREF use, be perfectly > legal outside the U.S., and will interoperate with 2.6. Converting > from 2.3a to 2.3e will be no more difficult than converting from 2.2 to > 2.3 was. Frankly, I am really not interested in using PGP2.6 IN the U.S. I am reluctant to support the active restriction of capability in a software product by dignifying its underhanded tactics in using it. More serious efforts at a stealth PGP which makes identification of the creator of cyphertext near impossible is badly needed. I wonder if a Mac version will be available by September. I wonder if a Mac version of StealthPGP will ever be available. I wish I had the time/know-how to create one myself. > > Hal > -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jim at bilbo.suite.com Mon May 16 19:10:03 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Mon, 16 May 94 19:10:03 PDT Subject: Fixing pgp 2.6 Message-ID: <9405170207.AA11040@bilbo.suite.com> > I think we can expect strong legal pressure from RSA to > shut down the remaining U.S. key servers, even those > which don't use illegal versions of PGP. They succeeded > once in shutting down the key servers which used PGP; they > will succeed again in shutting down the others due to the > contributory infringement threat. > ViaCrypt PGP 2.4 is perfectly legal in the U.S. U.S. operators can run key servers that except only version 2.4 and higher keys. I don't think RSA has a legal leg to stand on the U.S. key servers reject all keys with a version number less than 2.4. Jim_Miller at suite.com From grendel at netaxs.com Mon May 16 19:10:35 1994 From: grendel at netaxs.com (Michael Handler) Date: Mon, 16 May 94 19:10:35 PDT Subject: AOL for Acronym OverLoading In-Reply-To: <199405170145.SAA11848@netcom.com> Message-ID: <199405170208.WAA11607@access.netaxs.com> > > Does anyone have a write-up on NES? I believe that it is based on > > DES, but I am not sure. It is for a paper that I am writing up. > > The NES has been pretty much replaced by S-NES, the Super-Nintendo > Entertainment System. Check it out in any toy store. What, no 3DO or Lynx? ;) > Oh, you meant something different? This exemplifies what I believe it > was Eric Hughes who called it "acronym overloading," or "TLA overlaoding." I > have thus dubbed this "AOL," standing for both America OnLine _and_ > Acronym OverLoading, thus defining itself by example. Amen to this. Perhaps Darren was referring to NewDES when he said NES? -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server / mail / finger | ========================================================================== From anonymous at extropia.wimsey.com Mon May 16 19:11:40 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 16 May 94 19:11:40 PDT Subject: [ANON] Stalemate in ca-firearms Message-ID: <199405170151.AA27341@xtropia> [[Reply-To: john.nieder at tigerteam.org]] -=> Quoting Chan at shell.portal.com to John Nieder <=- Ch> I stand behind what I said about not allowing anon postings Ch> & don't have time to argue about it. I hope you'll vent some Ch> of the anger you apparently directe at me at your legislators Ch> instead. It would be a lot more productive.... I don't think so, honestly. My legislators (Feinstein, Burton, Pelosi and Boxer) are just like you: They have their agenda, they won't address the issue, they don't care what I think and they don't want to hear about it. Did I leave anything out? It's discouraging to someone who used to think the truth mattered. I won't bug you any more on this, but think about it, Jeff. Really. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| From anonymous at extropia.wimsey.com Mon May 16 19:11:58 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 16 May 94 19:11:58 PDT Subject: [ANON] War in rec.guns Winds Down, All Parties Lose Message-ID: <199405170152.AA27423@xtropia> [[Reply-To: john.nieder at tigerteam.org]] -=> Quoting Dputzolu at cs.uiuc.edu to John Nieder <=- Dp> | I mean, think about it: Would you be polite to Charles Schumer? Dp> I understand completely, and was frustrated about the lack of Dp> thoughtful response. However, by posting in a flame tone you did give Dp> the moderator an excuse to (assuming he was) censor your post. Well, look at it this way. After having several buttheads stamp on your big toe, you're throbbing sore and about ready to kill the next guy who does it. Anti-gun net administrators on another network used obscure and broadly-ignored rules, particularly a dusty "real names only" policy to kill off the best gun forum I've ever seen. Jeff Chan then listened to a couple of really messed up anti-anon people and unilaterally banned remailed posts on ca-firearms at shell.portal.com without valid reasons or discussion (note from my previous cross-posts that he STILL won't discuss it to this day). Now this "Magnum" person, for completely illogical and uninformed reasons is doing the same goddam thing on rec.guns, in spite of the fact that I have pointed out the specific fallacies in the anti-anon argument. This is like talking to Sarah Brady about bogus HCI anti-gun claims. I mean, _deja vu_! | Dp> However, you have made quite an accusation. I did see at least | Dp> a few posts arguing the pro-anon side (including mine). Dp> | Obviously, he excluded _mine_, and admitted it. Dp> Right, but he has reasonable reasons for this. If he doesn't for Dp> the other ones, then... There's _always_ a good reason to exclude something you don't want anyone to hear. You show that the Greifer post eventually appeared, but did it do so AFTER the "Closure on [ANON]" post? If so, it was likely retrieved and stuck in AFTER I started raising hell about it. I got that post some time ago. I didn't see the Vetleson post in any case, and certainly none of the short, supporting pro-anon messages that I got that were Cc:ed to the group. If "Magnum" says that his anti-anon position was overwhelmingly supported (despite the fact it was based on erroneous propositions) we only have his word for it, as he filters all messages to the group before we see them. In the first couple of days after my post, I received twelve netmail posts (most, perhaps all, showing headers indicating they were also posted to the group), eight of which supported my pro-anon post, two of which were illiterate anti-anon blasts of one or two lines, and the remaining one was upset at the angry tone of the post. The later mail was about in the same proportion. Only _one_ anti-anon post questioned a single of my assertions, and that was on a technical point about which the respondent was in error (I will post my response to him after I'm done with this message). Is this "overwhelming" anti-anon support? I think not. A very heavy majority who wrote to me supported remailer use, and we are told that people are more likely to write to bitch than to agree on any given issue. Maybe the posts to "Magnum," whoever he is, were completely anti-anon, but it just doesn't seem plausible to me. I'm sure at this point it's too late to know, but it's established that he didn't show us _every_ message that came in, but merely an edited "digest." If he's the moderator, he can obviously do whatever he pleases, no matter if it's the usual capricious and petty nonsense we've all come to expect from the sort of people who tend to become moderators. What bugs me is this charade of consensus...which even if it did exist would be in favor of a demonstrably flawed policy that should be rejected on the basis of objective criteria anyway. Dp> You'll notice that all anti-anon responses were Dp> either butt-kissing | "me-too" posts of moderator adulation, or else Dp> completely ignored the | arguments in my post. Dp> I know, I know. I hoped rec.guns would have a few more free-thinkers, Dp> but it seems most don't see past the end of their muzzle. [Sigh!] This is another subject, but one that ought to be addressed at some point in an appropriate venue. I am _really_ distressed at the intellectual insularity of the RTKBA crowd who are, as a group, probably the squarest bunch of anal-retentive old ladies I've ever had the misfortune to be allied with. Their political unsophistication, narrowness and conceptual introversion drives me nuts. They also have this infuriating timidity about yelling when stepped on. Note the collective reaction (and yours) when I did. Dp> This may be true, but rec.guns has its own rules. Just because someone Dp> makes the superior arguments doesn't mean they win the debate. That's Dp> life. No kidding. Dp> On the other hand, IF consent was engineered, that isn't fair Dp> play, and can and should be acted on. "Fair play" is nothing but a quaint irrelevancy in 1994. Anyone in serious RTKBA lobbying discovers that in a BIG hurry. If fair play mattered, none of these anti-gun bills would have got past committee. Anyway, there's no way that we can "prove" what the input was at this late date. All this mail is ephemeral and gone by now, I'm sure. If "Magnum" fiddled the outcome, as I suspect he did to one degree or another, I don't even really care any more. The wrongheaded policy is passed, just like the recent wrongheaded gun laws, and that's _that_. I see that the moderator (whose comments indicate he _still_ doesn't understand the mechanics of remailers or the point of their use) has essentially told Greifer in this belated entry, "My mind is made up, don't confuse me with facts." The abusive and plainly stupid no-anon policy has made rec.guns lots of new enemies and accomplished nothing else of substance. I've dropped rec.guns as a waste of my time and an insult to common sense. If anything useful at all has come out of this, it's that more and more people are getting fed up with the insularity, intellectual dishonesty and hidebound mindset prevailing in these traditional gun forums. Alternative venues are sorely needed. I think we're going to see them established soon. Stay tuned. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| From klbarrus at owlnet.rice.edu Mon May 16 19:39:44 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Mon, 16 May 94 19:39:44 PDT Subject: Rabin Message-ID: <9405170239.AA23367@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Earlier, anonymous asked: > In the Rabin PK system, your modulus is a Blum integer, a number n > of the form p*q, where p and q are primes equal to 3, mod 4. > According to Schneier, p. 289, encryption is done by C = M^2 mod n. > On the next page, he gives four possible square roots of C: > Anybody know the right way to do square roots mod a Blum integer? Well, I'll look at what Schneier says; maybe there is a typo in the formula... but the way you can solve this is with the Chinese Remainder Theorem. If c = m^2 mod n, then a solution is a common solution of m^2 mod n = c mod p m^2 mod n = c mod q Since p+1 and q+1 are divisible by 4, then (a^((p+1)/4))^2 = a since a is a quadratic residue modulo p, and then a^((p-1)/2) mod p = 1 anyway, you calculate x1 = a^((p+1)/4) mod p x2 = a^((q+1)/4) mod q and then use the CRT four times to get the solution. For this example, p = 7, q = 11, n = p q = 77, m = 50 c = 50^2 mod 77 = 36 x1 = c^((p+1)/4) mod p = 36^2 mod 7 = 1 x2 = c^((q+1)/4) mod q = 36^3 mod 11 = 5 So now you use the Chinese Remainder Theorem for the following four cases CRT(n, p, q, x1, x2) CRT(n, p, q, x1, q - x2) CRT(n, p, q, p - x1, q) CRT(n, p, q, p - x1, q - x1) yeilding: CRT(77, 7, 11, 1, 5) --> 71 CRT(77, 7, 11, 1, 6) --> 50 CRT(77, 7, 11, 6, 5) --> 27 CRT(77, 7, 11, 6, 6) --> 6 Sorry, but I don't have time to write out the steps for the CRT ;) It's pretty straightforward, given the algorithm. so (71, 50, 27, 6) satisfy the equation x^2 mod n = c x^2 mod 77 = 36 as you can see, the original message (m = 50) is one of the choices. This is similar to an oblivious transfer protocol. Actually, I think it is an oblivious transfer as described by Blum. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdguSYOA7OpLWtYzAQG35wP+MpdhCUBtSodd53Ppn41UHcKSpkkamx13 YqMmlmP0dKsRV2Vas1IVdcIGcjcowBxDT7IkRJO9UNtj33BB2tTsRDNOi2GqERZl AARVL/y941EIAXwwj2w+WQ/jCAaFhy4ohvZVbI5snWw6D+dsxQ7jMx193ehLjnu1 ieEL4BvHUzA= =MJ0E -----END PGP SIGNATURE----- From a2 at ah.com Mon May 16 19:55:11 1994 From: a2 at ah.com (Arthur Abraham) Date: Mon, 16 May 94 19:55:11 PDT Subject: lies, damn lies, Internet-statistics, and "sinister" EDI (fwd) Message-ID: <9405170257.AA03186@ah.com> > > > ------- Forwarded Message > > Thank you for your interest in Digital Media. > > EVER FEEL LIKE YOU'RE BEING WATCHED? YOU WILL.... > Postal Service and IRS mull national identity cards, > Clinton to sign orders > > Digital Media has learned that the Clinton administration is debating > not if, but how, to create a card that every American will need in order > to interact with any federal government agency. Combined with two > potential executive orders and the Postal Service's designs on putting > its stamp on personal and business electronic transactions, the card > could open a window on every nuance of American personal and > business life. > > The wrangling among the administration, the U.S. Postal Service, the > Internal Revenue Service and Department of Defense, emerged into the > public eye at this April's CardTech/SecureTech Conference. The > gathering of security experts was convened to discuss applications for > smart card and PCMCIA memory card technologies in business and > government. The Postal Service, at the conference presented a proposal > for a "general purpose U.S. services smartcard," which individuals and > companies would use to authenticate their identities when sending > and receiving electronic mail, transferring funds and interacting with > government agencies, such as the I.R.S., Veterans Administration and > the Department of Health and Human Services. > > President Clinton is also considering signing two executive orders that > would greatly expand the government's access to personal records, > including an order that would allow the I.R.S. to monitor individual > bank accounts and automatically collect taxes based on the results, > said sources close to the White House. The collection service will be > presented as a convenient way to avoid filling out a tax return. The > White House did not respond to requests for comments about this > report. > > The Post Office: We deliver for you. The Postal Service's U.S. Card > would be designed to use either smart cards (plastic cards with an > embedded microprocessor carrying a unique number that can be read > by a electromagnetic scanner and linked to computerized records > stored on a network) or PCMCIA cards, which can contain megabytes > of personal information. (You've probably seen this type card in > AT&T's "You Will" ad campaign, which shows a doctor inserting a > woman's card in a reader in order to access a recording of a sonogram). > The Postal Service said it is considering AT&T and other companies' > smart card technologies. > > In a slide presentation at the conference, Postal representative Chuck > Chamberlain outlined how an individual's U.S. Card would be > automatically connected with the Department of Health and Human > Services, the U.S. Treasury, the I.R.S., the banking system, and a central > database of digital signatures for use in authenticating electronic mail > and transactions. The U.S. Card is only a proposal, Chamberlain > insists. Yet the Postal Service is prepared to put more than a hundred > million of the cards in citizens' pockets within months of > administration approval, he said. > > "We've been trying to convince people [in the different agencies] to do > just one card, otherwise, we're going to end up with two or three > cards," said Chamberlain. He said in addition to the healthcare card > proposed by President Clinton last year, various government agencies > are forwarding plans for a personal records card and a transactions (or > "e-purse") card. Chamberlain said the I.R.S in particular is pursuing > plans for an identity card for taxpayers. > > Don't leave home without it. Though he did not name the U.S. Card at > the time, Postmaster General Marvin Runyon suggested that the Postal > Service offer electronic mail certification services during testimony > before the Senate Governmental Affairs Subcommittee in March. The > proposal is clearly intended as a way to sustain the Postal Service's > national role in the information age, since it would give the agency a > role in virtually every legally-binding electronic transaction made by > U.S. citizens. For instance: > > * When sending or receiving electronic mail, U.S. Card users would be > able to check the authenticity of a digital signature to screen out > impostors. > * Banking transactions (notably credit card purchases) that depend on > authentication of the participants identities and an audit trail, would > be registered in Postal Service systems. > * Veterans, or for that matter college students and welfare recipients, > could check their federal benefits using the identification data on their > U.S. Cards. > * Visitors to an emergency room would have instant access to medical > records at other hospitals, as well as their health insurance > information. > > These examples may seem benign separately, but collectively they > paint a picture of a citizen's or business's existence that could be > meddlesome at best and downright totalitarian at worst. Will buying a > book at a gay bookstore with a credit card that authenticates the > transaction through the Postal Service open a Naval officer up to court > marshal? If you have lunch with a business associate on a Saturday at a > family restaurant, will the IRS rule the expense non-deductible before > you can even claim it? > > "There won't be anything you do in business that won't be collected > and analyzed by the government," said William Murray, an > information system security consultant to Deloitte and Touche who > saw Chamberlain's presentation. "This [National Information > Infrastructure] is a better surveillance mechanism than Orwell or the > government could have imagined. This goddamned thing is so > pervasive and the propensity to connect to it is so great that it's > unstoppable." > > Deep Roots; Deep Pockets; Long History. Chamberlain said the Postal > Service has been working for "a couple years" on the information > system to back up the U.S. Card. He said the project was initiated by > the Department of Defense, which wanted a civilian agency to create a > national electronic communications certification authority that could > be connected to its Defense Messaging System. Chamberlain said the > Postal Service has also consulted with the National Security Agency, > proponents of the Clipper encryption chip which hides the contents of > messages from all but government agencies, like law enforcement. The > National Aeronautics and Space Administration's Ames Research > Laboratories in Mountain View, Calif. carried out the research and > development work for Clipper. > > "We're designing a national framework for supporting business-quality > authentication," said John Yin, the engineer heading up the U.S. Card- > related research for NASA Ames' advanced networking applications > group. "This is not specifically with just the Postal Service. We'll be > offering services to other agencies and to third-party commercial > companies that want to build other services on the card." For example, > VISA or American Express could link their credit services to the U.S. > Card. > > Yin, who works on Defense Messaging Systems applications, said his > group has collaborated with "elements of Department of Defense" for > the past year, but would not confirm the participation of the National > Security Agency, a Department of Defense agency. The NSA is > specifically prohibited from creating public encryption systems by the > Computer Security Act of 1987. Yin also would not comment on the > budget for the project, which other sources said was quite large and > has spanned more than two years. > > A false sense of security? According to Yin, the cards would allow > individuals or businesses to choose any encryption technology. "It's not > our approach to say, 'Here's the standard, take it our leave it,'" he said. > "We're not trying to create a monopoly, rather it's an infrastructure for > interoperability on which a whole variety of services can be built." Yet, > NASA, which is a participant in the CommerceNet electric marketplace > consortium will "suggest" to its partners that they adopt the U.S. Card > certification infrastructure, he said. > > The reality is that government agencies' buying power usually drives > the market to adopt a particular technology Q not unlike the way the > Texas Board of Education, the largest single purchaser of textbooks in > the U.S., sets the standard for the content of American classroom > curricula. Since, the administration has already mandated use of > Clipper and its data-oriented sibling, the Tesserae chip, in federal > systems it's fairly certain that the law enforcement-endorsed chips will > find their way into most, if not all, U.S. Cards. Even in the unlikely > event that one government agency should weather the pressure and > pass on the Clipper chip, it's still possible to trace the source, > destination, duration and time of transactions conducted between > Clippered and non-Clippered devices. > > "Most of this shift [in privacy policy] is apparently being done by > executive order at the initiative of bureaucracy, and without any > Congressional oversight or Congressional concurrence, " Murray said. > "They are not likely to fail. You know, Orwell said that bureaucrats, > simply doing what bureaucrats do, without motivation or intent, will > use technology to enslave the people." > > EDITOR'S NOTE: Digital Media has filed a Freedom of Information > Act request for Clinton and Bush Administration, Postal Service, NSA, > Department of Defense, NASA, I.R.S. and other documents related to > the creation of the U.S. Card proposal. > > -- Mitch Ratcliffe, Editor-in-Chief > Digital Media: A Seybold Report > 444 De Haro St., Suite 128 > San Francisco, CA 94107 > (415) 575-3775, 3780 fax > Internet: dmedia at netcom.com > Subscriptions: (800) 325-3830 > > Copyright 1994 by Mitch Ratcliffe and Seybold Publications. > > The full text of this story is available in the May 9 issue of Digital > Media: A Seybold Report (published by Ziff-Davis Publishing). > Contact Digital Media on the Internet at dmedia at netcom.com. This > article may only be distributed with the above information. > > ------- End of Forwarded Message > > From unicorn at access.digex.net Mon May 16 19:55:35 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 16 May 94 19:55:35 PDT Subject: Curtis D Frye: Message-ID: <199405170255.AA28327@access1.digex.net> Sorry for the bandwidth. Mr. Frye, I lost your address. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From a2 at ah.com Mon May 16 20:04:41 1994 From: a2 at ah.com (Arthur Abraham) Date: Mon, 16 May 94 20:04:41 PDT Subject: caller ID outrage from the FCC -- time to act (fwd) Message-ID: <9405170306.AA03223@ah.com> > > > Forwarded message: > Date: Sun, 15 May 1994 21:15:06 -0700 > >From: Phil Agre > To: rre at weber.ucsd.edu > Subject: caller ID outrage from the FCC -- time to act > > I've enclosed two messages from the Privacy digest about an outrageous > FCC plan to undermine crucial privacy protections on caller-ID systems > for telephones. Caller-ID exists so that marketing companies can collect > information on unwitting consumers, and those same companies have lobbied > long and hard to eliminate simple, ordinary schemes to give people control > over whether this information is made available from their telephones. > Having lost this battle in many states, they have evidently moved to the > federal level. But time remains for your comments to make a difference. > Please read the enclosed messages, judge for yourself, and act. > > Phil > > Encl: > > Date: Sun, 15 May 94 13:23 PDT > >From: privacy at vortex.com (PRIVACY Forum) > To: PRIVACY-Forum-List at vortex.com > Subject: PRIVACY Forum Digest V03 #10 > > PRIVACY Forum Digest Sunday, 15 May 1994 Volume 03 : Issue 10 > > Moderated by Lauren Weinstein (lauren at vortex.com) > Vortex Technology, Woodland Hills, CA, U.S.A. > > ===== PRIVACY FORUM ===== > > The PRIVACY Forum digest is supported in part by the > ACM Committee on Computers and Public Policy. > > > ----------------------------------------------------------------------------- > > Date: Fri, 6 May 94 12:10:59 PDT > >From: carl_page at rainbow.mentorg.com (Carl Page @ DAD) > Subject: FCC attacks > > Private Unlisted Phone Numbers Banned Nationwide. > Law Enforcement Explicitly Compromised. > Women's Shelters Security Threatened. > Telephone Rules of 30 States Overturned. > Direct Marketing Association Anticipates Profit. > > The FCC released its Report and Order And Notice of Proposed Rulemaking of > March 29th, 1994 (CC Docket No. 91-281) > > With the arrogance that only federal bureaucrats can muster, the Federal > Communications Commission has turned the clock back on Calling Number ID > and privacy protection rules nationwide. > > Have you ever had any trouble giving a direct marketer your phone number? > You won't any more. Your Per Line Caller ID blocking will be banned, > thanks to the FCC Order which preempts the privacy protections provided by > 30 states. > > The order carefully enumerates the concerns of law-enforcement agencies > which need per-line blocking to do their jobs. It mentions the need > Women's shelters have for per-line blocking. (A matter of life and death > on a day-to-day basis) It mentions that the customers who attempt to keep > unlisted numbers confidential will be certainly be thwarted. (Can one > train all kids and house-guests to dial *67 before every call? Can you > remember to do it yourself?) > > But the Order dismisses all of these problems, and determines that the > greatest good for the greater number will be accomplished if RBOC's can > profit a bit more by selling our numbers and if the direct marketers have > less trouble gathering them. > > The FCC doesn't seem to trust consumers to be able to decide whether they > want per-line blocking. It praises the $40 cost of an automatic *67 dialer > as an appropriate disincentive that will benefit the nation by discouraging > people's choice of per-line blocking. > > There was one part of the order I was pretty happy about, until I read it. > The FCC has also banned the sale of numbers gathered by 800-900 number > subscribers using the ANI system, unless they obtain verbal consent. (Note > that no rules prevent sale of numbers from the presumably blockable CNID > system.) The problem is that the only enforcement of the rule seems to be > that the requirement must be included in the fine print of the ANI sale > contract between the common-carrier and the ANI subscriber. So it seems to > be up to the common-carrier to enforce a rule which is contrary to their > financial interest. How can a person who suffers from publication or sale > of their number recover compensation? > > The FCC is soliciting comments, due May 18th > in their Further Notice Of Proposed Rulemaking on two issues: > > o Whether the Commission should prescribe more precise educational > requirements. > o Whether and how the policies adopted on caller ID should be extended to > other identification services, such as caller party name or CPNI. > > I can think of some suggestions... > > ------------------------------ > > Date: Wed, 11 May 94 02:39:45 EDT > >From: johnl at iecc.com (John R Levine) > Subject: FCC order on interstate Caller ID > > [ From TELECOM Digest V14 #208 -- MODERATOR ] > > I picked up a copy of the FCC's Caller ID order, which is available by > FTP as /pub/Orders/Common_Carrier/orcc4001.txt or orcc4001.wp. (Kudos > to the FCC for making this info available so easily and quickly, by > the way.) > > Much of the order is straightforward and not contentious, e.g. > delivering CNID between local and long distance carriers is so cheap > to implement that neither may charge the other for the data. They > also note that per-call blocking is a good idea, and that *67 should > be the universal code to block CNID delivery. > > But the arguments they list against per-line CNID seem, to me, to be > astonishingly specious. > > There are three blocking options 1) per call for anyone, 2) per line > for anyone, and 3) per line for special groups. The FCC thinks, not > unreasonably, that it's a mare's nest to ask the telco to implement 3, > since they have to determine who's in the special groups and who > isn't. Then they say: > > 43. In the NPRM, we tentatively concluded that per line > blocking unduly burdens calling party number based services > overall by failing to limit its applicability to those calls for > which privacy is of concern to the caller. The Commission noted > that even in the case of law enforcement personnel, there may be > a need to maintain calling number privacy on some calls, but that > the same number may be used to telephone other law enforcement > personnel, victims of crimes, cooperative witnesses, and family > or friends. The Commission asserted that in these types of > calls, calling number privacy is not needed and calling number > identification can actually be a valuable piece of information > for both the caller and called parties. The record reflects the > useful nature of CPN based services, and the comments of > Rochester illustrate that callers are likely to be interested in > blocking only a small percentage of their calls. The comments of > USCG illustrate the usefulness of caller ID to emergency > services. In contrast, Missouri Counsel's analogy to unlisted > numbers is inapposite because caller ID only permits parties > called by the calling party to capture the calling party number, > and then only if the calling party has not activated a per call > blocking mechanism. We find that the availability of per call > unblocking does not cure the ill effects of per line blocking. > > Moreover, in an emergency, a caller is not likely to remember to > dial or even to know to dial an unblocking code. For the > foregoing reasons, we find that a federal per line blocking > requirement for interstate CPN based services, including caller > ID, is not the best policy choice of those available to recognize > the privacy interests of callers. Thus, carriers may not offer > per line blocking as a privacy protection mechanism on interstate > calls. We agree that certain uses of captured calling numbers > need to be controlled, and address that issue infra. > > > In other words, per-line blocking is a bad idea because subscribers > are too dumb to unblock calls when they want to unblock them, although > they're not to dumb to block calls when they want to block them. > > In paragraph 47 they note that where per-line blocking is offered, > telcos use *67 as a blocking toggle, so users can't really tell what > *67 does, but it doesn't seem to occur to them that the problem is > easily solved by requiring a different code for unblock than for > block. In paragraph 48 they wave their hands and say that people who > care about privacy can just buy a box for "as little as $40.00 per > unit" that will stuff *67 in front of each call. Thanks, guys. > > The docket number is 91-281, with comments due by May 18th. Comments > must reference the docket number. Send ten copies (yes, 10) to: > > Office of the Secretary > Federal Communications Commission > Washington DC 20554 > > Before you fire off a comment, please get a copy of the order, since > there's a lot of material beyond what I've summarized. For people > without FTP access, I've put them on my mail server. Send: > > send fcc-cnid.txt (for the text version) > > send fcc-cnid.wp.uu (for uuencoded compressed WP version) > > to compilers-server at iecc.com. > > > Regards, > > John Levine, johnl at iecc.com, jlevine at delphi.com, 1037498 at mcimail.com > > ------------------------------ > > End of PRIVACY Forum Digest 03.10 > ************************ > > > > -- > Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist > "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich > Partners, two-thirds said it was more important to protect the privacy of > phone calls than to preserve the ability of police to conduct wiretaps. > When informed about the Clipper Chip, 80% said they opposed it." > - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 > From klbarrus at owlnet.rice.edu Mon May 16 21:03:32 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Mon, 16 May 94 21:03:32 PDT Subject: Rabin Message-ID: <9405170403.AA06808@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- About Rabin (and you're welcome, Mr. Anonymous!) Well, I looked at Schneier on p. 290 and I have to confess I'm puzzled. I'm sure these formulas weren't invented out of this air, but I'm not sure why one of them must equal M. (In the example worked none are equal to M). I would bet that this is a typo in the book; check the errata sheet I think the formulas are trying to say the following facts: For the kinds of problems we are considering, If m1 = CRT(n,p,q,x1,x2) m2 = CRT(n,p,q,x1,q-x2) m3 = CRT(n,p,q,p-x1,x2) m4 = CRT(n,p,q,p-x1,q-x2) then m4 = n - m1, m3 = n - m2 So you really don't need to do CRT four times; twice is good enough. (In the example, m1 = 71, so m4 = 77 - 71 = 6 m2 = 50, so m3 = 77 - 50 = 27) Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdhB04OA7OpLWtYzAQEV3wQAjgcz1AI1ufFfzUpQmh35E0xbeD+PB4FV mc72TL0v7lvjeK4aiGwEK8j/1vtzvw+1QCkSRTY6ATElx4HnskdV0yp4CT8WycPC X/QmeYkqOr+Q4ed0dXgvjYOO++4FOBaqQUqRaTLLgB/BKndfDVbM683MGxtbLOSe gCi3SP86CuU= =REkP -----END PGP SIGNATURE----- From carterm at spartan.ac.BrockU.CA Mon May 16 21:04:38 1994 From: carterm at spartan.ac.BrockU.CA (Mark Carter) Date: Mon, 16 May 94 21:04:38 PDT Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week In-Reply-To: <9405161804.AA08573@big-screw> Message-ID: Hi Everyone. I've been lurking on this very interesting list, but I figured this needed to be commented on. ;-) On Mon, 16 May 1994, Jeffrey I. Schiller wrote: > public-key technology, PGP 2.6 will be designed so that the messages it > creates after September 1, 1994 will be unreadable by earlier versions > of PGP that infringe patents licensed exclusively to Public Key Partners This kind of fascism has, IMO, doomed PGP 2.6 before it's even met full release status. Not only do I disagree with the principles behind this, but it shuts out the rest of the world from reading messages originating in Canada and the U.S., which more than anything else will kill PGP 2.6. After all, the world most certainly does not revolve around North America. I'd say that it's high time for another European release of PGP. Mark From VACCINIA at UNCVX1.OIT.UNC.EDU Mon May 16 22:09:48 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Mon, 16 May 94 22:09:48 PDT Subject: Broken PGP 2.6 Message-ID: <01HCFEH2HLF600188L@UNCVX1.OIT.UNC.EDU> -----BEGIN PGP SIGNED MESSAGE----- Hal writes: >FTP sites which hold programs or even patch files to allow 2.6 to >interoperate with 2.3 will be targetted by RSA as contributory infringers. >In short, the legal advantages PGP 2.6 will have over unapproved versions >will be strong enough that it will be widely used in the U.S. Perhaps I'm being something of a romantic, but one of the reasons that I was drawn to PGP as an encryption system was because it was code that could be worked upon and improved by those who have bright minds. This is the reason people use it, a product designed by many intelligent people to be the best, using the best implementations of code that could be thought up. This latest version seems to be an attempt to derail this effort and implement a system which is a compromise that neither improves PGP nor allows further code improvement in the future (Re: Hals remarks on "hacked" versions being non-RSA approved and thus having little hope of implementation). This SUCKS, frankly. And I am not sure I can buy into PGP 2.6 in it's present form. I suppose I may be forced to, but I can't support the effort as it has so far come to pass. RSA has had more than enough time to target infringers and afraid of their patent standing have not done so. They have coerced certain factions to fix their problems by supplying an easy alternative to their legal problems; initiate the release of a de facto standard that doesn't violate their patents. The thing is, that if they hadn't made that one last little shove, I would have taken their alternative. I draw the line at crippling new PGP code improvements :-( >Look at it rationally, and 2.6 is a step in the right direction. It is not rational to tilt at windmills but we have been doing so for a while now. Rationally, it certainly is easier to just accept 2.6. A step in the right direction? I don't think so. Scott G. Morham !The First, Vaccinia at uncvx1.oit.unc.edu ! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdWtVD2paOMjHHAhAQHF+wQA0losp300aWPq9rqPN2Qc574kczoV5tfv cQG0fx+VN7T9+8D90GUQ6EhNPv1b7PZghLvwM3cRzKZKsaMsm08sBasj6JjsmujI 1rLoqdd9DmktHEeUmXXlRI1sa5pfN5sHBL/u0sZKD8TlxSEO11xNvb3RW2niHvOx DFZNOS/hrew= =0qPX -----END PGP SIGNATURE----- From unicorn at access.digex.net Mon May 16 22:50:04 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 16 May 94 22:50:04 PDT Subject: FBI decryption capability / MSDOS disk wipe question Message-ID: <199405170549.AA07535@access3.digex.net> A few moments ago I uploaded a file called "hyperdsk.zip" to the soda (cwrc??) site in the incoming directory. My understanding is that this is a disk utility program with some encryption option. It is my hope that someone will take a look at the executable and try to discover what method of encryption is used. I suspect DES, but that is a wild guess without the slightest basis in evidence. Although I do not want to comment more specifically on the list just yet, an evaluation of the method and strength of the executable will go a long way to answering questions about the capabilities and resolve of federal law enforcement in cryptanalysis. Unfortunately the executable offers no basic text documentation. (I assume it is instead "online." As I am a mac user, these are unavailable to me. I hope that some diligent MSDOS 'punk will take a look and see what can be seen. In addition, I was hoping someone could provider a pointer to a robust and aggressive disk wipe utility. Something with varied triple wipe, or "DOD" spec overwrite (which isn't really DOD spec at all) would be nice. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From norm at netcom.com Mon May 16 23:08:52 1994 From: norm at netcom.com (Norman Hardy) Date: Mon, 16 May 94 23:08:52 PDT Subject: Rabin decryption Message-ID: <199405170608.XAA16682@netcom.netcom.com> At 22:09 5/15/94 -0500, nobody at rebma.rebma.mn.org wrote: >How do you do Rabin decryption? ... >Anybody know the right way to do square roots mod a Blum integer? Page 545 of Knuth's "Seminumerical Algorithms" gives a method of finding the square root modulo a prime. It is efficient but non-trivial to program. Incidently its worst case running time is as big as the number (actually bigger) but its expected time is something like (nog n)^2. My most recent errata list for Applied Cryptography does not amend page 289. I will mail you that list if you don't have it. From jkreznar at ininx.com Mon May 16 23:18:28 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Mon, 16 May 94 23:18:28 PDT Subject: PGP 2.5 Warning In-Reply-To: Message-ID: <9405170618.AA23695@ininx> -----BEGIN PGP SIGNED MESSAGE----- "Smrf." writes: > So, you are saying that I will be automatically subject to US law if I > use this product? Hmmm, wonder what that does in terms of citizenship > issues - as far as _I_ am concerned, the only law that has jurisdiction > for me is NZ law, and US law can go get hanged, no? You enjoy a measure of protection because a United States of America person doesn't have the knee-jerk tendency to presume jurisdiction over a person at your geographic remove that he has for person located in North America. A person located in North America is more at risk of losing her freeman status by switching to 2.5 (or now 2.6), and must be careful not to give her neighbor, who may be a United States of America person, an excuse to invoke his government's tyranny. It's hard for me to believe that conditions are that different for you, or do you surrender without qualification to jurisdiction of NZ law? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdheQcDhz44ugybJAQFUOwP9HicpST9vnyTryCMvoUsoBkwtVdzikkaF shcKYWq67uIe+IfpUp8yRxWUsOz0T7dey4PjUqWiz8FY93kfLq9PocnP9mtQuqBT XE3rfg7TA/bPooE0iGUvsv/Yvqe188Bbnacqix5gmi7JNfknpCApIRdgMiMDkY7V MDjguy44bls= =3cxW -----END PGP SIGNATURE----- From nobody at shell.portal.com Tue May 17 00:27:02 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 17 May 94 00:27:02 PDT Subject: Makeing MagicMoney worth something. Message-ID: <199405170727.AAA28724@jobe.shell.portal.com> One problem with MM (or other digital coin like protocols) is makeing the coins worth something. What could I buy with a Tacky Token today? Does anyone know how much Diet Coke and aluminum a Digi Franc is worth (*Nudge* *Nudge*). GhostMarks? But suppose.... I deposited $100 of _my_ money in a bank like the Pentagon Federal Credit Union. I published an account inquiry phone number (1 800 xxx xxxx), an account number, and a PIN, which folks could use to call and verify the amount of money in _my_ bank account. Suppose also that I ran a MM server. And suppose that I promised, on the net via a signed message, to trade MM coins for dolars. Perhaps I would buy 1 of my coins for 1 cent. I don't belive I would be running a bank: I would maintain no deposits for anyone other than myself. The money in the account would be mine, and when it earned interest, _I_ would be responsible for taxes due. I don't belive I would be issueing a currency: I would make no claims about the MM coins being money, or tender for any debt. They would be like trading cards, casino chips, or gift certificates. In fact they would be like promissory notes, or personal checks made out to cash. The account inquiry phone number information would act a little like a check garantee card. If other people chose to trade the coins around, that would be fine with me. I certainly couldn't stop them. (And it would be their responsibility to obey all aplicable laws. Such as SEC, IRS, FDA, and DMV.) All I would offer is a digital veracity service, and a promise to trade MM coins on demand for dollars. Would this sort of an enterprise run afoul of the law in any way? Well, how about _besides_ the patents held by Chaum, PKP, et al.? Would the person running the MM server be part of a criminal conspiracy? Would you trust this kind of coin? Would you accept coins 'worth' 1% of the balance, 10%, 100%, or more? Would the coins circulate? Would you accept coins from anyone other than their maker? Could a usefull economy develop based on an initial money supply of about $100; or $1,000; or $10,000? Now, supose a bunch of folks were running similar services. Someone might be able to open up a clearing house which would accept coins from any of a bunch of people in exchange for either other people's coins or the house's own coin. Would the house be able to back their coins with the coins of the many individuals? What if people contracted with the house to run their MM server for them? Would anyone trust the house? Would the house be a bank? If it were a bank, how would the powers offended be able to get judgements against it or remedies from it? (Unlike the people involved, the clearing house has no 'real' assets, and no physical location, and no promise to exchange coins for money.) Does the game change if I instead publish the numbers to my account at an English bank denominated in sterling; or to my EFHutton gold, stock index, or other mutual fund account(s)? What if I offered to buy coins for an amount of money equal to a percentage of the accounts worth -- say 1 coin is worth 1% of the account's value -- would this run into SEC regulations? Cat Shoe From karn at qualcomm.com Tue May 17 00:39:11 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 17 May 94 00:39:11 PDT Subject: Dr Dobbs "CD ROM" In-Reply-To: <9405160227.AA27890@acacia.itd.uts.EDU.AU> Message-ID: <199405170739.AAA07961@servo.qualcomm.com> I hadn't heard about the CD ROM; thanks for the note. It would seem that this may be another appropriate pair of subjects for official State Department Commodity Jurisdiction requests. I could certainly file them myself as I did for Applied Cryptography, but why don't you do it? Anyone can file these requests, you don't have to be a US citizen or resident of the US to do so. And all the information you need is available by anonymous FTP from ftp.cygnus.com in /pub/export/cjr.kit. My own filings, along with some others, are also available there as a reference; feel free to plagairize. It would certainly help to show State that not only is Applied Cryptography just one of many similar items, but that I'm not the only person who is concerned enough about the idiocy of the US export rules to actually do something instead of just flaming on the net. If you do this, please post copies of all correspondence here. Phil From jpp at jpplap Tue May 17 01:06:02 1994 From: jpp at jpplap (Jay Prime Positive) Date: Tue, 17 May 94 01:06:02 PDT Subject: [MAILER-DAEMON@jpplap: mail failed, returning to sender] Message-ID: Looks to me like the cp-la mailing list has died. Boo hoo. Send mail to jpp=cpla-request at markv.com to be added to my manual redistribution list, and jpp=cpla at markv.com to send mail to the list. Sigh. j' Date: Tue, 17 May 94 00:51 PDT From: To: jpp Subject: mail failed, returning to sender Reference: |------------------------- Failed addresses follow: ---------------------| cp-la at satelnet.org ... transport smtp: 550 ... User unknown |------------------------- Message text follows: ------------------------| From anonymous at extropia.wimsey.com Tue May 17 01:09:27 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 17 May 94 01:09:27 PDT Subject: Automatic Magic Money Client Message-ID: <199405170755.AA29790@xtropia> -----BEGIN PGP SIGNED MESSAGE----- We now have three operating Magic Money servers. Several people are attempting to give value to the digicash. Many applications of digicash will be entirely net-based and automated. We need an automatic Magic Money client. The existing client is designed to interact with a user. The automatic client will be designed to interact with a program. It will be controlled entirely by command-line arguments, and should be easy to control from a PERL script or C program. I should have some time for coding soon. Here's a rough functional spec for the automatic client. Don't write any code based on this, becuase it isn't written yet. But please tell me what you think of it and what should be changed or improved. ac -[options] [inputfile] [outputfile] - -b : display bank's keyid : prints 64-bit keyid of the bank in bank.asc - -d (with no inputfile) : list the available coin denominations by reading the elist.dat file - -i (with outputfile) : initializes client, accepting key length and key name from stdin. Generates initialization message. - -l (with no inputfile) : lists all coins in the client's coin file (allcoins.dat) output will be one coin per line - -l (with inputfile) : print the total value of a coins.dat type file if it is readable and signed correctly output is one line (number) - -p (with input/output files) : process a coins.dat type file, preparing it for exchange with a server. Reads from stdin a list of coin denominations to create. Writes to stdout a 128-bit unique identifier generated by xoring the coin id's of all the new coins created - -r (with outputfile) : reinitialize. Generate a new initialization packet. Does not regenerate key or prompt for anything. - -s (with input file) : process a response from the server and store the coins in allcoins.dat. Outputs to stdout the same 128-bit unique identifier as the -p generated, followed on the next line by the total value of the received coins, followed by any message from the server. - -w (with outputfile) : withdraws coins for payment. Accepts a list of coin values to withdraw from stdin, and saves the coins.dat file to outputfile. - -x (with no output file) : if old coins exist, returns the total value - -x (with output file) : accepts a list of new coin denominations to create. Exchanges old coins for those values. Generates value and identifier just like -p To use the client, the payer would run -l to get a list of coins. Then run - -w to withdraw the coins to a file, and mail them to the shop. The shop runs -l to determine the value. Then the shop decides what coins to generate, runs -p to process the coins, and records the unique identifier. The shop mails the output message off to the server. When the server's response comes back, the shop runs -s and receives the 128-bit value again. - From the identifier, the shop determines which transaction was just completed by the server, and delivers the goods to that customer. Any ideas for changes/improvements? The biggest mistake I made in designing Magic Money was to leave out a field for the keyid of the bank which generated the coins. The only way to process coins from multiple banks is to try each bank's key in turn, keeping the files for each bank in a different directory, or to have the user specify which bank the coins came from. I should write a Magic Money 2.0 which handles multiple currencies automatically. I'll do that if Magic Money coins take on enough value to make it worthwhile. Pr0duct Cypher -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdWtgMGoFIWXVYodAQHmOgP5AVyfF37rpUa0v+YheW5Mrp9SVVP+dxdl HRArT3tumzPXGm7aZSXswmVppHV+/ed/TeY+3Bc0+8AY1OAyuch5a8rBfUfAfG5O A5HRXaa23nTsSFsi+dPawKY+w0d5pyEYinXIiU4cYrsGqzUvIjTn2sUzHPyR+XYa sKpS3NxrN8s= =ktLe -----END PGP SIGNATURE----- From anonymous at extropia.wimsey.com Tue May 17 01:10:24 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 17 May 94 01:10:24 PDT Subject: [ANON]: "Why We Fight!" Message-ID: <199405170755.AA29798@xtropia> [[Reply-To: john.nieder at tigerteam.org]] -=> Quoting Hes at unity.ncsu.edu to John Nieder <=- He> John, He> I agree with much of what you say - but I wasn't aware that rec.guns He> was a political discussion group. I think that makes a difference. Well, no on at least a couple of counts: First, my original anger was piqued by the practice of killing _all_ traffic coming from remailers, even when the posts were NOT anonymous. I (and several other users who have written to me about this issue) would frequently send perfectly legitimate technical posts through remailers, with Reply-To: fields and sigs attached, because the remailers afforded more header flexibility or posting reliability. These messages were all snuffed, simply because they came through a remailer. That's pure BS. Secondly, a lot of folks do not feel easy about posting to ANY gun-related list or group because of employer, social or other prejudice to which they may be subjected. If a joe.victim at anti-gun.widget.com wants to use a simple remailer for putting a little shade on his participation, I don't feel it's anyone else's business; "caution is not cowardice and carelessness is not courage." More importantly, it's nobody else's _problem_ as long as the content of the post is not objectionable. Write this down: ====================================================================== _You have no more right to pass judgment on another's "need" for anonymity than Sarah Brady has a right to pass judgment on your "need" for a handgun. Both are private matters of individual self-defense._ ====================================================================== That's the important "value" issue here, irrespective of the technical ones. I am ashamed to see how many anti-anon RTKBA advocates can't see the obvious parallels. He> (By your statements you seem to feel that makes me, as well as our He> Moderator, to be anti-gun.) No, but maybe a bit parochial and in need of rethinking your definitions of self-defense and personal freedom. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| --- From anonymous at extropia.wimsey.com Tue May 17 01:11:18 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 17 May 94 01:11:18 PDT Subject: No Subject Message-ID: <199405170755.AA29806@xtropia> alk.politics.guns.usenet at decwrl.dec.com Subject: [ANON] War: How Secure? Reply-To: john.nieder at tigerteam.org Bcc: v043948 at stortek.stortek.com Bcc: mike at hopper.itc.virginia.edu Bcc: ricky_g_williamson at aud.alcatel.com Bcc: donb at netcom.com Bcc: johng at rosevax.rosemount.com Bcc: magnum at cs.umd.edu Bcc: sybok at athena.mit.edu Bcc: brunner%lakota at icarus.ssd.loral.com Bcc: kolju at cc.lut.fi Bcc: dan at hopi.dtcc.edu Bcc: justice at mcs.com Bcc: cypherpunks at toad.com Bcc: alt.privacy.usenet at decwrl.dec.com Bcc: charles.martin at f217.n125.z1.fidonet.org Bcc: walter at netcom.com Bcc: martin.greifer at f216.n914.z8.rbbs-net.org [[Reply-To: john.nieder at tigerteam.org]] [Please note that I wrote a 70+ line response to your message last night, but was hit by an hour long power outage which destroyed the post before completion. Perhaps this is Pacific Gas & Electric's divine method of remonstrating such excessive casting of pearls before swine, but this is probably a question for theologists. It also prevented me seeing or taping _Kids in the Hall_, which was the greater tragedy. What follows is an abbreviated recreation from memory:] -=> Quoting Syoung at pecanpi.atl.ga.us to John Nieder <=- Sy> Imposing? Hardly. The Moderator gets to do that, based on the input Sy> of everyone who cares to write - you, me, and even Sarah Brady, should Sy> she care to participate. Note that the moderator censored my posts and that pro-anon netmail I received that was posted to the group did not appear. Sy> Well, considering that I make a very nice living in the field of data Sy> communications and security, I think I'll stand by my statements. :-) Sy> The folks interested in getting information about this don't even have Sy> to break Sy> the coding; in many cases, just being able to do traffic analysis may Sy> be enough. Keeping an eye on a handful of key systems could do it. I'm amazed that you are being paid good money for supposedly knowing about these things and do not know that the current generation remailers incorporate several different schemes for making traffic analysis virtually impossible at the remailer. The only thing that can be determined with any certainty is that an account sends or receives encrypted messages from a remailer. This isn't much to go on, especially considering that the messages are frequently dummies, may abort or split, do not correspond in size before and after entering the remailer and are remailed in random order at random times. Additional precautions against traffic analysis may be implemented at the originating and receiving accounts, by generation of artificial volume or by chaining. Sy> I don't contend that it would necessarily be easy, but it can be done. It's my opinion that no one short of the NSA can do it, but they are estopped by charter from most of such activities (not that this matters), could not do it economically or routinely and presumably have more important fish to fry in any case. It has been established by barium tests that the top level encryption and remailer tech is immune from law enforcement from the FBI down, barring physical security breach, tempest attack or user error. All of which is beside the point, namely that most users need only trivial anonymity adequate to protect their participation from being known to nosey employers, administrators and soforth. As I pointed out, remailers in a non-anonymous mode are useful for many people. Sy> I agree. In spite of your email address, it is obvious that you have Sy> no real experience or understanding of this arena. You'd be surprised. Really. In any case I would personally use other methods than remailers, particularly advanced steganography techniques, for the transmission of truly serious communications, if I had any. Sy> Concentrating on Sy> the supposed invulnerability of the encryption scheme, and ignoring Sy> the other methods of attack, like traffic analysis, is the mark of a Sy> rank amateur. Indeed! Note that no one I know does, certainly not the Cypherpunk principals, and I never said they did. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| --- From nobody at shell.portal.com Tue May 17 02:53:56 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 17 May 94 02:53:56 PDT Subject: Disguise_PGP_Ascii Message-ID: <199405170955.CAA03436@jobe.shell.portal.com> -----BEGIN PGP SIGNED MESSAGE----- It occurred to me that if we are going to be posting pgp'ed files to a newsgroups it might be best to remove the PGP headers and make the ciphertext look more text-like. So here is some code to do that, sort of. Basically I kept it simple so it's easy to read. To make this: - -----BEGIN PGP MESSAGE----- Version: 2.3a pgAAANL6C1+DERhOIhjtLQnEA0GZOnXmXa7xSqPTdX1Retrkn+CnnqkBrdGXQ/sO 9Gl+k4MjG/8991Erhl+cay+SBSKS+YoGNp79mwEnvwHICq/WsMs6lTo6GudHku/e 9gnXVHkYg5/lYbAWFLRnIMDhGpeeUqCEoG5vlhl++JMwzgc/lqGCwZAeUd+q5UXG bqm/sGAo80xtG2hs1LqLPP0lCoqSZ5cJkuNRJBgpm+r8P4PHijCLr9iAE4InFy+F otm+Ut8SDYbt8OjR9WPig8V7aYdp8x0= =i8Hu - -----END PGP MESSAGE----- turn into this: - --- --BEG IN PGP M ESSAG E ---- -.. Ver s ion : 2.3a .. .. pgAAA N L 6C1+ DER hO IhjtL Qn E A0G ZO n X mXa7 x SqP TdX1 Retrk n+Cnn qk Br dG XQ/sO ..9Gl +k4 MjG/8 9 91Er hl+ca y+SB SKS+ Yo GNp 79 m wEnv w HICq /W sMs 6lT o 6GudH ku /e..9 gn XVHk Yg 5/lY bAW FLRn IMDh Gp e eUq CEo G5 v lhl++ J M w zgc / lqGCw ZAe Ud+q5 UXG ..bq m/s GAo 80xt G2 hs1Lq L PP0lC oqS Z5c JkuN RJBg pm+r8 P4P H ijC Lr9iA E4 InFy + F..ot m+U t8 SD Ybt8O jR 9WPig 8V 7 aYd p8x 0=..= i8 H u..--- --E ND P GP ME S SAG E---- -.. type "st e < infile > outfile" And to convert it back type "st d < infile > outfile" ST.C: #include #include #ifdef MSDOS || __OS2__ #include // for exit() #endif void main(int argc, char **argv) { int i = 0, j = 0, k; char c; if (argc > 2) fprintf(stderr, "\nUsage: %s [e|d] < infile > outfile\n", argv[0]), exit(1); srand(time(0)); while (!feof(stdin)) { if (toupper(*argv[1]) == 'E') { k = rand() % 5; for (i = 0; i < k + 1; i++, j++) { if (!(j % 50)) putchar('\n'); c = getchar(); if (c == '\n') printf(".."); else putchar(c); } putchar(' '); } else if (toupper(*argv[1]) == 'D') { switch (c = getchar()) { case ' ': case '\n': break; case '.': if (i == 1) putchar('\n'); i = !i; break; default: putchar(c); break; } } else fprintf(stderr, "\nUsage: %s [e|d] < infile > outfile\n", \ argv[0]), exit(1); } } -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCcAgUBLdh1frhnz857T+PFAQH9RQQ2KC5uYfO8tLlq1X8PcmuJy0Akog84lyfK sYEiiwMHJsNm6/isVWvihZHBct/DuBkqtNsWXzwxl1rxlVvjTjOMyyDioidbfqnb IOWLXkY+/vzdvgxr/Z0tV31mwCVoCcHIMUeBZ9+PBCHt16YCEb7emPE0/QzLFWnB VNUSkSW+hYtP8Ezg1UoS =TESU -----END PGP SIGNATURE----- From bart at netcom.com Tue May 17 04:33:43 1994 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 17 May 94 04:33:43 PDT Subject: FBI decryption capability / MSDOS disk wipe question In-Reply-To: <199405170549.AA07535@access3.digex.net> Message-ID: <199405171133.EAA29354@netcom.com> > > A few moments ago I uploaded a file called "hyperdsk.zip" to the soda (cwrc??) > site in the incoming directory. > > My understanding is that this is a disk utility program with some encryption > option. > > It is my hope that someone will take a look at the executable and try to > discover what method of encryption is used. I suspect DES, but that is a wild > guess without the slightest basis in evidence. ... > > I hope that some diligent MSDOS 'punk will take a look and see what can be > seen. > > -uni- (Dark) At three sites around the world the hyperdsk.zip file (204,864 bytes) contains only the .exe without any documentation. In January Edgar W. Swank mentioned WIPIT100.ZIP to wipe all free space on your disk. Its free for personal use. I haven't found it though, with Archie searches. There are of course the Norton Utilities too, but not free. From bart at netcom.com Tue May 17 04:54:35 1994 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 17 May 94 04:54:35 PDT Subject: Wouldn't it be nice, Message-ID: <199405171154.EAA29955@netcom.com> to notify all those lost Cypherpunks that they may resubscribe if they wish to. Majordomo reports 295 subscribers just now, but I have a list from Feb. 22 that had 642 and I recall the number 700+ being spoken of. Is there a Perl wizard who might pop a differential remailing informing the lost of the reason for their de-subscription, and the process to resubscribe? I'm not competent personally. And immediately apologize for suggesting work to someone else. From snyderra at dunx1.ocs.drexel.edu Tue May 17 05:01:19 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Tue, 17 May 94 05:01:19 PDT Subject: Fixing pgp 2.6 Message-ID: <199405171200.IAA04846@dunx1.ocs.drexel.edu> At 6:19 PM 5/16/94 -0700, Hal wrote: >First, note the strong hint in Schiller's message about operators of >key servers who accept pre-2.6 keys being guilty of contributory >infringement of the RSA patent. I think we can expect strong legal >pressure from RSA to shut down the remaining U.S. key servers, even >those which don't use illegal versions of PGP. They succeeded once in >shutting down the key servers which used PGP; they will succeed again >in shutting down the others due to the contributory infringement threat. Presumably this won't affect the non-US keyservers. I don't see the people running said servers bowing into pressure about a patent that doesn't affect them.... >For the same reason, hopes of getting a non-RSA-approved "2.6a" (hacked >to be backwards compatible with 2.3) widely available in the U.S. are >not well founded. FTP sites which hold programs or even patch files to >allow 2.6 to interoperate with 2.3 will be targetted by RSA as >contributory infringers. In short, the legal advantages PGP 2.6 will >have over unapproved versions will be strong enough that it will be >widely used in the U.S. The thing is, though, that PGP 2.5 *doesn't* infringe on the patent, because of the use of RSAREF. Any version that uses RSAREF should be legal from that patent sense. Presuming that there aren't copyright issues involved with the 2.5 release, I don't see any reason that code couldn't be maintained and fixed. I'll have to check the copyright status on 2.5 when I log on. There are many people, including myself, that won't get involved with an infringing version of PGP. PGP won't get "wide" acceptance until the isssues are resolved. At the same time, PGP also won't get "wide" acceptance unless it is interoperable with the outside world. This would involve code using RSAREF coming legally into the US and being used, or code using RSAREF being illegally shipped outside of the US. Apparently, the latter has already happened. But either way, for PGP to be noninfringing in the US, it needs to use RSAREF. I'm guessing that the new version of RSAREF they announced would be coming out will probably alter the terms to make this difficult/impossible. However, I don't believe there is any requirement we use the latest version of RSAREF... Just to use the license that comes with that version of the code. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From dee-punk at qsland.lkg.dec.com Tue May 17 05:32:22 1994 From: dee-punk at qsland.lkg.dec.com (dee-punk at qsland.lkg.dec.com) Date: Tue, 17 May 94 05:32:22 PDT Subject: Wouldn't it be nice, In-Reply-To: <199405171154.EAA29955@netcom.com> Message-ID: <9405171227.AA17915@qsland> So what happened? All I know is that I stopped getting cyperhpunks mail and after several days and several pings to cyperhpunks-request I remembered it had majordomo and re-subscribed. This started at the same time as severe network problems in my building inside DEC so at first I thought it was related to that. Donald From unicorn at access.digex.net Tue May 17 05:35:55 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 17 May 94 05:35:55 PDT Subject: FBI decryption capability / MSDOS disk wipe question In-Reply-To: <199405171133.EAA29354@netcom.com> Message-ID: <199405171235.AA14055@access1.digex.net> Harry Bartholomew scripsit > > > > > A few moments ago I uploaded a file called "hyperdsk.zip" to the soda (cwrc??) > > site in the incoming directory. > > > > My understanding is that this is a disk utility program with some encryption > > option. > > > > It is my hope that someone will take a look at the executable and try to > > discover what method of encryption is used. I suspect DES, but that is a wild > > guess without the slightest basis in evidence. > > At three sites around the world the hyperdsk.zip file (204,864 bytes) > contains only the .exe without any documentation. Someone suggested this might merely be a diskcacheing program without any encryption ability at all. It is entirely possible that I am mistaken about the programs name, and have seized on hyperdsk.zip erroniously. Does anyone recall a program of similar sounding title in MSDOS land which supported encryption? Again, though I cannot really put a finger on it until the method is identified, it seems this will shed a good deal of light into federal law enforcement cryptanalysis abilities. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From cdodhner at indirect.com Tue May 17 05:54:09 1994 From: cdodhner at indirect.com (Christian D. Odhner) Date: Tue, 17 May 94 05:54:09 PDT Subject: (none) Message-ID: <2pBsjepAkPD9064yn@indirect.com> -----BEGIN PGP SIGNED MESSAGE----- In article <2r9h97$oro at nyx10.cs.du.edu>, Alex Strasheim wrote: > > I have been reading nothing but complaints ever since the planned release > of 2.6 was announced. With good reason. It's a bullshit product. > It is true that messages generated with 2.6 won't be decodable with some > earlier versions, including 2.3a. And most likely 2.4 as well, although that's a horse of a different color. > It is also true that 2.6 can't be exported with RSAREF code. Not quite. It's not *legal* to export it. But to say that it "can't be exported" is simply untrue. It "can" be exported, and easily at that. However, I doubt there will be much demand for it, in or out of the us. It is slower than 2.3a, has unreasonable limits on keysize, and is not backwards compatable with the versions much of the world uses. > This means that it will not be possible, at > first, to use 2.6 to correspond with users who are not in the US or > Canada. Or with users in the usa or canada who choose to use 2.3a. (and possibly 2.4 as well? Any confirm or deny on this one?) > But this will be a temporary condition. There are precedents for > exporting code into which foreign users can plug their own crypto > engines. This is probably what will happen with PGP: programmers > outside of the US will develop code which duplicates the functionality of > the RSAREF engine, and a non-US version of PGP, functionally equivilant > to the American version, will be made available to users who don't have > access to the US version. A total waste of time. Any 'foreign users' who wish it will be able to get a copy of 2.6 in short order. But that's still not going to change the fact that it's not a worthwhile program. > The word to describe what has happened is "compromise". The PGP > developers, along with MIT, were able to reach a compromise with RSADSI > and PKP. Yes, they had to give some things up. But in exchange, they > were able to secure the right to legally distribute, for free, an open > source version of PGP in the USA. The word to describe what has happened is "disaster". It is a deliberate attempt to fragment the international crypto community. > This is an enormous victory. It is the end, in practical terms, of the > struggle to put strong, verifiable, and affordable crypto software into > the hands of the general public. It's over, and we have won. It will be "over" when I can use whatever encryption I choose to protect my communication, without the requirement of government of corperate 'approval' to avoid "legal trouble" > The thing that bothers me the most about the complaints which have been > posted is that they are implicity, if not explicity, condemnations of the > compromise which PRZ and MIT negotiated. I _explicitly_ condemn the _decisions_ of whoever wrote the damn program to: 1)disallow keys bigger than 1024bits 2)remove backwards-compatable operation > I think that PRZ deserves the > benefit of the doubt. He's the one who has put himself on the line for > the rest of us, and he's the one who is most responsible for raising > public awareness of crypto issues. I'm not suggesting that we follow him > blindly; but at the same time, if he thinks this is a good deal, that > ought to carry a lot of weight. I have not yet heard prz's position regarding the limitations on pgp version 2.6, however if he supports it I simply disagree with him. Happy Hunting, -Chris ______________________________________________________________________________ Christian Douglas Odhner | "The NSA can have my secret key when they pry cdodhner @ indirect.com | it from my cold, dead, hands... But they shall pgp 2.3 public key by finger | NEVER have the password it's encrypted with!" cypherpunks WOw dCD Traskcom Team Stupid Key fingerprint = 58 62 A2 84 FD 4F 56 38 82 69 6F 08 E4 F1 79 11 - - ------------------------------------------------------------------------------ A government mandante for key-escrow encryption in all communication devices would be the information-age equivalent of the government requiring private citizens to quarter troups in their home. --David Murray PGP NSA ViaCrypt Phrack EFF #hack LOD/H 950 FBI MindVox ESN KC NUA murder QSD Hacker DEFCON SprintNet MCI AT&T HoHoCon DNIC TRW CBI 5ESS KGB CIA RSA Communist terrorist assassin encrypt 2600 NORAD missile explosive hack phreak pirate drug bomb cocain payment smuggle A.P. bullets semi-auto stinger revolution H.E.A.T. warheads porno kiddiesex export import customs deviant bribe corrupt White House senator congressman president Clinton Gore bootleg assasinate target ransom secret bluprints prototype microfilm agents mole mafia hashish everclear vodka TnaOtmSc Sony marijuana pot acid DMT Nixon yeltsin bosnia zimmerman crack knight-lightning craig neidorf lex luthor kennedy pentagon C2 cheyenne cbx telnet tymenet marcus hess benson & hedges kuwait saddam leader death-threat overlords police hitler furer karl marx mark tabas agrajag king blotto blue archer eba the dragyn unknown soldier catch-22 phoenix project biotech genetic virus clone ELINT intercept diplomat explosives el salvador m-16 columbia cartel -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdiuIuKc9MdneB1xAQFwfQP/THNlr7lcPK1ZtF1dFqdM8yw+RJE2q+C6 tScuiBduZAGBhKlOpx8yUnFr76FV8v76bhCzR4NJNMY4ybm/xpU+UBVg/gp5CB/S 8WAGE3w6FIHYBxHxxHDNtyvwzC8ySCBU47CWDhGXgXbx4kBnr7EBKv6s+x3d9GtX 0hu4XzlNqR4= =yZ4m -----END PGP SIGNATURE----- From eagle at deeptht.armory.com Tue May 17 06:30:27 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Tue, 17 May 94 06:30:27 PDT Subject: Wouldn't it be nice, In-Reply-To: <199405171154.EAA29955@netcom.com> Message-ID: <9405170630.aa21121@deeptht.armory.com> > to notify all those lost Cypherpunks that they may resubscribe > if they wish to. Majordomo reports 295 subscribers just now, I thought it was nice the way it is... Seriously, I got a mass mail message informing me that the list was wiped and to resubscribe. It was big news, except on Prodigy and AOL, so I wonder if a bunch of the lurkers thought it not worth the effort. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From dave.hodgins at canrem.com Tue May 17 06:48:31 1994 From: dave.hodgins at canrem.com (Dave Hodgins) Date: Tue, 17 May 94 06:48:31 PDT Subject: PGP 2.6 Message-ID: <60.7875.6525.0C19E953@canrem.com> ********** Original From: DAVE HODGINS * CARBON * To: ALL * COPY * Date/Number: 05/17/94 - Not Yet Posted ********** On: CRS - 5207 - U-AltSecurPGP ----------------------------------------------------------------------- In response to a request, to have canrem.com added to MIT's list of Canadian sites, I've just received a response indicating that pgp 2.5 has been removed from the MIT servers. The message states that PGP 2.6 will be released, probably next week, after a new release of rsaref is out. The new version will be "upgraded", to be incompatible with earlier versions, in order to protect the patent rights of rsadsi. Regards, Dave Hodgins. cc: ALL in 6525 on CRS ALL in 1139 on CRS --- * RM 1.3 00820 * Internet:Dave.Hodgins at Canrem.com Rime->118 Fido(1:229/15) From sommerfeld at orchard.medford.ma.us Tue May 17 07:42:27 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Tue, 17 May 94 07:42:27 PDT Subject: Fixing pgp 2.6 In-Reply-To: <199405171200.IAA04846@dunx1.ocs.drexel.edu> Message-ID: <199405171425.KAA00347@orchard.medford.ma.us> The thing is, though, that PGP 2.5 *doesn't* infringe on the patent, because of the use of RSAREF. I think the broad silence from MIT and RSADSI on the subject of PGP 2.5 after the initial announcement means that this was a matter of debate and that there were some serious negotiations going on between the two. I hope this means that the 2.5/2.6 time-delayed incompatibility is a bone thrown to RSADSI to get them to support *some* version of PGP.. which means that everyone in the U.S. (except the government) will be happy afterwards. A comment I heard from someone close to the situation was that the 2.5->2.6 format changes will be *very* small, and will be publically documented in an "ITAR-proof" document. - Bill From unicorn at access.digex.net Tue May 17 07:43:37 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 17 May 94 07:43:37 PDT Subject: (none) In-Reply-To: <2pBsjepAkPD9064yn@indirect.com> Message-ID: <199405171443.AA24248@access1.digex.net> Christian D. Odhner scripsit > > > -----BEGIN PGP SIGNED MESSAGE----- > > In article <2r9h97$oro at nyx10.cs.du.edu>, Alex Strasheim wrote: > > > > I have been reading nothing but complaints ever since the planned release > > of 2.6 was announced. > > With good reason. It's a bullshit product. Thunk. (Sound of hammer, hitting nail on head) > > > It is true that messages generated with 2.6 won't be decodable with some > > earlier versions, including 2.3a. > > And most likely 2.4 as well, although that's a horse of a > different color. > > > It is also true that 2.6 can't be exported with RSAREF code. "I admit this is a useless product, BUT...." [...] > > > This means that it will not be possible, at > > first, to use 2.6 to correspond with users who are not in the US or > > Canada. "The Acura we talked about on the phone was driven off the lot... perhaps I can interest you in this super-low-mileage 1972 'Le Car'? You can always trade it in later when we get the Acuras back in stock...." > Or with users in the usa or canada who choose to use 2.3a. > (and possibly 2.4 as well? Any confirm or deny on this one?) > > > But this will be a temporary condition. There are precedents for > > exporting code into which foreign users can plug their own crypto > > engines. This is probably what will happen with PGP: programmers > > outside of the US will develop code which duplicates the functionality of > > the RSAREF engine, and a non-US version of PGP, functionally equivilant > > to the American version, will be made available to users who don't have > > access to the US version. "Meanwhile, there are some excellent aftermarket sports kits for 'Le Car.' The 3rd party bra looks great on it and the suspension kits just blow away the original springs! Of course some assembly is required...." > A total waste of time. Any 'foreign users' who wish it will > be able to get a copy of 2.6 in short order. But that's > still not going to change the fact that it's not a > worthwhile program. Yep. > > The word to describe what has happened is "compromise". The PGP > > developers, along with MIT, were able to reach a compromise with RSADSI > > and PKP. Yes, they had to give some things up. But in exchange, they > > were able to secure the right to legally distribute, for free, an open > > source version of PGP in the USA. I said before, I couldn't figure out who had been at the table for the intellectual property interests when the 2.5 thing was negotiated, but I'd like to go up against her. We all knew it changed nothing, and no one could figure out what PKP was up to. Now its clear they weren't super clever like I first feared, but just really slow and stupid. This is a sad last minute attempt to plug the dam with a golf tea after the town has already been lost. Now you want to tell me that it was these same people who all of a sudden got hard nosed and bossed around the developers with some magic cripple-it-all compromise when, not only is the cat out of the bag, but they also have little, or questionable legal grounds? I guess they switched law firms eh? Or maybe it is the same idiots all over again. > The word to describe what has happened is "disaster". It is > a deliberate attempt to fragment the international crypto > community. And an idiot's version of it too. I can't help but picture "Baldric" of "Black Adder" fame. "Fear not my lord, for *I* have a cunning plan...." > > This is an enormous victory. It is the end, in practical terms, of the > > struggle to put strong, verifiable, and affordable crypto software into > > the hands of the general public. It's over, and we have won. Won what? I won when I got PGP 2.3a. Who wins at this game where keyservers are unfriendly, keys are limited, international versions are "illegal" (still), and upgrade is basically "forced" not because the software I have on my computer now is obsolete, but because it ISN'T? What the hell is that? We won. Hah! Too bloody much. > It will be "over" when I can use whatever encryption I > choose to protect my communication, without the requirement > of government of corperate 'approval' to avoid "legal trouble" > > > The thing that bothers me the most about the complaints which have been > > posted is that they are implicity, if not explicity, condemnations of the > > compromise which PRZ and MIT negotiated. You noticed this did you? Negotiated is a colorful verb here. VERY colorful. > > I think that PRZ deserves the > > benefit of the doubt. He's the one who has put himself on the line for > > the rest of us, and he's the one who is most responsible for raising > > public awareness of crypto issues. I'm not suggesting that we follow him > > blindly; but at the same time, if he thinks this is a good deal, that > > ought to carry a lot of weight. I don't know enough about the situation to know whether to support PRZ or not. Why? Because no one has been told enough. The key servers vanish quickly but silently like the extras in some B horror flick. Everyone else stands around by the campfire saying "Hey, where did Bob and Sarah go, and where's that firewood they were supposed to bring back? Where'd they get that chain saw I heard earlier and why did Sarah keep screaming? Oh well, let's wait and see if they come back. Even better, Fred, why don't you try and get some wood and see where they went?" Everytime someone objects or asks the admins for some answer, all we get is a press release with more restrictions imposed than the last over-the-barrel beating. This is victory? Give me defeat so I can go home and use 2.3a. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From whitaker at dpair.csd.sgi.com Tue May 17 07:44:41 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 17 May 94 07:44:41 PDT Subject: Penet ID allocated In-Reply-To: Message-ID: <9405170741.ZM2328@dpair.csd.sgi.com> On May 16, 3:25pm, rishab at dxm.ernet.in wrote: > Subject: Penet ID allocated > daemon at anon.penet.fi Mon May 16 10:39:28 1994 > > > You have sent a message using the anonymous contact service. > > You have been allocated the code name an98437. > > You can be reached anonymously using the address > > an98437 at anon.penet.fi. > > Obviously I'm not going to send anon mail through penet! I guess this is > a response to my post to the list yesterday, so someone must have subscribed > with their anXXXX address. > I got a similar mailing from penet, for no good reason. Anyone else seeing this? Mail header shows that I was sent the message directly, with a different anon id than the one Rishab was sent, which suggests to me these IDs are being generated for individuals ad hoc. > Rishab Aiyer Ghosh > rishab at dxm.ernet.in -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From rishab at dxm.ernet.in Tue May 17 08:34:53 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 17 May 94 08:34:53 PDT Subject: Sun to leave US over Clipper? Message-ID: In "Superchip bugs US companies," an article on Clipper by Adrian Berry reproduced from The Daily Telegraph, the author says that big companies are threatening to move their headquarters overseas at a cost to the government of billions of dollars in lost tax. "Without this initiative, the government will eventually become helpless to defend the nation" says Louis Freeh, director of the FBI. ... Foreign buyers want nothing to do with any hardware that might contain Clipper. ... Many computer companies are talking of leaving America. Trusted Information Systems, a Maryland-based encryption firm, has started a subsidiary in Britain [to avoid US ITAR restrictions] ... "I can't estimate the sales we're losing through Clipper, but they could be worth hundreds of millions of dollars," said [Scott] McNealy, [CEO Sun Microsystems]. McNealy added "The new rules may force us to leave. If we don't leave, we just don't grow." Not clear what "new rules" McNealy's talking about. ITAR's been around a long time, maybe it's just beginning to affect them? DT II? Clipper's not yet a "rule"... ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From sommerfeld at orchard.medford.ma.us Tue May 17 08:42:29 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Tue, 17 May 94 08:42:29 PDT Subject: visual cryptography (talk by Shamir yesterday at MIT). Message-ID: <199405171533.LAA00402@orchard.medford.ma.us> Here's a brief summary of Shamir's talk at MIT yesterday, which was well attended. The problem he solved was to create a cryptosystem which is as secure as possible, but can be decoded (with some care) using only the human visual system. Shamir described two applications of this system: - sending encrypted faxes where you don't have control over the receiving fax machine. - demostrating cryptography to a lay audience.. The cryptosystem in its simplest form encrypts a (bitmap) image as a similar image but with half the resolution. for each pixel in the plaintext, you expand it to four pixels in the cyphertext and key. The key (a "one time pad") is printed on a transparent material (overhead projector transparancies). each 2x2 grid in the key has a random selection of two pixels darkened: There are six different ways to do this: | | |##| |# | | #| | #| |# | |##| | | | #| |# | | #| |# | You then produce the plaintext as follows: - for each "black" spot on the plaintext image, color in the two pixels not colored in on the ciphertext. - for each "white" spot on the plaintext image, color in the same two pixels as the key. Line the key up with the cyphertext (registration is somewhat tricky particularly as the pixel size gets really small), and you get an image which ranges in density from 50% gray to 100% gray. as a practical matter, it works better if you use alternating vertical and horizontal bars in a chessboard pattern because the image starts to appear when you get the registration within just under 2 pixels. Shamir also described extensions of this system to: - k of k secret sharing schemes - k of n secret sharing schemes these work best when `k' is small, though `n' can get large without messing up the scheme (he claimed that 3 of 1000 was practical). - grey scale images - steganography Both key and ciphertext contain an image of your choice; when overlaid, their images disappear and the plaintext appears. This is done by encoding both cipher and key images using a "white=50%, black=75%" method; the resulting plaintext is encoded using a "white=75%, black=100%" method. - Bill From an60011 at anon.penet.fi Tue May 17 08:53:42 1994 From: an60011 at anon.penet.fi (Ezekial Palmer) Date: Tue, 17 May 94 08:53:42 PDT Subject: Patent expiration date? Message-ID: <199405171536.AA01733@xtropia> -----BEGIN PGP SIGNED MESSAGE----- What is the date on which the US patent rights relating to RSA expire? Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdjdqhVg/9j67wWxAQGl4gP9H4losubKPDyFYQVFofv/yxCA4oIn0UFB QDuReph4b7A2ZI467I7oyiPTMaMDKBmMPA0KbCc4yA+UjQgCwFo4ErRRxoVBJ1B3 bA6a043ZGoiMpSur1uQjFKmDiQoN1PWFy+6x2zFr2Fcd+ZFhi0D3kb6uJ/2qfOVh dEkbPchtsZw= =W7fO -----END PGP SIGNATURE----- From hughes at ah.com Tue May 17 09:47:15 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 17 May 94 09:47:15 PDT Subject: lies, damn lies, Internet-statistics, and "sinister" EDI (fwd) In-Reply-To: <9405170257.AA03186@ah.com> Message-ID: <9405171649.AA04248@ah.com> PS. It occurred to me that this article appeared while you were not reading your email, and while I was not therefore forwarding cypherpunks list messages to you. I will resume my forwarding forthwith. Eric From dat at ebt.com Tue May 17 09:52:14 1994 From: dat at ebt.com (David Taffs) Date: Tue, 17 May 94 09:52:14 PDT Subject: PGP 2.5 problems? Message-ID: <9405171651.AA13903@helpmann.ebt.com> So what are the problems with PGP 2.5? If this is legal in the USA (& CA), and interoperates with 2.3(a) and 2.4, what's the problem? Doesn't that satisfy short-term needs adequately? It seems to me that if PGP 2.5 is any good, PKP might have blundered mightily by allowing MIT to release it to the world at large, and are now trying to "rectify" the problem by burying it as best they can. So, again, what are the problems with PGP 2.5, if any? -- dat at ebt.com (David Taffs) From hughes at ah.com Tue May 17 10:07:14 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 17 May 94 10:07:14 PDT Subject: Makeing MagicMoney worth something. In-Reply-To: <199405170727.AAA28724@jobe.shell.portal.com> Message-ID: <9405171709.AA04301@ah.com> And suppose that I promised, on the net via a signed message, to trade MM coins for dolars. [...] I don't belive I would be running a bank: I would maintain no deposits for anyone other than myself. Nope. You're a bank in this case. A bank is someone who accepts demand deposits, that is, money they give to you which you give them back when they want it. It matters not how the value is stored. The large banks store their value in bank accounts at the Federal Reserve. I don't belive I would be issueing a currency: Correct. Digital money is not a new currency. Would the coins circulate? Only among people who had pre-existing financial trust in each other, and only if the bank fee for deposit/withdrawal were high enough to justify a secondary market in coin exchange. It is not particularly difficult to find books about the regulatory environment of the banking industry. I would heartily suggest to those who are interested that they hit the library. I also feel compelled to mention this--it's not online, and get over it. Eric From rishab at dxm.ernet.in Tue May 17 10:07:40 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 17 May 94 10:07:40 PDT Subject: Why dumb criminals will NOT use Clipper Message-ID: How to shoot yourself in the foot, or why "stupid" criminals won't use Clipper Harshad Mehta, a Bombay stock broker who was behind a multi-billion dollar financial scam involving a number of international banks and the Indian stock markets, was definitely smart. He hired one of the most well-known lawyers in the country, but encrypted his personal records with Lotus 1-2-3 (though I believe that he had used DES for some things). The Medellin cartel, presumably used to the methods of US intelligence agencies, caused the assassination of Pablo Escobar by making cellular calls without encryption. They had the money, organization and intelligence, but were either unaware of any need for encryption, or assumed that what was good for most US businesses (DES) was good enough for them. When the NSA wanted to provide an improved PK standard for governmental use, the thing to do would have been to layer some weak PK system over a weak DES. Like DES itself, this system would be so weak as to _not require_ key escrows. Everyone who uses DES (including "smart" criminals) would shift to this more convenient, but still cryptographically weak system. Most criminals would continue not to encrypt at all, and criticism, as with DES, would be limited to mathematical journals. By creating an encryption standard strong enough to require escrow, the NSA has successfully sabotaged this wiretap enabling situation. Key escrow is something lay people who can't spell "cryptographically strong" can understand. The high profile negative reporting on Clipper has greatly increased public perception of the need for, and understanding of the types of encryption. After reading these articles, if Pablo Escobar were still around, he _would_ be using encryption, and _not_ Clipper. Before Clipper (B.C. ;) even "smart" criminals would happily use weak cryptography. Now, _really_ dumb criminals will continue, as always, to communicate in plaintext; the not-so-dumb who think of encryption at all (because of all those your-data-is-insecure stories) will know enough about it to avoid Clipper like the plague. Funny, I'd have thought the cloak-and-daggers familiar with Sun Tzu's advice against frontal, visible attack. They could have got away with a weak alternative to DES. Too lazy to spend time cracking code, greedy to "have all the keys" (yum yum), they've shot themselves in their collective foot. ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! ------------------------------------------------------------------------------- From hayden at krypton.mankato.msus.edu Tue May 17 10:09:11 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Tue, 17 May 94 10:09:11 PDT Subject: PGP 2.5 problems? In-Reply-To: <9405171651.AA13903@helpmann.ebt.com> Message-ID: On Tue, 17 May 1994, David Taffs wrote: > So, again, what are the problems with PGP 2.5, if any? I don't remember them all, but I believe this is many of them: no independent testing (ie, we're told it works, that's all) Will not work with non-U.S. and CA people Limit of 1024-bit keys questionable political influences still no independent testing (what if there's a backdoor for the NSA?) Just plain rude Meybe there's others as well, that's all I remember off the top of my noggin'. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From sameer at soda.berkeley.edu Tue May 17 11:06:25 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Tue, 17 May 94 11:06:25 PDT Subject: Makeing MagicMoney worth something. In-Reply-To: <199405170727.AAA28724@jobe.shell.portal.com> Message-ID: <199405171737.KAA05500@infinity.hip.berkeley.edu> > > One problem with MM (or other digital coin like protocols) is > makeing the coins worth something. What could I buy with a Tacky > Token today? Does anyone know how much Diet Coke and aluminum a Digi > Franc is worth (*Nudge* *Nudge*). GhostMarks? Well, once Community ConneXion: The NEXUS-Berkeley is running, accounts and services will be available for half-price if the other half is paid in NexusBucks (not yet available). (Eventually I'd like to move to a full-payment in NexusBucks, but I want to verify that I can meet my bottom line .. PacBell and The Little Garden don't take payment in NexusBucks.) (TLG willing, this will be running soon) Does anyone have any pointers to where I could find out about LETS? Thanks. From sameer at soda.berkeley.edu Tue May 17 11:07:13 1994 From: sameer at soda.berkeley.edu (Sameer) Date: Tue, 17 May 94 11:07:13 PDT Subject: Automatic Magic Money Client In-Reply-To: <199405170755.AA29790@xtropia> Message-ID: <199405171733.KAA05466@infinity.hip.berkeley.edu> Before I say anything, I'd like to commend you on the work you've done with Magic Money so far. But this isn't automatic. It doesn't make the communication with the server automatic. People have wondered why no one is using their magic money bank-- it's because it is *SLOW* and a *pain in the ass* to use! (That's why I'm not using 'em at least.) You have to mail a request in, and then wait for a reply, and then run it through the client again... To remedy this problem, I have written code. I have written a wrapper for the server which allows it to sit on any internet port waiting for messages. I have written a client which is not as functional as the one you have described below, but it automates all communication with the server. When you have incoming money, you just run the client on the incoming money, and the client communicates with the server, the client takes the output of the server, and processes it, all with *1* user command. That's automation. It could use improvement, no doubt. I posted an earlier version to the list. I'll make it available on the soda-ftp site. > > -----BEGIN PGP SIGNED MESSAGE----- > > We now have three operating Magic Money servers. Several people are > attempting to give value to the digicash. Many applications of digicash > will be entirely net-based and automated. We need an automatic Magic > Money client. > > The existing client is designed to interact with a user. The automatic > client will be designed to interact with a program. It will be controlled > entirely by command-line arguments, and should be easy to control from > a PERL script or C program. > > I should have some time for coding soon. Here's a rough functional spec > for the automatic client. Don't write any code based on this, becuase it > isn't written yet. But please tell me what you think of it and what should > be changed or improved. > > ac -[options] [inputfile] [outputfile] > > - -b : display bank's keyid : prints 64-bit keyid of the bank in bank.asc > > - -d (with no inputfile) : list the available coin denominations by reading > the elist.dat file > > - -i (with outputfile) : initializes client, accepting key length and key > name from stdin. Generates initialization message. > > - -l (with no inputfile) : lists all coins in the client's coin file > (allcoins.dat) output will be one coin per line > > - -l (with inputfile) : print the total value of a coins.dat type file > if it is readable and signed correctly > output is one line (number) > > - -p (with input/output files) : process a coins.dat type file, preparing it > for exchange with a server. Reads from stdin a list of coin > denominations to create. Writes to stdout a 128-bit unique > identifier generated by xoring the coin id's of all the new > coins created > > - -r (with outputfile) : reinitialize. Generate a new initialization packet. > Does not regenerate key or prompt for anything. > > - -s (with input file) : process a response from the server and store the > coins in allcoins.dat. Outputs to stdout the same > 128-bit unique identifier as the -p generated, > followed on the next line by the total value of the > received coins, followed by any message from the > server. > > - -w (with outputfile) : withdraws coins for payment. Accepts a list of coin > values to withdraw from stdin, and saves the > coins.dat file to outputfile. > > - -x (with no output file) : if old coins exist, returns the total value > > - -x (with output file) : accepts a list of new coin denominations to create. > Exchanges old coins for those values. Generates > value and identifier just like -p > > To use the client, the payer would run -l to get a list of coins. Then run > - -w to withdraw the coins to a file, and mail them to the shop. The shop > runs -l to determine the value. Then the shop decides what coins to > generate, runs -p to process the coins, and records the unique identifier. > The shop mails the output message off to the server. When the server's > response comes back, the shop runs -s and receives the 128-bit value again. > - From the identifier, the shop determines which transaction was just > completed by the server, and delivers the goods to that customer. > > Any ideas for changes/improvements? The biggest mistake I made in > designing Magic Money was to leave out a field for the keyid of the bank > which generated the coins. The only way to process coins from multiple > banks is to try each bank's key in turn, keeping the files for each bank > in a different directory, or to have the user specify which bank the coins > came from. I should write a Magic Money 2.0 which handles multiple > currencies automatically. I'll do that if Magic Money coins take on enough > value to make it worthwhile. > > Pr0duct Cypher > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a > > iQCVAgUBLdWtgMGoFIWXVYodAQHmOgP5AVyfF37rpUa0v+YheW5Mrp9SVVP+dxdl > HRArT3tumzPXGm7aZSXswmVppHV+/ed/TeY+3Bc0+8AY1OAyuch5a8rBfUfAfG5O > A5HRXaa23nTsSFsi+dPawKY+w0d5pyEYinXIiU4cYrsGqzUvIjTn2sUzHPyR+XYa > sKpS3NxrN8s= > =ktLe > -----END PGP SIGNATURE----- > From ecarp at netcom.com Tue May 17 11:30:21 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 17 May 94 11:30:21 PDT Subject: D-H key exchange - how does it work? Message-ID: <199405171830.LAA08463@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- I browsed through the (SCANT!) documentation that comes with rsaref-2.0. I didn't find any decent programming examples, just a list of function calls, which is next to useless without sample code, but that's beside the point. If I understand D-H right, both sides generate public keys from their private keys, then just exchange public keys. Is that right? Or is there something I'm missing? - -- Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLdkNCyS9AwzY9LDxAQFW9AP/YeQR0rrX6kfonzLPI5/5U6MB8Q8Uu01a C9y5y/U2rkYU5gYsAKiw9d4i0yFAiI3KyNWOamdr7aQMWMCOa8y6RPdfKQzuzREg h4KTjcflcZoffWP7JamboQUPAsOrNwHlumTVnI3cf30U0Zi5QxNHj9PlVupOOvQ4 dSO4Nv6LiG4= =icYy -----END PGP SIGNATURE----- From tcmay at netcom.com Tue May 17 11:35:19 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 17 May 94 11:35:19 PDT Subject: Remailer low usage is not surprising Message-ID: <199405171835.LAA07062@netcom.com> After a period of not using them much, I just tried several of the remailers listed in the various summaries by Karl Barrus and Xenon, and the ad hoc "foo is up again" sorts of messages. The results were disappointing. One remailer I used to use quite a bit no longer seems to be working at all, and others still haven't responded to my ping. Couple this with other problems: * one of the hacktic.nl remailers was announced (in a newsgroup) as going offline because the owner of the laptop (!) it ran on was going to Spain for a few months. * other remailers have gone up, down, and sideways...with little warning or "persistence." * the "finger" command that was supposed to at one point provide a fairly current summary, never worked for me. (Sorry, I can't find this finger report, but the idea was that one would "finger foo at bar.baz" and a recent ping of the existing remailers would be returned. I tried it several times, but the results were clearly wrong.) * I know about both Matthew Ghio's ping program and Xenon's SuperPing script, but these are both cumbersome to set up and use and will not exactly make remailer use widespread. * What I suspect many of us do is to find a remailer that works, that we get comfortable with, and then use that. This is OK for very low-grade, casual use, but only for that. And, as I just found out, when that system vanishes, changes, or otherwise no longer works.... Caveat: I'm not pointing fingers (literally), and I appreciate the work that has gone into remailers, and the not ignorable personal risk that remailer operators have incurred. And I am not volunteering others for more work. But it is certainly fair to comment on the implications of this state of affairs, right? * The ad hoc, "it'll be up if I remembered to plug in the modem" nature of _some_ remailers is not conducive to wide use, especially in chains. * Experimentation is useful, for new features or for folks just starting out in the remailer business, but not for stable, longterm, widespread use. (Maybe we need to have the remailers refect their experimental, developmental, and production status with some sort of identifying mark. For example "remailer-X at foo.bar" could signify an experimental remailer, and "remailer-P at foo.bar" could then signify that the remailer is ostensibly "open for business" as a quasi-commercial, stable remailer. Just an idea. Ultimately, I favor external reputation raters/testers, and this idea is just intended to encourage people who _know_ their remailers are "experimental" (read: flaky) to label them clearly as such.) * Some sort of "reputation" rating, with %availability, would be useful. Something like: remailer at foo.bar 37 successes in 41 tries over 131 days 11 successes in 11 tries in last 15 days average delay: 3.1 min (including all overhead) supports: PGP 2.3a, 2.4, delays, subject line remailer at loser.org 3 successes in 39 tries in 128 days 0 successes in 11 tries in last 15 days average delay: 47 min (including all overhead) I will be willing to pay about $10 a year, real money, for someone who will set this up, reasonably robustly, and then mail me the results on a daily or weekly basis. (Such a pinging service should be done, I think, on at least a daily basis, possibly even more frequently, with statistics compiled about delays, percentage of hits and misses, etc.) This "Daily Remailing Form" would be an obvious thing to sell: it represents value, is of relevance to Cypherpunks, and can be bought with real money (or with Magic Money thingamajigs, at the discretion of the seller). It might be "better" for the "rest of us" if this service were free, as with the finger ping that was to exist at one point, but this free service fails to incentivize the creator to really make his service reliable and robust. * Digital postage is an even more-ideal solution, strongly incentivizing remailers to keep their systems running. I and others have written about this extensively, so I won't here. Just some comments. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From perry at imsi.com Tue May 17 11:52:36 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 17 May 94 11:52:36 PDT Subject: D-H key exchange - how does it work? In-Reply-To: <199405171830.LAA08463@netcom.com> Message-ID: <9405171852.AA00645@snark.imsi.com> Ed Carp says: > If I understand D-H right, both sides generate public keys from their > private keys, then just exchange public keys. Is that right? Or is there > something I'm missing? Yes. Thats not the algorithm at all. D-H is based on the difficulty of the discrete log problem, that is, the problem of inverting an exponentiation modulo a large prime. Its been a while, so I might be forgetting something here or misstating -- someone correct me if I am wrong. Suppose we have a field Z_p, where p is a prime. Suppose g is a generator of the field. Alice generates a random number a. Bob generates a random number b. Bob tells alice g^b, Alice tells Bob g^a. Alice knows a and g^b, and thus generates g^(ab) trivially. Similarly, Bob knows g^a and b, and trivially generates g^(ab). An interceptor only knows g^a and g^b, and because the discrete log problem is hard cannot get a or b easily, and thus cannot generate g^(ab). g^(ab) is now a shared secret of Alice and Bob. Perry From vkisosza at acs.ucalgary.ca Tue May 17 12:30:41 1994 From: vkisosza at acs.ucalgary.ca (Istvan Oszaraz von Keszi) Date: Tue, 17 May 94 12:30:41 PDT Subject: Makeing MagicMoney worth something. In-Reply-To: <9405171709.AA04301@ah.com> Message-ID: <9405171933.AA71221@acs5.acs.ucalgary.ca> First I'd like to announce that I'm back on the list. Guess all the xcitement is over, huh? -- Eric Hughes wrote: > > And suppose that I promised, on the net via a signed > message, to trade MM coins for dolars. [...] > > I don't belive I would be running a bank: I would maintain no > deposits for anyone other than myself. > > Nope. You're a bank in this case. A bank is someone who accepts > demand deposits, that is, money they give to you which you give them > back when they want it. It matters not how the value is stored. The > large banks store their value in bank accounts at the Federal Reserve. I'll interject here. You are not a bank, if you structure yourself correctly. What you are, is someone who is issuing redeemable notes. Or alternatively you are a trustee. If I gave money to my escrow agent, to be paid to me when I want it, she would not be a bank. And if you'll pardon me if someone has missed this, (I have been absent for a bit), but the key element in all of these matters is jurisdiction. Who regulates all of this? The answer of course is no one. The idea of adding value to money is very good. But the methodology which should be utilized is to have value added in one jurisdiction while redemption is in another. The actual storage of value could be in a third. This is the underlying mechanics. BUT, THE LOCATION OF THE BANK is nowhere, since it is in cyberspace (gads, I HATE that word). Unfortunately, too many people are focusing on the net as a way of communicating between locations rather than as an organism unto itself. Let me give a quick example. How difficult would it be to use a system of anonymous remailers, as a large scale machine. Each mailer uses it's latency to communicate it's bit. True each, bit is on a physical machine as an electronic impulse, but that bit is meaning less. It is indistinguishable from any other. This would mean that the bank, would be everywhere simultaneously, without being anywhere at all. It shouldn't be too difficult to ensure that no bit is critical, and that each bit is expendable Comments anyone. -- Istvan From dave.hodgins at canrem.com Tue May 17 13:21:33 1994 From: dave.hodgins at canrem.com (Dave Hodgins) Date: Tue, 17 May 94 13:21:33 PDT Subject: PGP 2.6 Message-ID: <60.53649.104.0C19EA54@canrem.com> ********** Original From: DAVE HODGINS * CARBON * To: ALL * COPY * Date/Number: 05/17/94 - Not Yet Posted ********** On: CRS - 5207 - U-AltSecurPGP ----------------------------------------------------------------------- In response to a request, to have canrem.com added to MIT's list of Canadian sites, I've just received a response indicating that pgp 2.5 has been removed from the MIT servers. The message states that PGP 2.6 will be released, probably next week, after a new release of rsaref is out. The new version will be "upgraded", to be incompatible with earlier versions, in order to protect the patent rights of rsadsi. Regards, Dave Hodgins. cc: ALL in 6525 on CRS ALL in 1139 on CRS --- * RM 1.3 00820 * Internet:Dave.Hodgins at Canrem.com Rime->118 Fido(1:229/15) From fnerd at smds.com Tue May 17 16:13:03 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Tue, 17 May 94 16:13:03 PDT Subject: possible anti-mandatory-clipper constitutional angle? Message-ID: <9405172132.AA08012@smds.com> R. David Murry suggests- > ...someone else may already have brought this up, but... > > A government mandante for key-escrow encryption in all communication > devices would be the information-age equivalent of the government requiring > private citizens to quarter troups in their home. One of (Michael) "Swaine's Flames" in a recent Dr. Dobb's had this angle. It was an imaginary trial about a government-mandated anti-virus-virus. Zeke Palmer says- > I suspect that you'd have a lot of trouble convincing the > technologically ignorant that something electronic could be at all > like quartering troops in your home. I'm not sure the unwashed will be wildly enthusiastic about this idea, but then they did seem to be against Clipper in that Newsweek poll. In any case it's a good principle: people and businesses shouldn't be required or even asked to install government peacekeeping or law-enforcing equipment in their homes. It also applies to the proposals that telephone companies be required to put provisions for wiretaps into their equipment. -fnerd quote me - - - - - - - - - - - - - - - and i dreamed i was flying high up above my eyes could clearly see the statue of liberty sailing away to sea --Paul Simon -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From klbarrus at owlnet.rice.edu Tue May 17 16:24:04 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 17 May 94 16:24:04 PDT Subject: DH key exchange Message-ID: <9405172323.AA13699@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- > rsaref-2.0. I didn't find any decent programming examples, just a > list of function calls, which is next to useless without sample code, Actually, there is some sample code - for example, in the rdemo directory is the file dhdemo.c, which is a demo of the DH extensions to RSAREF. An example (all worked out) of a DH key exchange is available at the gopher site (chaos.bsu.edu) in the Protocols directory. Karl Barrus klbarrus at owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdlRvoOA7OpLWtYzAQHqCwP/bKxrqeDx+d4VZTIc4973tLyGZG00rdFh hDjfHUbzhxceKUQSmVdzDKE2vtEsNu7wo+bp7drW8T3e9dgQ+UDV9lAPnVS+E0E2 /nTojiJ4xNzYG1P9qGTSyPGiNUPRyy15TRTbUZZsAkzSZdrmE+ZoK/iUO/9SH48w upD3+f7Di0Y= =wNTN -----END PGP SIGNATURE----- From sandfort at crl.com Tue May 17 16:53:38 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 17 May 94 16:53:38 PDT Subject: FUTURE SEX Message-ID: Julf, I saw the following item in issue #6 of FUTURE SEX magazine. Are you charging for your service now (okay by me), or is someone trying to piggyback off of you? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PLAIN BROWN EMAIL Folks flock to the Net for uncensored sex discussions, but no matter how anonymously written the text may seem, it lays bare many users' identities for the entire world to see. Those who can't withstand the exposure are starting to go through anonymous servers, the Net equivalent of a plain brown wrapper. The servers replace a sender's email address with a personal code. Penet.fi is by far the busiest, and it can route anonymous postings to any group on Usenet. For more information (including prices) send a request to help at penet.fi. --Alyssa Katz ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ S a n d y From usmc at connected.com Tue May 17 16:58:15 1994 From: usmc at connected.com (David Dahn) Date: Tue, 17 May 94 16:58:15 PDT Subject: mutual interest In-Reply-To: <199404250404.VAA02918@sleepy.retix.com> Message-ID: It is a form of encryption developed to insure a sense of privacy. I, and the others concerned, would hope you can appreciate that. But, thank you for your interest and concern.....Best Regards.....USMC On Sun, 24 Apr 1994, joshua geller wrote: > > you four will probably recall that I have just entered and left > your encrypted channel on IRC. this message is crossposted to > the cypherpunks mailing list; I, and I am sure other members of > this list would be interested in the details of your encryption > scheme, if any of you are willing to share. > > regards, > josh > From bart at netcom.com Tue May 17 17:38:24 1994 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 17 May 94 17:38:24 PDT Subject: Wouldn't it be nice,II In-Reply-To: <9405170630.aa21121@deeptht.armory.com> Message-ID: <199405180038.RAA27608@netcom.com> > > > to notify all those lost Cypherpunks that they may resubscribe > > if they wish to. Majordomo reports 295 subscribers just now, > > I thought it was nice the way it is... Seriously, I got a mass mail > message informing me that the list was wiped and to resubscribe. I got early notice but never saw the mass mailing. Perhaps because I quickly resubscribed I was not "one of the mass". Pardon my late goodwill. From tcmay at netcom.com Tue May 17 17:49:08 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 17 May 94 17:49:08 PDT Subject: Form Letter, for "What Happened to the List?" In-Reply-To: <199405180038.RAA27608@netcom.com> Message-ID: <199405180049.RAA28765@netcom.com> > > > > > to notify all those lost Cypherpunks that they may resubscribe > > > if they wish to. Majordomo reports 295 subscribers just now, > > > > I thought it was nice the way it is... Seriously, I got a mass mail > > message informing me that the list was wiped and to resubscribe. > > I got early notice but never saw the mass mailing. Perhaps because > I quickly resubscribed I was not "one of the mass". Pardon my > late goodwill. I believe the "mass mailing" was done by Mike Ingle, and was based on his list of who posted to the list in some period. (Bart, you should've gotten it, as you'd made posts in that period.) I prepared a form letter right after the outage and have been bouncing it back to those who send "What happened?" messages either to me or to the list (blindly). This has dwindled down from several per day to an average of one per day lately. Restoring the list subscription from backups (I presume backups of toad are made...) may be possible, but knowing how to use majordomo is a kind of basic competency test, one could argue, and the list is now presumably pruned of dead-end addresses and gateways to knowhere. Anyone still in the dark who hasn't at least sent a message to majordomo, to the list in general, or to one of the frequent posters, is probably happier off the list. Here's my form letter, which you are welcome to bounce to anyone who happens to ask you what happened. THIS IS A FORM LETTER (to save me having to type the same stuff) You have asked what happened to the Cypherpunks list. I don't know, but as of Sunday night, 8 May, there were only about a dozen or so subscribers. Apparently something happened to the list. I have messages in to Eric Hughes and Hugh Daniel. The subscriber list may get restored. I don't know. [More recent news: The problem is being worked on. Meanwhile, people are gradually resubscribing manually. Instructions below.] You can also resubscribe by sending a message to majordomo at toad.com with this as the body: subscribe cypherpunks If this is successful, you'll get a confirmation message within a few minutes. Volume is likely to be low, until things get back to normal. I hope this helps. --Tim May, not acting officially on behalf of the list. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From friedman at gnu.ai.mit.edu Tue May 17 17:49:32 1994 From: friedman at gnu.ai.mit.edu (Noah Friedman) Date: Tue, 17 May 1994 17:49:32 -0700 Subject: [bostic@vangogh.cs.berkeley.edu: RSAREF license makes PGP 2.5 useless for nearly all applications] Message-ID: FYI, some interesting notes about RSAREF. ------- start of forwarded message (RFC 934) ------- From: bostic at vangogh.cs.berkeley.edu (Keith Bostic) To: /dev/null at python.bostic.com Subject: RSAREF license makes PGP 2.5 useless for nearly all applications Date: Tue, 17 May 1994 15:38:36 -0400 To catch everyone up, it's been widely reported that the Electronic Frontier Foundation is making version 2.5 of Pretty Good Privacy (PGP) available via anonymous ftp. That's Good. However, quoting from the EFF announcement, PGP 2.5 is built upon the "free RSAREF encryption functions, rather than the previous RSA functions which required a special licensing arrangement for use in applications like PGP." That's Bad. The "free RSAREF encryption functions" are singularly free of any hint of free-ness. The license is attached for your reading pleasure. The synopsis is as follows. To get access to PGP you have to: + Read the RSAREF license + Send the following by electronic mail to an EFF email address: Yes, I acknowledge that I have read the RSAREF Program License Agreement, version 2.0, March 16, 1994. I agree to be bound by its terms and conditions in my use of RSAREF and/or any programs that use it. YES, I am a U.S. or Canadian citizen and/or permanent resident. The license itself has some interesting conditions: You may only modify the software for "porting or performance improvement purposes". The interface is, however, excepted, and you may only change that if you get permission (in writing) from RSA. RSA states they "will grant all reasonable requests" for permission. That's a relief. You have to give RSA source copies and unlimited redistribution rights for any application that you change to work with the RSA code. 1) So, you've got some application you market. You figure that you can make the code work with the RSA functions, and the buyer can then do the integration if they want RSA functionality. Sorry, but that's only permitted if you give RSA the right to give away your software. 2) Well, you say, how about internal use? Let's say you've bought the OfficePower office automation system for N million dollars, and you want to change it to use RSA email. All you have to do now is get permission to give away the Computer Consoles Inc.'s software. RSA explicitly grants you the right to copy the software for back-up purposes, but makes no mention of any other copying. And, RSA says, explicitly, that you may not copy it for any reason not expressly provided for by the license. I'm not sure what this means, and I'm really confused as to how you can get it on another distribution tape. My guess is that the EFF violated their license when they moved the software to their ftp distribution area. You can't use the RSA software for ANYTHING that generates revenue. 1) Let's say you run a bulletin board service and you want to provide secure email to the users. Forget it, the license says you can't use the RSA software to "provide services to others for which you are compensated in any manner". 2) Well, what if you're the Free Software Foundation, or UUNET, and you want to include it on your distribution tapes. No chance. Not only are you disallowed from charging any amount for the distribution tape, but you have to get written assurances from everyone that buys the tape that they won't use the software to generate revenue. Finally, it gets worse. Paul Borman sent email to RSA asking about some of this. Here's an excerpt: > From: Paul Borman > > ... > > Basically, I asked that if I had a program, say a mail program, that > called PGP 2.5 as a filter to encrypt some mail I was sending out, > would I have to give my mail program (which may be licensed from > someone else) to RSA according to the RSAREF license. The response > was: > >> Date: Tue, 17 May 94 09:19:36 PDT >> From: jim at RSA.COM (Jim Bidzos) >> >> A program that calls or incorporates a program that incorporates >> RSAREF would need to be subject to the RSAREF license as well, >> otherwise one could just write App Programs in two parts... Paul then correctly points out that init calls getty, which calls login, which calls the shell, which calls mail, which uses the RSA software. Wonder if I can get Novell to give me permission to send RSA a source copy of UNIX, System V? I'm an EFF member, I think a lot of the organization, and I believe that it provides useful services to me. That said, this wasn't one of them. - --keith =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= RSA LABORATORIES PROGRAM LICENSE AGREEMENT Version 2.0 March 16, 1994 RSA LABORATORIES, A DIVISION OF RSA DATA SECURITY, INC. ("RSA") GRANTS YOU A LICENSE AS FOLLOWS TO THE "RSAREF" PROGRAM: 1. LICENSE. RSA grants you a non-exclusive, non-transferable, perpetual (subject to the conditions of Section 8) license for the "RSAREF" program (the "Program") and its associated documentation, subject to all of the following terms and conditions: a. to use the Program on any computer; b. to make copies of the Program for back-up purposes; c. to modify the Program in any manner for porting or performance improvement purposes (subject to Section 2) or to incorporate the Program into other computer programs for your own personal or internal use, provided that you provide RSA with a copy of any such modification or Application Program by electronic mail, and grant RSA a perpetual, royalty-free license to use and distribute such modifications and Application Programs on the terms set forth in this Agreement. d. to copy and distribute the Program and Application Programs in accordance with the limitations set forth in Section 2. "Application Programs" are programs which incorporate all or any portion of the Program in any form. The restrictions imposed on Application Programs in this Agreement shall not apply to any software which, through the mere aggregation on distribution media, is co-located or stored with the Program. 2. LIMITATIONS ON LICENSE. a. RSA owns the Program and its associated documentation and all copyrights therein. You may only use, copy, modify and distribute the Program as expressly provided for in this Agreement. You must reproduce and include this Agreement, RSA's copyright notices and disclaimer of warranty on any copy and its associated documentation. The Program and any Application programs must be distributed with their source code. b. The Program may not be used directly for revenue-generating purposes. You may not: (i) use the Program to provide services to others for which you are compensated in any manner; (ii) license or otherwise distribute any Application Program in any manner that generates income to you, including without limitation any income on account of license fees, royalties, maintenance fees and upgrade fees; and (iii) license or otherwise distribute any Application Program without the express written acknowledgment of the end user that the Program will not be used in connection with any revenue-generating activity of the end user. Nothing in this paragraph prohibits you from using the Program or any Application Program solely for internal purposes on the premises of a business which is engaged in revenue-generating activities. c. The Program, if modified, must carry prominent notices stating that changes have been made, and the dates of any such changes. d. Prior permission from RSA in writing is required for any modifications that access the Program through ways other than the published Program interface or for modifications to the Program interface. RSA will grant all reasonable requests for permission to make such modifications. 3. NO RSA OBLIGATION. You are solely responsible for all of your costs and expenses incurred in connection with the distribution of the Program or any Application Program hereunder, and RSA shall have no liability, obligation or responsibility therefor. RSA shall have no obligation to provide maintenance, support, upgrades or new releases to you or to any distributee of the Program or any Application Program. 4. NO WARRANTY OF PERFORMANCE. THE PROGRAM AND ITS ASSOCIATED DOCUMENTATION ARE LICENSED "AS IS" WITHOUT WARRANTY AS TO THEIR PERFORMANCE, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF THE PROGRAM IS ASSUMED BY YOU AND YOUR DISTRIBUTEES. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU AND YOUR DISTRIBUTEES (AND NOT RSA) ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 5. LIMITATION OF LIABILITY. EXCEPT AS EXPRESSLY PROVIDED FOR IN SECTION 6 HEREINUNDER, NEITHER RSA NOR ANY OTHER PERSON WHO HAS BEEN INVOLVED IN THE CREATION, PRODUCTION, OR DELIVERY OF THE PROGRAM SHALL BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF RSA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 6. PATENT INFRINGEMENT OBLIGATION. Subject to the limitations set forth below, RSA, at its own expense, shall: (i) defend, or at its option settle, any claim, suit or proceeding against you on the basis of infringement of any United States patent in the field of cryptography by the unmodified Program; and (ii) pay any final judgment or settlement entered against you on such issue in any such suit or proceeding defended by RSA. The obligations of RSA under this Section 6 are subject to: (i) RSA's having sole control of the defense of any such claim, suit or proceeding; (ii) your notifying RSA promptly in writing of each such claim, suit or proceeding and giving RSA authority to proceed as stated in this Section 6; and (iii) your giving RSA all information known to you relating to such claim, suit or proceeding and cooperating with RSA to defend any such claim, suit or proceeding. RSA shall have no obligation under this Section 6 with respect to any claim to the extent it is based upon (a) use of the Program as modified by any person other than RSA or use of any Application Program, where use of the unmodified Program would not constitute an infringement, or (b) use of the Program in a manner other than that permitted by this Agreement. THIS SECTION 6 SETS FORTH RSA'S ENTIRE OBLIGATION AND YOUR EXCLUSIVE REMEDIES CONCERNING CLAIMS FOR PROPRIETARY RIGHTS INFRINGEMENT. NOTE: Portions of the Program practice methods described in and subject to U.S. Patents Nos. 4,200,770, 4,218,582 and 4,405,829, and all foreign counterparts and equivalents, issued to Leland Stanford Jr. University and to Massachusetts Institute of Technology. Such patents are licensed to RSA by Public Key Partners of Sunnyvale, California, the holder of exclusive licensing rights. This Agreement does not grant or convey any interest whatsoever in such patents. 7. RSAREF is a non-commercial publication of cryptographic techniques. Portions of RSAREF have been published in the International Security Handbook and the August 1992 issue of Dr. Dobb's Journal. Privacy applications developed with RSAREF may be subject to export controls. If you are located in the United States and develop such applications, you are advised to consult with the State Department's Office of Defense Trade Controls. 8. TERM. The license granted hereunder is effective until terminated. You may terminate it at any time by destroying the Program and its associated documentation. The termination of your license will not result in the termination of the licenses of any distributees who have received rights to the Program through you so long as they are in compliance with the provisions of this license. 9. GENERAL a. This Agreement shall be governed by the laws of the State of California. b. Address all correspondence regarding this license to RSA's electronic mail address , or to RSA Laboratories ATTN: RSAREF Administrator 100 Marine Parkway, Suite 500 Redwood City, CA 94065 ------- end ------- From lile at netcom.com Tue May 17 18:18:03 1994 From: lile at netcom.com (Lile Elam) Date: Tue, 17 May 94 18:18:03 PDT Subject: So PGP2.5 is becoming clearing... Message-ID: <199405180117.SAA05395@netcom.com> Have you seen this? If you would rather that I not send such things to this list, I can do that. let me know, -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jamesd at netcom.com Tue May 17 18:47:56 1994 From: jamesd at netcom.com (James A. Donald) Date: Tue, 17 May 94 18:47:56 PDT Subject: So PGP2.5 is becoming clearing... In-Reply-To: <199405180117.SAA05395@netcom.com> Message-ID: <199405180147.SAA09877@netcom.com> Lile Elam posted the RSA licensing agreement. He thought it was bad. I think it is great. Maybe I do not understand it. If I understand it correctly it gives us the right to fix PGP 2.6 if it is broken. You cannot use it in commercial software directly, but you can write freeware that has hooks in so the freeware can be used by another program or by a human, and then write commercial software that uses those hooks. For example I could write a freeware account management program that generates digitally signed IOUs, and a commercial program that uses the freeware program. Am I missing something? This sounds like the war is over and we won! From dave.hodgins at canrem.com Tue May 17 19:03:37 1994 From: dave.hodgins at canrem.com (Dave Hodgins) Date: Tue, 17 May 94 19:03:37 PDT Subject: PGP 2.6 Message-ID: <60.54301.104.0C19EAE7@canrem.com> Hi all, This is just to inform anyone responding to my message about PGP 2.6, that I've been unable to access my normal source, for copies of messages from the list, since last Friday. I've left a message asking CRSO to look into this, and have sent a subscribe message from my work id, but I doubt I'll see any messages from before my subscription gets processed. Is there any way to obtain a copy of all of the messages since last Friday? Please email me with any responses. BTW, I've sent a message to the person at MIT who informed me about 2.6, asking him if it's ok if I post a copy of his message to the list. If he approves (and I haven't seen any similar messages posted by then), I'll post it. Thanks, Dave Hodgins. --- * RM 1.3 00820 * Internet:Dave.Hodgins at Canrem.com Rime->118 Fido(1:229/15) From Richard.Johnson at Colorado.EDU Tue May 17 19:51:45 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Tue, 17 May 94 19:51:45 PDT Subject: So PGP2.5 is becoming clearing... In-Reply-To: <199405180117.SAA05395@netcom.com> Message-ID: <199405180251.UAA12436@spot.Colorado.EDU> Lile Elam graciously forwarded some comments about the March 16 RSAREF license to us. ...[Mucho FUD (maybe warranted) about the RSAREF license excised.] Overall, the license is OK, if a bit stupid in places. Rather than deal with supposition, let's get right to specifics in the license itself. Note that I'm not a lawyer, though my Mom wanted me to be one. Anything that looks like legal advice in the following is just mere uninformed supposition on my part. --------- > RSA LABORATORIES PROGRAM LICENSE AGREEMENT Version 2.0 March 16, 1994 > 1. c. to modify the Program in any manner for porting or > performance improvement purposes (subject to Section 2) > or to incorporate the Program into other computer programs > for your own personal or internal use, provided that you > provide RSA with a copy of any such modification or > Application Program by electronic mail, and grant RSA a > perpetual, royalty-free license to use and distribute such > modifications and Application Programs on the terms set > forth in this Agreement. "Performance improvement" purposes can obviously include allowing more secure performance via longer (2048 bits anyone?) keys. Note that the license suddenly starts referring to "Application Program" in 1.c. The implicitly explict ;-) definition of "Application Program" is "other computer programs for your own personal or internal use" into which the RSAREF Program is "incorporated". The license later defines this term explicitly, in line with the implicit use above. The key here is "incorporated". Since RSAREF is designed as a C library, the only way to "incorporate" it is to call its functions from a program. Thus, if you don't call specific RSAREF functions, you're not "incorporating" RSAREF. "Incorporation" of RSAREF is thus not transitive. Only "Application Program"s that "incorporate" RSAREF must be given to RSA. According to these definitions, PGP (which incorporates RSAREF) must be given to RSA. A mail user agent that uses PGP, however, does not "incorporate" RSAREF. Likewise, neither does an OS that allows the mail user agent to employ PGP. PGP is the only program that "incorporates" RSAREF here. RSA is thus not asking for sources to the entire OS. d. to copy and distribute the Program and Application Programs in accordance with the limitations set forth in Section 2. We can thus freely copy and distribute RSAREF and whatever we build that "incorporates" it. The section 2. restrictions: require us to distribute source along with any executables we produce (like the original FSF license did), require us to include the RSAREF license (similar to FSF copyleft), and require us to get "written" assurance from recipients that they will not use it for revenue generation (onerous and weird, but doable). One point about this really bugs me, though. We cannot generate "income" from distribution of RSAREF-incorporating application programs. Normally, I would not include recovering costs for distribution media/time/bandwidth and shipping/handling as "income". However, they make no explicit acknowledgement of this. If you do charge for BBS memberships, on-line accounts, or disks at your user group meeting, you should probably make it explicitly clear that you are not charging for specific programs, but for the media no matter what the user is going to do with it. In simple terms, RSA wants a cut if you make money (or try to) using their RSAREF mess. If you want to do that, the best approach would be to skip RSAREF and license the use of a more capable and extensible library from RSA. Richard From hughes at ah.com Tue May 17 22:14:26 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 17 May 94 22:14:26 PDT Subject: Makeing MagicMoney worth something. In-Reply-To: <9405171933.AA71221@acs5.acs.ucalgary.ca> Message-ID: <9405180517.AA05379@ah.com> > Nope. You're a bank in this case. A bank is someone who accepts > demand deposits, that is, money they give to you which you give them > back when they want it. What you are, is someone who is issuing redeemable notes. Issuing notes will not, _per se_, make you a bank. Or alternatively you are a trustee. If I gave money to my escrow agent, to be paid to me when I want it, she would not be a bank. If the value transferred is liquid, and the payment is made upon demand, then, in fact, you are a bank, regardless of what else you might call yourself. This is the case in the USA. Canada certainly varies, as does the rest of the world. [...] but the key element in all of these matters is jurisdiction. Who regulates all of this? The answer of course is no one. This is a rather hasty conclusion. The real answer is that a country will attempt to regulate this activity if it feels like it can argue jurisdiction and win. The easiest barrier to erect is to get some country to claim jurisdiction; the others will then generally stay away with their courts. If there is no stated location, then a country can simply claim jurisdiction if some of the facts of the situation give it an arguable jurisdiction. If, for example, the computers for a cypherspace bank are known to be in the USA and the bank claims to be outside USA jurisdiction, guess who wins. This would mean that the bank, would be everywhere simultaneously, without being anywhere at all. One can imagine all sorts of things, but architectures that can be built and economically deployed are much more important than vague characteristics. The problem of making a jurisdiction-less bank is a mighty difficult one, and it behooves those who wish to discuss it to ground their comments in economic and political realpolitik. Eric From hughes at ah.com Tue May 17 22:42:51 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 17 May 94 22:42:51 PDT Subject: Rabin In-Reply-To: <9405170239.AA23367@flammulated.owlnet.rice.edu> Message-ID: <9405180544.AA05445@ah.com> Karl posted a good answer about square roots modulo a Blum integer. I'd like to explain some of the context for this math. Recall that a multiplicative group modulo n=pq is the product of two multiplicative groups modulo p and modulo q. That is, Z^*/nZ =~= Z^*/pZ x Z^*/qZ (The superscript asterisks denote multiplication.) So an element of Z/nZ can be represented by an ordered pair of residues mod p and mod q. This same situation explains why there is another decryption exponent in RSA, a previous thread. Anyway, if p is prime, then every square mod p has two square roots. When p = 3 (mod 4), these square roots are easy to find. See the article in the current MAA Monthly for a discussion of the other case. If is a square in Z/nZ, then each component m and n must also be a square. Thus if =, there are four possible square roots , , <-a,b>, and <-a,-b>. These are additive inverses in one pairing and conjugates in the other. For completeness, it should be noted that the set of all squares of a group is a subgroup. The commutative case is easy; the non-commutative case is much harder. It is a good exercise to calculate some square groups, to see how they generally behave, for example, properties about their sizes. Karl's explanations of using the Chinese remainder theorem to get the canonical representations is fine, as is his observation about the error in Schneier's text, although n-x = x (mod n), so the "n -" part is unnecessary. Eric From anonymous at extropia.wimsey.com Tue May 17 23:09:48 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 17 May 94 23:09:48 PDT Subject: [ANON] War in rec.guns Message-ID: <199405180537.AA06049@xtropia> [[Reply-To: john.nieder at tigerteam.org]] * Reply to msg originally in TlkPolGuns -=> Quoting Joe at freemansoft.com to All <=- > -=> Quoting John Nieder <=- > Secondly, a lot of folks do not feel easy about posting to ANY > gun-related list or group because of employer, social or other prejudice > to which they may be subjected. If a joe.victim at anti-gun.widget.com > wants to use a simple remailer for putting a little shade on his > participation, I don't feel it's anyone else's business; "caution is not > cowardice and carelessness is not courage." More importantly, it's > nobody else's _problem_ as long as the content of the post is not > objectionable. Jo> So censorship is allowable if the post is objectionable? I didn't say that, nor mean it. All I said was that there isn't a _problem_ unless it's in the content, just as with any other message in a newsgroup. The fact that a remailer is used in itself doesn't create a problem in its posting of an otherwise benign message. See? Jo> Wouldn't Jo> that mean the moderator has to make more subjective judgements? I don't know, but if he was killing messages, he'd at least have to have a reason. Someone's address isn't one. The moderator in question here (rec.guns) subjectively censors my messages because of content, if that's your point. Jo> How Jo> long would it be before someone started yelling "outst the moderator" Jo> due to "subjective rejection criterea"? Well, I for one already am. Rejection of otherwise benign technical posts for no other reason than having been gated through a remailer, even non-anonymously with Reply-To: fields and sigs, is about as subjective and arbitrary a rejection criterion as I can personally imagine, especially in view of all the absolutely junk posts that do pass muster. Jo> I assume that some of this Jo> is with reguards to rec.guns. Most of it, yes, at the moment. Jo> The moderator there does an excellent Jo> job even if a little too much political stuff occasionally creeps in. Particularly his irrational fear of remailered posts. Pure politics. |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| | * CP2A * PGP Key # E27937 on all servers | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| |"If you love wealth better than liberty, the tranquility of servitude | | better than the animating contest of freedom, go home from us in | | peace. We ask not your counsels or arms. Crouch down and lick the | | hands which feed you. May your chains set lightly upon you, and may | |posterity forget that ye were our countrymen." -- Samuel Adams, 1776| |=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-| |BOYCOTT: Pepsico & Gillette| |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| From gwt at eskimo.com Tue May 17 23:14:31 1994 From: gwt at eskimo.com (George Taylor) Date: Tue, 17 May 94 23:14:31 PDT Subject: Schneier book 20% off Message-ID: <199405180614.AA08119@eskimo.com> Tower Books is offering Schneier's _Applied Cryptography_ at 20% off list. I saw it in the Bellevue, WA, store, and the saleperson said the sale was national. Everyone on this list probably has the book, but I thought the info might be useful if you refer anyone to the book. I don't know how long the deal will last. -George gwt at eskimo.com From danisch at ira.uka.de Wed May 18 02:51:53 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Wed, 18 May 94 02:51:53 PDT Subject: Anyone else working on encrypting phone? Message-ID: <9405180949.AA01574@deathstar.iaks.ira.uka.de> Hello, is anyone else working on encrypting phone? regards Hadmut From jkreznar at ininx.com Wed May 18 03:44:08 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 18 May 94 03:44:08 PDT Subject: So PGP2.5 is becoming clearing... In-Reply-To: <199405180147.SAA09877@netcom.com> Message-ID: <9405181043.AA24163@ininx> -----BEGIN PGP SIGNED MESSAGE----- > Lile Elam posted the RSA licensing agreement. He thought it > was bad. I think it is great. Maybe I do not understand it. > Am I missing something? This sounds like the war is over > and we won! You would have to consent to be a national person (United States of America or Canada) in order to have it. You wouldn't want to give up your freeman status to do that, would you? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdnwysDhz44ugybJAQHZfQQA0gLlkVbTOG72NR2FyFoKOzFSIPv/AG9k +BoPCZjMqbDexVvWnftlUXizEVoUsM7qJHCN3oOurzntsJvRy0WVVd7HmomkV57l 8JC7yFBUI9Ogw/txa/I9+sVWymcKfTC6s7exIO7NDCX7pWu+nLuKDS+xZ4xfgaSN MVdryFgx3Ww= =XQNM -----END PGP SIGNATURE----- From crame001 at hio.tem.nhl.nl Wed May 18 03:57:45 1994 From: crame001 at hio.tem.nhl.nl (ER CRAMER) Date: Wed, 18 May 94 03:57:45 PDT Subject: Who did win??? Message-ID: <9405181153.AA00441@hio.tem.nhl.nl> I read a message that the 'american' had won the 'RSA war'. I think the loose. Because we can still send private messages to the states with PGP 2.3a but they can't sent private messages out of the states... So, really? Who did win??? ... If you outlaw Privacy, only the Outlaws will have Privacy! Eelco Cramer ------ -------------------------------------------------- From frissell at panix.com Wed May 18 08:32:24 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 18 May 94 08:32:24 PDT Subject: What Happened Message-ID: Note that Extropians suffered a similar subscriber's file wipe last weekend. Coincidence? or DOS attack? They had weekly backups so there was no effect. DCF "Dead White European Males didn't have World Domination handed them on a silver platter. They had to *earn* it. When they started out, they were blue-painted savages living in a cold, underpopulated territory far removed from the centers of civilization in the Mediterranean and Arab worlds. We could give up this power to various whining dregs of humanity without a fight but that would be unfair to them. 'What we achieve too easily we esteem too lightly' etc. I'm afraid you all are going to have to work for a living. So sorry." --- WinQwk 2.0b#1165 From perry at imsi.com Wed May 18 08:33:27 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 May 94 08:33:27 PDT Subject: Anyone else working on encrypting phone? In-Reply-To: <9405180949.AA01574@deathstar.iaks.ira.uka.de> Message-ID: <9405181229.AA02222@snark.imsi.com> Hadmut Danisch says: > is anyone else working on encrypting phone? There are several projects in progress. Perry From perry at imsi.com Wed May 18 08:33:34 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 May 94 08:33:34 PDT Subject: So PGP2.5 is becoming clearing... In-Reply-To: <9405181043.AA24163@ininx> Message-ID: <9405181235.AA02236@snark.imsi.com> John E. Kreznar says: > You would have to consent to be a national person (United States of > America or Canada) in order to have it. You wouldn't want to give up > your freeman status to do that, would you? Given that to my knowledge no court, federal official, or other organization that counts recognises "freeman status" to my knowledge, it would seem to be a very small loss. .pm From perry at imsi.com Wed May 18 08:34:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 May 94 08:34:10 PDT Subject: Makeing MagicMoney worth something. In-Reply-To: <9405180517.AA05379@ah.com> Message-ID: <9405181227.AA02210@snark.imsi.com> Eric Hughes says: > If the value transferred is liquid, and the payment is made upon > demand, then, in fact, you are a bank, regardless of what else you > might call yourself. This is the case in the USA. Canada certainly > varies, as does the rest of the world. Well, there is ONE subtlety -- entities like mutual funds and securities broker/dealers are not considered banks qua banks under American law -- they are, of course, even more stringently regulated anyway. There are various subtleties that say whether you come under Fed or under SEC regulation. Perry From hugh at ecotone.toad.com Wed May 18 08:51:05 1994 From: hugh at ecotone.toad.com (Hugh Daniel) Date: Wed, 18 May 94 08:51:05 PDT Subject: Notes on getting a business on the Internet Message-ID: <9405181549.AA00436@ ecotone.toad.com> At the April San Francisco Bay Area Cypherpunks meeting I gave a talk on what it takes to get a small business on the Internet to provide some service. Most of the talk was on very technical gnunk dealing with telecom equipment & lines as well as finding and starting up IP service. I have been asked many times for the notes, lists and tables I used in the talk, so after (not enough) editing and some expansion so that they would make some sense out of the context of the meeting here they are. Do note the new section on Frame Relay, as I got updated on the changes in Frame Relay after the April meeting. ||ugh Daniel hugh at toad.com # # notes.on.internet -- A list of questions and resources. # by ||ugh Daniel 1994/04/09 # # RCSID $Id: notes.on.internet,v 1.6 1994/05/18 15:48:08 hugh Exp $ # # Copyright 1994 by Hugh Daniel # Permission is granted for non-profit net distribution. # Comments, questions, permission, consulting or correspondence works # best with me over the net, use hugh at toad.com or hugh at xanadu.com. I # I can also be reached via telephone at +1 415 473 0669 or by snail # mail via: # Hugh Daniel, 210 Clayton Street, San Francisco, California 94117-1914 Getting_your_biz_on_the_Internet If you are thinking of doing that bright new network business idea of yours, here are a few questions to lead you through some of the maze that is the networking world of today. Mostly this note focuses on one of the middle parts of the problem, getting your self on the net in such a way that you can provide that great new network service. There are many ways to get on today's Internet, and things are changing fast, what was a good idea or product last month is often the slow dumb way to do things this month. Keep asking questions, watch out for new services and tariff's as they might be much better or cheaper that what you are planing right now, even if you got it out of these notes! Note that you might be able to buy the networking services you need from a vendor currently on the net, and this note does not deal with that. You can likely also find someone, maybe in the role of a consultant, who can help you do much of this work, this can be a very valuable service. After you are on the net there is much left to do, and hopefully there are a few useful pointers here to get you going in the right direction. This file was built out of my notes for a talk given in April 1994 about how to get a small business on the Internet and providing a service. Remember that its usefulness and your mileage will vary. Good luck! * Contents Getting Hooked Up Get your idea and business structure together first Decide whom your first target market should be What sort of connection do you/they need to each other? Which IP provider do you want to buy from? Questions to ask prospective IP providers Netiquette Provide information about your service via the net itself! Resources An example of comparing IP providers Frame Relay Acronym's Phone number de-construction Leased line providers in the SF Bay Area SF Bay Area IP providers Some National IP Providers Useful Books and Readings Government Service Providers Datacom Hardware Beam Cast & Broad Cast systems PacBell ISDN Questionnaire Online Resources UseNet NetNews Groups Telecommunications speeds * Getting Hooked Up ** Get your idea and business structure together first If you do not know what you want to do, then you will be lost from the get-go. Write up your idea, see if others get the idea, ask them if they would buy (don't stop if they say no, but this gives you an idea who your market is and is not). Your biz idea needs to be clear to yourself, as you will need to explain it to many folks along the way (like the folks who are working for you trying to do it!). Get your business act together, in the USA this can seem (and likely is) a huge waste of time and effert, but having a structure that you can work with as things grow is important. It just might keep the government off your back as well. ** Decide whom your first target market should be Do you have the software?, networking protocols? Do they have the money to pay? Etc. ** What sort of connection do you/they need to each other? Look at whom you wish to serve with what. Where are they? How are you going to reach them? What do they already know how to do? How far can you push them (new tech.) before they burn out? Will they buy faster modems/ISDN/FRAD's to talk to you? ** Which IP provider do you want to buy from? Ok, you have thought about things and decided that you need to put your shiny new service on the Internet your self. Now you have to decide on whom to purchase your IP feed from, and that can be tricky to say the least. Here are some questions to ask your self, and then some more to ask of IP providers, phone company etc. *** Questions to ask yourself first: Do you know enough to run your own Box (Un*x or what ever) at as commercial service? Do you know enough about networks, firewalls, telecom and the like to do set this up? Do you understand overbooking? (It's standard in networking) What sites are best for a POP? Is it near a RBOC CO? What city's have the largest local area coverage? What types services might you be providing, what data rates. Interactive? Batch? Client/Server? FrontEnd/BackEnd? Do you understand Through put vs. instantaneous transfer rate. (100K per hour vs. Latency, say 56K=10ms or T1=3ms,) Do you know how to set up a secure, stable, central POP? Do you need a Service Provider or a Network IP Provider. Some things can be done just fine at a service (they run a machine for you on the Internet). Are you willing to learn enough to do all this? Know you major wire telecom methods: Modem 300bps thorough 28.8k bps dial-up or full time Leased line 56k bps or T1 ISDN 2B+D 64k, 112k, 128k, 142k Frame Relay 56, 128, 348, 512, T1 (Pacific Bell) Beyond common `current' Needs... T3/DS3, FDDI, ATM/SONET, X.25, BeamCast Now go shopping for a: IP Provider Wire (Leased Line, Microwave, etc.) POP (secure room) judge on: contract Can you do what you biz needs under this contract? price Is the products value to your biz worth the cost? support: Structure (Do they have an organization that can handle both executive and technical problems so that you have little or no down time?) Do they have skilled People Do they provide Guarantees? (a guarantee says that if they screw up you get something beyond "sorry", the service is backed up with more then the sales persons word.) Before calling around for hardware, leased lines and IP do your homework, read up in NetNews, some of the books and poke around some of the better WWW and FTP servers educating your self. (See later in this file for some useful references.) You will ask better questions. *** Questions to ask prospective IP providers: --- Wiring questions: Where is your nearest POP to my site? Do you have a 24 hour staffed trouble hot line? What is your trouble reporting and tracking system? How far is it from my wall plug to first point where a single point failure will NOT interrupt my service from you? Will you provide both a logical and physical a map of your IP interconnect to other the IP networks? --- IP questions: Do you provide the leased line, DSU/CSU, and/or IP router? (Some will sell/lease these to you for extra $$) Do you require that I have a certain DSU/CSU or Modem? Do you require that my gateway router be from some vendor? How many routes will you advertise to the net for me? Can your system route the MBONE to our router? Do you have any restrictions on how I use my IP feed? Are you a CIX member? Do you have a WWW/FTP or gopher site? Do you have email to your NOC, sales or executive employs? --- Contract questions: What service guarantees do you provide? Under what circumstances will you pull my IP feed? Will you email/www/snailmail a copy of the IP service contract now (so you can pick nits in it and maybe ask them to CHANGE it for you!)? What is your policy on overbooking of bandwidth, when will you put in more bandwidth to me if my line if way too overbooked? How much is the install price of <56K, T1, etc.> service? How much is the monthly price of <56K, T1, etc.> service? Do you have alternative payment plans (pay ahead, pay install costs over X months, etc.)? Which (if any) PUC tariff is this service offered under? Do more homework, is there a better tariff that your PUC forces your phone company to sell but they did not tell you about? Build a spread sheet of the possible, make your choices. Sign your contracts for POP space, leases lines, IP etc. Make sure you have more then one person who can get into the POP to fix things, 24hours a day even! Remember now that physical security is the first step to a secure and well run system. Time to Buy things for your POP: VOM Tester DSU/CSU Router Service Box (UNIX, terminal servers, etc.) UPS Remote control Rack Fire Extinguisher. Lots of cables Labeler gun Register your self with the DNS. Getting things up can take days, allow time for it. Get your service machine up. Do your first security pass BEFORE your net connection comes up. Now is the time to install crypto protocol services. Do a backup BEFORE you get on the net... Get your connection up, trace wire problems from the ends in. Get IP packets flowing, routing. Test your IP throughput, know what its parameters are as your line may never be this idle again. Get your email working first, you need these aliases: postmaster info and your users will likely want: admin support Get your WWW working (or advertise else how on the net). Get listed on the various WWW Biz pages: http://www.eit.com/demos/storefronts.html http://tns-www.lcs.mit.edu/commerce.html Get listed in the IBP (Internet Biz Pages) (info at msen.com) Do backups. Tune into Net Culture, there are some netnews groups with cultural norms, read up on them now: news.announce.important news.announce.newusers Constantly test your service, as it's better you find a problem that to have a user report it. Use it your self, in the same way your users would. Make every customer very happy... Join the EFF. Sell your service, provide value and reap profits from a job well done. Use Free Strong Cryptology! ** Get your your self on the net, learn its ways (Netiquette) Get on a Usenet site and read the postings in news.announce.newusers, it is full of useful information on good Netiquette. You can do this by buying a shell or other type of account that gives you access to the net for email and netnews, downloading etc. before your biz is on the net. ** Provide information about your service via the net itself! Check out the Usenet biz.* groups, this is where you can do business on the Usenet, like advertise your services and/or products. Check out the various WWW servers that have lists of commercial internet WWW sites, see if you can get yours added. Places currently doing such things are eit.com, the GNN (ora.com) and msen.com. Check out the lists of lists and as the -owner's of lists that are related to your biz if it's ok to post an informative message about your service. Ask (politely!)that a reference to your biz be added to the lists FAQ if any. * Resources Here are some random notes, tables and lists that might help you find things you will need. Most of this is targeted to the San Francisco Bay Area, as that is where I have been doing consulting on these topics, though the basic ideas are useful no matter where you are doing telecom. ** An example of comparing IP providers Below is some info that I collected in the process of setting up a site to go in the internet. First there is an example of collecting and comparing some of the data gathered. There there are several sections of useful information that follow. -------- Example Internet Service (IP/TCP) Q&A array ------------------------- Quest/Whom |TLG Sprint BARRNet Alter Netcom ANS PSI CERFnet ---------------+--------------------------------------------------------------- Called | on date | 02/29 02/29 02/29 02/29 never never never status | yes message message message responded on |*1 Mar-03 Mar-03 Mar-07 | Nearest POP |MV SJ SJ SJ | Whos Equipment | Near DSU/CSU |cust either cust netcom Far DSU/CSU |cust either? alter netcom Near Router |cust either cust netcom Far Router |TLG Sprint alter netcom Whos LeasedLine|Cust Sprint Alter cust | Service | 24hour HotLine |Nope Yes Yes Yes | SellDownStream |Yes Yes No No | 56K Install |$1500 $ 750 $ 0 $1995 56K Monthly |$ 325 $1000 $ 795 $ 400 | T1 Install |$1600 $1000 $5000 $6000 T1 Monthly |$ 800 $2700 $1250 $1000 | Totals: |--------------------------------------------------------------- | *1 == All TLG info was on the tlg WWW/FTP server and it took only minutes to get all the info needed except leased line info, which had to come from GTE & PacBell in my example. -------- DSU/CSU line drivers (Modem like things) ---------------------------- Speeds Company Model Price ------------------------------------------------------------------------------ T1 Tylink ONS-150 $1200 each 56K Motorola $500 56K BAT $250 -------- IP Routers ---------------------------------------------------------- Company Product Price ------------------------------------------------------------------------------ Livingston IRX Cisco (any) (high end, with quality) -------- Terminal Servers ---------------------------------------------------- Company Product ------------------------------------------------------------------------------ Livingston 2 & 2e Cisco (any) (high end, with quality) -------- Example Leased (digital) lines prices ----------------------------- Quest TLG Sprint BarNet AlterNet ------------------------------------------------------------------------------ Nearest POP MV ?? ?? ?? Mileage 14 PacBell ADN0 56K Install $1240 Monthly $184.10 Delay 17wkd ADN1 T1 Install $2648 Monthly $794.18 Delay 1wkd POP 444 Mileage 36? MFS ADN 56K Install $675.00 Monthly $327.15 ADN1 T1 Install $813.50 Monthly $1038.51 POP 55 S.Market SJ Mileage MFS ADN1 T1 Install $1140.30 Monthly $455.31 Sprint POP SanJose ADN0 56k Install $935 Monthly $327.87 ADN1 T1 Install $1699 Monthly $1074 -------- Leased Lines PacBell leased line pricing (new for 1994 it seems!): $6 per mile. Node (each end point) $50.05 Some credits might be given back to you via some CPUC Mandated rebates. ** Frame Relay This section is totally new to these notes, and is likely to be new even to many folks who have been doing leased line and other methods of getting IP moved about, as PacBell has just gotten a new tariff on Frame Relay services, making them much more useful (and affordable, all this as of early 1994). Frame Relay used to be cost effective only if you had many sites that were far (over 50 miles) apart from each other. Now it seems that if you have three sites, most any distance from each other other then Frame Relay is likely for you. Quickly, Frame Relay is a system that lets you have a digital line (it's really a leased line) more directly into the phone company's digital transmission cloud then a leased line. You pay for a single line into each site you want to wire ONCE, and then pay for routing to each other site in your group of Frame Relay drops. You get one bill for N sites, and it is simpler for the RBOC to deal with too (both on a billing and on a technical level). You will need to get a Frame Relay capable router (Frame Relay is its own protocol) sometimes called a FRAD, these are about $2000, but some of the standard IP routers already know how to deal with Frame Relay. Here are the current prices that I think PacBell is charging as of 1994/05. There are three parts to the charges, #1 is the leased line you have to rent from your site to PacBell, though it seems they do NOT change per mile for this. #2 is the cost of Frame Relay its self, and #3 is the cost of them adding more entry to their routing tables. Note that #3 is very small unless you want to have many sites DIRECTLY talking to many other sites, if you go though a few hubs you can keep the cost down. As of right now there are no time user or per packet charges for this service. Service Costs: Startup Monthly --------------------------------------------------- #1 Local Access Line (your leased line into the data cloud) 56Kbps $ 620.00 $ 50.05 1.536Mpbs $1,324.00 $ 162.59 #2 Network Port Connections (Frame Relay its self) 56Kbps $ 375.00 $ 75.00 128Kbps $ 375.00 $ 150.00 384Kbps $ 375.00 $ 400.00 1.536Mbps $ 375.00 $ 500.00 #3 Data Link Connection Identifiers (routing table entry) 1 $ ---.-- (No Charge) 2-6 $ 15.00 7-11 $ 10.00 12+ $ 5.00 Lets do a quick example. I have 4 sites I want to hookup on my own little net. I want T1 between Site A and B, 384Kbps between site B and C, and 56Kbps between Site B and D. I want the high speed ports to talk directly to each other, but the low speed port to just talk to the B hub site. So I get: Service Units @ Startup Units @ Monthly ------------------------------------------------------------------------- #1 3 T1 leased lines $1,324.00 $3,972.00 $162.59 $ 487.77 1 56K leased line $ 620.00 $ 620.00 $ 50.05 $ 50.05 #2 2 T1 Frame Relay Ports $ 375.00 $ 750.00 $500.00 $1,000.00 1 384Kbps FR Port $ 375.00 $ 375.00 $400.00 $ 400.00 1 56Kbps FR Port $ 375.00 $ 375.00 $ 75.00 $ 75.00 #3 1 3 DLCI Ports (site B talk directly to A,C,D) $ 15.00 $ 15.00 2 2 DLCI Ports (sites A & C talk to A,B,C) $ 15.00 $ 15.00 1 1 DLCI Port (site D talks only to B) $ 0.00 $ 0.00 -------------- Totals --------------------------------------------------- $6,092.00 $2,042.82 You will have to add in the cost of a DSU/CSU (now called a TSU) at each site. If you want to make a change (say run the 384Kbps line up to T1) just making the change costs $30.00. You will want to compare such these numbers to the cost and pain of installing 4 separate leased lines, more DSU/CSU's etc. ** Acronym's ADN = Advanced Digital Network ASCII = American Standard Code for Information Interchange ATM = Asynchronous Mode Transfer CCITT = Consultive Committee for International Telephone and Telegraph CDS = Circuit Digital Service (CDS 56) CIX = Commercial Internet eXchange CO = Central Office (phone company switching building near you) CPE = Customer Premise Equipment CPUC = California Public Utilities Commission CSU = Customer Service Unit (now allays DSU/CSU) Cust = Customer DAML = Digital Access Multi Line (Field T1 Phone Mux unit) DDS = Digital Data Service DLCI = Data Link Connection Identifiers (FR routing table entry) DS0 = Data service grade 0 (56kbps line) DS1 = Data service grade 1 (1.544mbps line) DS3 = Data service grade 3 (45mbps line) DSU = Digital Service Unit (now always DSU/CSU) E1 = A 3.088 mbit/sec channel? FCC = Federal Communications Commission FDDI = Fiber Distrubited Digital Interface FRAD = Frame Relay Access Device? FTP = File Transfer Protocol (runs on top of TCP) HDLC = High-Level Data Link Control IP = Internetworking Protocol (TCP/IP) ISDN = Integrated Services Digital Network Kbps = Kilo (base 2) bits per second (x 1,024) LAN = Local Area Network (1-2 kilometers) LATA = Local Area TA? (Baby Bell monopoly region) M&P = Methods and Practice (Standard Operating Procedures) MAN = Metro Area Network (10's of kilometers) Mbps = Mega Bits Per Second (base 2) (x 1,024,000) MBONE = Multicast BackBone (Protocol suite on top of IP, also a Net) MPO = Minimum POint of entry (the RBOC wire closet in the basement) MTBF = Mean Time Before Failure (or Between Failures) NNX = N=2-9 X=0-9 == Old pre +1 exchanges NOC = Network Operations Center NPA = Numbering Plan Area == Area Code NXX = N=2-9 X=0-9 == Modern (post +1) Exchange PAN = Planetary Area Networks (1000's of kilometers) POP = Point of Presents POTS = Plain Old Telephone Service PPS = Public Packet Switched (PacBells term for there X.25 network) PRI = Primary Rate Interface (T1 bulk feed for 24 ISDN B channels) PUC = Public Utilities Commission PVC = Permanent Virtual Circuit RBOC = Regional Bell Operating Company's (Baby Bells) RFC = Request For Comment (Internet Tech standards) SAN = System Area Networks (10's of light hours) SDS = Switched Digital Service (SDS 56) SMDS = Switched Multi-MegaBit Digital Service SNA = Systems Networking Architecture (IBM WAN technology) SONET = Synchronous Optical NETwork? T1 = A 1.544 mbit/sec channel T3 = A 45 mbit/sec channel TCP = Transmission Control Protocol (TCP/IP) TDM = Time Division Multiplexing TSU = Terminal Service Unit (a DSU/CSU) UDP = User Datagram Protocol (a protocol on top of IP) V.35 = A almost never used specification for 48kbit modems V.35 = Serial Line software/hardware protocol (something like RC232C) WAN = Wide Area Network (100's of kilometers) WDM = Wavelength Division Multiplexing WWW = World Wide Web (One-Way HyperText protocol suite) X.25 = Old packet switching system baud = discrete signaling events/sec (used wrong, you want to use bps) bps = Bits Per Second gbit = Billion (giga) Bits Per Second kbit = Thousand (kilo) Bits Per Second mbit = Million (mega) Bits Per Second sec = Second, 1/60 of a minute wkd = Workings Days (Monday through Friday) ** Phone number de-construction POTS, Plain Old Telephone Service Phone numbers in the USA have these components: + or if you live at the phone company: + an example: +1 415 555 1212 remember other country's have different systems (bogus British example): +44 20 22 2121 The idea behind the plus (+) format is that there were a lot of formats for phone numbers that were different even if the phone number format was the same, folks just like doing their own, and this was confusing. The plus format is simple, a plus followed by the country code followed by the phone number. So to dial a random phone number you look at the +??? country code, if you are not in that country then you will need to dial a international access code (different depending on where you are) and then everything after the +. An example: If I am in the USA and have to call +44 22 234 3213, then I would have to dial 011 (connects me into the international phone net) and then the country code 44, and then the phone number 22 234 3213 and if I wanted to be really fancy I could dial a # to tell the phone company that I was done with the number (no more digits). ** Leased line providers in the SF Bay Area Metropolitan Fiber Systems (+1 415 362 3300) <> Pac Bell (+1 800 974 2355) <> GTE (+1 800 487 5000) <> ** SF Bay Area IP providers SprintNet (+1 415 357 5500) <> BarrNet (+1 415 725 1790) AlterNet (+1 703 204 8000) Netcom (+1 408 554 8649) ScruzNet (+1 408 457 5050) NorthBayNet (+1 415 472 1600) Internex (+1 415 473 3060) Wombat Internet Guild (+1 415 462 8800) <> ** Some National IP Providers AlterNet Service area: US and international Contact: Alternet Sales Voice: 800-4UUNET3, 703-204-8000 email: alternet-info at uunet.uu.net FTP more info: ftp.uu.net:~info/alternet ANS CO+RE Systems, Inc. Service area: US and international Contact: Inside Sales Voice: 800-456-8267, 313-663-7610 email: info at ans.net FTP more info: ftp.ans.net:/pub BARRNet Service area: Northern & Central California Contact: R.J. Goldberg Voice: 415-723-7003, 415-322-0602 email: info at barrnet.net FTP more info: ftp.barrnet.net CERFnet Service area: California and International Contact: Sales Manager Voice: 800-876-2373, 619-455-3900 email: help at cerf.net FTP more info: nic.cerf.net Global Enterprise Services Service area: US and International Contact: Marketing Dept Voice: 800-35-TIGER email: market at jvnc.net FTP more info: N/A InterNex Information Services Services inc. Service_area: Palo Alto/San Jose California Voice: (+1 415 473 3060) Services: IP over ISDN, WWW homing, MSEN Service area: Michigan Voice: +1 313 998 4562 Fax: +1 313 998 4563 Snail: 320 Miller Ave. Ann Arbor MI 48103 WWW more info: www.msen.com NETCOM On-Line Communication Services, Inc. Service area: Nationwide Contact: Desirree Madison Voice: 408-554-8649 x2603 email: info at netcom.com FTP more info: ftp.netcom.com PSINet Service area: US and International Contact: Inside Sales Voice: 800-827-7482, 703-620-6651 email: info at psi.com FTP more info: ftp.psi.com, cd ~ SprintLink Service area: US Contact: Bob Doyle Voice: 703-904-2167 email: bdoyle at icm1.icp.net FTP more info: N/A The Little Garden Service area: Northern California Contact: Tom Jennings (admin at tlg.org) Voice: +1 415 487 1902 email: info at tlg.org FTP more info: ftp.tlg.org WWW more info: www.tlg.org ** Useful Books and Readings "Connecting to the Internet" by Susan Estrada published by O'Reilly & Associates, Inc. ISBN 1-56592-061-9 "The Online User's Encyclopedia: Bulletin Boards and Beyond" by Bernard Aboba published by Addison-Wesley ISBN 0-201-62214-9 "Practical Internetworking with TCP/IP and UNIX" by John S. Quarterman and Smoot Carl-Mitchell published by Addison-Wesley, Reading, MA (1993) "DNS and BIND" by Paul Albitz & Gricket Liu published by O'Reilly & Accosiates ISBN 1-565692-101-4 ** Government Much of the telecommunications system of the USA is still controlled by government, so many of the services of your RBOC are what they have been told to give you, which is often different from what the RBOC's would like to sell you and even more different from what you want. There are two bodys that control most of the telecom in the USA, the FCC (Federal Communications Commission) and your states PUC (Public Utility's Commission, here in California its the CPUC). Note that it is always interesting to go and READ the tariffs, as often you will find great deals in them the the RBOC's don't advertise... CPUC: General Information +1 415 703 1282, +1 800 848 5580 Complaints +1 415 703 1170 CPUC Tariffs: CPUC B5 ADN lines CPUC B9 High Capacity (T1 and the like) CPUC A18 Frame Relay? CPUC 175 More T1 stuff FCC: FCC-128 Cheaper leased line rates for out of state traffic ** Service Providers Here is a list of company's who provide various services on the internet: shell accounts, www pages homing, email, tele-conferencing and what ever the market can bare. Access InfoSystems Voice: (+1 707 442 1034) Email: info at commnuity.net Service_Area: Solano County (NE of the SF Bay area) Services: Internet Access, UseNet, IP, WWW pages Maillist, MUDs, etc. CCnet Service_Area: Contra Costa County (E of the SF Bay area) Voice: +1 510 988 0680 Email: info at ccnet.com The Well Services: Unix Shell Accounts, UUCP, Internet access, conferencing, UseNet Service_Area: Local to SF, Berkeley, Marin. Nationally via CPS network. Voice: +1 415 332 4335 Email: info at well.com Netcom Msen Internex See above. ** Datacom Hardware Capella Networking Voice: +1 415 591 3400 Service: Sells telecom equipmemt. Morning Star Technologies Inc. Voice: (+1 614 451 1883) (+1 800 558 7827) Online: www.morningstar.com or ftp.morningstar.com Service: Livingston Enterprises Voice: +1 800 458 9966 Service: Manufactures network routers and terminal servers. Cisco Systems Voice: +1 415 326 1941 or +1 800 553 6387 FAX: +1 415 326 1989 Online: http://www.cisco.com Service: Manufactures network routers and terminal servers. ** Beam Cast & Broad Cast systems More work needs to be done on private Beam and Broad cast systems. The state of the art (or at least it's use by us Internetworkers) is maybe a decade behind our use of leased lines, and we NEED this stuff. Here are some buzzwords to get you dreaming... Packet Radio IR Laser Mircowave Spread Spectrum There are some cool .8W SS Raido modems that can do 1.3Mbit over short distances (~5 miles) I have herd rumors of from Cylink?) Cylink corp. Voice: +1 408 735 5800 ** PacBell ISDN Questionare From: Rob Rustad Newsgroups: ba.internet Subject: PACIFIC BELL - ISDN FOR CALIFORNIA INTERNET USERS Date: 29 Apr 1994 00:08:44 GMT Organization: Pacific Bell Lines: 108 Distribution: world Message-ID: <2ppj6c$isv at gw.PacBell.COM> NNTP-Posting-Host: rjrusta.srv.pacbell.com Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-UserAgent: Nuntius v1.1.1d27 X-XXMessage-ID: X-XXDate: Thu, 28 Apr 94 16:11:54 GMT PACIFIC BELL - ISDN FOR CALIFORNIA INTERNET USERS Hi. To better serve you, we at Pacific Bell are attempting to forecast demand for ISDN services within the Internet community of California. We would like to accelerate deployment of our digital services, but we need help in determining the level of future interest and need for those services among our California customers. Our current plan is to offer digital services to virtually all of our customers by 1997, but we would like to provide them sooner where a need exists. We would like to hear directly from you regarding your needs for higher speed digital access (digital 56kbps and above) to the Internet and other on- line services. The most important information for us is the area code and prefix of the telephone number(s) for which you probably would want ISDN services. Please help us by filling out any or all of the form below and e-mailing it to isdn-info at pacbell.com. ----------------------------------------------------------------------- -------------- To: isdn-info at pacbell.com Subject: ISDN Services Yes, I would like Pacific Bell to be able to offer me ISDN. Area Code: xxx Prefix (first three digits of your seven digit telephone number): xxx I would like to be able to communicate digitally with (IP Provider, other On- line Service, my company LAN, other):______________ Time frame - (ASAP, within 6 months, within 2 years): ____________ Other: ----------------------------------------------------------------------- -------------- The information you provide will be strictly confidential and you will not be contacted by Pacific Bell unless you indicate in your message that we may contact you. For additional help: ! isdn-info at pacbell.com ! 510-277-1037 - BBS with ISDN Information. ! Pacific Bell Gopher Server is available with ISDN information. ! 800-995-0346 - ISDN Availability Hotline (automated audio response) ! 800-662-0735 - ISDN Telemarketing (ordering information - please bear in mind, these people have no information on "pending" products like Home ISDN) Pacific Bell ISDN Basics: Pacific Bell has two ISDN Basic Rate Services to choose from -- SDS ISDN, Centrex ISDN. A third, Home ISDN, is a proposed product scheduled for availability on 8/2/94. All three provide circuit switched end-to-end digital connectivity for customers at speeds up to 112 kbps. Currently, over 60% of California has access to ISDN services. SDS ISDN Monthly Service: $26.85* Installation: $70.75** Usage: usage is billed at regular business voice rates on a per B-Channel basis * this price will be lowered to $22.85 on 8/2/94. ** a $150 installation fee is waived for a 2 year service commitment. Centrex ISDN Monthly Service: $31.65 Installation $225.00*** Usage: usage is flat-rated within the Centrex account. Outside the Centrex usage is billed at regular business rates. *** Centrex Establishment Charges apply for new systems $200. Home ISDN(Proposed)**** Monthly Service: $22.95 Installation $40.00 Usage: billed at regular business rates Mon-Fri 8am-5pm. All other time, zone 1 and 2 usage is flat-rated. **** proposed tariff pending CPUC approval, sales effective date estimated to be 8/2/94. ISDN Terminal Equipment: prices for ISDN terminal equipment have been dropping over the last year. It is currently possible to purchase a PC card, NT1 and power supply for under $500 that allows you to communicate at 112kbps uncompressed. For purposes of communicating over the Internet, it will be important to coordinate with your IP provider. ** Network Resources Here are some good WWW and FTP sites to explore on the net, looking though these sites can give you an idea of what networking is turning into. www.msen.com Good site to explore, lots of info www.tlg.org Good site to explore, lots of info ftp.tlg.org (same as the www.tlg.org site) ftp.netcom.com List of IP services /pub/miperrey/??? www.eit.com List of commercial services ftp.internic.net RFC's, policies and procedures files www.cisco.com Lots of good info on networking gw.pacbell.com Gopher site with digital telecom info. www.pacbell.com WWW Interface to the gopher site. *** UseNet NetNews Groups ba.internet Questions and announcement about accessing and using the internet in one of it's hottest hotbeds, the San Francisco Bays Areas comp.dcom.* Computer Data Telecom, each of the groups in this sub-tree deals with a different aspect of digital telecom. comp.dcom.telecom comp.dcom.telecom.tech General telecom questions, answers and talk on issues from the cheapest long distance service to what billing software interfaces to what phone switches. comp.dcom.modems Every stupid question (and some *real* good ones) you ever wanted asked and answered about modems. alt.dcom.telecom alt.dcom.telecom.ip These two groups are much like the comp.dcom.* groups, though a lot more free from and with information on telecom from parts of the world outside of the USA. biz.comp.services biz.comp.hardware The biz groups are where you can talk about services (ie. shamelessly advertise your service!). A good place to find products to use (hardware) or places that might do some of the work for you (services). alt.internet.services A great place to find out about what services are out there on the net already. Lots of talk about how services work, what are the different access methods, how to stop or start flame wars... comp.internet.* This is where internet protocols, usage and even its future are gone over an over and over... alt.security As Vernor Vinge said, it's "the net of a thousand lies...". Cyberspace needs to be secure, and here is one forum that goes into security of the net and the machines on it. ** Telecommunications speeds The first time I gave a talk based on these notes I spent close to a third of the time going over the various physical communications methods, modems, leased lines, fiber, beam and broad cast systems, and then the data standards you can run over these media. It seems that folks are very interested how how the basic telecom happens, but get very confused over all the possibilities. To attempt to clear things up a little here is a table of many of the various current methods of digital data telecom: Bits/Second Nick Names Wire Method Telecom Protocol ------------------------------------------------------------------- 0 Direct Current, little interesting data transmission... 50 50-600 are very old 75 110 134 134.5 150 200 300 POTS Modem Bell 103, V.21 600 1,200 1200 baud POTS Modem Bell 212A, V.22 1,800 2,400 2400 baud POTS Modem V.22bis 4,800 4.8 Kbps POTS Modem V.32, V.32bis 7,200 POTS Modem V.32bis 9,600 9.6 Kbaud POTS Modem V.32, V.32bis 12,000 POTS Modem V.32bis 14,400 14.4 Kbaud POTS Modem V.32bis 16,000 ISDN D channel used for signaling 19,200 A usefull benchmark 28,800 POTS Modem V.34, (aka. V.FAST) 38,400 56,000 Leased Line AND0, DS0 56,000 Frame Relay 56,000 ISDN PacBell's idea of 64k? 64,000 POTS Digital POTS voice line 64,000 ISDN (1 B channel) 112,000 ISDN 2 B channels minus a D channel 128,000 Frame Relay 128,000 ISDN (Fully both B channels) 238,000 AppleTalk (A useful benchmark) 384,000 Frame Relay 512,000 Frame Relay 1,017,000 SMDS 1,536,000 1.536 Mbps Frame Relay 1,544,000 1.544 Mbps Leased Line T1, ADN0, DS0 1,544,000 Frame Relay 3,088,000 Leased Line E1 ??? (uncommon)(2.048mbit?) 4,000,000 SMDS 10,000,000 10 Mega bit EtherNet (A useful benchmark) 10,000,000 SMDS 16,000,000 SMDS 25,000,000 SMDS 34,000,000 SMDS 45,000,000 Fiber|Coax T3, D3 60,000,000 Fiber|Coax? ATM ??? (soon?) 100,000,000 Fiber FDDI ??? (LAN) 135,000,000 3DS3 Microwave Standard 155,000,000 155Mb/s OC3c ATM 600,000,000 Fiber ATM ??? (someday?) 622,000,000 OC12c ATM 1,000,000,000 1 Gigabit Fiber... Future networks... 3,400,000,000 3.4x10^8 bps Fiber High Speed AT&T Trunks 20x10^12 20 Terabits Fiber Theoretical limit (ie. a guess) POTS is a two wire standard (a copper pair) Digital POTS, a voice line that gets digitised at the CO 8000 times a second with 8 bit samples. Leased lines are 4 wire standards (two copper pairs) Frame Relay is a leased line with a different telecom protocol on it that can run at many different speeds AppleTalk is a twisted pair LAN EtherNet is a Coax or twisted pair LAN standard FDDI is a Fiber optics (glass wire) standard ATM really is a protocol and not really a wire standard SONET SMDS Protocol levels: wire What sort of electricity/photons are used. telecom What the bits look like on the wire software What is done with the bits (IP, SNA etc.) ** Emacs Outline-Mode Note that the format here is GNU Emacs Outline mode, if you have emacs you can use outline mode on this document and it might be easyer to navigate. ;;; ;;; ;;; From remailer-admin at chaos.bsu.edu Wed May 18 08:57:50 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Wed, 18 May 94 08:57:50 PDT Subject: No Subject Message-ID: <199405181557.KAA18859@chaos.bsu.edu> frissell at panix.com writes: > "Dead White European Males didn't have World Domination handed them on a > silver platter. They had to *earn* it. When they started out, they were > blue-painted savages living in a cold, underpopulated territory far > removed from the centers of civilization in the Mediterranean and Arab > worlds. > > We could give up this power to various whining dregs of humanity without a > fight but that would be unfair to them. 'What we achieve too easily we > esteem too lightly' etc. I'm afraid you all are going to have to work for > a living. Or, of course, we could shoot you. From geoffw at nexsys.net Wed May 18 09:10:55 1994 From: geoffw at nexsys.net (Geoff White) Date: Wed, 18 May 94 09:10:55 PDT Subject: quantum Computing Message-ID: <199405181608.JAA22452@nexsys.nexsys.net> this term keeps poping up recently. Can anybody give me a pointer to where I can find out more info? Someone said that it is nonsense, "quantum computers?, Isn't that something out of a carlos casteneda novel?" I'm just trying to find out the real deal. FTP sites and any papers articles would be appreciated. G From perry at imsi.com Wed May 18 09:20:54 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 May 94 09:20:54 PDT Subject: No Subject In-Reply-To: <199405181557.KAA18859@chaos.bsu.edu> Message-ID: <9405181620.AA02644@snark.imsi.com> Anonymous says: > frissell at panix.com writes: > > "Dead White European Males didn't have World Domination handed them on a > > silver platter. They had to *earn* it. When they started out, they were > > blue-painted savages living in a cold, underpopulated territory far > > removed from the centers of civilization in the Mediterranean and Arab > > worlds. > > > > We could give up this power to various whining dregs of humanity without a > > fight but that would be unfair to them. 'What we achieve too easily we > > esteem too lightly' etc. I'm afraid you all are going to have to work for > > a living. > > Or, of course, we could shoot you. Duncan is likely a far better shot. Most obsolete white male oppressors of the proletariat have that in their favor. However, this is going afield of cryptography. From unicorn at access.digex.net Wed May 18 09:21:03 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 18 May 94 09:21:03 PDT Subject: your mail In-Reply-To: <199405181557.KAA18859@chaos.bsu.edu> Message-ID: <199405181620.AA09924@access1.digex.net> Anonymous scripsit > > frissell at panix.com writes: > > > "Dead White European Males didn't have World Domination handed them on a > > silver platter. They had to *earn* it. When they started out, they were > > blue-painted savages living in a cold, underpopulated territory far > > removed from the centers of civilization in the Mediterranean and Arab > > worlds. > > > > We could give up this power to various whining dregs of humanity without a > > fight but that would be unfair to them. 'What we achieve too easily we > > esteem too lightly' etc. I'm afraid you all are going to have to work for > > a living. > > Or, of course, we could shoot you. > I think you fail to understand how much work this entails. -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From helmer at interlock.svo.com Wed May 18 09:23:13 1994 From: helmer at interlock.svo.com (Eric Helmer) Date: Wed, 18 May 94 09:23:13 PDT Subject: No Subject Message-ID: <9405181600.AA28779@schwing.svo.dfw.ibm.com> >From @interlock:ehelmer at ponder.csci.unt.edu Wed May 18 10:58:30 1994 Received: from interlock.svo.dfw.ibm.com by schwing.svo.dfw.ibm.com (AIX 3.2/UCB 5.64/4.03) id AA29020; Wed, 18 May 1994 10:58:28 -0500 Received: from ponder (ponder.csci.unt.edu) by interlock.svo.dfw.ibm.com with SMTP id AA11505 (InterLock SMTP Gateway 1.1 for ); Thu, 19 May 1994 10:45:44 -0500 Received: by ponder (5.61/1.36) id AA03144; Wed, 18 May 94 11:01:46 -0500 Date: Wed, 18 May 94 11:01:46 -0500 From: @interlock:ehelmer at ponder.csci.unt.edu (Eric Helmer) Message-Id: <9405181601.AA03144 at ponder> To: helmer at schwing.svo.dfw.ibm.com Status: R >From alt.cyberpunk Wed May 18 10:55:26 1994 Path: news.unt.edu!cs.utexas.edu!usc!nic-nac.CSU.net!clstac!achen1 From: achen1 at csupomona.edu (ALAN CHEN) Newsgroups: alt.cyberpunk Subject: This could ruin your day. Date: 15 May 94 23:45:03 PST Organization: Cal Poly U. Pomona Lines: 237 Message-ID: <1994May15.234503.1 at clstac> NNTP-Posting-Host: vmsa.is.csupomona.edu This is a document thats been kicking around our local system at Cal Poly for the last two days; I think its important enough to ask all of you to read it. Please take to time to do so as it is an issue that affects the future of the net as we know it. Alan Chen (Pre) Occupations: |"Never underestimate the power of human stupidity -Aerospace eng. undergrad | -L. Long (RAH) -RPG player |Yes, I'm an ARO. No, I'm not transferring! -Dreamer |Email: achen1 at csupomona.edu GE -p+ c++ l(+) u- e+(*) m+(*) s !n+(-) h(-) f+ !g w-(--) t+ r++ y? -------------------------------- Subject: Metered Usage of the Internet: JSN Please forgive the mass mailing, but I feel this is a subject which is of great importance to anyone who benefits from the bountiful resources of the Internet. A very bad storm is brooding on the horizon. In the future, you might have to pay a charge for every E-mail message you send or receive, every Usenet article you read, every kilobyte of data you transfer with ftp, every hypertext link you follow with NCSA Mosaic or Gopher... Hopefully this frightens you as much as it does me. But it will happen, unless YOU do something about it. Please read the attached, fill out the requested info, and mail it back to mike at essential.org. It also wouldn't hurt to forward a copy of this to everyone you know on the Internet. Thanks for your support. Craig Smith, Having not seen any activity on the list for the last week or so (I hope everyone's busy writing code!), I figured I'd simultaneously check to see if the list still existed, and share some interesting excerpts from NEWFOR25.DOC, from the PGP 2.5 MIT-legit package. PGP 2.5 is apparently still written by Phil Zimmermann - at least, it purports to be - which in itself is a considerable relief to those of us who had no idea who was responsible. The source code is also available, as before, and I'm sure programmers the world over are even now poring through it in minute detail, looking for backdoors and such. I also expect we'll be hearing from them relatively soon, to tell us of the presence or absence of any suspicious code. Not being a programmer myself, I can only comment on a few aspects. First, there is this: [...] >[An] RSAREF limitation is that it cannot cope with keys longer than >1024 bits. PGP now prints a reasonably polite error message in such a >case. I recall someone mentioning at one point that increasing the size of a key beyond 1024 bits did not justify the increased computing time, but I do not recall the reason why. I believe the reasoning was not that it offered no additional security, but rather, that it was already difficult enough to crack 1K keys, and if you're really that worried about security, you should be tightening up in other areas, such as deciding who to trust and who not to, deciding what information to enter into the computer and what to keep in your head, or maybe making a homemade TEMPEST shield. :) I'd still like to see the math explained a little better, though. Also, has anyone found those references to elliptic-curve crypto? The original article is _An Implementation of Elliptic Curve Cryptosystems Over F-2-155_ , IEEE Journal on Selected Areas in Communications, Vol. 11, #5, June 1993 (page 804). (Schneier mentions that Next Computer's Fast Elliptic Encryption, FEE, uses elliptic curves, and is patented by R E Crandell, USP# 5,159,632,27 October 1992.) Also, look for works by Neal Koblitz. >Printed keyIDs have been incresed to 32 bits, as there were enough keys >out there that 24-bit keyIDs were no longer sufficiently unique. The >previous 24-bit keyID is the LAST 6 digits of an 8-digit 32-bit keyID. >For example, what was printed as A966DD now appears as C7A966DD. So even though the keyservers only have 5,000 or so registered users, there are enough people out there using PGP and NOT registering their keys with the servers that this extra bit of coding was necessary? Hmm. 24 bits gives us 16,777,216 unique ID's. 32 bits gives us 4,294,967,296. Are there really over 17 million PGP'ers out there, or is my math-impaired brain missing something painfully obvious? >PGP now enables clearsig by default. If you sign and ascii-armor a >text file, and do not encrypt it, it is clearsigned unless you ask >for this not to be done. Which would seem to indicate that PGP is mainly being used for e-mail! Goody! >[...] > >PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random >data in an attempt to force disk compressors to overwrite as much data as >possible. > >[...] > >The normal help files (pgp -h) are pgp.hlp or .hlp, such as >fr.hlp. Now, there is a separate help file for pgp -k, called pgpkey.hlp, >or key.hlp. No file is provided by default; PGP will use >its one-page internal help by default, but you can create such a file >at your site. > >PGP used to get confused if you had a keyring containing signatures from >you, but not your public key. (PGP can't use the signatures in this case. >Only signatures from keys in the keyring are counted.) PGP still can't use >the signatures, but prints better warning messages. Also, adding a key on >your secret key ring to your public keyring now asks if the key should be >considered ultimately-trusted. Prviously, you had to run pgp -ke to force >this check, which was non-obvious. > >[...] > >On Unix, PGP now figures out the resolution of the system clock at run >time for the purpose of computing the amount of entropy in keystroke >timings. This means that on many Unix machines, less typing should be >required to generate keys. (SunOS and Linux especially.) > >The small prime table used in generating keys has been enlarged, which >should speed up key generation somewhat. > >There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!) >when generating primes 2 bits over a multiple of the unit size (16 bits >on PC's, 32 bits on most larger computers), if the processor doesn't deal >with expressions like "1<<32" by producing a result of 1. In practice, >that corresponds to a key size of 64*x+4 bits. > >Code changes: > >At the request of Windows programmers, the PSTR() macro used to translate >string has been renamed to LANG(). > >The random-number code has been *thoroughly* cleaned up. So has the >IDEA code and the MD5 code. The MD5 code was developed from scratch and >is available for public use. So, all in all, PGP 2.5 would seem to be more than just a possible conspiracy by MIT/RSA/et. al., and more than just minor bug fixes that most people wouldn't care about. With the possible exceptions of the size limitations on keys, and whatever arcane pieces have been hacked out of the RSA code to comply with whatever demands they may have made, PGP 2.5 appears to be a legitimate upgrade, with more than a few bugfixes, both major and minor, as well as the all-important improved security (as far as can be seen). Comments? -- schirado at lab.cc.wmich.edu [O|o]bjectivist, Evil Capitalist(tm;-), s..O).... You hit the smurf! --More-- male, lesbian, polyamorous, @.../.".. You destroy the smurf! --More-- reader, atheist, Discordian, $$*...].. You feel cynical! free and natural sovereign individual the Frog Farm: e-mail frog-farm-request at blizzard.lcs.mit.edu (PGP available) From gtoal at an-teallach.com Wed May 18 09:49:03 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 18 May 94 09:49:03 PDT Subject: quantum Computing Message-ID: <199405181647.RAA02357@an-teallach.com> this term keeps poping up recently. Can anybody give me a pointer to where I can find out more info? Someone said that it is nonsense, "quantum computers?, Isn't that something out of a carlos casteneda novel?" I'm just trying to find out the real deal. It's purest bullshit: there are a class of mathematically difficult problems called "NP-Complete". These problems are all equivalent to one another in difficulty, ie if you can solve one you can solve them all (that's where the complete part comes is - it's NP-complete if you can prove that equivalence to another NP-complete problem). The "NP" part is "Non-deterministic, polynomial time". What that means is that there is a solution possible in polynomial time (rather than exponential time) *ONLY* on a *NON-DETERMINISTIC* machine. And that's the fun part, because a non-deterministic machine is one that *guesses* the correct path every time it has a choice to make. It's like trying to guess a 3-bit number, and saying "Is the first bit a 1?" Yes! "Is the second bit a 0?" Yes! "Is the third bit a 0?" Yes! Clearly, in real life, this doesn't happen. However, in fairy-tale land (or quantum physics as it's called) such things *can* happen - because one interpretation of the Einstein-Podolsky-Rosen thought experiment is that every time you make a choice based on the outcome of a quantum event, you fork off a pair of universes! In one universe you make one choice; in the other universe you made the other choice. Consequently if you loose a computer on such a problem, in *one* of the many many universes it generates, it'll find the right answer in polynomial time. The basis of quantum computing as a means to crack NP-complete problems therefore reduces to finding which of these universes found the answer and comminicating that answer to all the other universes. (Of course, you don't have to do this part, but the 99.9999999999999999999999999999999% of experimenters in all the universes that didn't find the result are not going to believe the method words too well...) Basically, it's a theoretical result with no application in the real world, and if ever anything happens that makes it mappable to the real world we'll have been subjected to such a major upheaval in the way the universe works that no-one will give a damn any more about such trivial things as encryption because we'll all effectively have turned into magicians :-) G From jamiel at sybase.com Wed May 18 10:05:05 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Wed, 18 May 94 10:05:05 PDT Subject: So PGP2.5 is becoming clearing... Message-ID: <9405181659.AB11963@ralph.sybgate.sybase.com> At 3:43 AM 05/18/94 -0700, John E. Kreznar wrote: >You would have to consent to be a national person (United States of >America or Canada) in order to have it. You wouldn't want to give up >your freeman status to do that, would you? Where do you live? Just curious. -j From frissell at panix.com Wed May 18 10:27:05 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 18 May 94 10:27:05 PDT Subject: your mail In-Reply-To: <199405181557.KAA18859@chaos.bsu.edu> Message-ID: On Wed, 18 May 1994, Anonymous wrote: > Or, of course, we could shoot you. > You're welcome to try. Worked for *us*. DCF "Live White European Male (and maybe even in part an anglo-saxon protestant). From frissell at panix.com Wed May 18 10:33:11 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 18 May 94 10:33:11 PDT Subject: your mail In-Reply-To: <9405181620.AA02644@snark.imsi.com> Message-ID: On Wed, 18 May 1994, Perry E. Metzger wrote: > > Anonymous says: > > frissell at panix.com writes: > > > "Dead White European Males didn't have World Domination handed them on a > > > silver platter. They had to *earn* it. When they started out, they were > > > > Or, of course, we could shoot you. > > Duncan is likely a far better shot. Most obsolete white male > oppressors of the proletariat have that in their favor. However, this > is going afield of cryptography. No this is directly related. I was watching the National Commie Television special on freedom last night to catch John Perry Barlow's excellent piece (clearly the best segmant) and had to sit through some whining persons who clearly felt that they were members of inferior genders or ethnic groups because they felt unable to take it when people said unkind things about them. Their response was to complain. It got my dander up. In addition, the nets give us an opportunity to ignore people who can't handle independent existence. They can stew in their pots and we can stew in ours. We don't have to bother ourselves about their trying to rule us. "They have whined for their rights. We shall give them more than they ask for. We shall give them justice." DCF From gtoal at an-teallach.com Wed May 18 10:38:21 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 18 May 94 10:38:21 PDT Subject: PGP 2.5: Mini-review Message-ID: <199405181736.SAA04822@an-teallach.com> : From: Schirado : >Printed keyIDs have been incresed to 32 bits, as there were enough keys : >out there that 24-bit keyIDs were no longer sufficiently unique. The : >previous 24-bit keyID is the LAST 6 digits of an 8-digit 32-bit keyID. : >For example, what was printed as A966DD now appears as C7A966DD. : So even though the keyservers only have 5,000 or so registered users, : there are enough people out there using PGP and NOT registering their : keys with the servers that this extra bit of coding was necessary? Hmm. : 24 bits gives us 16,777,216 unique ID's. 32 bits gives us 4,294,967,296. : Are there really over 17 million PGP'ers out there, or is my math-impaired : brain missing something painfully obvious? It's the old "birthday paradox" game. If you're generating numbers at random within a certain range, how many numbers do you have to generate before you have a probability >= 0.5 of generating two the same? Do it first for range = 0..2^24-1 and then for range = 0..2^32-1 ... G From rfb at lehman.com Wed May 18 10:40:55 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 18 May 94 10:40:55 PDT Subject: quantum Computing In-Reply-To: <199405181647.RAA02357@an-teallach.com> Message-ID: <9405181740.AA14304@fnord.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- Disclaimer: I'd never even heard of a quantum machine until quite recently and I have no idea how they relate to the NP Completeness problem. Date: Wed, 18 May 1994 17:47:34 +0100 From: gtoal at an-teallach.com (Graham Toal) . . . it's NP-complete if you can prove that equivalence to another NP-complete problem). The "NP" part is "Non-deterministic, polynomial time". What that means is that there is a solution possible in polynomial time (rather than exponential time) *ONLY* on a *NON-DETERMINISTIC* machine. Not true. What that means is that a polynomial time solution exists for an NFA. The only part has not been shown. And that's the fun part, because a non-deterministic machine is one that *guesses* the correct path every time it has a choice to make. That's one way of viewing it, well close anyway. Typically it's described as guessing the correct path and then verifying its correctness. Another, equally valid way to view a non-deterministic machine is as one which executes all paths simultaneously. Clearly, in real life, this doesn't happen. Perhaps. In any case, if you have a proof that the NP-Complete problems cannot be done in polynomial time on a deterministic machine, by all means, please share it with us . . . and collect your prize :-) Rick -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdpS7RaZNKPPNj41AQE6qAQAueihy10qYc5HCeJ1Fx2WbR8mvxfRc94i FK7zkHv916Uo2dPfwnldDvapUAamkALiPpTJ6+6g8L/XuLB+rOc9Nwrzs5WzjVgN KNKSZ5dN8Fa21RB1gd9jD/hC3ND1Fz/HyYOi6fMtzMFqh08nC27e4C4CDL+QqpHG glCM7qMVOIY= =0lM1 -----END PGP SIGNATURE----- From m5 at vail.tivoli.com Wed May 18 10:46:58 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 18 May 94 10:46:58 PDT Subject: quantum Computing In-Reply-To: <199405181647.RAA02357@an-teallach.com> Message-ID: <9405181746.AA11011@vail.tivoli.com> Rick Busdiecker writes: > Not true. What that means is that a polynomial time solution exists > for an NFA. The only part has not been shown. While we're being picky, I'll point out that (unless I'm wrong of course) it's not really an NFA, but a non-deterministic Turing machine (an "NTM"?) that's the automaton at issue here. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From rfb at lehman.com Wed May 18 10:56:38 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 18 May 94 10:56:38 PDT Subject: quantum Computing In-Reply-To: <9405181746.AA11011@vail.tivoli.com> Message-ID: <9405181756.AA14881@fnord.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- Date: Wed, 18 May 94 12:46:46 CDT From: m5 at vail.tivoli.com (Mike McNally) While we're being picky, I'll point out that (unless I'm wrong of course) it's not really an NFA, but a non-deterministic Turing machine (an "NTM"?) that's the automaton at issue here. No, NFA is acceptable and correct, it's Non-determinisic Finite Automaton. A non-deterministic Turing machine is a perfectly reasonable example, however. Rick -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdpWthaZNKPPNj41AQEttwQAnCs9sZ+fV9BhCMf/PXyM6w59NjIc8ZwF vVL394XfzqvQKUzwK8pV04d5YMusfgbVibj+IuEaAEkn9qMYkaoX9XL65tzhPf8N 6bilBkRVIuCmLye9J0vpylouqS7bAakF7Htu06EDOzTQArBXEWUaBGkaH5P+m8xu xQLMS1RmmKk= =H5dW -----END PGP SIGNATURE----- From juola at bruno.cs.colorado.edu Wed May 18 11:01:10 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Wed, 18 May 94 11:01:10 PDT Subject: quantum Computing Message-ID: <199405181800.MAA22999@bruno.cs.colorado.edu> Rick Busdiecker writes: > Not true. What that means is that a polynomial time solution exists > for an NFA. The only part has not been shown. Mike McNally responds: >While we're being picky, I'll point out that (unless I'm wrong of >course) it's not really an NFA, but a non-deterministic Turing >machine (an "NTM"?) that's the automaton at issue here. That is correct. As a matter of fact, it's an easy theorem that an NFA has the same computing capacity as a DFA; it is not known whether this theorem holds for more powerful machines, and is in fact the heart of the P ?= NP conjecture. From m5 at vail.tivoli.com Wed May 18 11:03:55 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 18 May 94 11:03:55 PDT Subject: quantum Computing In-Reply-To: <9405181746.AA11011@vail.tivoli.com> Message-ID: <9405181803.AA11052@vail.tivoli.com> Rick Busdiecker writes: > No, NFA is acceptable and correct, it's Non-determinisic Finite > Automaton. A non-deterministic Turing machine is a perfectly > reasonable example, however. Uhh, isn't it the case that a Turing machine can simulate an NFA, but not the reverse? An NFA has no tape, and therefore is not as powerful an automaton as a Turing machine. Thus an NFA can be implemented by an NTM, but not the reverse. I think. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From perry at imsi.com Wed May 18 11:06:22 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 May 94 11:06:22 PDT Subject: quantum Computing In-Reply-To: <9405181756.AA14881@fnord.lehman.com> Message-ID: <9405181805.AA02916@snark.imsi.com> Rick Busdiecker says: > From: m5 at vail.tivoli.com (Mike McNally) > > While we're being picky, I'll point out that (unless I'm wrong of > course) it's not really an NFA, but a non-deterministic Turing > machine (an "NTM"?) that's the automaton at issue here. > > No, NFA is acceptable and correct, it's Non-determinisic Finite > Automaton. A non-deterministic Turing machine is a perfectly > reasonable example, however. A turing machine is not a finite automaton -- it has an infinite tape. Perry From an60011 at anon.penet.fi Wed May 18 11:09:40 1994 From: an60011 at anon.penet.fi (Ezekial Palmer) Date: Wed, 18 May 94 11:09:40 PDT Subject: your mail In-Reply-To: Message-ID: <199405181752.AA03528@xtropia> Date: Wed, 18 May 1994 13:27:28 -0400 (EDT) From: Duncan Frissell No this is directly related. No, really, it's not. Please take it to alt.bigots.proud or whatever. Zeke - originally WASP, dropped the religious part. Also, straight, right-handed and male in case it matters to you. From juola at bruno.cs.colorado.edu Wed May 18 11:10:34 1994 From: juola at bruno.cs.colorado.edu (juola at bruno.cs.colorado.edu) Date: Wed, 18 May 94 11:10:34 PDT Subject: quantum Computing Message-ID: <199405181810.MAA23216@bruno.cs.colorado.edu> Rick Busdiecker writes: > Not true. What that means is that a polynomial time solution exists > for an NFA. The only part has not been shown. Mike McNally responds: >While we're being picky, I'll point out that (unless I'm wrong of >course) it's not really an NFA, but a non-deterministic Turing >machine (an "NTM"?) that's the automaton at issue here. and I then gibbered : That is correct. As a matter of fact, it's an easy theorem that an NFA has the same computing capacity as a DFA; it is not known whether this theorem holds for more powerful machines, and is in fact the heart of the P ?= NP conjecture. Whups. Teach me to post before eating breakfast.... Ignore what I just said above. - kitten From perry at imsi.com Wed May 18 11:11:36 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 May 94 11:11:36 PDT Subject: quantum Computing In-Reply-To: <199405181800.MAA22999@bruno.cs.colorado.edu> Message-ID: <9405181811.AA02932@snark.imsi.com> juola at bruno.cs.colorado.edu says: > Mike McNally responds: > >While we're being picky, I'll point out that (unless I'm wrong of > >course) it's not really an NFA, but a non-deterministic Turing > >machine (an "NTM"?) that's the automaton at issue here. > > That is correct. As a matter of fact, it's an easy theorem that > an NFA has the same computing capacity as a DFA; it is not known > whether this theorem holds for more powerful machines, and is in > fact the heart of the P ?= NP conjecture. The terms you are using are ambiguious. NTMs are no more powerful than deterministic TMs. They are possibly faster, but there are no languages that NTMs can recognise that deterministic TMs cannot recognise. It is hypothesized (though more or less unprovable) that there is no more powerful model of computation than Turing machines in the sense of what operations can be performed. Speed is again, as I noted, a different matter. Perry From perry at imsi.com Wed May 18 11:14:56 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 May 94 11:14:56 PDT Subject: quantum Computing In-Reply-To: <9405181803.AA11052@vail.tivoli.com> Message-ID: <9405181814.AA02946@snark.imsi.com> Mike McNally says: > > Rick Busdiecker writes: > > No, NFA is acceptable and correct, it's Non-determinisic Finite > > Automaton. A non-deterministic Turing machine is a perfectly > > reasonable example, however. > > Uhh, isn't it the case that a Turing machine can simulate an NFA, but > not the reverse? An NFA has no tape, and therefore is not as powerful > an automaton as a Turing machine. Thus an NFA can be implemented by > an NTM, but not the reverse. > > I think. Correct. The hierarchy as I remember it is roughly (from least to most powerful in terms of size of the recognizable languages) FAs, PDAs (that is, deterministic push-down automata), NPDAs, TMs. Its been a while, but I seem to recall that non-deterministic pushdown automata could recognise some languages that deterministic ones could not. Perry From rfb at lehman.com Wed May 18 11:16:00 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 18 May 94 11:16:00 PDT Subject: quantum Computing In-Reply-To: <9405181803.AA11052@vail.tivoli.com> Message-ID: <9405181815.AA15671@fnord.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- Date: Wed, 18 May 94 13:03:43 CDT From: m5 at vail.tivoli.com (Mike McNally) An NFA has no tape . . . Mine does :-) It's a matter of definition, I suppose. Hopcroft and Ullman describe an NFA as having a tape. On the other hand, they also descript the NP Completeness in terms of an NTM, so I'll concede your point. Rick -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdpbIRaZNKPPNj41AQHG+gQAtYMYanQzNIYeWV8DlIr+LAT8Lu7UNZWD DzZMa30vlliUU9twWZW23fiQltWKGx0GG73IG3egLJ01Qeo1t7aN6Dl20+Jm2CIQ xDxOrQc+I+rakSW4/MmC5PgfoXazKTtF3X+BaRXdkfZqvH0Lt9hvzaEJ0nA43iG9 YIpXYDesqcc= =/Plo -----END PGP SIGNATURE----- From rfb at lehman.com Wed May 18 11:21:03 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 18 May 94 11:21:03 PDT Subject: quantum Computing In-Reply-To: <9405181814.AA02946@snark.imsi.com> Message-ID: <9405181820.AA15763@fnord.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- Date: Wed, 18 May 1994 14:14:41 -0400 From: "Perry E. Metzger" Its been a while, but I seem to recall that non-deterministic pushdown automata could recognise some languages that deterministic ones could not. Yes, that's correct. Rick -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdpcUxaZNKPPNj41AQHRRQQAjzRo7nSxd5meEjSoExGUhJJSQ2H63wEZ VDlZ9627j7kAVZHGvM0H6JNeN5IIgRX7hv2cruZwE8Gm49bZxE/iEgOLA1p0/IK+ T31BzIEebccwbKYF97Ndnf3kFHD36XVL8QEVJ09yGHjX7uyL5Vd2Gk7cb8ljp3JU C3QX3YTB4FU= =sV/8 -----END PGP SIGNATURE----- From perry at imsi.com Wed May 18 11:23:18 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 18 May 94 11:23:18 PDT Subject: your mail In-Reply-To: <199405181752.AA03528@xtropia> Message-ID: <9405181823.AA02965@snark.imsi.com> Ezekial Palmer says: > Date: Wed, 18 May 1994 13:27:28 -0400 (EDT) > From: Duncan Frissell > > No this is directly related. > > No, really, it's not. Please take it to alt.bigots.proud or whatever. It may be related or unrelated, but I will testify that Duncan is not a bigot. He's merely not a reverse-bigot or a person without opinions on what way of running a society is best. My opinion is, however, that this discussion has no real function on this list. Perry From sandfort at crl.com Wed May 18 11:26:24 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 18 May 94 11:26:24 PDT Subject: your mail In-Reply-To: <199405181557.KAA18859@chaos.bsu.edu> Message-ID: C'punks, On Wed, 18 May 1994, Anonymous wrote: > frissell at panix.com writes: > > > . . . > > We could give up this power to various whining dregs of humanity without a > > fight but that would be unfair to them. 'What we achieve too easily we > > esteem too lightly' etc. I'm afraid you all are going to have to work for > > a living. > > Or, of course, we could shoot you. You could try, but history suggests we're much better shots. S a n d y From dat at spock.ebt.com Wed May 18 11:28:34 1994 From: dat at spock.ebt.com (David Taffs) Date: Wed, 18 May 94 11:28:34 PDT Subject: So PGP2.5 is becoming clearing... In-Reply-To: <199405180251.UAA12436@spot.Colorado.EDU> Message-ID: <9405181827.AA14546@helpmann.ebt.com> From: Richard Johnson "Performance improvement" purposes can obviously include allowing more secure performance via longer (2048 bits anyone?) keys. I would agree with this. Performance improvement doesn't just mean speed. The key here is "incorporated". Since RSAREF is designed as a C library, the only way to "incorporate" it is to call its functions from a program. Thus, if you don't call specific RSAREF functions, you're not "incorporating" RSAREF. "Incorporation" of RSAREF is thus not transitive. I would be careful here. Another conceivable definition of "incorporate" is "to link with". Perhaps it might mean to statically link with, or dynamically link with. This definition would be transitive, but could still be circumvented. I have seen examples of commercial products interfacing to various GNU-ware, protected by copyleft. I forget the exact details, but there was at least a layer of free-ware provided in between that accessed the GNU-ware via a shell interface. I will look up the exact details and post them if I can. Calling an RSAREF shell program would not be incorporating it, IMHO. It seems to me that if you provide a free shell-accessible program that invoked whatever free-ware you want to write around RSAREF, and you invoked that shell program from inside another program that was a commercial product, that you would be protected. It is of course possible that closer binding would also provide adequate protection; this is just one way that I believe would be adequate. It restricts the interface to a relatively low-bandwidth, potentially inefficient interface, but this seems to be their goal, and it also seems adequate for e-mail purposes. (The RSAREF could be in a background server process, always running, providing enhanced efficiency, if desired.) Of course, I am not a lawyer either, although I have watched an awful lot of Judge Wapner. Get your own legal opinion if you really care. ... Richard -- dat at ebt.com (David Taffs) From nobody at soda.berkeley.edu Wed May 18 11:59:04 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Wed, 18 May 94 11:59:04 PDT Subject: PGP 2.5 / PGP 2.6 Message-ID: <199405181858.LAA20408@soda.berkeley.edu> I feel that we should stick with PGP 2.5. It makes me wonder when MIT comes out with version 2.5 and then TWO weeks later decides to scrap it and go with a new version. WTFO? Something smells wrong here! I say stick with 2.5 and don't upgrade to 2.6! ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```&]S^P;+]AB?X9TW6\8WN:^P&2$:G<'CM.^XL(UI)(0XA"*@FT;^`?8\ M05_9?3X9LT68(?"HY91G\H"\(O.7"27L;H0>302V#6U:^E3CT3U%5EL766HC :3 at 6;`,2S/8'$0\9OR@)X"G8KG]1SV= Message-ID: <9405181913.AA06690@ah.com> Eric Hughes says: > If the value transferred is liquid, and the payment is made upon > demand, then, in fact, you are a bank, regardless of what else you > might call yourself. Well, there is ONE subtlety -- entities like mutual funds and securities broker/dealers are not considered banks qua banks under American law On the other hand, Fidelity, for example, the largest of the mutual fund providers, does not offer demand deposits, because you can't get back your money "upon demand". They don't have to give it back to you immediately, so it's not "upon demand". Check the agreement or the "checks" you get for your fund account. It seems conceivable to operate a business that took non-demand liquid deposits, but which promptly serviced most demands for withdrawal because of the competitive environment. A "banc" of this form would not survive if the liquid deposits were, practically speaking, liquid. ("Banc" is an avoidance of the regulation which puts companies with the word "bank" in them under banking regulation. It's amazing at the number of companies with names like "Bancshares" or "Banc Holding".) Since no such institution exists now, it would be currently outside the regulatory framework, but one should not expect it to remain that way. Pragmatically speaking, one's best strategy would be to get successful rapidly and then hire lobbyists. Credit card and charge card companies could do this themselves right now, were they to pay interest on positive balances. The contract between card company and customer would have to specify that the positive balance was not available "upon demand", per above. Otherwise most of the relationships could be the same. As an aside, issues of commercial paper, including promissory notes and hypothetically digital "bancnotes", whose term is nine months or less are specifically exempted from SEC regulation. There really seems to be a gap in the regulatory environment. Legal hacking is a lot of fun. Prerequisites are a humility to learn the structure of legal argument and access to legal materials. The study guides for law students are generally excellent introductions to the subject. Access to a law library is also useful for looking up statute and decisions, but not essential, although reading at least a few decisions is necessary for ensuring an understanding of the social process involved in the creation of law. And if what you want to accomplish with your computer hacking requires, for implementation, something outside the computer hardware and networks, legal hacking is almost a necessity. Eric From hughes at ah.com Wed May 18 12:24:56 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 18 May 94 12:24:56 PDT Subject: In defense of paranoia in cryptography In-Reply-To: <9405142308.AA00589@mycroft.rand.org> Message-ID: <9405181927.AA06711@ah.com> However, a successful cryptographer must be cautious at a level that would be judged paranoid in more civilized communities. A correct analysis of the risks and the costs of prevention and non-prevention is not being paranoid. To be overly cautious is, almost by definition, not to be economical. It should be noted, however, that there is enormous risk in ignorance of the other risks, and so effort made in order to understand the risks is well spent, _even_ if one spends more on that than the savings stemming from that understanding. If you need cryptography, it's because you have enemies. This is dangerously false. One uses crypto because one does not know the nature of one's opponents now and in the future, with an emphasis on the future. This lack of knowledge includes an ignorance that certain parties do not have your best interests at heart. If you think they do, you can always reveal the information. Cryptography is primarily about how we get assurances of security. Uncertainty has negative value all by itself. Eric From dave at marvin.jta.edd.ca.gov Wed May 18 12:29:54 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto) Date: Wed, 18 May 94 12:29:54 PDT Subject: PGP 2.5 / PGP 2.6 In-Reply-To: <199405181858.LAA20408@soda.berkeley.edu> Message-ID: <9405181929.AA19070@marvin.jta.edd.ca.gov> :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```&]S^P;+]AB?X9TW6\8WN:^P&2$:G<'CM.^XL(UI)(0XA"*@FT;^`?8\ M05_9?3X9LT68(?"HY91G\H"\(O.7"27L;H0>302V#6U:^E3CT3U%5EL766HC :3 at 6;`,2S/8'$0\9OR@)X"G8KG]1SV= I feel that we should stick with PGP 2.5. It makes me wonder when > MIT comes out with version 2.5 and then TWO weeks later decides to scrap it > and go with a new version. WTFO? Something smells wrong here! I say stick > with 2.5 and don't upgrade to 2.6! Has anyone checked 2.5? Does the date restriction code exist there as well? It seems like MIT was planning the 2.6 release from the start. To go to this amount of trouble while leaving a UN-modified, legal version available would be counter-productive (unless they are counting on 2.6 flooding 2.5 off the net). Dave Otto -- dave at gershwin.jta.edd.ca.gov -- daveotto at acm.org "Pay no attention to the man behind the curtain!" [the Great Oz] From hughes at ah.com Wed May 18 12:46:40 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 18 May 94 12:46:40 PDT Subject: ADMIN: on penet and on paranoia In-Reply-To: <9405150153.AA14358@flammulated.owlnet.rice.edu> Message-ID: <9405181949.AA06760@ah.com> Eric Hughes wrote: >Paranoia is cryptography's occupational hazard. Yes, that is indeed the nature of it since many of the protocols are designed to work admist mutually distrusting parties. A degree of suspicion/ paranoia is necessary - for example, digital cash. Paranoia is not necessary for protocol analysis. While it is not totally ineffective, it is certainly much less useful than understanding the invariants of the protocol, for example. Proof is much more powerful than paranoia. Evaluating the risks of a situation, even the ones of low probability and large effect, is not paranoia. The person who considers that there might be people who want to listen it and uses cryptography because the cost of deployment is less than the perceived risk (and all risk is perceived risk) is not paranoid but prudent. The person who merely thinks there are people listening in and uses cryptography to defend against them is just paranoid. >From the outside these two states of mind are difficult to distinguish. Both use crypto, both acknowledge the existence of people who wish to harm other people. Yet the paranoid has identified with the victim. An indicator of paranoia is an unsupported claim about a state of affairs in which the speaker is a target. This is what happen with the penet id assignments; some people implicitly asserted the existence of malicious individuals. Those who merely brought up their _potential_ existence. The evidence for this distinction is speech-acts, not the most reliable indicator. Therefore my advice about paranoia is more directed to individuals pondering their own states of mind than to the examination of the behavior of others. Sometimes you may learn that another person actually is paranoid. You cannot, however, usually tell just from the use of cryptography whether or not a person is paranoid. To summarize my original claim in light of the foregoing, the paranoid does not do protocol analysis as well because of a misdirected focus on certain risks and not others. example, a non-suspicious person may be tricked into digitally signing anything (by getting them to sign a blinded document). And for this reason, keys used for blind-signing should not be the same as for email signing. But this is a different discussion. I think I follow most of what you are saying; all the same, in this case, technical error or not, malicious person or not, the paranoia is justified. To assert the possible existence of the malign is acknowledgement. To assert the possible existence of the malign in some current situation is suspicion. To assert the actual existence of the malign without good evidence is paranoia. I don't think you use the word "paranoia" as I do above, which I would term suspicion. Eric From blancw at microsoft.com Wed May 18 13:16:41 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 18 May 94 13:16:41 PDT Subject: FW: James Fallows on Clipper Message-ID: <9405181918.AA29072@netmail2.microsoft.com> See The Atlantic Monthly June 1994 "Open Secrets" From mimir at illuminati.io.com Wed May 18 14:33:19 1994 From: mimir at illuminati.io.com (Al Billings) Date: Wed, 18 May 94 14:33:19 PDT Subject: PGP 2.5 / PGP 2.6 In-Reply-To: <9405181929.AA19070@marvin.jta.edd.ca.gov> Message-ID: On Wed, 18 May 1994, Dave Otto wrote: > :: [nobody says] > > I feel that we should stick with PGP 2.5. It makes me wonder when > > MIT comes out with version 2.5 and then TWO weeks later decides to scrap it > > and go with a new version. WTFO? Something smells wrong here! I say stick > > with 2.5 and don't upgrade to 2.6! > > Has anyone checked 2.5? Does the date restriction code exist there as well? > It seems like MIT was planning the 2.6 release from the start. To go to this > amount of trouble while leaving a UN-modified, legal version available > would be counter-productive (unless they are counting on 2.6 flooding 2.5 > off the net). MIT's press release on 2.6 also mentions bugs in 2.5 that have been pointed out to them. I'm all for liberating 2.5 from MIT but we need to fix the bugs in it that they fixed in (or are fixing in) 2.6. Wassail, Al -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | Al Billings aka Grendel Grettisson | Internet: mimir at illuminati.io.com | | Nerd-Alberich - Lord of the Nerd-Alfar | Sysop of The Sacred Grove | | Admin for Troth, the Asatru E-mail List| (206)322-5450 | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From ebrandt at jarthur.cs.hmc.edu Wed May 18 14:55:44 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Wed, 18 May 94 14:55:44 PDT Subject: quantum Computing In-Reply-To: <9405181815.AA15671@fnord.lehman.com> Message-ID: <9405182155.AA08254@toad.com> > From: Rick Busdiecker > It's a matter of definition, I suppose. Hopcroft and Ullman describe > an NFA as having a tape. I find this a little odd, given that the "F" stands for "finite". Checking Hopcroft and Ullman, they define an NFA formally as a tuple: states, inputs, initial state, final states, and a mapping from states cross inputs to 2^states. No tape. Eli ebrandt at hmc.edu From pcw at access.digex.net Wed May 18 14:57:16 1994 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 18 May 94 14:57:16 PDT Subject: PGP 2.5 / PGP 2.6 Message-ID: <199405182156.AA01890@access1.digex.net> >On Wed, 18 May 1994, Dave Otto wrote: > >MIT's press release on 2.6 also mentions bugs in 2.5 that have been >pointed out to them. I'm all for liberating 2.5 from MIT but we need to >fix the bugs in it that they fixed in (or are fixing in) 2.6. If this is done successfully, it might be a good idea to name it PGP 2.7 for obvious reasons. From peb at netcom.com Wed May 18 14:58:33 1994 From: peb at netcom.com (Paul E. Baclace) Date: Wed, 18 May 94 14:58:33 PDT Subject: quantum Computing Message-ID: <199405182158.OAA25221@netcom.com> Seth Lloyd has an interesting paper, "A Potentially Realizable Quantum Computer", available at ftp.santafe.edu (I don't know the exact path). It is based on a cellular automata material that receives pulsed/phased array strobing light. It uses reversible logic so it dissipates little energy. As I understand the proposal assumes future materials and manufacturing abilities, although Lloyd says that quantum dots may be the right direction. As gtoal mentions, the P vs. NP question is speculative. My intuition is that the many worlds hypothesis will not be a holy grail of computation (because similar theories about faster than light communcation ended up not being useable due to very low level conservation rules). Then again, we may be surprised. Paul E. Baclace peb at netcom.com From jkreznar at ininx.com Wed May 18 15:08:05 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 18 May 94 15:08:05 PDT Subject: So PGP2.5 is becoming clearing... In-Reply-To: <9405181235.AA02236@snark.imsi.com> Message-ID: <9405182207.AA24333@ininx> -----BEGIN PGP SIGNED MESSAGE----- Perry E. Metzger writes: > John E. Kreznar says: > > You would have to consent to be a national person (United States of > > America or Canada) in order to have it. You wouldn't want to give up > > your freeman status to do that, would you? > Given that to my knowledge no court, federal official, or other > organization that counts recognises "freeman status" to my knowledge, > it would seem to be a very small loss. What they certainly _do_ recognize, however, is that a person who _does_ agree to the PGP 2.5 terms has affirmed that he _is_ a national person. This could be used by a court to negate any subsequent denial by the person that he is a subject of the United States of America or Canada. The absence on one's record of such affirmations is a prerequisite for freeman status. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdqRM8Dhz44ugybJAQFeKAP9EQPF8HucD5DUZ7x+ujnWxC4Td5uW/Wzy 6tQybwcBAwJuCenqWHDHdx5awGkANo9HTx63cD41rAls1rsXIyDRF2h2fTa1sLkM d6Soww9JG4PUAHGLFJvu1SCt13nBzotGrEpOp16c0y9QeW9yQ+QCFSnFq2bw75F4 zi1yarlYyQo= =Da9O -----END PGP SIGNATURE----- From lefty at apple.com Wed May 18 15:24:13 1994 From: lefty at apple.com (Lefty) Date: Wed, 18 May 94 15:24:13 PDT Subject: So PGP2.5 is becoming clearing... Message-ID: <9405182223.AA26971@internal.apple.com> >> Given that to my knowledge no court, federal official, or other >> organization that counts recognises "freeman status" to my knowledge, >> it would seem to be a very small loss. > >What they certainly _do_ recognize, however, is that a person who _does_ >agree to the PGP 2.5 terms has affirmed that he _is_ a national person. >This could be used by a court to negate any subsequent denial by the >person that he is a subject of the United States of America or Canada. >The absence on one's record of such affirmations is a prerequisite for >freeman status. Given that this "freeman status" seems to exist only in your fevered imagination, who's to say what might or might not be a prerequisite for it? I'm finding this whole thread extremely silly. Are you actually attempting to suggest that if someone not currently a US citizen were to use PGP 2.5 he would somehow become a "subject" (whatever _that_ is) of the United States? This would undoubtedly come as exciting news to Haitian boat people and Chinese nationals jammed into the cargo holds of trawlers in San Francisco Bay. What, I wonder, do I have to do to qualify for "moonman status"? -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From willey at bach.seattleu.edu Wed May 18 15:30:26 1994 From: willey at bach.seattleu.edu (steve willey) Date: Wed, 18 May 94 15:30:26 PDT Subject: dos app STACKER, passwd? Message-ID: does anyone know how password protection for the dos compression utility stacker works? and more importantly how it can be cracked. i will pay 5 Ghost Marks for USEFUL info. thanks, steve From fnerd at smds.com Wed May 18 15:42:10 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 18 May 94 15:42:10 PDT Subject: Caller ID info... Message-ID: <9405182140.AA12850@smds.com> In this report... > Report and Order And Notice of Proposed Rulemaking of > March 29th, 1994 (CC Docket No. 91-281) ...FCC apparently decides that per-line blocking should be prohibited since people might forget to unblock it when calling 911. John Levine says, > In other words, per-line blocking is a bad idea because subscribers > are too dumb to unblock calls when they want to unblock them, although > they're not [too] dumb to block calls when they want to block them. To me the question is, why can't the phone company provide options for blocking-on-all-but-911-calls, and unlisted-except-for-911? More precisely, why can't the FCC allow for this simple possibility? The reasoning seems to be, "since we can't understand why people want this, we must prohibit its even being an option:" > > ...For the > > foregoing reasons, we find that a federal per line blocking > > requirement for interstate CPN based services, including caller > > ID, is not the best policy choice of those available to recognize > > the privacy interests of callers. Thus, carriers may not offer > > per line blocking as a privacy protection mechanism on interstate > > calls. "...We find" it "is not the best... thus, carriers may not offer" it. What about what the customers and consumer groups have found and fought for? What is wrong with letting this be decided on a regional, if not provider, if not local, if not personal level? Why must FCC impose least- common-denominator reduction of services? > > ...with comments due by May 18th. That's today. I'm faxing this ill-prepared complaint to 202-632-6975. > > Comments must reference the docket number (CC Docket No. 91-281). > > Send ten copies (yes, 10) to: > > > > Office of the Secretary > > Federal Communications Commission > > Washington DC 20554 -fnerd quote me - - - - - - - - - - - - - - - and i dreamed i was flying high up above my eyes could clearly see the statue of liberty sailing away to sea --Paul Simon -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From fhalper at pilot.njin.net Wed May 18 16:00:15 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Wed, 18 May 94 16:00:15 PDT Subject: PGP 2.6 announcement Message-ID: <9405182300.AA12784@pilot.njin.net> Does anyone have a copy of the announcement stating the PGP 2.6 would not accept message from previous versions of PGP after September 1, 1994? If so please send it to me. Thanks, Reuben Halper From dwomack at runner.utsa.edu Wed May 18 16:27:51 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Wed, 18 May 94 16:27:51 PDT Subject: Caller ID info... In-Reply-To: <9405182140.AA12850@smds.com> Message-ID: <9405182327.AA03715@runner.utsa.edu> > > John Levine says, > > > In other words, per-line blocking is a bad idea because subscribers > > are too dumb to unblock calls when they want to unblock them, although > > they're not [too] dumb to block calls when they want to block them. > > To me the question is, why can't the phone company provide options > for blocking-on-all-but-911-calls, and unlisted-except-for-911? > More precisely, why can't the FCC allow for this simple possibility? > Steve, in the case of Southwestern Bell ( and, I believe, the other local phone companies as well) per line blocking will not work at all on: 1-700 numbers 1-800 numbers 1-900 numbers 976 numbers 911 (and some other special purpose numbers too). For that matter, the *XX option won't block such calls either. It gets worse...the long distance companies have the _policy_ that when a number appears on your phone bill, the person being billed gets to know who it goes to. So...when you dial an 800 number, not only is it VERY possible they see a display with your number therein, but they can go to their monthly billing and get info about who you are despite having line blocking, call blocking, and non-published number status. Nice, huh? Regards, Dave From peb at netcom.com Wed May 18 16:45:41 1994 From: peb at netcom.com (Paul E. Baclace) Date: Wed, 18 May 94 16:45:41 PDT Subject: Caller ID info... Message-ID: <199405182345.QAA11782@netcom.com> Strange reasoning. Why not use the "*70" style code that turns it off for one call, just as *70 disables call waiting for modem use? Paul E. Baclace peb at netcom.com From schirado at lab.cc.wmich.edu Wed May 18 16:55:28 1994 From: schirado at lab.cc.wmich.edu (Schirado) Date: Wed, 18 May 94 16:55:28 PDT Subject: RESEND: PGP 2.5 mini-review Message-ID: <9405182355.AA10513@lab.cc.wmich.edu> [I sent this out before I learned of the Great List Crash, so I'm resending it now.] Having not seen any activity on the list for the last week or so (I hope everyone's busy writing code!), I figured I'd simultaneously check to see if the list still existed, and share some interesting excerpts from NEWFOR25.DOC, from the PGP 2.5 MIT-legit package. PGP 2.5 is apparently still written by Phil Zimmermann - at least, it purports to be - which in itself is a considerable relief to those of us who had no idea who was responsible. The source code is also available, as before, and I'm sure programmers the world over are even now poring through it in minute detail, looking for backdoors and such. I also expect we'll be hearing from them relatively soon, to tell us of the presence or absence of any suspicious code. Not being a programmer myself, I can only comment on a few aspects. First, there is this: [...] >[An] RSAREF limitation is that it cannot cope with keys longer than >1024 bits. PGP now prints a reasonably polite error message in such a >case. I recall someone mentioning at one point that increasing the size of a key beyond 1024 bits did not justify the increased computing time, but I do not recall the reason why. I believe the reasoning was not that it offered no additional security, but rather, that it was already difficult enough to crack 1K keys, and if you're really that worried about security, you should be tightening up in other areas, such as deciding who to trust and who not to, deciding what information to enter into the computer and what to keep in your head, or maybe making a homemade TEMPEST shield. :) I'd still like to see the math explained a little better, though. Also, has anyone found those references to elliptic-curve crypto? The original article is _An Implementation of Elliptic Curve Cryptosystems Over F-2-155_ , IEEE Journal on Selected Areas in Communications, Vol. 11, #5, June 1993 (page 804). (Schneier mentions that Next Computer's Fast Elliptic Encryption, FEE, uses elliptic curves, and is patented by R E Crandell, USP# 5,159,632,27 October 1992.) Also, look for works by Neal Koblitz. >Printed keyIDs have been incresed to 32 bits, as there were enough keys >out there that 24-bit keyIDs were no longer sufficiently unique. The >previous 24-bit keyID is the LAST 6 digits of an 8-digit 32-bit keyID. >For example, what was printed as A966DD now appears as C7A966DD. So even though the keyservers only have 5,000 or so registered users, there are enough people out there using PGP and NOT registering their keys with the servers that this extra bit of coding was necessary? Hmm. 24 bits gives us 16,777,216 unique ID's. 32 bits gives us 4,294,967,296. Are there really over 17 million PGP'ers out there, or is my math-impaired brain missing something painfully obvious? >PGP now enables clearsig by default. If you sign and ascii-armor a >text file, and do not encrypt it, it is clearsigned unless you ask >for this not to be done. Which would seem to indicate that PGP is mainly being used for e-mail! Goody! >[...] > >PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random >data in an attempt to force disk compressors to overwrite as much data as >possible. > >[...] > >The normal help files (pgp -h) are pgp.hlp or .hlp, such as >fr.hlp. Now, there is a separate help file for pgp -k, called pgpkey.hlp, >or key.hlp. No file is provided by default; PGP will use >its one-page internal help by default, but you can create such a file >at your site. > >PGP used to get confused if you had a keyring containing signatures from >you, but not your public key. (PGP can't use the signatures in this case. >Only signatures from keys in the keyring are counted.) PGP still can't use >the signatures, but prints better warning messages. Also, adding a key on >your secret key ring to your public keyring now asks if the key should be >considered ultimately-trusted. Prviously, you had to run pgp -ke to force >this check, which was non-obvious. > >[...] > >On Unix, PGP now figures out the resolution of the system clock at run >time for the purpose of computing the amount of entropy in keystroke >timings. This means that on many Unix machines, less typing should be >required to generate keys. (SunOS and Linux especially.) > >The small prime table used in generating keys has been enlarged, which >should speed up key generation somewhat. > >There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!) >when generating primes 2 bits over a multiple of the unit size (16 bits >on PC's, 32 bits on most larger computers), if the processor doesn't deal >with expressions like "1<<32" by producing a result of 1. In practice, >that corresponds to a key size of 64*x+4 bits. > >Code changes: > >At the request of Windows programmers, the PSTR() macro used to translate >string has been renamed to LANG(). > >The random-number code has been *thoroughly* cleaned up. So has the >IDEA code and the MD5 code. The MD5 code was developed from scratch and >is available for public use. So, all in all, PGP 2.5 would seem to be more than just a possible conspiracy by MIT/RSA/et. al., and more than just minor bug fixes that most people wouldn't care about. With the possible exceptions of the size limitations on keys, and whatever arcane pieces have been hacked out of the RSA code to comply with whatever demands they may have made, PGP 2.5 appears to be a legitimate upgrade, with more than a few bugfixes, both major and minor, as well as the all-important improved security (as far as can be seen). Comments? ** schirado at lab.cc.wmich.edu [O|o]bjectivist, Evil Capitalist(tm;-), s..O).... You hit the smurf! --More-- male, lesbian, polyamorous, @.../.".. You destroy the smurf! --More-- reader, atheist, Discordian, $$*...].. You feel cynical! free and natural sovereign individual the Frog Farm: e-mail frog-farm-request at blizzard.lcs.mit.edu (PGP available) From pfarrell at netcom.com Wed May 18 17:08:36 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Wed, 18 May 94 17:08:36 PDT Subject: Cryptosystems Journal Message-ID: <71523.pfarrell@netcom.com> > Does anyone know where one can read back issues > of CryptoSystems Journal? I was looking for > Volume 2 Number 2. I tried at several Univeristies > but they said only the Library of congress had it. Tony Patti is the publisher of Cryptosystems Journal. He is _not_ on the net, his old portal account has been closed. He is working hard on Volume 3. You can reach Tony via snail mail to: Tony Patti Editor, Cryptosystems Journal PO BOX 188 Newtown PA 18940-0188 USA Tony has been publishing the Journal for a while, complete with floppies. I know he has non-US subscribers. I wonder how he exports it. I have a copy of Volume 2 Number 1, and Volume 2 Number 2. But you'd have to be in the DC area to see it. If we get a DC-area meeting working in May, I can bring it for folks to look at. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From truher at mojones.com Wed May 18 17:11:49 1994 From: truher at mojones.com (Joel B. Truher) Date: Wed, 18 May 1994 17:11:49 -0700 (PDT) Subject: MotherJones MJ94: Pretty good hellraisin' (fwd) Message-ID: <52a4feb04cf7cf69067f2771940b66ac@NO-ID-FOUND.mhonarc.org> MotherJones MJ94: Pretty good hellraisin' -- by Ariel Sabar Philip Zimmermann, our February 1994 Hellraiser, is rushing to finish what he tentatively calls Voice PGP, named after his uncrackable computer encryption program, Pretty Good Privacy. His new creation turns a personal computer into a secure telephone--much to the consternation of the feds. Voice PGP uses a computer and high-speed modem to compress and encrypt the caller's voice before transmitting it onto ordinary phone lines. Only the called party can decode what the user is saying, in real time. Why Zimmermann's hurry? "We have a window of opportunity to fill this technology niche before the government acts," he says. Otherwise, once U.S. intelligence gets its hands on telephone surveillance technology, "it will be like putting a sticker on every phone that says, 'J. Edgar Hoover inside.'" Zimmermann and other cypherpunks are already disturbed by the government's decision to install the Clipper chip (an encryption device whose passwords are known to both the user and the feds) in computer communications software. His aim is to get Voice PGP out there (for free, like PGP) and widely in use by the end of the year. All rights reserved. Redistribution permitted with this notice attached. Redistribution for profit prohibited. From ejohnson at pmip.dist.maricopa.edu Wed May 18 17:22:06 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Wed, 18 May 94 17:22:06 PDT Subject: Anonymity is rude... Message-ID: <199405190021.RAA18639@pmip.dist.maricopa.edu> According to Intel (via their acceptable use policy) anonymity is "bad form" which is monitored: Do not post any messages anonymously. This is viewed as bad form by the Usenet community and system managers are asked to track down offenders. This wastes Intel's time and resources. http://nearnet.gnn.com/gnn/news/feature/intel_guidelines.html Ahem, --Eric From lile at netcom.com Wed May 18 17:24:20 1994 From: lile at netcom.com (Lile Elam) Date: Wed, 18 May 94 17:24:20 PDT Subject: PGP for voice... it's here :) Message-ID: <199405190024.RAA18155@netcom.com> almost... -lile From peb at netcom.com Wed May 18 17:30:57 1994 From: peb at netcom.com (Paul E. Baclace) Date: Wed, 18 May 94 17:30:57 PDT Subject: FW: James Fallows on Clipper Message-ID: <199405190030.RAA16626@netcom.com> Re: The Atlantic, June 1994. The article is another "Nothing to Worry About". The article unfortunately occurs in the same issue that has a feature article about the possibility of Russian gangs obtaining nuclear weapons which also details how the coup attempt was observed by the NSA and Bush decided to let the good guys know so that the attempt could be thwarted. The NSA opposed letting them know since it would reveal their abilities, but Bush took the chance that this was not as bad as having a bunch of hardliners controllng the big bombs. This feature article will certainly give people the impression that crypto must be controlled or is at least a very important millitary matter. Now the NSA can't listen in, the article reported, but who knows what they've done since then. I hope to write a letter responding to Fallows' article, but right off I noticed some errors: he states that the millitary and intelligence services will use Clipper themselves when in fact, it would not be approved for secret information. (Recently someone noted that this is probably due to the key handling methods, but it could certainly be due to escrow itself as being risky.) Additionally, he brushes aside the accepted cryptographic methods (open inspection and testing) as being frivolous. (This seems to be a result of the NSA envy and pride runs through the article.) Paul E. Baclace peb at netcom.com From rfb at lehman.com Wed May 18 18:02:46 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Wed, 18 May 94 18:02:46 PDT Subject: quantum Computing In-Reply-To: <9405182155.AA08254@toad.com> Message-ID: <9405190102.AA22319@fnord.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- I was in a hurry and misread something to be supporting something else that I had misremembered. I apologize for not being more careful and I continue to concede the point that NP completeness is defined in terms of NTMs rather than NFAs. FWIW, what I misread was a blurb near the front of Formal Languages and Finite Automata (I'm guessing at the title, the book is no longer near by) H&U simply described the input to the machine as a tape. Rick -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdq6lBaZNKPPNj41AQH/EAP/eZlxtjQbzlsVssKmY9n7Smh0bGwgVPQr tQ8mhBBQFPeByTR24wPp2qINws8WgzDI9EOTnrkSxs0NI6Ig3uusXxHEdPfhUfnl kO2uTgAJ/pFztQXyvCIkGyAs0RlthLaatpquZFue07r2JFOo0AB7XG6CprF9kvGH eTjfWvb+Ygo= =BUsf -----END PGP SIGNATURE----- From jdwilson at gold.chem.hawaii.edu Wed May 18 18:35:11 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Wed, 18 May 94 18:35:11 PDT Subject: Dr Dobbs "CD ROM" In-Reply-To: <9405160227.AA27890@acacia.itd.uts.EDU.AU> Message-ID: I have the DD CD and will check it out for you. I can state for a fact that the InfoSelect Internet Tools CD-ROM did include PGP-2.2 in Unix (RR) format as well as DOS. When I first saw that I reported it to the list, with that same question on my mind (re exporting.) Now that the info is on this list, I wonder how long it will take the TLA's to pounce on this one... *.................................................................* . == = =....James D. Wilson.....jdwilson at gold.chem.hawaii.edu.. . " " "....P. O. Box 15432..........or..NetSurfer at sersol.com.. . " " /\ "....Honolulu, HI 96830................................ . \" "/ \"....FRC/FAM/AASR/GWB/OTO............................... *.................................................................* On Mon, 16 May 1994, Matthew Gream wrote: > Subject: Dr Dobbs "CD ROM" > > Curiously; thumbing through the last issue of Dr Dobbs (April > 94 -- it just made it into the newsagents here), I notice their ---- > Does anyone have this CD ROM, is the code in "ready to compile" > form, is it all there ? > From mlshew at netcom.com Wed May 18 19:50:08 1994 From: mlshew at netcom.com (Mark Shewmaker) Date: Wed, 18 May 94 19:50:08 PDT Subject: Lunch Tuesday at Atlanta COMDEX 5/24/94 Message-ID: <199405190249.TAA11212@netcom.com> You may recall my earlier message with the same subject line last week, wherein I proposed that all interested Atlanta Comdex attendees meet at noon Tuesday for lunch, above the food court in the CNN Center. I also said that I would post an updated version of that earlier message today, with appropriate error corrections, or time/place updates depending upon the response. (And include a listing of people attending for anyone wanting to have their name on such a list.) Well, now it doesn't seem as if there's much point in reposting the long message at all, taking up the corresponding disk space for hundreds of subscribers as well, as no one has yet responded to say they were coming. (Although I did get mail in support of the endeavor--thanks!) So either this means that extropians/cypherpunks are extremely paranoid about such things, or that they tend to get behind in their mail, or the most likely that they are not interested in flying across the country to attend an MS-Windows convention in the first place. (A rather healthy attitude if I do say so myself--cypherpunks "write code", they don't "sell inferior products.") I still plan to be there, eating lunch in any event, so you can still come up and chat. Anyone who wants a copy of the original plan can read my .plan by fingering me at mlshew at netcom.com, or getting it from ftp as netcom.com:/pub/mlshew/plan Mark Shewmaker mlshew at netcom.com From beker at netcom.com Wed May 18 22:34:12 1994 From: beker at netcom.com (Brian Beker) Date: Wed, 18 May 94 22:34:12 PDT Subject: Patent infringement (fwd) Message-ID: Greetings C'punks: Normally I'm just a lurker here on cypherpunks, but I thought that the new net.cop mode might be of interest to us all. Here are the results of Mr. Sternlight's assiduous policing: ---------- Forwarded message ---------- Date: Wed, 18 May 1994 15:59:44 -0700 (PDT) From: David Sternlight To: Netcom Support , Brian Beker Subject: Patent infringement In tracking down slow response on netcom8, I discovered that user beker was idle for over 16 minutes, and since the timeout was supposed to be 12, I fingered him to see if he was a netcom staffer. I found his .plan file contained a PGP 2.3a key. That infringes RSADSI's patents. That this is so has recently been confirmed by an independent inquiry by lawyers retained by MIT. The patent holder, RSADSI, has said that no only do versions of PGP except the soon-to-be-released 2.6 and the commercially sold Viacrypt version 2.4 infringe in the U.S., but posted keys and key servers constitute inducement to infringe and/or conspiracy to infringe. Given netcom's new user agreement, I'm user user beker will want to correct this. David Login name: beker In real life: Brian Beker Directory: /u1/beker Shell: /bin/tcsh On since May 17 18:25:24 on ttyq2 from NETCOM-la5.netco 16 hours Idle Time Mail last read Wed May 18 14:59:25 1994 Plan: "Buddy when he come back from up in the panhandle told me one time it quit blowin up there and all the chickens fell over." Cormac McCarthy "All the Pretty Horses" ____________________________________________________________ | | | "LINES OF FIRE," the only film about heroin trafficking | | and revolution in Burma, shot entirely on location in | | rebel-held jungles, is available on homevideo from | | First Run Features in New York | | (212) 243-0600 | |____________________________________________________________| -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiy02ncAAAEEAMa9iYhxd2q8BViv0bpX6ktixk/v+T5LIQ41Scut8PhPRQKo SEDlP2bkIi4Spb6Tf10m6txDKwntj+tIrTlfkZOKawUUakW4MtqB4l84XI3nUlrB SpxiaaiCNe1ETtUr6/AMqo0JFJxz5iTLAzVzijXTxCn1NQRSByJejrfgN5yJAAUR tB5CcmlhbiBCZWtlciA8YmVrZXJAbmV0Y29tLmNvbT6JAJUCBRAs6UaSYIKGuWzM Fm0BAVFUA/4uPA3oQ4LRp1hJFa90pasXgD+Y6NfUt7IO1O1O1b2Vn21n1uhk4UZ0 gSAhOdog0a5E2bPECamlYy8XJR0cOXVQfWTL4ErmcGr2zMQNpNzoOU9UortJRa+d Lw922IEOB1bLdsINtuQOIG9k7NcWrBiYzdnznbrOkxJoXBHahuPjn4kAlQIFECzn LHlzoW8TKQHagQEBfYcD/1aioxIk0Fn/Ta5YLzP6+gLESwxh0xB0WIHYKjyQMPev WqfNplaSJI5SFSIBfb/clpACDljXy3/mY3+AaoKj0vNxxG40YDSdiQK3xM88yYFq nf65ybeQ5cDbuR1H15YaqArEKduw8/udMftXLZKo0N9YOPJ3g3iBXGgi33/ZitPe =7hh4 -----END PGP PUBLIC KEY BLOCK----- From dtangent at defcon.org Thu May 19 00:25:50 1994 From: dtangent at defcon.org (The Dark Tangent) Date: Thu, 19 May 94 00:25:50 PDT Subject: DEF CON II Convention Update #7 Message-ID: <2ddb0518.dtangent@dtangent.defcon.org> Updated Last : 5.13.1994 Only two months to go! --> Updated sections will have a "*" next to them for easier location. --> New Speaking Schedule XXXXXXXXXXXXXXXXXXXXXXXX XX DEF CON II Convention Update Announcement XXXXXXXxxxxXXXXXXXXXXXXXXX XX DEF CON II Convention Update Announcement XXXXXXxxxxxxXXXXXX X X DEF CON II Convention Update Announcement XXXXXxxxxxxxxXXXXXXX X DEF CON II Convention Update Announcement XXXXxxxxxxxxxxXXXX XXXXXXXXX DEF CON II Convention Update Announcement XXXxxxxxxxxxxxxXXXXXXXXXX X DEF CON II Convention Update Announcement XXxxxxxxxxxxxxxxXXXXXX XX X DEF CON II Convention Update Announcement XXXxxxxxxxxxxxxXXXXXXXX DEF CON II Convention Update Announcement XXXXxxxxxxxxxxXXXXXXXX X XX DEF CON II Convention Update Announcement XXXXXxxxxxxxxXXXXXXXXXX XX X DEF CON II Convention Update Announcement XXXXXXxxxxxxXXXXXXXXX X DEF CON II Convention Update Announcement XXXXXXXxxxxXXXXXXXXXXXXXXX DEF CON II Convention Update Announcement XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX DEF CON II Convention Update Announcement READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBUTE & READ & DISTRIBU =========================================================================== What's this? This is an updated announcement and invitation to DEF CON II, a convention for the "underground" elements of the computer culture. We try to target the (Fill in your favorite word here): Hackers, Phreaks, Hammies, Virii Coders, Programmers, Crackers, Cyberpunk Wannabees, Civil Liberties Groups, CypherPunks, Futurists, Artists, Etc.. WHO: You know who you are, you shady characters. WHAT: A convention for you to meet, party, and listen to some speeches that you would normally never hear. WHEN: July 22, 23, 24 - 1994 (Speaking on the 23rd and 24th) WHERE: Las Vegas, Nevada @ The Sahara Hotel So you heard about DEF CON I, and want to hit part II? You heard about the parties, the info discussed, the bizarre atmosphere of Las Vegas and want to check it out in person? Load up your laptop muffy, we're heading to Vegas! Here is what Three out of Three people said about last years convention: "DEF CON I, last week in Las Vegas, was both the strangest and the best computer event I have attended in years." -- Robert X. Cringely, Info World "Toto, I don't think we're at COMDEX anymore." -- CodeRipper, Gray Areas "Soon we were at the hotel going through the spoils: fax sheets, catalogs, bits of torn paper, a few McDonald's Dino-Meals and lots of coffee grounds. The documents disappeared in seconds." -- Gillian Newson, New Media Magazine DESCRIPTION Last year we held DEF CON I, which went over great, and this year we are planning on being bigger and better. We have expanded the number of speakers to included midnight tech talks and additional speaking on Sunday. We attempt to bring the underground into contact with "legitimate" speakers. Sure it's great to meet and party with fellow hackers, but besides that we try to provide information and speakers in a forum that can't be found at other conferences. While there is an initial concern that this is just another excuse for the evil hackers to party and wreak havoc, it's just not the case. People come to DEF CON for information and for making contacts. We strive to distinguish this convention from others in that respect. WHAT'S NEW THIS YEAR This year will be much larger and more organized (hopefully) than last year. We have a much larger meeting area, and have better name recognition. Because of this we will have more speakers on broader topics. Expect speaking to run Saturday and Sunday, ending around 5 p.m. Some of the new things expected include: > An Internet connection with sixteen ports will be there, _BUT_ will only provide serial connections because terminals are too hard to ship. So bring a laptop with communications software if you want to connect to the network. Thanks to cyberlink communications for the connection. The connection will be at least a 28.8kbps slip, and we are working with the hotel to try and set up a 56k line for the weekend. > There will be door prizes, and someone has already donated a Cell Phone and a few "Forbidden Subjects" CD ROMs to give away, thanks to Dead Addict. * People have decided to bring all types of cool old and new stuff to give away from ancient 300 acoustic modems to an oki 900 cell phone. Crazy! > Torquie (Remember her from last year?) will try and present the World Premier Showing of her Documentary of the computer underground, as shot in the United States and Europe. Should be a great show.. who knows, you might see someone you know. Editing is being done on the project now. > Dr. Ludwig will present his virus creation awards on Sunday. > A bigger and better "Spot The Fed" contest, which means more shirts to give away. Plus this year we can expect a newer and greater variety of Federal agents in attendance. Should be acronym alphabet soup! > More room, we should have tables set up for information distribution. If you have anything you want distributed, feel free to leave it on the designated tables. Yes, this year there will be a true 24 hour convention space. * Talk about more room! The Sahara moved us into "Room #1" (See uuencoded .gif floorplan in the follow up file) which has an unbelievable amount of space.. we're talking 750 people to 900 people. Should be plenty of space. We might try and partition a section off and show the movies there instead of having people run up to a movie suite elsewhere. > A 24 hour movie / video suite where we will be playing all types of stuff. VHS Format. Mail me with suggested titles to show, or bring your own. We'll use a wall projector when not in use by speakers. > Midnight Tech Talks on Friday and Saturday night to cover the more technical topics and leave the days free for more general discussions. * Friday night will be conspiracy night, along with a video conference dealing with unix and Internet security and an assembly programming workshop on twenty ways to trash a PC. * Saturday night will be a radio and cellular workshop night. WHO IS SPEAKING:============================================================= This list represents almost all of the speakers verified to date. Some people do not want to be announced until the event for various reasons, or are waiting for approval from employers. A speaking schedule will go out in the next announcement. Speaker, Who they are, Topic to be covered Philip Zimmerman, Notorious Cryptographer & Author of PGP. Keynote Address. Dr. Ludwig, Author of "The Little Black Book of Computer Viruses," and "Computer Viruses, Artificial Life and Evolution" Loyd Blankenship (The Mentor), Net Running in the 90's and RPG. Padgett Peterson, Anti-Virus Programmer, "What it's like to clean up other peoples messes" The Jackal, A Radio Communications Overview, Digital Radio and the Hack Angle. Judi Clark, Computer Professionals for Social Responsibility. Gail Thackery, (Of Operation Sun Devil Fame), Topic to be Announced. To be Announced, The Software Publishers Association, Topic to be Announced. Toni Ames, Ex US West Cellular Fraud, Cellular Fraud Topics. Mark, Cellular Enthusiast, Hacking Cell Phones. Lorax, The Lighter Side of VMBs. (Peter Shipley, UNIX Stud, Q&A on UNIX Security) George Smith, Crypt Newsletter, Virus Topic to be Announced. Cathy Compton, Attorney, Q&A Surrounding Seizure Issues, Etc. John Littman, Reporter and Author, Conspiracy 'stuff' Red Five & Hellbender, Madmen With a Camcorder, Who Knows? Erik Bloodaxe, Phrack Editor, Weird Wireless Psycho Shit.. Stay Tuned.. Curtis Karnow, Attorney, Legal issues surrounding encryption systems. * Mystery, UNIX god, UNIX Security stuff. (Video conference) * Mystery, Mystery, Cool toys. Torquie, Independent film producer from London, The European scene. ============================================================================= WHERE THIS THING IS: It's in Las Vegas, the town that never sleeps. Really. There are no clocks anywhere in an attempt to lull you into believing the day never ends. Talk about virtual reality, this place fits the bill with no clunky hardware. If you have a buzz you may never know the difference. It will be at the Sahara Hotel. Intel is as follows: We will be in "Room #1" in the upper level meeting space off of the Reception Mezzanine. The Sahara Hotel: 1.800.634.6078 Room Rates: Single/Double $55, Triple $65, Suite $120 (Usually $200) + 8% tax Additional rollaway beds (2 Max.) for $10 each. Transportation: Shuttles from the airport for cheap. NOTE: Please make it clear you are registering for the "DEFCON" convention to get the room rates. Our convention space price is based on how many people register. Register under a false name if it makes you feel better, 'cuz the more that register the better for my pocket book. No one under 21 can rent a room by themselves, so get your buddy who is 21 to rent for you and crash out. Try to contact people on the Interactive Mailing List (More on that below) and hook up with people. Don't let the hotel people get their hands on your baggage, or there is a mandatory $3 group baggage fee. Vegas has killer unions. * -> I have noticed that sometimes the hotel gets confused with people registering rooms, make sure they find the conference because we do exist there. FINAL DATE FOR REGISTERING FOR A ROOM IS JUNE 22 They have told me that normal hotel rooms are totally book for this time period (I guess it is the height of tourist season?) so if you plan on finding a room try to do it before the deadline. OTHER STUFF I'll whip up a list of stuff that's cool to check out in town there so if for some reason you leave the awesome conference you can take in some unreal sites in the city of true capitalism. If anyone lives in Las Vegas, I would appreciate it if you could send a list of some cool places to check out or where to go to see the best shows and I'll post it in the next announcement or in the program -> I am asking for people to submit to me any artwork, pictures, drawings, logos, etc. that they want me to try and include in this years program. I am trying to not violate any copyright laws, but want cool shit. Send me your art or whatever and I'll try and use it in the program, giving you credit for the work, of course. Please send it in .TIFF format if it has more than eight bit color. The program will be eight bit black and white, -> in case you want to make adjustments on your side. * Work has started on the program, try to get your stuff to me in the next month! PLEASE DONATE "STUFF" FOR THE GIVEAWAY: We are trying to raffle off interesting and old functional items. If you have anything such as old computers, modems, weird radio stuff, books, magazines, etc. that you want to get rid of, please call or mail me with what it is, or bring it along. I don't want to waste peoples time giving away rubber bands or anything, but pretty much anything else will go. ** Mailing List Server is dead, kaput, exit -1. I'm working on getting ** a commercial place to handle it for me so I can get it done quick. MEDIA: Some of the places you can look for information from last year include: New Media Magazine, September 1993 InfoWorld, 7-12-1993 and also 7-19-1993 by Robert X. Cringely Gray Areas Magazine, Vol. 2, #3 (Fall 1993) UNIX World, ???, Phrack #44, #45 COST: Cost is whatever you pay for a hotel room split however many ways, plus $15 if you preregister, or $30 at the door. This gets you a nifty 24 bit color name tag (We're gonna make it niftier this year) and your foot in the door. There are fast food places all over, and there is alcohol all over the place but the trick is to get it during a happy hour for maximum cheapness. The convention program will include some places to check out as suggested by several people who have spent time in the sin city. ============================================================================= Current Speaking Schedule (This will change with time) Times are in 24 hour format. Roughly 1/2 hour talks with 15 minutes of Q&A, Maximum of 50 minutes per speaker. FRIDAY, July 22 Convention room opens 09 on Friday 22-23 El1te video conference, UNIX security 23-24 Twenty Ways to trash a PC, assembly programming 24-01 Conspiracy Fest, the Inslaw affair (read up on it in the EFF 01-02 archives so you know what they are talking about.) SATURDAY, July 23 10-11 Welcome to the Convention!! Keynote Speaker Phil Zimmerman 11-12 Gail Thackery and Toni Ames 12-13 Kurt Karnow, The legal implications of encryption 13-14 Cathy Compton, 13-14 Judy Clark, CPSR, [These five speakers will be spread out over four hours (I hope)] 14-15 BREAK 15-16 BREAK 16-17 Theora, Privacy & Annonminity on the Internet, Round table discussion 17-18 Cool toy demo 18-19 The Jackal, Radio communications overview 19-20 Torquie, The European hacking community and 'scene' 20-21 BREAK 21-22 BREAK 22-23 BREAK 23-24 Erik Bloodaxe, Weird Wireless Psycho shit. CDPD, POGSAG, Etc. 24-01 Mark & friends, Cellular workshop (Oki 900 and 1150) 01-02 "" 02-03 "" SUNDAY, July 24 10-11 George Smith, Virus Topic TBA 11-12 Padgett Peterson, Anti Virus, Cleaning up after other peoples messes 12-13 Dr. Ludwig, Virus Creation Awards and what to do when the feds come 13-14 BREAK 14-15 ???, S.P.A. 15-16 Loyd Blankenship, Netrunning in the '90s and RPGs 16-17 Lorax, The lighter side of the "underworld" 17-18 Red Five and HellBender MONDAY, July 25 Convention room closes 8 am Monday ============================================================================= FOR MORE INFORMATION For Internet users, there is a DEF CON anonymous ftp site at cyberspace.com in /pub/defcon. There are digitized pictures, digitized speeches and text files with the latest up to date info available. The FTP site was nuked, and some files recovered. The missing files (Dan Farmers speech, some of the image files) are being uploaded again. For email users, you can email dtangent at defcon.org for more information. For non-net people call: ---- A L L I A N C E ---- SysOp Metalhead 612.251.8596 USRobotics 16.8 Dual Standard Synchronet Multinode BBS Software International Informational Retrieval Guild (IIRG) Distro Site Electronic Frontier Foundation (EFF) MEMBER American Bulletin Board Association (ABBA) MEMBER ----------------------------------------------------------------------------- o FidoNet [1:282/8004] o CyberCrime international [69:4612/2] o Computer Underground Magazines, History, Updates & Text o DEF CON Mirror Archive o uXu, PHANTASY, CuD, EFF Magazine(s) Distro Site ----------------------------------------------------------------------------- For Snail Mail and Pre-Registration send to: DEF CON, 2709 E. Madison Street Suite #102 Seattle, WA, 98112 Make Checks payable to DEF CON For Voice Mail and maybe a human (me), 0-700-TANGENT on an AT&T phone. A DEF CON Mailing list is maintained, and the latest announcements are mailed automatically to you. If you wish to be added to the list just send email to dtangent at defcon.org. STUFF TO SPEND YOUR MONEY ON > Tapes of last years speakers (four 90 minute tapes) are available for $20 > DEF CON I tee-shirts (white, large only) with large color logo on the front, and on the back the Fourth Amendment, past and present. This is shirt v 1.1 with no type-O's. These are $20, and sweatshirts are $25. > DEF CON II tee-shirts will be made in various colors this year, including a few long sleeve shirts. Sizes will be in XL only again, with few white larges made. Shirts will be $15, Long Sleeve $17, Sweat shirts will be $20. Well, actually, I'll make a small quantity of various stuff, so with luck * There will be two styles available in black, white, and a few mixed colors. > We will have a few embroidered hats and knit "hood hats" with this years logo. Not sure how much they will be.. like $15 maybe. Two Color Logo. > 4 color DEF CON II wall posters will be for sale for about $10 (Sorry for the incorrect estimate, but they cost more to print than my 'source' said) * We will try to have poster tubes there so you don't have to crush the posters > Pre-Register for DEF CON II in advance for $15. > Make all checks/money orders/etc. out to DEF CON, and mail to the address above. Way above. Above the virus awards announcement. If you have any confidential info to send, use this PGP key to encrypt: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCrAiyI6OcAAAEE8Mh1YApQOOfCZ8YGQ9BxrRNMbK8rP8xpFCm4W7S6Nqu4Uhpo dLfIfb/kEWDyLreM6ers4eEP6odZALTRvFdsoBGeAx0LUrbFhImxqtRsejMufWNf uZ9PtGD1yEtxwqh4CxxC8glNA9AFXBpjgAZ7eFvtOREYjYO6TH9sOdZSa8ahW7YQ hXatVxhlQqve99fY2J83D5z35rGddDV5azd9AAUTtCZUaGUgRGFyayBUYW5nZW50 IDxkdGFuZ2VudEBkZWZjb24ub3JnPg== =ko7s -----END PGP PUBLIC KEY BLOCK----- - The Dark Tangent ============================================================================= (Note, I have put a copy of Dr. Ludwig's new KOH Data security encryption Virus on-line at the DEF CON ftp site in /pub/defcon/KOH along with full documentation. Get CrAzY.) VIRUS CREATION AWARDS: Announcing The Second International Virus Writing Contest Sponsored by American Eagle Publications, Inc. P.O. Box 41401 Tucson, AZ 85717 USA and The Crypt Infosystems BBS +1 (818) 683-0854 *** The Goal *** The purpose of this contest is to write a fully functional computer virus that entertains people with political satire. Viruses will be judged on the basis of originality, creativity, functionality, and political incorrectness. *** Eligibility *** Anyone who can write a computer virus is eligible. *** Contest Dates *** The contest is underway from January 1, 1994 until June 30, 1994. Your submissions must be received by June 30 to qualify. The winner of the contest will be announced at the DEF CON II conference in Las Vegas, July 22-24, 1994. If you can be present, an official award will be bestowed on you at that time. ************************************************************* Details ************************************************************* The philosopher Friedrik Nietzsche once said that if you want to kill something, you must laugh at it--and laugh at it deeply. So there should be little wonder that political satire is as old as politics itself. Is there something going on in the political arena that you abhor, that makes you sick, that is just plain wrong? Well, here's your chance to make a mockery of it. I've always had this idea that if someone wrote a sufficiently witty virus that really addressed the issues the way the people (not the press, not the politicians) saw them, it might just get passed around by people voluntarily. Let's find out. Write a virus that is itself a political satire. I don't mean a virus that simply displays a message. I mean a living entity whose every move--whose every action--is politically motivated. If you need more than one virus to make your point--perhaps two viruses working together, or something like that, that is fine. ----------------------------------------------------------- Let me give you a simple example: The Political Correctness Virus This virus is a spoof on the "political correctness" movement--which is just a form of self-imposed censorship--that is sweeping American intellectual circles, particularly colleges and universities. This virus is a memory resident boot sector virus which maintains a list of politically incorrect words on your computer system. It also hooks the keyboard interrupt and monitors every keystroke you make. If you type a politically incorrect word into the computer, the PCV springs into action. Politically incorrect words are ranked at three different offense levels. When the PCV encounters such a word, it determines what offense level that word is, and acts accordingly. The least offensive words merely register a beep. More offensive words cause a beep to sound for 10 seconds. The most offensive words cause a siren to sound for two minutes, locking the system for that duration. If you turn the computer off before the two minutes are up, the virus will stop the boot process for five minutes, with sirens, when you turn it back on. If you allow the siren to complete, then you can proceed. The virus has two different word lists, both stored in an encrypted and compressed format. The list is selected at random when the system is infected, after which it cannot be changed. The first list is the "proper" list of political correctness no-no's. For example, a word like "sodomite" is among the worst possible offenses. The second list is an inverted list of no-no's. This list tries to force you to use "sodomite" by flagging words like "gay" and "homosexual" as no-no's. If you allow the PCV to live in your system for three months without getting a single flag, you are given the supreme honor of viewing the word list assigned to you and adding a word to it. If you get more than 3000 flags in a lifetime, the virus will force you to enter a politically correct word before allowing you to start the computer, since you are obviously unwilling to submit to its censorship. The virus also uses powerful means to prevent disinfection, so that, once you get it, you can't get rid of it without a major effort. ------------------------------------------------------------ Now, I know you can get a lot more creative than this--so do it! Design your virus carefully, so that everything it does has meaning. Then send it in. Here are the criteria we'll use: 1. Originality: Your virus must be an original work. Do not send us anything that is not 100% yours. Your message should be original too. Do not just ape what everybody else is saying, especially the media. Also, a refined wit is much to be preferred over vulgarity. Vulgarity is a substitute for original wit. Foul language, porn, etc., are out. Destructive features should be incorporated only if they are VERY appropriate (perhaps if you are commenting on real live genocide in your country, or something like that). In general, though, destructive features will hurt you, not help you. The one exception is modifying anti-virus programs. That is considered to be CONstructive activity. 2. Creativity: Make us laugh, make us cry. Amaze us with how bits and bytes can say something about politics and issues. Think of it like this: displaying a message on the screen is like reading a text file. What we want is the equivalent of a multi-media extravaganza. Use all the system's resources to tell your message. Don't be afraid to write a virus that has some weird mode of infecting programs that tells a story, or to write one that sends faxes to the White House, or sends an automatic request for reams of free information to some government agency. 3. Functionality: The virus has to work. If it only works on some machines, or under some versions of DOS, or what-not, then that will count against you. The better it is at infecting systems and moving around, the better off you will be. So, for example, if you write a file-infection, make sure it can jump directories, and--if you're up to it--migrate across a network. 4. Political incorrectness: Since computer viruses are politically incorrect, their message should be too. If you send us a pro-establishment virus, then you will not win this contest. A word to the wise: think twice about what's correct and what's not. Many positions are only superficially incorrect, though they are really quite fashionable among the establishment. Look at it this way: if you could get a well-written letter expressing your view published in a big city newspaper, then it's not sufficiently incorrect. There are a LOT of ideas that are unofficially censored by society-- especially the media and academia. They tend to make themselves out to be the rebels, but they are really the establishment. If you can't think of anything creatively incorrect and sufficiently obnoxious then you shouldn't be writing viruses in the first place. ************************************************************* How to Submit an Entry You may mail your entry to American Eagle Publications at the above address, or you may e-mail it to ameagle at mcimail.com. Alternatively, you can submit it by dialing the Crypt Infosystems BBS and uploading it there. To get on to the system quickly, efficiently and anonymously, log on as VIRUS, using the password CONTEST. An entry consists of: 1. A complete copy of your virus, both source and executable files. 2. If the political satire isn't perfectly obvious, send a verbal description of how the virus works and why it does what it does. This is especially important if you are not an American and you are commenting on something that has not received worldwide attention. I don't care if you're Bulgarian and you're commenting on something we've never heard of--just make sure you explain it, or we won't understand and you'll lose. 3. If you want to be recognized for your work, include your name (real or handle) and a way we can get in contact with you. By submitting an entry, you grant American Eagle Publications, Inc. the right to publish your virus in any form. You agree not to make your virus public prior to July 25, 1994. If you do, you are automatically disqualified from the contest. For the sake of privacy, you may encrypt your entry and send it in with the following PGP key (which we highly recommend if you have PGP): -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAi09jVgAAAEEAN3M9LFQXeBprkZuKo5NtuMC+82qNd3/8saHLO6iuGe/eUai 8Vx7yqqpyLjZDGbAS7bvobrcY3IyFeu8PXG4T8sd+g81P0AY0PHUqxxPG3COvBfP oRd+79wB66YCTjKSwd3KVaC7WG/CyXDIX5W6KwCaGL/SFXqRChWdf2BGDUCRAAUR tApDT05URVNUXzk0 =Z20c -----END PGP PUBLIC KEY BLOCK----- Good luck! **************************************************************** P R I Z E S In addition to instant worldwide fame and recognition, you'll get: 1. A cash prize of $100 US. 2. A year's subscription to Computer Virus Developments Quarterly. 3. Your virus will be published in Computer Virus Developments Quarterly, and other fine journals. 4. A handsome engraved plaque recognizing your contribution to the betterment of mankind. 5. A free secret surprise that we cannot tell you about right now, valued at $100. Two runner-ups will receive the secret surprise. !! GO FOR IT !! ============================================================================= From nelson at bolyard.wpd.sgi.com Thu May 19 01:14:12 1994 From: nelson at bolyard.wpd.sgi.com (Nelson Bolyard) Date: Thu, 19 May 94 01:14:12 PDT Subject: On Encrypted rlogin sessions Message-ID: <9405190814.AA24193@bolyard.wpd.sgi.com> Encrypting sessions of the Berkeley rlogin protocol is trickier than one might imagine. There's a "feature" of BSD sockets that can cause data to be delivered in a different order than was intended. The straightforward approach used in the Kerberos IV implementation of encrypted rlogin, krlogin -x, didn't address this problem, which is why krlogin sessions are sometimes terminated, suddenly and unexpectedly. This paper, which I wrote and submitted to the MIT kerberos bug list several years ago, explains the problem, and one solution that I implemented successfully in an encrypted rsh/rcp/rlogin product that was never marketed. I submit it here, for your edification and amusement. This paper is approximately 4 printed pages long. In my spare time, I'm trying to prepare a version of the protocol design documentation for that old product that can be released for publication. BACKGROUND: BSD sockets provides a feature known as "Out Of Band" (OOB) data transmission. It provides a way to send one byte of data in the TCP data stream that is separated from the data stream by the receiver and made available to the receiving program ahead of the rest of the received (and queued) data previously received. The OOB feature is implemented using a feature of the TCP protocol called the "urgent pointer", which was never intended for this use, and which doesn't always work as anticipated for this purpose. When OOB data is received, a signal (SIGURG) is sent to the receiver to let it know that "urgent" OOB data has been received. - - - - - (the old paper follows) - - - - - THE PROBLEM: The "Out Of Band" feature of BSD sockets, used by the rlogin programs, has a nasty and little-known behavior which I call "OOB creep-in". Normally, an OOB byte is sent, marked with the TCP urgent pointer, and is extracted from the incoming data stream when received at the destination system. However, under some somewhat-rare circumstances, an OOB byte can be received without being marked by the urgent pointer, and consequently the "out of Band" byte is delivered to the receiving program "in band", indistinguishable from the ordinary data stream. The OOB byte "creeps in" to the "in band" data stream. This behavior is documented (er, mentioned) in the BSD 4.3 tcp source code in "tcp_input.c": /* * Remove out of band data so doesn't get presented to user. * This can happen independent of advancing the URG pointer, * but if two URG's are pending at once, some out-of-band * data may creep in... ick. */ There are several ways this can happen, but the simplest scenario is this: 1. Sender sends a byte of OOB data. 2. A TCP segment with OOB data (urgent pointer) is sent. Call this segment A. 3. Sender sends more normal in-band data (this is optional). 4. Segment A is not received, due to CRC error, or dropped by gateway. 5. Sender sends another byte of OOB data. 6. A new TCP segment (segment B) with the new OOB data (new urgent pointer) is sent. Sender socket's urgent pointer now points at latest OOB byte, not the earlier one. 7. Sender's TCP retransmit timer fires, causing all sent but unacknowledged data (including all of segments A & B) to be retransmitted in a new segment, called segment C. In segment C, the urgent pointer points to the newest byte of urgent data, not to the OOB byte of segment A. So both the old and new bytes of OOB data are delivered but the urgent pointer only points to the latter one of them, the earlier OOB byte is not detected as being urgent or "out of band". The rlogin daemon uses OOB data to convey commands to the rlogin client, such as "enable XON-XOFF", "disable XON-XOFF", "return current window size" and "flush all received data". When an OOB byte "creeps in" (in an unencrypted rlogin session) it appears as a funny character on the rlogin user's screen. Some terminals display these as blanks, and very often these go unnoticed by users. When noticed, the user typically takes some trivial action to correct it; such as redoing the "ls" command, or typing "^L" to redraw the screen in vi. Unfortunately, for users of Kerberos krlogin -x, which encrypts the entire in-band data stream, the consequences of OOB creep-in are very noticeable, confusing (except to those who understand this phenomenon), and usually require the rlogin session to be restarted to correct the problem. The protocol used by "krlogin -x" sends all in-band data in blocks that look like this: | Length | encrypted data ... +---+---+---+---+---+---+---+---+---+---+---+---+---+---+ ... 4 bytes roundup(length,8) bytes where Length is a 32-bit integer sent in Network Byte Order, unencrypted, and is followed by roundup(length,8) [that's the smallest multiple of 8 that is no smaller than length] bytes of encrypted data. A view of an rlogin session would show a series of these blocks: ...xxxxxLLLLxxxxxxxxLLLLxxxxxxxxLLLLxxxxxxxxLLLLxxxx... OOB bytes are inserted in the data stream by TCP after (or before) a block and are normally removed before being received by the client. The actual TCP data stream, with OOB data shown, might look like: ...xxxxxBLLLLxxxxxxxxLLLLxxxxxxxxLLLLxxxxxxxxBLLLLxxxx... If such a data stream were to experience creep-in, the rlogin client, expecting: ...xxxxxLLLLxxxxxxxxLLLLxxxxxxxxLLLLxxxxxxxxLLLLxxxx... would actually receive: ...xxxxxBLLLLxxxxxxxxLLLLxxxxxxxxLLLLxxxxxxxxLLLLxxxx... Instead of receiving a legitimate length LLLL, the receiver gets an incorrect length BLLL. The receiver becomes "out of sync" with the sender. When this occurs, B is generally non-zero, and krlogin detects this condition because the resultant value of the 4-byte length field is out of range (too large). This error is reported by krlogin code (incorrectly) as End-Of-File on the TCP socket. This causes the "reader" process to terminate. The krlogin user experiences an unexpected termination of the session. There are other problems with OOB as it is used in rlogin. For example, even in "normal operation" (e.g. no retransmission of data) loss of OOB data occurs when the reader's system is slow and cannot process the first OOB byte before the second byte is received. That is, BSD code keeps only one byte of received OOB at a time, and if the first byte is not consumed by the receiving process before a second OOB byte arrives, the first byte is lost, overwritten by the second. SOLUTIONS: Several solutions to the creep-in problem exist. One solution, which (I am told) has been implemented in another UNIX workstation vendor's kernel, prevents creep in by preventing the transmission of a second OOB byte until the receipt of the first OOB byte has been acknowledged by the receiver. Thus two OOB bytes are prevented from being sent in the same TCP segment. This solution is not in general use, and I ruled it out for the code I was developing because I was looking for a solution that would run on a wide range of 4.3-based platforms, and not only on those featuring this fix. Also, this solution does not prevent loss of OOB data. Another potential solution completely eliminates the use of OOB in krlogin, using an in-band mechanism to send commands. For example, one could use the most significant byte of the length field to send the command bytes, instead of using OOB. Without the SIGURG signal however, the "flushwrite" function becomes rather untimely and useless. The solution I chose uses OOB for the benefit of the SIGURG signal, and the timely processing of flushes that it brings, but processes ALL the OOB data in-band, so none is ever lost. That solution was succesfully implemented in the code I developed. My programs did not suffer from creep-in; that is, users of my encyrypted rlogin program experienced the exact same behavior as experienced by users of ordinary rlogin. No loss of synchronization is caused by creep-in. Although the code in the product I developed is proprietary to SGI, I can outline the elements of the solution. If you're interested in this solution (or some variant) for Version 5 of Kerberos, much more detail can probably be supplied. 1. Use socket option SO_OOBINLINE. With this option, received OOB data generates a SIGURG, but is NOT removed from the data stream (remains in-band). 2. The entire data stream is encrypted, both in-band and OOB data. 3. Send the encrypted data exactly as done in unencrypted rlogin. That is, no length or padding data is added. The protocol is identical to unencrypted rlogin (after key exchange is performed), except that the data is all encrypted. 4. Use 64-bit Cipher Feedback (CFB) {en,de}cryption (see FIPS pub 81) instead of CBC or PCBC. The CFB method has several advantages: 1. text is {en,de}crypted one byte-at-a-time, so each byte of plaintext is {en,de}crypted immediately, yet the encryption algorithm is still used only once every 8 bytes. (little additional overhead) 2. No length data is sent. 3. There is no padding, yet it is very resistant to known-plaintext attack. 4. There is no media bandwidth overhead, the number of ciphertext bytes and plaintext bytes are identical. Disadvantages of this scheme: All received data must be buffered and decrypted, even that which is to be immediately flushed. The routines reader() and oob() are completely rewritten. Instead of a single buffer which is alternately read, then written; reader reads data into buffers which are put on a chain of buffers-to-be-written (to the tty). Reader reads data into these buffers until no more data is available to be read. Then it writes data from the chain of buffers-to-be-written until the chain is exhausted or until SIGURG occurs. Then it goes back to reading. OOB data is processed immediately as it is read. A command to flush data causes the chain of buffers-to-be-written to be freed. The oob() routine merely counts the OOB received, and causes writing (to the tty) to stop and reading (from the socket) to begin again. No reading and no longjmps are done in oob(). While this solution is too large a change to be considered a "bug fix" or "patch" to kerberos version 4, perhaps it can be considered as a new krlogin protocol for version 5. [It wasn't] Your feedback is solicited. -- Nelson Bolyard Multimedia Server Division Silicon Graphics, Inc. nelson at sgi.COM Phone: 415-390-1919 Fax: 415-967-8496 Disclaimer: I do not speak for Silicon Graphics. -- From unicorn at access.digex.net Thu May 19 06:21:20 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 19 May 94 06:21:20 PDT Subject: Forward of alt.security.pgp message Message-ID: <199405191321.AA13157@access1.digex.net> I thought I would post this to try and spur some discussion. It is my reply to DS's bid for the security of centralized authority in key certification. In article , David Sternlight wrote: >In article , >Rujith S DeSilva wrote: > >> >>Mr. Sternlight said that RIPEM can have signed messages in which the >>authenticity of the public-key can be assured in the same message, and that >>PGP cannot do so. >> >>Mr. Repenning's `one-word reply' was a PGP signed message in which the >>authenticity of the public-key was assured in the same message. >> > >Nope. His message simply provided his public key without any authentication >other than those he got to sign it. Since those are themselves not >authenticated except by the few who trust them, his public key is basically >unauthenticated. What he DID do is prove that the message was authenticated >with that public key. So what? > >Ripem provides a certificate in which a known Certification Authority (in >most cases RSADSI--eventually the Internet authorities themselves--vouches >for the sender's public key and one knows what standards have been applied >to prove identity. That public key is used to sign the message. Thus the >person is matched to his key and certified by a high-level-of-trust standard >certifier. That key then is used to authenticate the message. > >Putting it another way, I can't get an RSA Certificate without passing a >number of tests of my identity--for the Unaffiliated User Heirarchy that >involves proving to a Notary Public I'm me, with 3 pieces of ID including a >photo ID, and making that assertion under penalty of perjury. > >Thus the chances are pretty good I'm me and the key is mine. I dispute this. It is a simple matter to circumvent this requirement. If you would like to find three or four people on any given weekend who have the capacity to obtain a "trusted" certification in another name, or any name they wish, I suggest you try a college bar in Georgetown, or any other college area for that matter. Even passports are subject to sophisticated and fraudulant application. Your blind trust in the ability of perjury to deter is misplaced, and I might add, typical of your legal process way of approaching problems. All a centralized authority really accomplishes is to put a cap and a floor on the threshold to accept a given key as "valid" or that said keyholder's name really is "Bob Dwyer." PGP claims no such authority. PGP merely says: This is who has certified and vouched for the ownership of this key. Take my key signing policies. I will sign anothers key in two instances. 1> If a physical exchange of key materials is made by the key holder, and if that owner can prove access to the secret key. (Signed with my low security key) 2> If I personally know the keyholder and am aquainted in a context outside of the Internet, and the above criteria can be satisfied. (Signed with my highsecurity key) Which will you assert is the more reliable? A central authority that has never seen or heard of said applicant before? Or an authority who has known said applicant for months or even years outside of the internet, and in a personal capacity? (My method #2) Until every man, woman, and teen has a smart national ID card based on fingerprints or retina scan or DNA sampling, centralized authority is really a limiter, and in many cases a deceptive appearance of "secure" certification. (I might add that these methods are unacceptable to me for other reasons). In fact, should you be willing to wager a sufficant amount, and assure my non-prosecution for perjury, I would be pleased to demonstrate the ability to circumvent the centralized procedure in whatever reasonable protocol you would like. Provided I have an individual who I trust to sign keys only of those he knows, the only way to circumvent my PGP authentication requirements is to physically intercept the secret key and break the passphrase, or to resort to rubber hose cryptoanalysis. A tactic that is likely to cause key revocation in any event. >With PGP one >makes up a key, finds someone or other to sign it, and unless the signers >are both known and trusted by every reader, one has nothing. RSA IS known to >every reader and their safeguards are published. So what you really have is the potential for untrusted signatures to be given in PGP. So? How is this a limiter to the user who is careful enough to screen the keys properly? A centralized key signor authority is merely laziness. It is a method forwarded by those who are too sloth to take security in their own hands and wish to have it instead provided for them. This is why PGP is often criticized: Users are simply too lazy to look out for themselves. The answer is to limit everyone. Typical American policy, shoot for the average every time. You don't need to learn how to drive, we'll just make the speed limit safe for any idiot. You don't need to know how to brake, we'll just invent ABS. You don't need to take responsibility for your own security, we'll just invent a mediocre standard to do it for you. >Until PGP has some trusted official signers with high security certification >device protection and identity safeguards, the level of authentication is >its weakest element. No, until users pay more attention to what really is a "high security certification." authentication is its weakest element FOR THOSE USERS. When users really take extensive steps to certify, a certification is MORE secure than a centralized authority. I'm going to trust my million dollar transaction to a trusted friends transaction way before I trust what amounts to the Department of Motor Vehicles' assurance of identity. >By the way, in his example he did it wrong. First public key, then signature >or the poor reader has to invoke PGP twice. And this is a good clue perhaps on his signing procedures and caution in methodology. >David -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jamesd at netcom.com Thu May 19 07:24:36 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 19 May 94 07:24:36 PDT Subject: Mosaic to support digital money in September Message-ID: <199405191424.HAA28351@netcom.com> I have only recently resubscribed to cypherpunks, so forgive me if this is old news. Enterprise Integration Technologies and friends will enable digital money transactions in Mosaic in September (they hope, I would guess January 1995 before it really works.) Press release follows after my commentary. The transaction model has a crippled mode for people outside the US and Canada They intend that you will be able to write contracts and internet checks on participating banks. It is very centralized of course, but don't whine - it is the thin edge of the wedge. Once American banks are on the internet, Swiss banks will follow. The model uses account based digital money. It is overly centralized, but it is an excellent step towards a decentralized system of digital money. The cypherpunks are experimenting with digital token based money. Digital token based money is damn inconvenient, and each digital token currency requires a single centralized server which tends to monopoly and is thus highly vulnerable to government coercion. Although the server does not know which of its clients has been transacting with which, it does know the thing that the government is most interested in knowing - how much the client got, and how much he spent. For this reason I think decentralized account based digital money is the best hope. The following press release was posted on the CIS forum INETFORUM Quote begins: __________________________________________________________- #: 11559 S1/General Information [INETFORU] 14-Apr-94 04:12:28 Sb: PR:EIT/NCSA/RSA Fm: Scott Loftesness 76703,407 To: All [from an EIT/NCSA/RSA press release] Enterprise Integration Technologies (EIT), the National Center for Supercomputing Applications (NCSA) at the University of Illinois and RSA Data Security have announced agreements to jointly develop and distribute a secure version of NCSA Mosaic, the popular point-and-click interface that enables easy access to thousands of multimedia information services on the Internet. The announcement was made in conjunction with the launch of CommerceNet, a large-scale market trial of electronic commerce on the Internet. Under the agreements, EIT will integrate its Secure-HTTP software with public key cryptography from RSA into NCSA Mosaic Clients and World Wide Web (WWW) servers. WWW is a general-purpose architecture for information retrieval comprised of thousands of computers and servers that is available to anyone on Internet. The enhancements will then be made available to NCSA for widespread public distribution and commercial licensing. Jay M. Tenenbaum, chief executive officer of EIT, believes secure NCSA Mosaic will help unleash the commercial potential of the Internet by enabling buyers and sellers to meet spontaneously and transact business. "While NCSA Mosaic makes it possible to browse multimedia catalogs, view product videos, and fill out order forms, there is currently no commercially safe way to consummate a sale," said Tenenbaum. "With public key cryptography, however, one can authenticate the identity of trading partners so that access to sensitive information can be properly accounted for." This secure version of NCSA Mosaic allows users to affix digital signatures which cannot be repudiated and time stamps to contracts so that they become legally binding and auditable. In addition, sensitive information such as credit card numbers and bid amounts can be securely exchanged under encryption. Together, these capabilities provide the foundation for a broad range of financial services, including the network equivalents of credit and debit cards, letters of credit and checks. In short, such secure WWW software enables all users to safely transact day-to-day business involving even their most valuable information on the Internet. According to Joseph Hardin, director of the NCSA group that developed NCSA Mosaic, over 50,000 copies of the interface software are being downloaded monthly from NCSA's public server - with over 300,000 copies to date. Moreover, five companies have signed license agreements with NCSA and announced plans to release commercial products based on NCSA Mosaic. "This large and rapidly growing installed base represents a vast, untapped marketplace," said Hardin. "The availability of a secure version of NCSA Mosaic establishes a valid framework for companies to immediately begin large-scale commerce on the Internet." Jim Bidzos, president of RSA, sees the agreement as the beginning of a new era in electronic commerce, where companies routinely transact business over public networks. "RSA is proud to provide the enabling public key software technology and will make it available on a royalty-free basis for inclusion in NCSA's public distribution of NCSA Mosaic," said Bidzos. "RSA and EIT will work together to develop attractive licensing programs for commercial use of public key technology in WWW servers." At the CommerceNet launch, Allan M. Schiffman, chief technical officer of EIT, demonstrated a working prototype of secure NCSA Mosaic, along with a companion product that provides for a secure WWW server. The prototype was implemented using RSA's TIPEM toolkit. "In integrating public key cryptography into NCSA Mosaic, we took great pains to hide the intricacies and preserve the simplicity and intuitive nature of NCSA Mosaic," explained Schiffman. Any user that is familiar with NCSA Mosaic should be able to understand and use the software's new security features. Immediately to the left of NCSA's familiar spinning globe icon, a second icon has been inserted that is designed to resemble a piece of yellow paper. When a document is signed, a red seal appears at the bottom of the paper, which the user can click on to see the public key certificates of the signer and issuing agencies. When an arriving document is encrypted, the paper folds into a closed envelope, signifying that its formation is hidden from prying eyes. When the user fills out a form containing sensitive information, there is a "secure send" button that will encrypt it prior to transmission. To effectively employ public-key cryptography, an infrastructure must be created to certify and standardize the usage of public key certificates. CommerceNet will certify public keys on behalf of member companies, and will also authorize third parties such as banks, public agencies and industry consortia to issue keys. Such keys will often serve as credentials, for example, identifying someone as a customer of a bank, with a guaranteed credit line. Significantly, all of the transactions involved in doing routine purchases from a catalog can be accomplished without requiring buyers to obtain public keys. Using only the server's public key, the buyer can authenticate the identity of the seller, and transmit credit card information securely by encrypting it under the seller's public key. Because there are fewer servers than clients, public key administration issues are greatly simplified. To successfully combine simplicity of operation and key administration functions with a high level of security that can be accessible to even non-sophisticated users, significant changes were necessary for existing WWW security protocols. EIT developed a new protocol called Secure-HTTP for dealing with a full range of modern cryptographic algorithms and systems in the Web. Secure-HTTP enables incorporation of a variety of cryptographic standards, including, but not limited to, RSA's PKCS-7, and Internet Privacy Enhanced Mail (PEM), and supports maximal interoperation between clients and servers using different cryptographic algorithms. Cryptosystem and signature system interoperation is particularly useful between U.S. residents and non-U.S. residents, where the non-U.S. residents may have to use weaker 40-bit keys in conjunction with RSA's RC2 and RC4 variable keysize ciphers. EIT intends to publish Secure-HTTP as an Internet standard, and work with others in the WWW community to create a standard that will encourage using the Web for a wide variety of commercial transactions. EIT will make Secure NCSA Mosaic software available at no charge to CommerceNet members in September and NCSA will incorporate these securefeatures in future NCSA Mosaic releases. Enterprise Integration Technologies Corp., of Palo Alto, (EIT), is an R&D and consulting organization, developing software and services that help companies do business on the Internet. EIT is also project manager of CommerceNet. The National Center for Supercomputing Applications (NCSA), developer of the Mosaic hypermedia browser based at the University of Illinois in Champaign, Ill., is pursuing a wide variety of software projects aimed at making the Internet more useful and easier to use. RSA Data Security Inc., Redwood City, Calif., invented Public Key Cryptography and performs basic research and development in the cryptographic sciences. RSA markets software that facilitates the integration of their technology into applications. _____________________________________________________________________ Quote ends. This press release was transferred from Compuserve to internet by Owen Morgan (omorgan at cix.compulink.co.uk) --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesd at netcom.com | the arbitrary power of the omnipotent state. From rishab at dxm.ernet.in Thu May 19 08:03:55 1994 From: rishab at dxm.ernet.in (Rishab Aiyer Ghosh) Date: Thu, 19 May 94 08:03:55 PDT Subject: Penet ID allocated In-Reply-To: <9405170741.ZM2328@dpair.csd.sgi.com> Message-ID: <0eaoNc2w165w@dxm.ernet.in> whitaker at dpair.csd.sgi.com (Russell Whitaker) writes: > I got a similar mailing from penet, for no good reason. Anyone else seeing > this? Mail header shows that I was sent the message directly, with a differe > anon id than the one Rishab was sent, which suggests to me these IDs are bein > generated for individuals ad hoc. Anyone who posts (without a previously allocated ID) seems to get one. The ID's are generated ad hoc, they're penet pseudonyms. I did a who cypherpunks to identify the culprit, but found this: na97762 at anon.penet.fi As I recall, naXXX addresses are _not_ double-blinded? Maybe this used to be an anXXX? ------------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! From rishab at dxm.ernet.in Thu May 19 08:04:28 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 19 May 94 08:04:28 PDT Subject: Identity, anonymity and reputations Message-ID: I'll bother you all yet again with an episode of my column. This one's on identity, anonymity and reputations. I haven't seen any article on this for the lay reader; I'd appreciate info on any such articles. Electric Dreams Weekly column for The Asian Age by Rishab Aiyer Ghosh #12, 16/May/1994: I e-mail, therefore I am When you read what I write, do you know whether I exist? Do you know who I am? Do I know who I am? Well, you know my name. You assume that I am a real person of that name, and that someone at this newspaper has contact with me. (In fact I file my column electronically, though I admit to have been seen on occasion!) Despite technological advances, people still start professional (or other) relationships after acquiring verifiable identification -- an address, a bank account, a face. What would happen in cyberspace, where people may be far apart geographically, and identities less rigid and secure? Electronic identities as widely used, are limited to e-mail addresses. As with a physical address, an e-mail address provides a way to contact an individual. Like the postmark stamped on tree- murdering paper envelopes, e-mail headers generally indicate that a message has, indeed, come from a particular address and hence a particular person. Unfortunately these headers are easily forged. Not only can someone pretend to be me, I can pretend to be someone who doesn't exist! Cybernauts see two issues here. The inherent insecurity of cyberspace, which makes normal interactions unreliable, is a lapse that demands attention. On the other hand, the amorphous nature of identity that the Net encourages is actually a Good Thing, balancing the ease with which privacy can be violated, and making the advantages of an information society apparent. There are a number of ways to ensure distinct identities. That is, to ensure that Rishab Ghosh who writes this column is the author of the previous episode. Digital signatures are secure, backed by the arcane mathematics that proves the difficulty of factoring large numbers. A digital signature is a very large number, correlating the signed data with other publicly available numbers that define an individual's identity. Though these identifying numbers are public, a signature cannot be forged, as it also depends on a private key kept secret by the individual. Similar methods can be used by anyone to send encrypted messages that can be read only by the intended recipient. There -- now I have an electronic identity. You might have noticed, though, that there is no link at all between an identity in cyberspace and any physical (real?) one. I could plausibly have multiple identities, for different purposes, conducting public arguments with each other. Which brings us to the Good Thing. There's no reason why I shouldn't write columns as Rishab Ghosh and poetry as Alfred Prufrock, while living the rest of my life as John Doe. I might have to, lest evil marketing managers monitor all my public actions and learn more about me than I do. To formalize this separation of identities, cybernauts have created services known as anonymous remailers, which accept conventional e-mail and repost them, shorn of all their direct identifying marks -- addresses, names and so on. It is up to the poster to create pseudonymous identities using signatures and other methods. There are varying degrees of anonymity provided; with many services it is even possible to reply to anonymous mail without knowing a 'real' e-mail address. This sort of anonymity might primarily be used for privacy -- from consumer surveys, cloak-and-dagger maniacs, and other assorted net pests. In an ideal world, we would be free to say what we like; till we are, anonymity allows us some freedom to express without reprisal. This freedom is already being taken advantage of; in Internet news groups such as alt.sexual.abuse.recovery, for instance, victims can comfort each other in public electronic gatherings without the risk of public exposure. As with any technological advance, anonymity can be abused. While 'whistle blowing' might be the right thing to do sometimes, there is no way to be compensated for anonymous defamation. Attempts are being made towards a system of reputations, where people would gradually build (or ruin) a reputation for their identities, as their posts are tested by time. A totally anonymous accusation will of course have a very low reputation. Reputation systems will not end identity abuse. Hopefully, as people depend on them to be taken seriously, and unsubstantiated accusations are taken with large helpings of salt, we will enter a more tolerant society, that concentrates on the expressions rather than the expressor. Rishab Aiyer Ghosh is a freelance technology consultant and writer. You can reach him through voice mail (+91 11 3760335) or e-mail (rishab at dxm.ernet.in). -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From hfinney at shell.portal.com Thu May 19 09:00:16 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 19 May 94 09:00:16 PDT Subject: Patent infringement (fwd) Message-ID: <199405191601.JAA11088@jobe.shell.portal.com> From: Brian Beker > From: David Sternlight > I found his .plan file contained a PGP 2.3a key. That infringes RSADSI's > patents. That this is so has recently been confirmed by an independent > inquiry by lawyers retained by MIT. > > The patent holder, RSADSI, has said that no only do versions of PGP except the > soon-to-be-released 2.6 and the commercially sold Viacrypt version 2.4 > infringe in the U.S., but posted keys and key servers constitute inducement > to infringe and/or conspiracy to infringe. This is the argument Schiller's message on 2.6 foreshadowed. However, there are some counterarguments you can make: - It's not clear that RSADSI has actually said that merely posting a key with the words "Version: 2.3a" in and of itself constitutes inducement or conspiracy to infringe the patent. Schiller speculated that running a key server which accepted pre-2.4 keys could represent contributory infringement but I haven't seen any statements from Bidzos that agree with this, let alone the stronger statement Sternlight is making. - Just because the key says "Version: 2.3a" doesn't mean much. This version string is appended by the program which turned the key into ASCII format. It says nothing about the version of the program which used the RSA algorithm. Granted, in practice this suggests that the key was extracted from a key ring using PGP 2.3a, but extracting from a key ring is not a patented process. Only communicating using RSA is patented. The mere existence of this key does not show that patent infringement is going on. - Possession of a 2.3a key does not necessarily constitute inducement to infringe the patent. Perfectly legal programs exist which will work very well with a 2.3a key (versions 2.4 and up). So by possessing a key labelled 2.3a you are not inducing others to violate anyone's patents. - In any case, Sternlight does not have any standing in making this charge. He is not a lawyer and is not affiliated with RSADSI in any way. At best his reports are second- or third-hand interpretations of his understanding of RSADSI's position. Unless or until the patent holder speaks directly to make these charges, there is no need to respond. Hal Finney hfinney at shell.portal.com From nelson at crynwr.com Thu May 19 09:12:09 1994 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 19 May 94 09:12:09 PDT Subject: NSA's Baker to debate key escrow live on AOL, May 26 In-Reply-To: <199405191003.DAA08864@unix.ka9q.ampr.org> Message-ID: Date: Thu, 19 May 1994 03:03:31 -0700 From: Phil Karn In article , you write: |> I've heard Baker. He's not particularly articulate, especially when |> confronted by another lawyer (viz Karl Auerbach at Interop). He tends I missed that session, opting to head for the airport before the rush. What exactly did Auerbach say? Sorry I missed the fun. I missed it too, so I bought the tapes. This is transcribed from the tape of the Networld+Interop "The Clipper Chip Controversy" debate between Baker of the NSA and Weitzman of the EFF. Karl Auerbach was the first questioner: Auerbach: Okay, well, my name is Karl Auerbach, and first a calibration tone. I grew up reading the cases of Sacco and Vanzetti, and Julius and Ethel Rosenberg, and I remember Kent State, and things like that. So, do I trust my government? No. Certain things. First, a technical question. You said that you sent the chip off to the national labs for reverse engineering. Did anyone sent it to Taiwan? Next thing. Baker: Are these all going to be hypothetical? A: Did you really try giving it to the experts? I mean, is it really reasonable to expect that someone isn't going to try to reverse engineer this thing? B: I think it's quite reasonable to buy devices with the chip in it and sent it to whomever you'd like. I don't necessarily believe that I share your belief that you know who has the best technology for doing this because the people at the national labs get to practice against someone besides Intel and Motorola. Just a response, Karl. A: I'd like to see them have a try. Anyway, getting more to the legal matters, If I have a clipper phone, it's used by lots of people. And, does that increase the expectation of privacy which is recognized by the supreme court and what happens to other people -- are we going to enact parallel legislation that restricts the further use of just ancillary conversations on the phone by a third party. To make this work, we're going to have to enact legislation that prohibits the use of superencryption like pgp. Are we going to do that? And also B: NO! A: And also, are we going to allow PGP then? And we're going to superencrypt it. So that means that your total system is dead. B: I have to ask myself, what is the value to you of superencrypting? A: So you can't read it! B: Yeah, that's right Of course, but A: If you want to do police work, get the police to find the key that the pedophile used to encrypt his file. Get your warrant to look for that key. He kept it somewhere. It was just sloppy police work that didn't get the key he's got somewhere . And I don't know what piece of information you had that led you to know that that encrypted file had what you thought was in it. Can you point, can you specifically articulate reasons that would give you probably cause to think that that information was in those files? And I might remind you, the Supreme Court requires that. B: I'm trying to figure out which of your points to address first. Let me start with the suggestion that superencryption somehow makes this pointless. I agree that if the government said that the only kind of encryption you can use is clipper, that superencryption would be a way of evading some kind of enforcement mechanism designed to ensure that only clipper encryption was on the system. A: So if I use PGP then you'll have probable cause to get a warrant? B: No. First, there's no suggestion, hasn't been a suggestion, you've got denials left and right, that this is going to be a required system. If it's not a required system, what's the point of adding PGP to clipper? You can encrypt with PGP if you want to, and you get whatever strength PGP gives you. You add to that clipper and the government has probably cause to decrypt your clipper conversations, what you have is a single PGP-encrypted conversation, which is as good as not having bothered going through the clipper encryption at all. A: No, what I was expecting was that you're going to make the argument that if we've got clipper, and we find that someone is using PGP in addition to clipper, that therefore they've got something to hide, and we'd better go after them. B: Yeah, I think that's a paranoid suggestion. A: Well, I'm paranoid, but the government... And the other thing is, we saw an earlier slide that says that this will only be available to the federal government. Now, if my statistics memory is right, most criminals are investigated by state governments. So is this somehow, what's going to happen with the states? Are they going to have access to this, or are we going to create more magistrates? Are we going to deputize all the local police as federal agents? B: About 37 states have wiretap authority. If they encounter A: So the first slide lied. B: I don't think so. A: So those state police are now federal employees. So this is more than federal wiretapping, this is state wiretapping as well then? And I bet there's far more, how many state wiretaps are there per year? B: I think the 900 includes that. And the wiretapping proceeds in this country pursuant to federal law. It's regulated by federal law even when it's done by state authorities. That, probably, is the answer to the other point you had suggested, which is that we need some special law to protect third parties who might have conversations with people. In fact, there are already requirements on the books that, after all, if you're conducting a wiretap, of John Gotti, you're always going to get two people in those conversations. There's not much point in wiretapping him when he's not talking to somebody. Consequently, if he calls somebody to order pizza, or if his daughter orders pizza, or talks to her friends, there are already legal requirements that you cease the recording of those conversations when they're plainly not related to the crime. A: And finally in respect to the escrows, since this is personally identifiable information, I assume that under the privacy act, I have access to it. : Karl, it's not personally identifiable in the sense that what the escrow agents maintain is a chip id and an encryption key and there is not a mapping maintained in the system in general, at any point, of who bought which device with chip id, so if that's what you were referring to, I don't think it qualifies as you described it. : Let me just add that unfortunately there's a law enforcement exception to the privacy act, so I think it's an interesting question whether it is personally identifiable or not, but either way, there is an exception for on ongoing investigation. I heard somebody made a good crack to Baker about how he must have worked for the tobacco companies. Was that Auerbach? No, that was the person who spoke after him. It was "Mr. Baker, I just have a very simple question about your position on all this. Do you ever feel like a cigarette industry executive?" B: Let me turn that around a little, and I'll ask that about the EFF. I wonder whether they don't ever feel like the NRA, because in fact, the analysis we hear of this issue, and the stuff, you've all heard it, "they'll get my crypto key when they pry it from my dead, cold fingers". All that stuff is a deliberate invocation of the same kind of analysis that gave us the gun policy that we have in this country. And so I guess if you like the gun policy that the NRA gave us, I think you're going to love the privacy consequences of the policies that the EFF is urging on us. : Isn't that what the United States Constitution says, though? B: I don't think the constitution requires either of these things. etc. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From hfinney at shell.portal.com Thu May 19 09:12:52 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 19 May 94 09:12:52 PDT Subject: Mosaic to support digital money in September Message-ID: <199405191613.JAA11739@jobe.shell.portal.com> From: jamesd at netcom.com (James A. Donald) > The model uses account based digital money. It is overly > centralized, but it is an excellent step towards a > decentralized system of digital money. > > The cypherpunks are experimenting with digital token based > money. Digital token based money is damn inconvenient, > and each digital token currency requires a single > centralized server which tends to monopoly and is thus > highly vulnerable to government coercion. Although the > server does not know which of its clients has been > transacting with which, it does know the thing that the > government is most interested in knowing - how much the > client got, and how much he spent. > > For this reason I think decentralized account based > digital money is the best hope. I don't know to what extent this system represents "account based digital money". It doesn't sound that different from emailing your credit card number, something you can do already using PEM or PGP2.4. I suppose you will have digital checks with this system as well. But all of these systems will allow total tracking of your transactions by the banks. The digital cash systems we have been experimenting with do not know "how much the client got, and how much he spent." There is nothing stopping a given holder of Magic Money cash from being anonymous to the bank. He does not have an "account" with the bank. (The structure of the client interface is somewhat misleading in this regard - the user has to go through an initialization step in which he communicates with the bank, and it might appear that he is in some sense registering or opening an account. Actually, he is just grabbing an information packet which shows the current exponent-to-cash-value mapping.) In a (hypothetical) "mature" Magic Money system, people could exchange cash tokens issued by a number of banks using anonymous networks to communicate with each other and the banks. There is no need to trust the bank's circumspection or immunity to political pressure to preserve your privacy. Hal From pckizer at tamu.edu Thu May 19 09:25:00 1994 From: pckizer at tamu.edu (Philip Kizer) Date: Thu, 19 May 94 09:25:00 PDT Subject: Patent infringement (fwd) In-Reply-To: <199405191601.JAA11088@jobe.shell.portal.com> Message-ID: <9405191624.AA25218@gonzo.tamu.edu> -----BEGIN PGP SIGNED MESSAGE----- > - Possession of a 2.3a key does not necessarily constitute inducement to > infringe the patent. Perfectly legal programs exist which will work very > well with a 2.3a key (versions 2.4 and up). So by possessing a key ^^^^^^ (as long as WE code it that way) > labelled 2.3a you are not inducing others to violate anyone's patents. Especially when considering those not in the United States...RSA patent (however valid/invalid) need not apply; and you're not (necessarily) contributing to "inducement" since that's what's necessary to communicate with those out of the country. > - In any case, Sternlight does not have any standing in making this charge. > He is not a lawyer and is not affiliated with RSADSI in any way. At best > his reports are second- or third-hand interpretations of his understanding > of RSADSI's position. Unless or until the patent holder speaks directly > to make these charges, there is no need to respond. Like (m)any of us can make an official statement on that. -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLduSoLZspOMRmJBhAQE9ZAP+OEU1HUfzY/oPZFq89pMc5EWdt02jGH+5 nXhd4Rfq79DFGbe1qxXCx+6dsW/+r05olUuP6o7kjaWjDkp4JzHIXJTdNLRUhA9L 6ahOt7Vx1emHYShWI2NiLLY1Fb5i7a6b6xSZm5hBZYSYYrLCM3nx930IzJ+8XhfP CLK7dTcjVtg= =nKxz -----END PGP SIGNATURE----- "Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds." -John Perry Barlow, EFF co-founder From fnerd at smds.com Thu May 19 09:27:21 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Thu, 19 May 94 09:27:21 PDT Subject: AOL for Acronym OverLoading Message-ID: <9405191613.AA16098@smds.com> And the current worst AOL (acronym overload): ATM Network -- Automatic Teller Machine, Asynchronous Transfer Mode Recently saw an employment ad for an "ATM Network Administrator". The whole job description was ambiguous ("you will oversee the operation of our ATM network...") until you got to the name of the company. -fnerd - - - - - - - - - - - - - - - To auditors without the code, calls seem indistinguishable from noise. --George Gilder -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From sandfort at crl.com Thu May 19 10:03:58 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 19 May 94 10:03:58 PDT Subject: Patent infringement (fwd) In-Reply-To: <199405191601.JAA11088@jobe.shell.portal.com> Message-ID: C'punks, On Thu, 19 May 1994, Hal wrote after a thoughtful analysis of the patent infringement question: > . . . > - In any case, Sternlight does not have any standing in making this charge. > He is not a lawyer and is not affiliated with RSADSI in any way. At best > his reports are second- or third-hand interpretations of his understanding > of RSADSI's position. Unless or until the patent holder speaks directly > to make these charges, there is no need to respond. I think the victims of Mr. Sternlight's accusations of patent infringement may have a cause of action against him for libel. Any thoughts on this issue from the other lawyers on this list? Duncan? Black Unicorn? A few legal shots across the bow might help Mr. Sternlight see his crusade in a sterner light. S a n d y From jamesd at netcom.com Thu May 19 10:48:54 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 19 May 94 10:48:54 PDT Subject: Mosaic to support digital money in September In-Reply-To: <199405191613.JAA11739@jobe.shell.portal.com> Message-ID: <199405191748.KAA14498@netcom.com> Hal writes I wrote: > > and each digital token currency requires a single > > centralized server which tends to monopoly and is thus > > highly vulnerable to government coercion. > The digital cash systems we have been experimenting with do not know > "how much the client got, and how much he spent." There is nothing stopping > a given holder of Magic Money cash from being anonymous to the bank. He > does not have an "account" with the bank. (The structure of the client > interface is somewhat misleading in this regard - the user has to go > through an initialization step in which he communicates with the bank, and > it might appear that he is in some sense registering or opening an account. > Actually, he is just grabbing an information packet which shows the current > exponent-to-cash-value mapping.) I stand corrected. On reflection I see that if I receive digital tokens to my true name, I can pass them anonymously to a pseudonym registered in the Cayman islands, and the server will only know that the pseudonym received them. It will not know that my true name received them. The pseudonym can then pass new digital tokens to my true name without the server knowing. This system is indeed secure, but only if widely used (mature). It is not clear to me that it is capable of competing with insecure account based digital money. Since US banks will only be permitted to issue account based money (digital checks) and Swiss banks etc will probably issue primarily account based money at first, it will be necessary to have an interface between digital token based money and account based money. If both are used, as we hope will happen, what then will be the competitive advantage of digital tokens? One advantage is that it is not necessary for the shopkeeper to know the customers worth or identity, or to check with the customers bank. But the shopkeeper, when dealing with an anonymous customer, still has to check with the server to see if the coins have already been used, so this advantage is no advantage at all. Any other advantages? -- --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesd at netcom.com | the arbitrary power of the omnipotent state. From sdw at lig.net Thu May 19 10:51:05 1994 From: sdw at lig.net (sdw at lig.net) Date: Thu, 19 May 94 10:51:05 PDT Subject: Lunch Tuesday at Atlanta COMDEX 5/24/94 In-Reply-To: <199405190249.TAA11212@netcom.com> Message-ID: > > You may recall my earlier message with the same subject line last week, > wherein I proposed that all interested Atlanta Comdex attendees meet > at noon Tuesday for lunch, above the food court in the CNN Center. If I'm able to leave my client for 2 days, I'll be there Mon, Tues... I would certainly like to meet. I'll even wear the Cypherpunks Criminal T-Shirt if I have to .... (I haven't worn it to work yet... consulting.) sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From unicorn at access.digex.net Thu May 19 10:56:59 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 19 May 94 10:56:59 PDT Subject: Patent infringement (fwd) In-Reply-To: Message-ID: <199405191756.AA15051@access3.digex.net> Sandy Sandfort scripsit > > C'punks, > > On Thu, 19 May 1994, Hal wrote after a thoughtful analysis of the patent > infringement question: > > > . . . > > - In any case, Sternlight does not have any standing in making this charge. > > He is not a lawyer and is not affiliated with RSADSI in any way. At best > > his reports are second- or third-hand interpretations of his understanding > > of RSADSI's position. Unless or until the patent holder speaks directly > > to make these charges, there is no need to respond. > > I think the victims of Mr. Sternlight's accusations of patent infringement > may have a cause of action against him for libel. Any thoughts on this > issue from the other lawyers on this list? Duncan? Black Unicorn? A > few legal shots across the bow might help Mr. Sternlight see his crusade > in a sterner light. I'm not familiar with the nature of his accusations. Anyone, perhaps a victim, care to comment more specifically? > > S a n d y > -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jamesd at netcom.com Thu May 19 11:02:35 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 19 May 94 11:02:35 PDT Subject: Mosaic to support digital money in September In-Reply-To: <199405191613.JAA11739@jobe.shell.portal.com> Message-ID: <199405191751.KAA15160@netcom.com> I wrote: > > Although the > > server does not know which of its clients has been > > transacting with which, it does know the thing that the > > government is most interested in knowing - how much the > > client got, and how much he spent. Hal writes > The digital cash systems we have been experimenting with do not know > "how much the client got, and how much he spent." There is nothing stopping I stand corrected. -- --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesd at netcom.com | the arbitrary power of the omnipotent state. From peb at netcom.com Thu May 19 11:07:09 1994 From: peb at netcom.com (Paul E. Baclace) Date: Thu, 19 May 94 11:07:09 PDT Subject: Patent infringement (fwd) Message-ID: <199405191806.LAA05453@netcom.com> I don't see how having a key on netcom is a problem; the key itself cannot infringe on a patent. Paul E. Baclace peb at netcom.com From hughes at ah.com Thu May 19 11:25:07 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 19 May 94 11:25:07 PDT Subject: Penet ID allocated In-Reply-To: <0eaoNc2w165w@dxm.ernet.in> Message-ID: <9405191828.AA08657@ah.com> I did a who cypherpunks to identify the culprit, but found this: na97762 at anon.penet.fi I changed the an97762 to na97762, in order to fix the problem. Eric From habs at warwick.com Thu May 19 11:35:18 1994 From: habs at warwick.com (Harry S. Hawk) Date: Thu, 19 May 94 11:35:18 PDT Subject: What Happened In-Reply-To: Message-ID: <9405192015.AA20630@cmyk.warwick.com> > > Note that Extropians suffered a similar subscriber's file wipe last > weekend. Coincidence? or DOS attack? They had weekly backups so there > was no effect. > > DCF We keep plenty of backups. It could have been an attack but probally just another panix bug... IMHO.... /hawk From hughes at ah.com Thu May 19 11:37:42 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 19 May 94 11:37:42 PDT Subject: Mosaic to support digital money in September In-Reply-To: <199405191424.HAA28351@netcom.com> Message-ID: <9405191840.AA08687@ah.com> It seems that you have information that is not in the press release you include, which talks (as far as I can tell) about catalog purchases with credit cards. Enterprise Integration Technologies and friends will enable digital money transactions in Mosaic in September Is this announced? The transaction model has a crippled mode for people outside the US and Canada Crippled? They intend that you will be able to write contracts and internet checks on participating banks. Will the recipient of the check be required to be at a participating bank? And you can already write contracts with existing digital signatures. A contract is just an agreement between two parties; intermediation is not required. For this reason I think decentralized account based digital money is the best hope. Account based money is identity based money, even if the identity is a pseudo-identity. The whole point of cryptocash protocols is to separate the link between two account by mediating the transaction with some instrument. Eric From tcmay at netcom.com Thu May 19 12:04:27 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 19 May 94 12:04:27 PDT Subject: AOL and LAM (LA meeting) In-Reply-To: <9405191613.AA16098@smds.com> Message-ID: <199405191903.MAA22404@netcom.com> > And the current worst AOL (acronym overload): > > ATM Network -- Automatic Teller Machine, Asynchronous Transfer Mode > > Recently saw an employment ad for an "ATM Network Administrator". > The whole job description was ambiguous ("you will oversee the > operation of our ATM network...") until you got to the name of the > company. > > -fnerd I thought ATM was Adobe Type Manager? That's what it says on the Windows and Macintosh boxes. Yes, I forget to include ATM, the worst offender and the proximate cause of our jokes about AOL. Thanks, Steve. By the way, while ATM has _three_ major meanings, are there any ohter such examples? Or even _four_ major meanings? This will be my last message for a while, as I'll be on the road for the next week. I'll be in LA and hope to attend the first Cypherpunks meeting down there. (Speaking of which: I got a note on this from JPP, but the details were vague, and no address was given. I will try to log-in from LA....I hope someone posts some details Real Soon Now! It's better to just bite the bullet and set a time, place, directions, etc., than to keep the subject open for more "suggestions.") --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mpd at netcom.com Thu May 19 12:35:28 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 19 May 94 12:35:28 PDT Subject: AOL and LAM (LA meeting) In-Reply-To: <199405191903.MAA22404@netcom.com> Message-ID: <199405191935.MAA16068@netcom.com> Tim writes: > Yes, I forget to include ATM, the worst offender and the proximate > cause of our jokes about AOL. Thanks, Steve. I saw an ad for a book titled "ATM Networks" a while back. After reading an entire page of blurb I still had no idea whether it was a book about automatic teller machine networking or fast switching of small fixed-sized packets. If it had been the latter, I would have bought it. Another customer lost to the evils of AOL. -- Mike Duvos $ PGP 2.3a Public Key available $ mpd at netcom.com $ via Finger. $ From rishab at dxm.ernet.in Thu May 19 13:21:57 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 19 May 94 13:21:57 PDT Subject: Restoring the list membership Message-ID: to notify all those lost Cypherpunks that they may resubscribe if they wish to. Majordomo reports 295 subscribers just now, but I have a list from Feb. 22 that had 642 and I recall the number 700+ being spoken of. Is there a Perl wizard who might pop a differential remailing informing the lost of the reason for their de-subscription, and the process to resubscribe? I'm not competent personally. And immediately apologize for suggesting work to someone else. The diff betweenan old list and the current one produces 535 addresses. I've been through them manually, and there don't seem to be any 'bogus' ones. I'm willing to send something similar to Tim's form letter to all of them. I'll wait for two days in case anyone on this list has strong objections to returning the membership to status quo ante. If not, I'll send the form letter. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Thu May 19 13:22:30 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 19 May 94 13:22:30 PDT Subject: Dr Dobbs CDROM Message-ID: Phil Karn > [the DDJ CDROM with crypto sources] > > It would seem that this may be another appropriate pair of subjects > for official State Department Commodity Jurisdiction requests. I could I know people who've ordered and received it here. My guess is that DDJ has made a CJR and was _given_ permission to export. One of the main objections to the Schneier disk was the "ease of use," the code came ready to compile. The DDJ CD can be browsed through a reader program supplied with it, and the only way to extract some code is to find it (the CD has all the text of the articles as well) and copy it through the Windows Clipboard. _Then_ you name the files, separate them into modules, create a make file etc. Would not be _much_ harder to just type in what you want. If the Schneier disk was as inconvenient to use, Phil Karn's CJR might have been successful. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Thu May 19 13:22:43 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 19 May 94 13:22:43 PDT Subject: PKP patents Message-ID: "Smrf." > On a different note, where are the PKP patents registered, and how? Are > they under the Int. Patent Coop. Treaty? If so, they might have some > validity here... US software patents are not, for good or bad, accepted by the rest of the world. Which is why it is legal to use PGP outside the US. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Thu May 19 13:23:56 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 19 May 94 13:23:56 PDT Subject: Restoring the list membership Message-ID: I forgot to add: as there were 700+ members, and most of them lurked and rarely posted, and Mike Ingle only sent his announcement to those who had posted in the last 2 weeks, it would be unfair to assume that those who haven't resubscribed are uninterested. A few have posted to the list that they didn't receive Mike's mail, and rejoined after querying majordomo, etc. Others may still be wondering whether it's just low traffic, or a toad.com problem, and not deduce that they've been unsubscribed. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Thu May 19 13:24:19 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Thu, 19 May 94 13:24:19 PDT Subject: Old list traffic Message-ID: dave.hodgins at canrem.com (Dave Hodgins): > Is there any way to obtain a copy of all of the messages since last > Friday? > > Please email me with any responses. This has come up before, so I thought you would all like to know that I've kept a more or less complete archive of list traffic since last December. Unfortunately you can't ftp it _from_ me, though I can ftp parts _to_ anyone. From adam at bwh.harvard.edu Thu May 19 13:45:29 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 19 May 94 13:45:29 PDT Subject: AOL and LAM (LA meeting)`` In-Reply-To: <199405191903.MAA22404@netcom.com> Message-ID: <199405192044.QAA15945@spl.bwh.harvard.edu> Tim asked: | By the way, while ATM has _three_ major meanings, are there any ohter | such examples? Or even _four_ major meanings? NIC came up while we were planning a new operating theatre: Nurse In Charge, Not In Charts, and Network Interface Card. Outside of the chart we were looking at, its Network Information Center, and probably has other meanings. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From nelson at crynwr.com Thu May 19 14:32:40 1994 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 19 May 94 14:32:40 PDT Subject: Forward of alt.security.pgp message In-Reply-To: <199405191321.AA13157@access1.digex.net> Message-ID: In article , David Sternlight wrote: Putting it another way, I can't get an RSA Certificate without passing a number of tests of my identity--for the Unaffiliated User Heirarchy that involves proving to a Notary Public I'm me, with 3 pieces of ID including a photo ID, and making that assertion under penalty of perjury. So? Don't sign anyone's PGP key unless they've proved to a Notary Public they're them, with 3 pieces of ID including a photo ID, making that assertion under penalty of perjury. Tell everyone that that's your level of certification. If people have reason to believe you, you'll gain reputation and trust. You put too much trust in "the authorities", David. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From ejohnson at pmip.dist.maricopa.edu Thu May 19 15:15:12 1994 From: ejohnson at pmip.dist.maricopa.edu (Eric Johnson) Date: Thu, 19 May 94 15:15:12 PDT Subject: Old list traffic Message-ID: <199405192214.PAA21620@pmip.dist.maricopa.edu> : dave.hodgins at canrem.com (Dave Hodgins): : : > Is there any way to obtain a copy of all of the messages since last : > Friday? : > : > Please email me with any responses. : : This has come up before, so I thought you would all like to know that I've kept : a more or less complete archive of list traffic since last December. : : Unfortunately you can't ftp it _from_ me, though I can ftp parts _to_ anyone. I also have a "more or less" complete archive of all traffic I've received since the middle of January '94, that is available via WWW/WAIS. If anyone is looking for a home for older articles, I'd gladly add them to my indexed archive. via WAIS (ie.): $ waissearch -h pmip.maricopa.edu -d /cpindex/Cypherpunks or WWW: http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src which accesses: cypherpunks -- May 19 01:00 -- 16,684,219 --Eric BTW, I receive the list via an "alternate" channel, so if you notice any anomolies, other than short headers after around March 1994, I'd appreciate hearing about it (I pipe my incoming list traffic through a couple filters, but WAIS seems ok with it (now)). From unicorn at access.digex.net Thu May 19 15:27:19 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 19 May 94 15:27:19 PDT Subject: Mr. Sternlight, libel Message-ID: <199405192227.AA07285@access1.digex.net> I MUST highlight the fact that this is a very general survey of libel law and the state law which is applied will have radical effects on the case. I must also point out that this is in no way legal advice, but merely academic examination. In order to make a prima facie case of defamation the following must be met by the plaintiff: 1> A false and defamatory statement concerning him 2> Publication of the statement. (Note 1) 3> Fault, at least to the point of negligence, some exceptions apply. (Note 2) 4> Special harm of a pecuniary nature or actionability of the statement generally. Note 1: Publication is defined merely as communication to a party other than the plaintiff. Note 2: Fault where the plaintiff is a private citizen varies from state to state between mere negligence, intent to harm and reckless disregard. A statement is defamatory if it has a "tendency to harm the reputation" of the plaintiff. Rest. 2d of Torts sec. 559. The reputation of the plaintiff need not be actually injured, it need only be shown that the reputation of the plaintiff could have been harmed were the statement to have been believed. An exception exists where the statement is not clearly defamatory on its face, and in this instance the plaintiff must usually show special damages which indicate actual damage to reputation and pecuniary harm resulted. The truthfulness of the statement is an absolute defense for an action of libel. Where the defendant has made a charge of wrongdoing against the plaintiff, the defendant must show that the plaintiff actually committed the offense alleged, not a lesser or greater offense. Rest. 2d of Torts sec. 581A, comment f. Where the statement is a matter of public interest, the burden of proof lies on the plaintiff to show that the statement was false. (Potentially this holding in _Philadelphia Newspapers v. Hepps_, 475 U.S. 767 (1986) is only applicable to defendants who are media organizations.) Non-media defendants are most likely to bear the burden of proof, rather than the plaintiff as the plaintiff burden of proof in the case of public interest matters is to avoid the chilling effect of potential liability and frivolous law suits. In order to assert a defense of libel for the protection of the interests of the recipient of the publication (Netcom), the defendant (Sternlight) must show in most jurisdictions that the defendant was responding to a request for information rather than offering the information without provocation. Rest. 2d. of Torts sec 595(2)(a). I turn to the facts at hand: Here is the letter sent to netcom by David Sternlight as given to me by Mr. Beker: BEGIN ATTACHMENT OF STERNLIGHT LETTER:---------------------------- >From strnlght at netcom.com Thu May 19 13:54:09 1994 Date: Wed, 18 May 1994 15:59:44 -0700 (PDT) From: David Sternlight Reply to: david at sternlight.com To: Netcom Support , Brian Beker Subject: Patent infringement In tracking down slow response on netcom8, I discovered that user beker was idle for over 16 minutes, and since the timeout was supposed to be 12, I fingered him to see if he was a netcom staffer. I found his .plan file contained a PGP 2.3a key. That infringes RSADSI's patents. That this is so has recently been confirmed by an independent inquiry by lawyers retained by MIT. The patent holder, RSADSI, has said that no only do versions of PGP except the soon-to-be-released 2.6 and the commercially sold Viacrypt version 2.4 infringe in the U.S., but posted keys and key servers constitute inducement to infringe and/or conspiracy to infringe. Given netcom's new user agreement, I'm user user beker will want to correct this. ----- end Mr. Sternlight has written to a party, not Mr. Beker satisfying the requirement for publication. The publication is "in print" making the analysis one of libel, and not slander. Mr. Sternlight has alleged wrongdoing by Mr. Beker. (Patent infringement) Mr. Sternlight is not (as far as I can tell) entitled to 3rd party interest protection, and is thus not excepted by this privilege as he has not responded to a request for information from Netcom. Mr. Sternlight has cited some source for his legal interpretation, the clarity of this source, or its existence at all will determine Mr. Sternlight's negligence in this matter. The language of the letter seems to suggest that attorneys from MIT have ruled THIS SPECIFIC user as in violation of the patent in question. I believe it would be difficult to show recklessness or intent to harm reputation in this instance. On the issue of harm to Mr. Beker, I have no information. Key in this regard will be the question of Netcom's handling of the situation, and what harm might have occurred to Mr. Beker. Mr. Sternlight may assert the defense of truth. I am not familiar with the patent case such to comment on his likely result here. Were the letter seen to claim that attorneys from MIT had ruled the user Beker specifically as an infringer, I believe he would lose this defense. Further the fact that Mr. Sternlight's letter seems to suggest that Mr. Beker is the subject of scrutiny by attorneys from MIT is a potentially independent issue of defamation. This assertion I feel is more likely to be found reckless. Overall the weakest aspect of the case is damages. It seems hard to show that there were significant reputational damages. Even if all the other criteria are satisfied, the lack of significant damages as a practical matter will likely derail any action. I believe this case _might_ satisfy the Rule 11 requirements for an action in federal court, the weakest part being the satisfaction of the (significant) minimum damages to entertain a federal diversity action. In any event, were a Rule 11 challenge to be survived, it would require a sympathetic judge,and some additional facts, particularly in the area of damages. The bottom line: Weak case on these facts. No damages apparent. -uni- (Dark), who is rusty on libel. -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From danisch at ira.uka.de Thu May 19 16:04:49 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Thu, 19 May 94 16:04:49 PDT Subject: Is pgp 2.5 insecure? Message-ID: <9405192304.AA12189@deathstar.iaks.ira.uka.de> -----BEGIN PGP SIGNED MESSAGE----- Hi, I was looking for a pgp public key and got a message of a key server. It will be down until pgp 2.5 is available and then it will not accept any keys generated by a pgp lower than 2.4. What is the reason for this? I thought the only difference was the use of the rsaref code. There should not any difference in the key structure. Is this the way to introduce a clipper-pgp and make people use it? pgp 2.5 will not be available outside USA. Where can I get a description of the diffs of the logical functions? Perhaps I will write a copy of this program using our local toolbox, and make it available outside the USA. Hadmut -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdvwa2c1jG5vDiNxAQGuZQP7B1FH6SQAfpQ+7h3pHJOAhgV2z3bE3a8A AQNdWPnNhDeky2eQEOuqi22+xFfqc2l3fGAmQnwydRtK89LvQDoFvQngWpeLIbpz Lj54PVLGjiZesJ7NV7BYGgG8rlIWSxhH22R9W4f/xWrgpLrUQ25IsomXaCsU7B+j j9+mrxBm0D0= =n4JA -----END PGP SIGNATURE----- From beker at netcom.com Thu May 19 16:09:11 1994 From: beker at netcom.com (Brian Beker) Date: Thu, 19 May 94 16:09:11 PDT Subject: Sternlight's attack on 2.3a Message-ID: Mr. Sternlight continues: -------------BEGIN FORWARDED MESSAGE---------------------------------- From nowhere at bsu-cs Thu May 19 17:14:17 1994 From: nowhere at bsu-cs (Anonymous) Date: Thu, 19 May 94 17:14:17 PDT Subject: No Subject Message-ID: <199405200013.TAA07260@bsu-cs.bsu.edu> Newsgroups: sci.crypt,alt.security,alt.privacy From: schneier at chinet.chinet.com (Bruce Schneier) Subject: "Interesting Stuff" Checkers at the NSA Message-ID: Organization: Chinet - Public Access UNIX Date: Thu, 19 May 1994 17:40:15 GMT This is from a flyer that NSA people have been distributing: NATIONAL SECURITY AGENCY -- TECHNOLOGY TRANSFER Information Sorting and Retrieval by Language or Topic Description: This technique is an extremely simple, fast, completely general mathod of sorting and retrieving machine- readable text according to language and/or topic. The method is totally independent of the particular languages or topics of interest, and relies for guidance solely upon exemplars (e.g., existing documents, fragments, etc.) provided by the user. It employs no dictionaries keywords, stoplists, stemmings, syntax, semantics, or grammar; nevertheless, it is capable of distinguishing among closely related toopics (previously considered inseparable) in any language, and it can do so even in text containing a great many errors (typically 10 - 15% of all characters). The technique can be quickly implemented in software on any computer system, from microprocessor to supercomputer, and can easily be implemented in inexpensive hardware as well. It is directly scalable to very large data sets (millions of documents). Commercial Application: Language and topic-independent sorting and retieval of documents satisfying dynamic criteria defined only by existing documents. Clustering of topically related documents, with no prior knowledge of the languages or topics that may be present. It desired, this activity can automatically generate document selectors. Specializing sorting tasks, such as identification of duuplicate or near-duplicate documents in a large set. National Security Agency Research and Technology Group - R Office of Research and Technology Applications (ORTA) 9800 Savage Road Fort George G. Meade, MD 20755-6000 (301) 688-0606 If this is the stuff they're giving out to the public, I can only imagine what they're keeping for themselves. Bruce ************************************************************************** * Bruce Schneier * Counterpane Systems For a good prime, call 391581 * 2^216193 - 1 * schneier at chinet.com ************************************************************************** From jamesd at netcom.com Thu May 19 17:19:43 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 19 May 94 17:19:43 PDT Subject: Mosaic to support digital money in September Message-ID: <199405200019.RAA27821@netcom.com> Eric Hughes writes > > It seems that you have information that is not in the press release > you include, which talks (as far as I can tell) about catalog > purchases with credit cards. Only what is in the news and stuff. In the cover story of May 11 Computer currents, page 40 Box, Malone and Davidow say that the money enabled Mosaic will be available in the fall (press release says September - I do not believe either of them) and that what we would call a server program (accounting and ordering package) will cost around 10 000 dollars. Obviously their model is the TV shopping channer, whereas the model we want to see implemented is the middle eastern bazaar, with giving and receiving money equally convenient for both parties. My comments were my interpretation of the press release. My interpretation may be misleading or inaccurate. The press release is probably misleading and inaccurate. If someone would get the real info from EIT, I would be interested to hear it. In particular, now that PGP is US legal, are they going to support PGP in mosaic? (They were not going to at the time of the press release) > > Enterprise Integration Technologies and friends will > enable digital money transactions in Mosaic in September > > Is this announced? Read the press release "EIT will make Secure NCSA Mosaic software available at no charge to CommerceNet members in September and NCSA will incorporate these securefeatures in future NCSA Mosaic releases. Enterprise Integration Technologies Corp., of Palo Alto, (EIT), is an R&D and consulting organization, developing software and services that help companies do business on the Internet. EIT is also project manager of CommerceNet. " > The transaction model has a crippled mode for people > outside the US and Canada > > Crippled? Read the press release "Cryptosystem and signature system interoperation is particularly useful between U.S. residents and non-U.S. residents, where the non-U.S. residents may have to use weaker 40-bit keys in conjunction with RSA's RC2 and RC4 variable keysize ciphers. EIT intends to publish Secure-HTTP as an Internet standard, and work with others in the WWW community to create a standard that will encourage using the Web for a wide variety of commercial transactions. " The biggest crippling is that they do not mention supporting PGP. If Mosaic supports PEM, then PEM will win. But PEM is useless. An evil NSA plot? Naw, they have not got the brains. More likely coorporate stupidity. > > They intend that you will be able to write contracts and > internet checks on participating banks. > > Will the recipient of the check be required to be at a participating > bank? I have no idea, but that would seem to be the only way that it could work, but since I screwed up big in my comments on magic money, other folk may well be more imaginative than I am. > And you can already write contracts with existing digital > signatures. A contract is just an agreement between two parties; > intermediation is not required. Quite so. But your typical businessman will not use PGP because it is user hostile, whereas Mosaic is not. The objective is to bring encryptation to the massess. Obviously I would vastly prefer to see PGP integrated into mosaic, I have considered doing this myself, but it is a substantial job with legal hazards, and I am bone lazy and vulnerable to court judgments > For this reason I think decentralized account based > digital money is the best hope. > > Account based money is identity based money, even if the identity is a > pseudo-identity. The whole point of cryptocash protocols is to > separate the link between two account by mediating the transaction > with some instrument. Quite so, as I have been reminded. But regrettably it seems likely that identity based money represents less of a jump from the existing system, therefore is likely be considerably more acceptable to the great unwashed masses. Crypto cash - money based on digital tokens - is rather subtle for the masses. Even I screw up. How do you expect the chairman of the board to comprehend it? To successfully push crypto cash, we would need to make it a lot more convenient. Hint. PGP is *not* convenient. A utility that would make crypto cash acceptable, would probably have to simulate account based money, and would need a relational database built into it. Microsoft visual basic, professional edition, allows one to make products that employ and create a relational database, and give those products away. The database built into the freely redistributable Visual Basic run time modules supports SQL. -- --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesd at netcom.com | the arbitrary power of the omnipotent state. From nelson at bolyard.wpd.sgi.com Thu May 19 17:38:07 1994 From: nelson at bolyard.wpd.sgi.com (Nelson Bolyard) Date: Thu, 19 May 94 17:38:07 PDT Subject: D-H key exchange - how does it work? Message-ID: <9405192118.AA25380@bolyard.wpd.sgi.com> Perry E. Metzger wrote, describing Diffie_Hellman key exchange: > Suppose we have a field Z_p, where p is a prime. > Suppose g is a generator of the field. > Alice generates a random number a. > Bob generates a random number b. > Bob tells alice g^b, Alice tells Bob g^a. > Alice knows a and g^b, and thus generates g^(ab) trivially. > Similarly, Bob knows g^a and b, and trivially generates g^(ab). > An interceptor only knows g^a and g^b, and because the discrete log > problem is hard cannot get a or b easily, and thus cannot generate g^(ab). > > g^(ab) is now a shared secret of Alice and Bob. Some of us may not have seen an explanation of DH before. Perry's explanation was good. For the sake of completeness for those who're new to DH, I'd like to offer some additional information and considerations, here. The prime p wants to be chosen with a little care, and the "random" numbers a and b may want to be "selected" to eliminate certain undesirable values. I'll explain below. Within the field Z_p (the set of integers 0..p-1) where p is prime, there are elements whose successive powers make up all the elements of the field Z_p. These numbers are called "primitive" elements or "generators" of the field Z_p. That is, if g is a generator of the field Z_p, then the successive powers g, g^2, g^3, ... g^(p-2), g^(p-1) mod p include all the p-1 non-zero elements of Z_p. The set of unique numbers produced by taking succesive powers mod p of an element m of Z_p is a group, the "multiplicative span" of m, which is a subgroup of Z_p. The number of elements in the group generated by m is called the "order" of m. Primitive elements of Z_p have order p-1. Not all of the elements of Z_p are primitive. Some elements of Z_p have very small orders. At least one element will have order 2. Given that p is prime, the orders of the elements of Z_p will all have values that are products of some or all of the prime factors of p-1. Since p is prime (and p=2 is not interesting ;-), p-1 will contain the factor 2. An small example may make this point clear. Let p == 11. The prime factors of p-1 are 2 and 5. Hence we expect the orders of the elements of Z_11 to be 2, 5, or 10. By enumerating the groups of the elements of Z_11 we see this is so (for Z_11). E.g. Element Ring Order ------ ----------------------------- ----- 1 1 1 2 2, 4, 8, 5, 10, 9, 7, 3, 6, 1 10 3 3, 9, 5, 4, 1 5 4 4, 5, 9, 3, 1 5 5 5, 3, 4, 9, 1 5 6 6, 3, 7, 9, 10, 5, 8, 4, 2, 1 10 7 7, 5, 2, 3, 10, 4, 6, 9, 8, 1 10 8 8, 9, 6, 4, 10, 3, 2, 5, 7, 1 10 9 9, 4, 3, 5, 1 5 10 10, 1 2 There are 4 primitive elements in Z_11, 2, 6, 7, & 8. The orders of all the elements are as predicted by Euler. Now, let us imagine that Alice and Bob have chosen 11 as their prime and 7 as "g", their generator. Following the steps outlined above: > Alice generates a random number a. say 3 > Bob generates a random number b. say 5. > Bob tells alice g^b, Alice tells Bob g^a. 10 2 > Alice knows a and g^b, and thus generates g^(ab) trivially. 10 > Similarly, Bob knows g^a and b, and trivially generates g^(ab). also 10. > An interceptor only knows g^a and g^b, and because the discrete log > problem is hard cannot get a or b easily, and thus cannot generate g^(ab). Except that the interceptor, evil Eve, took g^a and g^b and tested them for short order, and found that one of them, g^b, had a very short order indeed. So, without knowing a or b, Eve knows that g^(ab) is one of a very few numbers, the elements of the group of g^b. She can now try the elements of that group until, by exhaustion, she finds the value that reveals the key g^(ab). > g^(ab) is now a shared secret of Alice and Bob. And Eve, too. Some primes produce lots and lots of elements with small orders. For example, Z_37 has 12 primitives, 6 elements of order 18, and all the rest have order 9 or less. So, is DH all wet (insecure)? No. There are some simple steps to prevent this problem. First, pick p to minimize the number of elements with small order. This means that we need to know the factorization of p-1. Of course, factoring large numbers is a hard problem, but there are several ways to pick p with known factorization of p-1. The simplest seems to be to pick p such that (p-1)/2 is prime; that is, such that p-1 has two factors, 2 and (p-1)/2. Now, all the elements of Z_p will have orders of either 2, or (p-1)/2, or p-1. There are other methods, that permit other small orders, but we won't explore them here. Second, after "randomly" choosing a, and computing g^a, Alice takes the additional step of making sure that the order of g^a is not small (i.e. is more than 2). If g^a is of small order, she picks another random a, and repeats the process. This is trivial indeed. Bob does likewise for his numbers b and g^b. Since Alice and Bob have eliminated the small groups, Eve will never encounter a g^a or g^b number whose order is less than (p-1)/2, and given that (p-1)/2 is a _very_ large prime number, Eve won't live long enough to try all of the elements of groups of that order. I haven't checked to see if the RSAREF code takes these precautions. > Ed Carp asked: > > If I understand D-H right, both sides generate public keys from their > > private keys, then just exchange public keys. Is that right? Or is there > > something I'm missing? Well, there are published descriptions of D-H that refer to the publicly exchanged values, g^a and g^b, as "public keys", and by that definition, yes, both sides exchange "public keys." But as you can see, these aren't public keys in the same sense that RSA public keys are. -- Nelson Bolyard Multimedia Server Division Silicon Graphics, Inc. nelson at sgi.COM Phone: 415-390-1919 Fax: 415-967-8496 Disclaimer: I do not speak for Silicon Graphics. -- From phantom at u.washington.edu Thu May 19 18:00:23 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Thu, 19 May 94 18:00:23 PDT Subject: cpunks quiz Message-ID: Can anyone tell me where the quote "suitably incentivised" came from? I need a name. :) thanks, mt Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html Get PGP 2.2 or 2.5 key via email or finger phantom at hardy.u.washington.edu From randy at pilot.com Thu May 19 18:03:57 1994 From: randy at pilot.com (Randy Antler) Date: Thu, 19 May 94 18:03:57 PDT Subject: Sternlight's attack on 2.3a Message-ID: <9405200101.AA03492@pilot.com> Begin forwarded message: Date: Thu, 19 May 1994 16:09:10 -0700 (PDT) From: Brian Beker Reply-To: Brian Beker Subject: Sternlight's attack on 2.3a To: cypherpunks at toad.com Cc: unicorn at access.digex.net Mime-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-cypherpunks at toad.com Precedence: bulk Mr. Sternlight continues: -------------BEGIN FORWARDED MESSAGE---------------------------------- >From netcom.com!strnlght Thu May 19 15:17:42 1994 Xref: netcom.com alt.fan.david-sternlight:1078 alt.security.pgp:13821 Newsgroups: alt.fan.david-sternlight,alt.security.pgp Path: netcom.com!strnlght From: strnlght at netcom.com (David Sternlight) Subject: Re: David Sternlight's Slurs About Folks With "2.3a" Keys Message-ID: Reply-To: david at sternlight.com (David Sternlight) Organization: DSI/USCRPAC References: <199405191106.FAA01087 at spot.colorado.edu> Date: Thu, 19 May 1994 19:42:28 GMT Lines: 29 By publishing a private e-mail, both beker and Johnson are in violation of my copyright in that message, since it was a private communication and no permission was given to republish. Thus beker has now committed a new violation of his netcom agreement, and Johnson shows he has bad judgement. What's more, by trying to make what should be a private matter, to be decided by netcom based on their own rules, into a public cause celebre, and by writing to netcom as Johnson did to intervene in a private matter, he has made the situation worse for beker, not better. Netcom is perfectly capable of telling me to go peddle my papers if I'm wrong. David Sternlight writes: > [...] > Complaining against another user to netcom is with netcom's rules. > > I am, of course, content to rely on netcom's decision in these two matters. > The behavior of officious intermeddlers like Johnson speaks for itself. Talk about the pot calling the kettle black!!! I wish this man would overdose on whatever medication he must be taking. Or...perhaps he already has! P.S. Sternlight breaks down into a rather amusing number of combinations if you take it as "stern" and "light." For example: stern -> rump light -> intense Make up your own using the definitions below! =============================================================================== 1stern \'stern\ adj [ME sterne, fr. OE styrne; akin to OE starian to stare] (bef. 12c) 1a: having a definite hardness or severity of nature or manner: AUSTERE b: expressive of severe dispeasure: HARSH 2: forbidding or gloomy in appearance 3: INEXORABLE �stern necessity� 4: STURDY, STOUT �a stern resolve� syn see SEVERE � stern�ly adv � stern�ness \'stern-nes\ n 2stern n [ME, rudder, prob. of Scand origin; akin to ON stjo�rn act of steering; akin to OE st��eran to steer � more at STEER] (14c) 1: the rear end of a boat 2: a hinder or rear part: the last or latter part � Biographical Names: Stern \'stern\ Isaac 1920- Am. (Russ.-born) violinist Stern Otto 1888-1969 Am. (Ger.-born) physicist � Thesaurus: stern adj syn SEVERE 1, ascetic, astringent, austere, mortified rel grim, implacable, unrelenting; inexorable, inflexible ant lenient, soft ||stern n syn BUTTOCKS, backside, beam, behind, bottom, ||butt, ||can, derriere, rump, tail ------------------------------------------------------------------------------- 1light \'l��t\ n [ME, fr. OE le�oht; akin to OHG lioht light, L luc-, lux light, luce�re to shine, Gk leukos white] (bef. 12c) 1a: something that makes vision possible b: the sensation aroused by stimulation of the visual receptors: BRIGHTNESS c: an electromagnetic radiation in the wavelength range including infrared, visible, ultraviolet, and X rays and traveling in a vacuum with a speed of about 186,281 miles per second; specif: the part of this range that is visible to the human eye 2a: DAYLIGHT b: DAWN 3: a source of light: as a: a celestial body b: CANDLE c: an electric light 4 archaic: SIGHT 4a 5a: spiritual illumination b: INNER LIGHT c: ENLIGHTENMENT d: TRUTH 6a: public knowledge �facts brought to light� b: a particular aspect or appearance presented to view �now saw the matter in a different light� 7: a particular illumination 8: something that enlightens or informs �he shed some light on the problem� 9: a medium (as a window or windowpane) through which light is admitted 10 pl: a set of principles, standards, or opinions �worship according to one's lights �Adrienne Koch� 11: a noteworthy person in a particular place or field: LUMINARY 12: a particular expression of the eye 13a: LIGHTHOUSE, BEACON b (1): TRAFFIC SIGNAL (2): a green traffic light 14: the representation of light in art 15: a flame for lighting something � in the light of 1: from the point of view of 2 or in light of: in view of 2light adj (bef. 12c) 1: having light: BRIGHT �a light airy room� 2a: not dark, intense, or swarthy in color or coloring: PALE b of colors: medium in saturation and high in lightness �light blue� 3 of coffee: served with extra milk or cream 3light vb light�ed or lit \'lit\; light�ing vi (bef. 12c) 1: to become light: BRIGHTEN � usu. used with up �her face lit up� 2: to take fire 3: to ignite something (as a cigarette) � often used with up ~ vt 1: to set fire to 2a: to conduct with a light: GUIDE b: ILLUMINATE �rockets light up the sky� c: ANIMATE, BRIGHTEN �a smile lit up her face� 4light adj [ME, fr. OE le�oht; akin to OHG l��hti light, L levi, Gk elachys small] (bef. 12c) 1a: having little weight: not heavy b: designed to carry a comparatively small load �a light truck� c: having relatively little weight in proportion to bulk �aluminum is a light metal� d: containing less than the legal, standard, or usual weight �a light coin� 2a: of little importance: TRIVIAL b: not abundant: SCANTY �light rain� 3a: easily disturbed �a light sleeper� b: exerting a minimum of force or pressure: GENTLE �a light touch� c: resulting from a very slight pressure: FAINT �light print� 4a: easily endurable �a light illness� b: requiring little effort �light work� 5: capable of moving swiftly or nimbly �light on his feet� 6a: FRIVOLOUS �light conduct� b: lacking in stability: CHANGEABLE �light opinions� c: sexually promiscuous 7: free from care: CHEERFUL 8: intended chiefly to entertain �light verse� �light comedy� 9a: having a comparatively low alcoholic content �light wines� b: having a relatively mild flavor 10a: easily digested �a light soup� b: well leavened �a light crust� 11: lightly armed or equipped �light cavalry� 12: coarse and sandy or easily pulverized �light soil� 13: DIZZY, GIDDY �felt light in the head� 14a: carrying little or no cargo �the ship returned light� b: producing goods for direct consumption by the consumer �light industry� 15: not bearing a stress or accent �a light syllable� 16: having a clear soft quality �a light voice� 17: being in debt to the pot in a poker game �three chips light� syn see EASY � light�ish \-ish\ adj 5light adv (bef. 12c) 1: LIGHTLY 2: with little baggage �travel light� 6light vi light�ed or lit \'lit\; light�ing [ME lighten, fr. OE l��htan; akin to OE le�oht light in weight] (bef. 12c) 1: DISMOUNT 2: SETTLE, ALIGHT �a bird lit on the lawn� 3: to fall unexpectedly 4: to arrive by chance: HAPPEN �lit upon a solution� � light into: to attack forcefully �I lit into that food until I'd finished off the heel of the loaf �Helen Eustis� � Thesaurus: light n syn DAWN 1, aurora, cockcrow, cockcrowing, dawning, daybreak, daylight, morn, morning, sunrise light adj syn FAIR 3, blond light vb 1 to cause something to start burning �lighted the fuse on the dynamite� syn enkindle, fire, ignite, inflame, kindle con douse, ||dout, put out, quench, snuff; damp (down), smother, stamp (out) ant extinguish 2 syn ILLUMINATE 1, illume, illumine, lighten light adj 1 having little weight �the package was light� syn featherlight, featherweight, imponderous, lightweight, unheavy, weightless rel inconsequential, trifling, trivial; little, petty, small; flimsy, meager, slender, slight idiom light as a feather con bulky, burdensome, cumbersome, huge, massive, overweight, ponderous, portl, unwieldy, weighty ant heavy 2 syn EASY 1, effortless, facie, royal, simple, smooth, untroublesome ant arduous 3 syn FAST 7, easy, loose, ||riggish, unchaste, wanton, whorish 4 syn GIDDY 1, bird-witted, dizzy, empty-headed, featherbrained, flighty, frivolous, harebrained, rattlebrained, skittish 5 syn LITTLE 3, casual, inconsiderable, insignificant, minor, petty, shoestring, small-beer, trivial, unimportant 6 syn DIZZY 2, giddy, light-headed, swimming, swimmy, vertiginous light vb 1 syn ALIGHT, land, perch, roost, set down, settle, sit down, touch down 2 syn HAPPEN 2, bump, chance, hit, luck, meet, stumble, tumble -- randy at pilot.com (home address) NeXTMAIL randy at nacm.com (work address) Welcome! ________________________________________________________________________ GCS(GAT): d--(---/-d+) p-@ c+++@ l u++@ e* m+/++ s/+ n+(---) h(--) f* g+ w++/+++ t++ r(-) y+(*) ________________________________________________________________________ DOLLAR HAS SPIRITUAL VALUE! JERUSALEM - Israel's chief rabbi, Mordechai Eliahu, says people should keep U.S. dollars in their pockets when in a restroom or an unclean place. His office said Wednesday that an American Jew raised the question because the bills say: "In God We Trust." The rabbi's religious ruling said that because of the motto, dollars must be treated the same way as holy documents and not be exposed to filth. --Reuters From grendel at netaxs.com Thu May 19 18:35:32 1994 From: grendel at netaxs.com (Michael Handler) Date: Thu, 19 May 94 18:35:32 PDT Subject: How trustworthy is *Skipjack*? Message-ID: <199405200135.VAA23933@access.netaxs.com> It seems to me, that with the NSA being the devious bastards that they are, might not just make the key escrow scheme the only weak point in the Clipper encryption system. The escrow scheme (supposedly) allows only legal wiretaps, as you need a warrant or wiretap order in able to obtain the escrowed key parts. HOWEVER: The NSA known to be damn secretive about what exactly it is doing and investigating. If they were snooping on something, especially something they're not supposed to be involved in (domestic surveillance, for instance), they wouldn't want to go to the trouble of legally obtaining a wiretap order. They take so long, and there's always the trouble of that potentially incriminating paperwork... In short, is it possible that the NSA built in a backdoor to Skipjack so they can stay ahead of the game like they used to in the pre-Clipper days? Also, at the risk of starting a "computing power increases vs. difficulty of factoring vs. potential cost" flamewar: Is it possible that the NSA can brute force Skipjack? _Applied Crypto_ says that Skipjack only has an 80-bit key. How easily could the NSA break an 80-bit key? -- ========================================================================== | Michael Brandt Handler | Philadelphia, PA | | | PGP 2.3a public key available via server / mail / finger | ========================================================================== From strnlght at netcom.com Thu May 19 12:42:28 1994 From: strnlght at netcom.com (David Sternlight) Date: Thu, 19 May 1994 19:42:28 GMT Subject: David Sternlight's Slurs About Folks With "2.3a" Keys In-Reply-To: <199405191106.FAA01087@spot.colorado.edu> Message-ID: By publishing a private e-mail, both beker and Johnson are in violation of my copyright in that message, since it was a private communication and no permission was given to republish. Thus beker has now committed a new violation of his netcom agreement, and Johnson shows he has bad judgement. What's more, by trying to make what should be a private matter, to be decided by netcom based on their own rules, into a public cause celebre, and by writing to netcom as Johnson did to intervene in a private matter, he has made the situation worse for beker, not better. Netcom is perfectly capable of telling me to go peddle my papers if I'm wrong. Complaining against another user to netcom is with netcom's rules. I am, of course, content to rely on netcom's decision in these two matters. The behavior of officious intermeddlers like Johnson speaks for itself. By the way, I sent a copy of my complaint to beker at netcom support's own suggestion, in fairness to him. beker's abuse of that courtesy private e-mail means he has given up any chance of getting such courtesies from me in future. David From hughes at ah.com Thu May 19 19:44:00 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 19 May 94 19:44:00 PDT Subject: ANNOUNCE: Bay Area physical meeting May 21. Message-ID: <9405200243.AA09717@ah.com> ANNOUNCEMENT ============ SAME cypherpunks time! NEW cypherpunks channel! (er, location) What: Bay Area physical cypherpunks meeting When: May 21, 1994 12:00 noon - 6:00 p.m. Where: Silicon Graphics, Mountain View, CA Building 5, SGI cafeteria, aka Cafe Iris Many thanks to Katy Kislitzin for arranging us a new and larger meeting space. With Cygnus meetings averaging 40-50 people each month, we'd just plain run out of space in their small conference room. And many thanks to John Gilmore for the well-used Cygnus room. We'll be in Cafe Iris, with 75 seats and plenty of A/V equipment. There will be full MBONE support, including video. We'll have a camera, so those who want to broadcast their likenesses to the whole world will have the opportunity. The MBONE session has been advertised on 'sd' already. The New York Times magazine is doing a story on us, and a photographer will be there to take a group photo, last I heard. This month's theme is Protocols. We'll be doing protocols and other technical cryptography. Here's what's known to be on the schedule right now: -- Arthur Abraham. Broadband subliminal channel in the DSA -- Eric Hughes. Narrowband subliminal channel in the DSA These two will be presenting work by Gus Simmons on the various subliminal channels in the Digital Signature Algorithm, based on a pair of papers presented last year. Folks can prepare for these presentations by reading Schneier's _Applied Cryptography_, p. 300 and following, on El Gamal signatures, Schnorr signatures, and the DSA. -- Eric Blossom. Secure telephony Eric is working on a hardware-based secure telephone, similar to the clipper-ized AT&T secure phone. He will be discussing details of the protocols, not all cryptographic, required for implementation. -- the usual contributions from the attendees See you all there! Eric ----------------------------------------------------------------------------- [Thanks to Katy Kislitzin for directions--EH] Place: Silicon Graphics, Inc. Building 5 (SGI Cafeteria) 2025 North Shoreline Boulevard Mountain View From 101 take Shoreline East. Turn right onto Steirlin Court at the big red metal sculpture. Go almost to the end, and building 5 is on the right. From rarachel at prism.poly.edu Thu May 19 20:18:31 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 19 May 94 20:18:31 PDT Subject: --who is doing the stego faq?-- Message-ID: <9405200305.AA17490@prism.poly.edu> Hi guys, I'm an idiot. :-) A few days ago, I saw a message by someone on sci.crypt about a stego faq he was doing. I contacted him and told him about a program I'm working on, but lost his address and the news daemon already purged his message. :-( So if you're the one, or know who is, please email me. The next message will be some info on WNSTORM which is the program I'm writing... From jim at bilbo.suite.com Thu May 19 20:21:34 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 19 May 94 20:21:34 PDT Subject: cpunks quiz Message-ID: <9405200318.AA19823@bilbo.suite.com> It came from one of the documents that John Gilmore received as a result of one of his FOIA requests. Here the relevant section from John's post... From: gnu at toad.com (John Gilmore) Return-Path: Received: from localhost by toad.com id AA19157; Thu, 30 Dec 93 02:21:27 PST Message-Id: <9312301021.AA19157 at toad.com> To: cypherpunks at toad.com Subject: Revised Clipper FOIA results from Asst Secretary of Defense Date: Thu, 30 Dec 93 02:21:27 -0800 We sent in an administrative appeal on June 17th, 1993, of various things that were withheld in the response to our FOIA request. The Office of the Secretary of Defense responded on December 21, 1993 -- six months later. (By law, agencies have twenty business days to respond to an administrative appeal. However, agencies regularly violate all FOIA time limits because the courts have largely refused to censure agencies for breaking the law, and have refused to force agencies to follow the law. I will point this out each time it happens, largely to educate you -- the general public -- about how pervasive a problem this is.) We did an administrative appeal of the parts they withheld and other documents they did not provide. The result is that one more doc came out (a cover sheet for a review copy of the President's actual directive, which is still classified and has been referred back to the National Security Council for processing), and the previously withheld paragraph of the last two memos below is now only blacked out for a sentence or two. The newly released text is highlighted with XXXX's and explanation. John Gilmore [first few letters deteled -jm] [This page originally XXXXXXXX SECRET; now UNCLASSIFIED] OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE WASHINGTON DC 20301-3040 COMMAND, CONTROL, COMMUNICATIONS AND INTELLIGENCE 30 APR 1993 (stamped) MEMORANDUM FOR THE ACTING ASSISTANT SECRETARY OF DEFENSE (C3I) Subject: PRD/NSC-27 Advanced Telecommunications and Encryption (U) [first six paragraphs deleted -jm] (U) Despite these concerns, the President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip, and at least AT&T has been reported willing to do so (having been suitably incentivised by promises of Government purchases). The Attorney General has also been directed to create a system for escrow of key material. The Secretary of Commerce has been directed to produce standards based on the use of the trapdoor chip. [remainder of letter deleted] (signed) Ray Pollari Acting DASD (CI & SCM) From rarachel at prism.poly.edu Thu May 19 20:22:12 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 19 May 94 20:22:12 PDT Subject: WNSTORM UPDATE (STEGO RND CRYPT) Message-ID: <9405200309.AA17515@prism.poly.edu> The following describes the a crypto program I've written. This is an update to WNSTORM which is on csua.berkeley.edu (?) was soda... Mucho improvements have been made. Unfortunately, it will probably be a while before this winds up in a readable directory... so until then you can request it from me, and as long as you're in the USA I'll send you a copy... Here's the blurb... (send requests to rarachel at photon.poly.edy rather than replying to this message if you want me to get to them quicker...) WNSTORM(tm) 2.10 Copyright (C) 1994 by Ray (Arsen) Arachelian All Rights Reserved, GTDR. DO NOT EXPORT!!! USA AND CANADA USE ONLY!!!!!!!!!!!!!!!!!!!!!! WNSTORM (White Nouse Storm) is a new cryptography and steganography software package which I'm developing. You can use WNSTORM to encrypt your files to keep prying eyes from invading your privacy. You can use WNSTORM to hide files, be they text, or otherwise within PCX images (other image formats will be supported in the future.) WNSTORM's method of hiding files in PCX images is very secure. With the right kind of image, you won't even see any changes made to the picture unless you look very very closely, and even then you are unlikely to recognize that there is hidden data in the image. (Some images don't work well, others work very well.) You can then take the PCX image containing the hidden data and send it to your friend, or post it up publicly on the alt.binary.pictures.* or whatever. Only you and anyone you share the password with can get at the hidden data file! More importantly, the intended recipient of the picture does not have to have a previous copy of the image to get at the hidden data. WNSTORM is also an encryption system. Unlike conventional systems, WNSTORM uses random numbers to hide and encrypt your file. (see documentation for technical details.) WNSTORM's encryption uses elements of frequency hopping (also known as spread spectrum transmissions) but instead of using it over radio waves, it uses it on your files. It does this by breaking up your file into eight separate channels and mixing in anywhere between 16 to 240 other bogus random noise channels with your eight data channels. The number of bogus channels varies with each byte taken from your file. The position (similar to a frequency of a channel used by spread spectrum communications) depends on the values in the bogus channels as well as your password. The password can be upto 150 characters (that's 1200 bits) however this can easily be changed to longer passwords. All the source code for WNSTORM and its supporting programs is also included. It's there for you to examine and see that there are no back doors, and to modify so as to improve it. WNSTORM is >FREE<, but not public domain. You may freely use it and give copies away to anyone you like. (see documentation for license information.) Enjoy. -- Ray (Arsen) Arachelian rarachel at photon.poly.edu From hfinney at shell.portal.com Thu May 19 21:00:01 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 19 May 94 21:00:01 PDT Subject: D-H key exchange - how does it work? Message-ID: <199405200401.VAA24444@jobe.shell.portal.com> The problem with "strong" primes, primes for which (p-1)/2 is prime, is that they are hard to find. It takes hours and hours of searching to find a 1024 bit strong prime on a workstation. Granted, you don't need to change very often perhaps, but some people would like to change every day. They may need a dedicated prime-searching machine to do that. (The best way I know to find strong primes is to find a prime q and then check 2q+1 for primality. Finding 1024 bit primes takes a long time, and the chances that 2q+1 is prime is very low.) It's much easier to find a "strongish" prime, one for which (p-1)/k is prime, where k is on the order of 100 or so. Take your prime q in the above and try kq+1 for k=2,4,6,.... This only takes a few minutes after you find q. The question is, how good are strongish primes? What fraction of elements of the group will have short periods, given that p-1 has a pretty small number of prime factors? Also, given a strong or strongish prime, are the chances that g^x has a small period good enough that it makes sense to check for that case? Any event whose chances are smaller than your computer making a mistake is generally not worth checking for. Hal From cjl at welchlink.welch.jhu.edu Thu May 19 21:04:02 1994 From: cjl at welchlink.welch.jhu.edu (CHRISTOPHER JAY LEONARD) Date: Thu, 19 May 94 21:04:02 PDT Subject: Crypto-history Message-ID: Crypto-history buffs, Apropos the recent discussion of the Bletchley Park and NSA exhibits of WWII rotor-type cipher machines on sci.crypt, there is an excellent article by Glenn Zorpette (of IEEE Spectrum) in the Summer 1994 issue of American Heritage of Invention and Technology, Volume 10/Number 1. This is a Forbes publication that is put out by their American Heritage Magazine group. The title of the article is "The Edison of Secret Codes" and it is about Edward Hugh Hebern who contributed much to the development of rotor-type cipher machines from 1912 until after WWII. It features quotes from David Kahn (The Codebreakers) and some terrific photos of early cryptographic equipment, as well as a nice description of the design/function of the machines and vulnerabilities to cryptanalysis by the Army's William Friedman in the 1920's. There lawsuit by Hebern against patent infringement by the government serves as an an eerie premonition of the Inslaw case. There is a sidebar regarding the National Cryptologic Museum. Last but not least it features this marvelous stanza of an ode to Hebern's crypto machine, an equally fitting a description of public key systems (e.g. PGP). Marvelous invention comes out of the West Triumph of patience, long years without rest Solved problem of ages, deeper than thought A code of perfection, a wonder is wrought. I got my copy directly from someone who works for American Heritage, so I can't vouch for it's availabilty on the news stands. Share and Enjoy :-) cjl From m1tca00 at FRB.GOV Thu May 19 22:17:34 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Thu, 19 May 94 22:17:34 PDT Subject: Sternlight "kill" file Message-ID: <9405200516.AA24366@mamp1.FRB.GOV> Well, Sternlight has threatened to talk to my superiors (no one is superior to me :) if I don't apoligize to the world for forwarding beker at netcom.com's message posted to this list to alt.security.pgp. He told me that he knows the Chairman [of the Federal Reserve Board]. Would Alan Greenspan get involved? Sure, he's kinda busy with that inflation thing... He told me his message to me was copyrighted and I couldn't publish it. I'm going to take that advice while I ponder this. Any advice would be welcome. My pgp key is on the servers. PS: I'm considering pleading "forgery". rgds-- TA (tallard at frb.gov) I don't speak for the Federal Reserve Board, they don't speak for me. pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D From Richard.Johnson at Colorado.EDU Thu May 19 22:50:02 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Thu, 19 May 94 22:50:02 PDT Subject: Sternlight "kill" file In-Reply-To: Message-ID: <199405200549.XAA03037@spot.Colorado.EDU> From the keyboard of: Tom Allard > Well, Sternlight has threatened to talk to my superiors (no > one is superior to me :) if I don't apoligize to the world for > forwarding beker at netcom.com's message posted to this list to > alt.security.pgp. Heh. Sternlight is really trying to throw his weight around here, isn't he. How sad, but not surprising. His job will be much easier if he can silence some of the opposition to his half-truths and innuendo. As Jim Thomas notes in the following post to alt.security.pgp, M. Sternlight is somewhat ignorant of Copyright law and precedent, including such things as fair use, implicit assignment of rights, etc. Note that Mr. Thomas posted his missive to a usenet newsgroup that receives posts from cypherpunks. The fact that we have to use manual means to make the gateway go in two directions makes it no less valid a gateway than those between other mailing lists and usenet newsgroups (like comp.society.cu-digest, for example :-). --------- From: jthomas at well.sf.ca.us (Jim Thomas) Newsgroups: alt.fan.david-sternlight,alt.security.pgp Subject: Re: David Sternlight's Slurs About Folks With "2.3a" Keys Date: 20 May 1994 04:02:28 GMT Message-ID: <2rhcok$sbq at nkosi.well.com> In article , David Sternlight wrote: >By publishing a private e-mail, both beker and Johnson are in violation of >my copyright in that message, since it was a private communication and no >permission was given to republish. Not surprisingly, Sternlight reveals his ignorance of copyright law. >Thus beker has now committed a new violation of his netcom agreement, and >Johnson shows he has bad judgement. What's more, by trying to make what >should be a private matter, to be decided by netcom based on their own >rules, into a public cause celebre, and by writing to netcom as Johnson did >to intervene in a private matter, he has made the situation worse for beker, >not better. Sternlight has failed to demonstrate: 1) That the first alleged violation was, in fact, a violation, and not simply a labeling ruse. Sternlight has rushed to judgment and tried and convicted without evidence. An honorable person would first ascertain facts prior to taking action 2) Sternlight claims a second violation of netcom's agreement without demonstrating what the violation is. An honorable person would reproduce the relevant text of the agreement and then make the corresponding case. Instead, Sternlight asserts. This is consistent with his style in which he defames others and then complains that he is defamed when others hoist him by his own petard. 3) That Sternlight snoops through others' stuff and then leaps to judgment on the bases of superficial cues is, indeed, a matter of public concern. If Sternlight snooped through my system files and found titles such as suckme.gif, jailbait.gif, and 69riders.exe, would he have complained to our university officials that I am in violation of school anti-porn policies? If the facts of Sternlight's latest escapades are accurate, and Sternlight's post seems to confirm them, then it is fully appropriate to alert the public that a demonstrable defamer is actively perusing accounts and notifying sysads of what he finds. Perhaps Sternlight should look up "honor" in his dictionary. Jim Thomas ... >David From pkm at maths.uq.oz.au Thu May 19 23:56:35 1994 From: pkm at maths.uq.oz.au (Peter Murphy) Date: Thu, 19 May 94 23:56:35 PDT Subject: Sternlight "kill" file Message-ID: <9405200656.AA23947@axiom.maths.uq.oz.au> I was aware that David Sternlight had a dubious reputation among the cypherpunks community, but uptil now I was never really sure why. Now I know. Could anyone please tell me, for my benifit (and possibly for other newbies' benefit) what other "escapedes" he has pulled in the past that have been shonky. I would also like to know why he has an instinctive dislike of PGP. (Much of it may have happened before my time.) ======================================================= | Peter Murphy. . Department of | | Mathematics - University of Queensland, Australia. | ------------------------------------------------------- | "What will you do? What will you do? When a hundred | | thousand Morriseys come rushing over the hill?" | | - Mr. Floppy. | ======================================================= From jdwilson at gold.chem.hawaii.edu Fri May 20 01:03:45 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Fri, 20 May 94 01:03:45 PDT Subject: mutual interest In-Reply-To: Message-ID: Perhaps a better question might be whether it might be possible for some like-minded souls such as those on this list to participate in some of your (David Dahn et al) discussions? -NS *.................................................................* . == = =....James D. Wilson.....jdwilson at gold.chem.hawaii.edu.. . " " "....P. O. Box 15432..........or..NetSurfer at sersol.com.. . " " /\ "....Honolulu, HI 96830................................ . \" "/ \"....FRC/FAM/AASR/GWB/OTO............................... *.................................................................* On Tue, 17 May 1994, David Dahn wrote: > Date: Tue, 17 May 1994 13:25:06 -0700 (PDT) > From: David Dahn > To: joshua geller > Cc: cypherpunks at toad.com, edwards at skiff.ee.fit.edu, jas1153 at hertz.njit.edu, > panzer at dhp.com > Subject: Re: mutual interest > > It is a form of encryption developed to insure a sense of privacy. I, and > the others concerned, would hope you can appreciate that. But, thank you > for your interest and concern.....Best Regards.....USMC > > > On Sun, 24 Apr 1994, joshua geller wrote: > > > > > you four will probably recall that I have just entered and left > > your encrypted channel on IRC. this message is crossposted to > > the cypherpunks mailing list; I, and I am sure other members of > > this list would be interested in the details of your encryption > > scheme, if any of you are willing to share. > > > > regards, > > josh > > From crame001 at hio.tem.nhl.nl Fri May 20 01:24:34 1994 From: crame001 at hio.tem.nhl.nl (ER CRAMER) Date: Fri, 20 May 94 01:24:34 PDT Subject: Why PGP 2.5 sucks... Message-ID: <9405200919.AA00432@hio.tem.nhl.nl> PGP 2.5 really sucks... Why? - You can't use your old secret key. So you have to build a new one. Why? I don't know. But PGP 2.5 don't recognize your pass phrase anymore. Maybe that new RSA algoritme is easier to crack. So they force everybody to create a new key... - A new RSA algorithm??? What's wrong with the old one??? - Why not bigger keys than 1024 bits??? - Why can't PGP 2.3a read PGP 2.6 messages anymore after 1 september 1994? The only good thing about 2.5 is that it's legal in de USA and Canada? But why doesn't someone gets a license for PGP 2.3a so that's a legal version too! (or is that inpossible???) ... If you outlaw Privacy, only the Outlaws will have Privacy! Eelco Cramer ------ -------------------------------------------------- From ngps at nova.np.ac.sg Fri May 20 02:31:07 1994 From: ngps at nova.np.ac.sg (Ng Pheng Siong) Date: Fri, 20 May 94 02:31:07 PDT Subject: Sternlight "kill" file In-Reply-To: <9405200656.AA23947@axiom.maths.uq.oz.au> Message-ID: <9405200931.AA13008@toad.com> > I was aware that David Sternlight had a dubious reputation among the > cypherpunks community, but uptil now I was never really sure why. Now > I know. Could anyone please tell me, for my benifit (and possibly for > other newbies' benefit) what other "escapedes" he has pulled in the > past that have been shonky. I would also like to know why he has an > instinctive dislike of PGP. (Much of it may have happened before my time.) I came across the following URL yesterday: http://www.quadralay.com/www/Crypt/Sternlight/Sternlight.html I've just subscribed to this list _and_ started on sci.crypt et al this week. So I'm a newbie, too. ;-) - PS -- Ng Pheng Siong * ngps at np.ac.sg * (65) 460 6769 Computer Centre, Ngee Ann Polytechnic, Singapore From udee128 at bay.cc.kcl.ac.uk Fri May 20 02:49:46 1994 From: udee128 at bay.cc.kcl.ac.uk (Trace waz ere) Date: Fri, 20 May 94 02:49:46 PDT Subject: unsibscribe Message-ID: <0097EB56.0A928B80.31@bay.cc.kcl.ac.uk> unsuscribe udee128 at bay.cc.kcl.ac.uk From rjc at gnu.ai.mit.edu Fri May 20 03:04:14 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Fri, 20 May 94 03:04:14 PDT Subject: Why PGP 2.5 sucks... In-Reply-To: <199405200959.FAA25222@umbc8.umbc.edu> Message-ID: <9405201003.AA17436@geech.gnu.ai.mit.edu> Ray Cromwell writes: > PGP 2.5 really sucks... > > Why? > - You can't use your old secret key. So you have to build a new one. > Why? I don't know. But PGP 2.5 don't recognize your pass phrase anymore. > Maybe that new RSA algoritme is easier to crack. So they force everybody > to create a new key... Seems like it should be a simple task to code up a utility to convert old format keys to new ones. -Ray From edgar at spectrx.sbay.org Fri May 20 03:12:54 1994 From: edgar at spectrx.sbay.org (Edgar W. Swank) Date: Fri, 20 May 94 03:12:54 PDT Subject: FBI decryption capability / MSDOS disk wipe question Message-ID: <6Jammc3w165w@spectrx.sbay.org> -----BEGIN PGP SIGNED MESSAGE----- Harry Bartholomew posted: At three sites around the world the hyperdsk.zip file (204,864 bytes) contains only the .exe without any documentation. This is apparently a disk cache with no encryption capabilities. It is usually listed under other names: HYPERDSK.ZIP DCTL 0 DELETED Use SPKT465S.ZIP HYDK420.ZIP TINS 237647 02-14-91 <15>Hyperdisk V4.20, Great 386 Disk Cache HYDK421.ZIP TINS 270730 05-19-91 <15>Latest Of The Greatest Of Disk Caches HYDK422.ZIP DCTL 0 DELETED Use SPKT465S.ZIP HYDK430.ZIP DCTL 0 DELETED Use SPKT465S.ZIP " " " FDUT 255036 12-02-91 HyperDisk V4.3 - The ultimate disk caching utility. And HyperKey V4.14. The shareware release hot from HyperBoard. " " " TINS 270024 12-11-91 <21>Latest Of The Greatest Of Disk Caches V4.30 HYPR460S.ZIP DCTL 0 DELETED Use SPKT465S.ZIP " " " FDUT 291803 07-07-92 HyperDisk, version 4.60 HyperDisk is the finest disk caching utility available. It increases your computer disk drive's performance using advanced features including: support for Conventional, Extended , and Expanded Memory usage; interrupt-driven I/O for both read and write caching; support for PC, XT, AT, 80386, and 80486 type computers; and compatability with all versions of DOS from 2.xx through 5.xx. SPKT465S.ZIP DCTL 400399 09-02-93 SpeedKit from HyperWare Version 4.65 Contains the shareware versions of the world famous HyperDisk, HyperKey and HyperScreen Utilities. New version has updates for XtraDrive, DoubleSpace, new features in HyperKey and HyeprScreen. Documentation and orderform included. Files: 19 Oldest: 8/12/93 Newest: 9/2/93 spkt465s.zip GARB 399508 09-02-xx Speedkit; Hyperdisk disk accelerator v4.65s " " " SIMT 399242 09-07-93 B HyperDisk disk cache w/HyperKey & HyperScreen Note availability of SPKT465S.ZIP at both GARBO and SIMTEL. In January Edgar W. Swank mentioned WIPIT100.ZIP to wipe all free space on your disk. Its free for personal use. I haven't found it though, with Archie searches. WIPIT100.ZIP EGLN 14897 11-21-93 WIPIT v1.00 8/2/93 Wipe all free space on your disk to prevent Undeleting files. Free for personal use. (Files: 4 Newest: 08-02-93 Oldest: 08-02-93) WIPIT100.ZIP is only available (AFIK) on the Eagle's Nest BBS at (408)223-9821. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLduBuN4nNf3ah8DHAQG2ugP+Oa+ewikX73wLniRmaAnNIkmH3/YRN3Ab cqea3WjxQForNx44BqcOfKC73sfBz8+cHjfEvfCtTkvpOcOmiCxWIIEGUUr6R593 2Lio0f5Hif1wCozcrOr0lEXJa2+GRj7GocZyJxTYYQIuHftOweDjcPnlTKfAH0at sG2ejx7MiI4= =a94p -----END PGP SIGNATURE----- -- edgar at spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From r6788 at hopi.dtcc.edu Fri May 20 03:41:21 1994 From: r6788 at hopi.dtcc.edu (Joseph R. Rach) Date: Fri, 20 May 94 03:41:21 PDT Subject: Plee For Help Message-ID: <9405201041.AA18059@hopi.dtcc.edu> -----BEGIN PGP SIGNED MESSAGE----- Hello Fellow Cypherpunks, I need help compiling PGP on DG/UX Release 5.4R3.00 AViiON.. There is no target in the makefile that really fits the system here. I have consulted the sysadm here and he told me to try adding #defines into the source, like #define BSD_SOURCE #define BSD_FLAVOR #define SVR4_SOURCE #define BSD_TTY_FLAVOR I don't want to fudge up the executable, and this isn't working. Someone mentioned to me that i could try make portable. That did not work either. I have gotten it to compile an executable, but only after giving me several errors. I have a little knowledge of c, so i don't need a complete hand holding. If someone would extend a helping hand, i'd appreciate it. On a side note, i have gotten the sysadm here to agree to install PGP2.5, should i be able to compile it and i let him know i did it! He won't install 2.3a. ;<.. I'm using one of the crippled executables to sign this message. Thanks in advance, Joseph R. Rach. r6788 at hopi.dtcc.edu CIS Student and U.S. Private Citizen. =-=PGP key available thru fingerd.=-= O yeah, almost forgot; Yes, we do have gcc... -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLdxpAHIt7G0u7ofRAQFN4gQAt+Kym1RRnbJdpTO6+CygDTX9ssw21u5r Qm/7GFlRVUhvumFtWNspAaTM3g/8mGm8gc7Z/fReVNZv5hBeBpShv31a8lO0N4Bt nJFLRq28BVA8tHTj5ysn2QwfGjgvP+5fuj7DP09H1gNs5EtyDQCPAu1aDm29JA5O 6zG6GCmPUSU= =kbJs -----END PGP SIGNATURE----- From perry at imsi.com Fri May 20 04:27:56 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 20 May 94 04:27:56 PDT Subject: Sternlight and damages Message-ID: <9405201127.AA20861@bacon.imsi.com> Sternlight claims people are violating copyright laws by posting his private email. I will point out that although this may be true, he would have to show damages to him in order to collect anything. From what I know, his financial position is not such that he can afford to pay lawyers for frivolous lawsuits. I suspect he can't do a thing. Feel free to tell him so. Perry From unicorn at access.digex.net Fri May 20 06:59:21 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 20 May 94 06:59:21 PDT Subject: FWD: Re: David Sternlight's Slurs About Folks With "2.3a" Keys In-Reply-To: <199405191106.FAA01087@spot.colorado.edu> Message-ID: <199405201359.AA10497@access1.digex.net> In article you write: >David Sternlight (strnlght at netcom.com) wrote: >: In article <199405191106.FAA01087 at spot.colorado.edu>, >: Richard Johnson wrote: > >: By publishing a private e-mail, both beker and Johnson are in violation of >: my copyright in that message, since it was a private communication and no >: permission was given to republish. > >Actually, David, since you did not register your copyrighted material >with the U.S. Copyright Office before the alleged infringement (I don't >know for sure that you actually authored that work, and you can't prove >that you did because you didn't sign it using *pgp*!!!), you are limited >to recovering your actual damages (such as lost profits), which in my >estimation would be zero...... Moreover, the re-print here is probably >justified as fair use for purposes of comment and criticism... which is >exactly what seems to be occuring here. > >Anyway, you have a difficult burden of establishing that the document >that you claim to be yours is actually yours, as any number of other >people could also claim to have written it. > >Its a funny thing about the net... You can't be sure who wrote what... > >By the way, in your letter, you claim that you discovered a PGP key from >version 2.3a.... Now, how do you know that this was a PGP key? DId you >run it through PGP to verify that it was? Or are you just assuming that, >because it looks like a PGP public key, that it is??? > >: Thus beker has now committed a new violation of his netcom agreement, and >: Johnson shows he has bad judgement. What's more, by trying to make what >: should be a private matter, to be decided by netcom based on their own >: rules, into a public cause celebre, and by writing to netcom as Johnson did >: to intervene in a private matter, he has made the situation worse for beker, >: not better. > >We shall see... > >: Netcom is perfectly capable of telling me to go peddle my papers if I'm >: wrong. > >Please let us know when they do that, David. > > >-- >------------------------------------------------------------------------- >Evidence, Inc. | The Internet Cops are watching, >Evidence at Nowhere.Nil | aren't they? >------------------------------------------------------------------------- >"Have you ever had your phones tapped by the government? YOU WILL and >the company that'll bring it to you..... AT&T" >------------------------------------------------------------------------- > -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From gtoal at an-teallach.com Fri May 20 07:56:06 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 20 May 94 07:56:06 PDT Subject: Patent infringement (fwd) Message-ID: <199405201454.PAA06361@an-teallach.com> : This is the argument Schiller's message on 2.6 foreshadowed. However, : there are some counterarguments you can make: : - It's not clear that RSADSI has actually said that merely posting a key with : the words "Version: 2.3a" in and of itself constitutes inducement or : conspiracy to infringe the patent. Schiller speculated that running a key : server which accepted pre-2.4 keys could represent contributory infringement : but I haven't seen any statements from Bidzos that agree with this, let : alone the stronger statement Sternlight is making. Excuse me folks - I think we're missing a big point here: there's no such crime as 'conspiracy to infringe' nor is it a civil offense. What PKP are talking about is agrravated damages - *if* you are *breaking* one of their patents, eg by *running* pgp, then because you are encouraging others to do so by, say, also offering a keyserver service, they can ask for larger damages because they'll say you're *flagrantly* violating their patent and encouraging others to do so. However, if you're *not* violating their patent, there's nothing they can do about the 'encouraging others to do so' part. Running a keyserver, as long as it doesn't run pgp to do its key management, is not infringing PKP's patents, and they can't do anything about it - it's a question of publishing and free speech. It's not even the more restricted commercial speech - keyservers aren't a business. I think if you read the MIT announcements closely you'll see what they say is compatible with this view. G From hughes at ah.com Fri May 20 07:59:31 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 20 May 94 07:59:31 PDT Subject: D-H key exchange - how does it work? In-Reply-To: <199405200401.VAA24444@jobe.shell.portal.com> Message-ID: <9405201502.AA10802@ah.com> It takes hours and hours of searching to find a 1024 bit strong prime on a workstation. Granted, you don't need to change very often perhaps, but some people would like to change every day. If they really want to change that often, they can buy a dedicated machine. There's no good cryptographic reason to change that often, if the modulus is large enough. In addition, changing the modulus can have unpleasant effects on traffic analysis, if not done properly. (The best way I know to find strong primes is to find a prime q and then check 2q+1 for primality. Finding 1024 bit primes takes a long time, and the chances that 2q+1 is prime is very low.) Well, there are faster ways. One can combine the sieve for q with a sieve for p. The biggest problem is that there are just a lot fewer primes with the above property. The question is, how good are strongish primes? Just fine. The complexity of taking discrete logs is dependent on the largest prime factor of the modulus. What fraction of elements of the group will have short periods, given that p-1 has a pretty small number of prime factors? If q is the largest prime factor, then about p/q will have short periods, namely, those divisible by q. When p=2q+1, there is one element of order 1 (namely 1), one element of order 2 (namely -1, aka 2q), and every other element has order 2q or q. For primes of the form p=kq+1, there are about k with short periods. Eric From sommerfeld at orchard.medford.ma.us Fri May 20 08:05:25 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Fri, 20 May 94 08:05:25 PDT Subject: Sternlight "kill" file In-Reply-To: <9405200516.AA24366@mamp1.FRB.GOV> Message-ID: <199405201438.KAA06655@orchard.medford.ma.us> Given that you've already admitted posting it, a forgery claim is a little late. Claim "fair use". You did not intend to make a profit from the republication, and the republication was for educational purposes: to show the world that Sternlight is playing hit-man for RSADSI... - Bill From gtoal at an-teallach.com Fri May 20 08:05:54 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 20 May 94 08:05:54 PDT Subject: Restoring the list membership Message-ID: <199405201505.QAA06632@an-teallach.com> : I'll wait for two days in case anyone on this list has strong objections to : returning the membership to status quo ante. If not, I'll send the form letter. I think it was an excellent opportunity to cull the dead wood. How about instead of resubbing all 500+, you just send them all a mail telling them what happened and how to resub. That way we only get the interested ones back... G From perry at imsi.com Fri May 20 08:10:57 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 20 May 94 08:10:57 PDT Subject: D-H key exchange - how does it work? In-Reply-To: <9405201502.AA10802@ah.com> Message-ID: <9405201510.AA06846@snark.imsi.com> Eric Hughes says: > It takes hours and hours of searching to find a 1024 bit strong > prime on a workstation. Granted, you don't need to change very > often perhaps, but some people would like to change every day. > > If they really want to change that often, they can buy a dedicated > machine. There's no good cryptographic reason to change that often, > if the modulus is large enough. I dunno. The paper by LaMacchia and Odlysko on how to break Diffie-Hellman quickly once you've done a lot of precomputation on a static modulus is sufficiently disturbing to me that I would prefer to be able to change modulii fairly frequently if possible. If the opponent knows a way thats a constant factor of a few tens of thousands cheaper to do discrete logs, it might be worth their while to spend a large sum on doing that precomputation once in the hopes of breaking lots of traffic. > In addition, changing the modulus can have unpleasant effects on > traffic analysis, if not done properly. Of what sort? > Just fine. The complexity of taking discrete logs is dependent on the > largest prime factor of the modulus. It is BELIEVED dependent -- lets be precise... Perry From eagle at deeptht.armory.com Fri May 20 08:12:52 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Fri, 20 May 94 08:12:52 PDT Subject: Restoring the list membership In-Reply-To: <199405201505.QAA06632@an-teallach.com> Message-ID: <9405200812.aa26801@deeptht.armory.com> > : I'll wait for two days in case anyone on this list has strong objections to > : returning the membership to status quo ante. If not, I'll send the form letter. > > I think it was an excellent opportunity to cull the dead wood. How about > instead of resubbing all 500+, you just send them all a mail telling them > what happened and how to resub. That way we only get the interested ones > back... What Graham said... -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From bill at kean.ucs.mun.ca Fri May 20 08:16:36 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Fri, 20 May 94 08:16:36 PDT Subject: Sternlight, period. Message-ID: <0097EB66.A574DD00.4@Leif.ucs.mun.ca> I don't know about the rest of you, but there is more than enough Sternlight shit on t.p.crypto and a.s.pgp for my taste. At least on newsgroups I can use Kill files, but cypherpunks is mail. Cypherpunks write code. Sternlight is not code. Cryptography is all economics. Sternlight is not economical. Time is the stuff life is made of. Sternlight is a waste of time. Those of you who want to read t.p.crypto, please do. If it is relative to cypherpunks, okay, crosspost or cc, but with so bloody much mail, I'd rather not have my time wasted by Sternlight stuff. At least with Extropians mail, I could do a ::exclude, but here we are defenseless, and the noise level is already high enough what with Detweiller on the way into manic phase again, even if only tmp'orarily...any chance Cypherpunks will ever get this? Just grumbling... have a nice weekend... Hey, it's finally spring here! Our first long weekend and traditional start of summer - Victoria Day. "It's the twenty-fourth of May And I've got to get away..." -Buddy Wassiname and the Other Fellow ObCrypto: Thanks for the explanations of D-H key exchange. /----------------------------------------------------------------------\ | I am an Extropian. | Macronic Systems, Inc. offers Ideas for Sale ! | | BEST: DO_IT_SO ! | Go for it : Pledge a Digital US Dollar now. | | CryptoAnarchist. | Send PGP key for more information. | | Cypherpunk. | Get in on the ground floor. Invest Now. Trust me! | | Owner : MSInc., |---------------------------------------------------| | HEx, INFO_Banque | Day Job : Bill Garland = bill at kean.ucs.mun.ca | \__________________________________o o_________________________________/ From bart at netcom.com Fri May 20 08:37:35 1994 From: bart at netcom.com (Harry Bartholomew) Date: Fri, 20 May 94 08:37:35 PDT Subject: Restoring the list membership In-Reply-To: <199405201505.QAA06632@an-teallach.com> Message-ID: <199405201537.IAA06757@netcom.com> > > : I'll wait for two days in case anyone on this list has strong objections to > : returning the membership to status quo ante. If not, I'll send the form letter. > > I think it was an excellent opportunity to cull the dead wood. How about > instead of resubbing all 500+, you just send them all a mail telling them > what happened and how to resub. That way we only get the interested ones > back... > > G I think that is exactly what was proposed. Besides I can't quite imagine someone who is uninterested getting 50 messages per day and not unsubscribing! From m1tca00 at FRB.GOV Fri May 20 09:07:50 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Fri, 20 May 94 09:07:50 PDT Subject: other stuff David Sternlight has posted Message-ID: <9405201552.AA05931@mass6.FRB.GOV> Favorite posts from David Sternlight: ------- Forwarded Message Newsgroups: sci.crypt Date: Sun, 08 May 94 05:34:13 -0400 From: strnlght at netcom.com (David Sternlight) Subject: Re: Someone Get The Classified Docs and Post Them Please! [...] Something did snap, and it did so with the death of Richard Nixon. On thinking of his achievements, and the way he was savagely hounded by the left all his life (not without cause, but not deserving of the extreme demonizing he got), I decided it was time to stop pussy-footing around here, and start calling jerks, cowards, hoodlums, and defamers for what they were. [...] David ------- End of Forwarded Message From jamesd at netcom.com Fri May 20 09:12:35 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 20 May 94 09:12:35 PDT Subject: Is crypto cash patented? Message-ID: <199405201612.JAA01899@netcom.com> We can now legally us freely redistributable RSA code, subject to certain restrictions, inside and outside the US. This was never a problem for users but it was big problem for writers. Mosaic will include PGP in the fall, providing a user friendly interface to PGP. One problem remains. I seem to recall that token based crypto cash has been patented. Does anyone have any comments or knowledge on the status of these patents and their relevance to magic money. If you are going to say magic money is illegal everywhere it might be preferable to mail me directly rather than to state it on the list. -- --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesd at netcom.com | the arbitrary power of the omnipotent state. From hughes at ah.com Fri May 20 09:43:04 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 20 May 94 09:43:04 PDT Subject: Is crypto cash patented? In-Reply-To: <199405201612.JAA01899@netcom.com> Message-ID: <9405201646.AA11040@ah.com> The blind signature algorithm is patented by David Chaum. Eric From hughes at ah.com Fri May 20 09:52:07 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 20 May 94 09:52:07 PDT Subject: D-H key exchange - how does it work? In-Reply-To: <9405201510.AA06846@snark.imsi.com> Message-ID: <9405201655.AA11052@ah.com> I dunno. The paper by LaMacchia and Odlysko on how to break Diffie-Hellman quickly once you've done a lot of precomputation on a static modulus is sufficiently disturbing to me that I would prefer to be able to change modulii fairly frequently if possible. Quoting K. McCurley about the above mentioned work: "Their experience seems to suggest that it is possible to compute discrete logarithms in groups GF(p)^* with p \wavyequals 10^100." [in _The Discrete Logarithm Problem_, collected in _Cryptology and Computational Number Theory_] The security of a 1000-bit modulus is just fine, thank you very much. Some military applications evidently use twice that, though. You need to change it as often as you change RSA keys. Since you can factor if you can take discrete logs, you've got to worry about the security of your RSA keys at the same time. > In addition, changing the modulus can have unpleasant effects on > traffic analysis, if not done properly. Of what sort? For D-H, the modulus must be transmitted in the clear. Unless you use a different modulus for each conversation, there is a persistency to the moduli that gives rise to a pseudo-identity. Eric From perry at imsi.com Fri May 20 09:59:38 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 20 May 94 09:59:38 PDT Subject: D-H key exchange - how does it work? In-Reply-To: <9405201655.AA11052@ah.com> Message-ID: <9405201659.AA07058@snark.imsi.com> Eric Hughes says: > > In addition, changing the modulus can have unpleasant effects on > > traffic analysis, if not done properly. > > Of what sort? > > For D-H, the modulus must be transmitted in the clear. Unless you use > a different modulus for each conversation, there is a persistency to > the moduli that gives rise to a pseudo-identity. You don't HAVE to transmit the modulus in the clear. Its often worthwhile to use D-H for key exchange even if both sides know the other's RSA public keys. Why? Because then the keys used for conventional session encryption need not be compromised for historical traffic even if the RSA keys are later compromised. Perry From bal at martigny.ai.mit.edu Fri May 20 10:16:25 1994 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Fri, 20 May 94 10:16:25 PDT Subject: D-H key exchange - how does it work? In-Reply-To: <9405201655.AA11052@ah.com> Message-ID: <9405201716.AA22022@toad.com> Date: Fri, 20 May 94 09:55:36 -0700 From: hughes at ah.com (Eric Hughes) Sender: owner-cypherpunks at toad.com Precedence: bulk I dunno. The paper by LaMacchia and Odlysko on how to break Diffie-Hellman quickly once you've done a lot of precomputation on a static modulus is sufficiently disturbing to me that I would prefer to be able to change modulii fairly frequently if possible. Quoting K. McCurley about the above mentioned work: "Their experience seems to suggest that it is possible to compute discrete logarithms in groups GF(p)^* with p \wavyequals 10^100." [in _The Discrete Logarithm Problem_, collected in _Cryptology and Computational Number Theory_] Right. Basically, what we found was that you needed the same amount of computation to factor a (k+10)-digit composite as to compute discrete logarithms in a field with k-digit modulus p. The discrete log problem is brittle---you do a lot of precomputation for a particular modulus p and then finding individual discrete logs in GF(p) is easy---so you need to think carefully about the lifetime of the information you're going to encrypt and choose the size of your modulus accordingly. --bal From pcw at access.digex.net Fri May 20 10:18:04 1994 From: pcw at access.digex.net (Peter Wayner) Date: Fri, 20 May 94 10:18:04 PDT Subject: Is crypto cash patented? Message-ID: <199405201717.AA20420@access1.digex.net> >The blind signature algorithm is patented by David Chaum. > >Eric I'm also told that Citibank is processing a patent for a form of digital cash that was, for most intents and purposes, anonymous. The patent is still in process, which means you can find out what's in it. But I'm told that they filed it in Europe more than 1.5 years ago, which means it should be open to public inspection. I wish I knew more. If anyone knows how to fish it out of the bureaucracy, I would like to hear more. From bill at kean.ucs.mun.ca Fri May 20 10:46:21 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Fri, 20 May 94 10:46:21 PDT Subject: Sternlight, Period. Message-ID: <0097EB7B.771552E0.23@Leif.ucs.mun.ca> Many thanks to Cypherpunks who told me how to filter mail on Unix. I will have to learn unix sooner or later, I guess... I am on VMS here, and I guess I could have my c/p mail gatewayed if I wanted to, and then use the news reader. Or recently our system manager installed Pine, so maybe I could use that. Still, I could read t.p.crypto too, when I want to, if I want to. I hope to get a unix machine to play with very soon, with its own Internet address - even if it's only a 286 box with linux. We may also get an alpha box sometime this year, and it may run unix or open-vms. I'll have more control over these machines than I do over our vax cluster. My own news feed and mail address - I will then be able to (1) run a remailer and (2) run a reputation market (3) do some digital cash experiments (4) gateway mail wherever and whenever I want and (5) set up ftp site/www/home page stuff, start using secure mosaic, and (6) write some code. Meanwhile, since I do have a MicroVax at my disposal, - and I should know the answer to this - can I run PGP on VMS? I don't want to rely on a timesharing machine to hold my INFO_Banque keys, for example, but to do some other stuff. Are all the cypherpunk remailers unix scripts? Our connection to the outside world was recently upgraded to T1 from 56K, so there is room for more traffic and I wouldn't mind running a remailer. However, in the longer term I will get my own commercial site on the telephone company's brand new fiber optic cable to the mainland - it will no doubt be better than T1. /----------------------------------------------------------------------\ | I am an Extropian. | Macronic Systems, Inc. offers Ideas for Sale ! | | BEST: DO_IT_SO ! | Go for it : Pledge a Digital US Dollar now. | | CryptoAnarchist. | Send PGP key for more information. | | Cypherpunk. | Get in on the ground floor. Invest Now. Trust me! | | Owner : MSInc., |---------------------------------------------------| | HEx, INFO_Banque | Day Job : Bill Garland = bill at kean.ucs.mun.ca | \__________________________________o o_________________________________/ From hughes at ah.com Fri May 20 10:52:59 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 20 May 94 10:52:59 PDT Subject: D-H key exchange - how does it work? In-Reply-To: <9405201659.AA07058@snark.imsi.com> Message-ID: <9405201756.AA11259@ah.com> > For D-H, the modulus must be transmitted in the clear. Unless you use > a different modulus for each conversation, there is a persistency to > the moduli that gives rise to a pseudo-identity. You don't HAVE to transmit the modulus in the clear. But we were talking about changing moduli and its effect on traffic analysis. If you change the modulus each conversation, you have two cases: 1. Transmit before the conversation 2. Transmit at the beginning of the conversation For case 1., you could, conceivably, transmit the modulus for the next exchange in a previous (encrypted) conversation, but that introduces lots of system complexity, state, and general nastiness. If the modulus is previously transmitted unencrypted, then we're back to the beginning. For case 2., you can transmit the modulus in the clear or encrypted. If in the clear, then you have the TA issues as before. If encrypted, you need some method of generating an encryption key, like D-H, which we're trying to do. So you could use a fixed modulus to encrypt for a second exchange; that's slow, and when the modulus goes, you reveal the same TA data as before. If you don't use D-H, and, say, public key derived things are used, then you even more directly reveal TA. The above analysis is not very rigorous. It merely points out where some of the problems are. Its often worthwhile to use D-H for key exchange even if both sides know the other's RSA public keys. It's called forward secrecy. Sure. But the issue at hand is TA. Eric From mpj at netcom.com Fri May 20 11:15:57 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Fri, 20 May 94 11:15:57 PDT Subject: FAQ: Where to get PGP latest version Message-ID: <199405201815.LAA20257@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 20 May 1994 by Mike Johnson) WHAT IS THE LATEST VERSION? Platforms | Released | Version | Notes & restrictions | by | | Other restrictions may apply. - ----------------------------------------------------------------------------- Dos & Unix | MIT | 2.5 | Uses RSAREF 2.0. Not for use in any | | BETA | application that you get paid for. | | | Patents licensed for personal use only. | | | Not for export from the USA or Canada. - ----------------------------------------------------------------------------- DOS & Unix | Viacrypt | 2.4 | Legal for both personal and | | | commercial use. Not for export from | | | the USA and Canada. - ----------------------------------------------------------------------------- Amiga | | 2.3a2 | Use extremely limited by patents in USA. - ----------------------------------------------------------------------------- Macintosh | | 2.3aV1.2 | Source code retained by | | | Christoph_Pagalies at hh2.maus.de | | | Use extremely limited by patents in USA. - ----------------------------------------------------------------------------- Macintosh | | 2.3 | Use extremely limited by patents in USA. - ----------------------------------------------------------------------------- All others | Peter | 2.3a | Use extremely limited by patents in USA. | Gutman | | This is the current version of choice | | | outside of the USA. - ----------------------------------------------------------------------------- WHERE CAN I GET VIACRYPT PGP? If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest version number for their version of PGP is 2.4. Viacrypt's licensing and price information is as follows: ViaCrypt PGP for MS-DOS 1 user $ 99.98 ViaCrypt PGP for MS-DOS 5 users $ 299.98 ViaCrypt PGP for MS-DOS 20 users or more, call ViaCrypt ViaCrypt PGP for UNIX 1 user $ 149.98 ViaCrypt PGP for UNIX 5 users $ 449.98 ViaCrypt PGP for UNIX 20 users or more, call ViaCrypt ViaCrypt PGP for WinCIM/CSNav 1 user $ 119.98 ViaCrypt PGP for WinCIM/CSNav 5 user $ 359.98 ViaCrypt PGP for WinCIM/CSNav 20 users or more, call ViaCrypt If you wish to place an order please call 800-536-2664 during the hours of 8:30am to 5:00pm MST, Monday - Friday. They accept VISA, MasterCard, AMEX and Discover credit cards. If you have further questions, please feel free to contact: Paul E. Uhlhorn Director of Marketing, ViaCrypt Products Mail: 2104 W. Peoria Ave Phoenix AZ 85029 Phone: (602) 944-0773 Fax: (602) 943-2601 Internet: viacrypt at acm.org Compuserve: 70304.41 WHERE CAN I GET THE PGP FROM MIT THAT USES RSAREF? MIT-PGP is for U. S. use only (due to some archaic export control laws), but interoperates with PGP 2.3 and 2.3a. This is the right version to use if you want to use it for personal (not for services you get paid for) electronic mail privacy in the USA and Canada. Version 2.5 interoperates with the other PGP 2.x products, but MIT is working on a version 2.6 that produces messages that version 2.3a cannot read to encourage USA users to stop using PGP 2.3, which could infringe on RSADSI's patents when used in certain ways. I don't know, yet if they will make any attempt to interoperate fully with the 100% legal (in the USA and Canada) Viacrypt PGP 2.4. MIT has stopped distributing version 2.5 to prepare for the release of 2.6. When 2.6 comes out, this following procedure MIGHT work: 1. Read ftp://net-dist.mit.edu/pub/PGP/license.txt and agree to it. 2. Telnet to net-dist.mit.edu and log in as getpgp. 3. Answer the question and write down the directory name listed. 4. QUICKLY end the telnet session with ^C and ftp to the indicated directory on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get the distribution files (pgp26.zip, pgp26doc.zip, and pgp26src.tar). If the hidden directory name is invalid, start over at step 2, above. You can get PGP 2.5 from: csn.org/mpj ftp://csn.org/mpj/I_will_not_export/crypto_???????/pgp/pgp25.zip ftp://csn.org/mpj/I_will_not_export/crypto_???????/pgp/pgp25src.tar See ftp://csn.org/mpj/README.MPJ for the ??????? See ftp://csn.org/mpj/help for more help on negotiating this site's export control methods. ftp.netcom.com/pub/mpj ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp25.zip ftp://ftp.netcom.com/mpj//I_will_not_export/crypto_???????/pgp/pgp25src.tar See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ??????? See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this site's export control methods. TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com containing the word HELP in the body of the message for instructions. You will have to work quickly to get README.MPJ then the files before the ??????? part of the path name changes again (several times a day). ftp.eff.org Follow the instructions found in README.Dist that you get from one of: ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ Colorado Catacombs BBS Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, etc. v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps 8 data bits, 1 stop, no parity, as fast as your modem will go. Use ANSI terminal emulation, of if you can't, try VT-100. Free access to PGP. If busy or no answer, try again later. Log in with your own name, or if someone else already used that, try a variation on your name or pseudonym. You can request access to crypto software on line, and if you qualify legally under the ITAR, you can download on the first call. Download file names: pgp25.zip (DOS version with documentation) pgp25src.tar (Unix version and source code) pgp25doc.zip (Documentation only -- exportable) (303) 772-1062 Longmont, Colorado number - 2 lines. (303) 938-9654 Boulder, Colorado number forwarded to Longmont number intended for use by people in the Denver, Colorado area. Verified: This morning. Other BBS and ftp sites will no doubt pick it up rapidly after the beta test is completed. Please send bug reports concerning PGP 2.5 BETA to pgp-bugs at mit.edu. If you obtain a copy of this beta release code, please keep checking http://web.mit.edu for the announcement of the final release, so that you can update your copy of PGP. WHERE TO GET PGP 2.3a (RELEASED FROM NEW ZEALAND) The freeware version of PGP is intended for noncommercial, experimental, and scholarly use. It is available on thousands of BBSes, commercial information services, and Internet anonymous-ftp archive sites on the planet called Earth. This list cannot be comprehensive, but it should give you plenty of pointers to places to find PGP. Although the latest freeware version of PGP was released from outside the USA (New Zealand), it is not supposed to be exported from the USA under a strange law called the International Traffic in Arms Regulations (ITAR). Because of this, please get PGP from a site outside the USA if you are outside of the USA. This data is subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Thanks to Gary Edstrom and Hugh Miller for providing part of this data. FTP sites: ftp.ee.und.ac.za /pub/crypto/pgp soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) Verified: 21-Dec-93 ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ftp.dsi.unimi.it /pub/security ftp.tu-clausthal.de (139.174.2.10) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) black.ox.ac.uk (129.67.1.165) /src/security/pgp23A.zip (MS-DOS executables & docs) /src/security/pgp23srcA.zip (Unix, MS-DOS, VMS, Amiga sources, docs, info on building PGP into mailers, editors, etc.) /src/security/pgp23A.tar.Z (Same as PGP22SRC.ZIP, in Unix tar format) /src/security/macpgp2.3.cpt.hqx (Macintosh version) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) csn.org /mpj/README.MPJ contains variable directory name -- read this first. /mpj/help explains how to get to hidden directory containing PGP /mpj/I_will_not_export/crypto_???????/pgp/ contains current PGP /mpj/I_will_not_export/crypto_???????/pgptools/ contains related tools /mpj/I_will_not_export/crypto_???????/ contains other crypto info. /mpj/public/pgp/ contains PGP shells, faq documentation, etc. ftp.netcom.com /pub/dcosenza -- PGP for several platforms + some shells and steganography utilities. /pub/gbe/pgpfaq.asc -- frequently asked questions answered. /pub/mpj (see README.MPJ -- similar layout to csn.org//mpj) /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ, Steganograpy software list. MacUtilites for use with MacPGP. Stealth1.1 + other steganography programs. Send mail to qwerty at netcom.com with the subject "Bomb me!" to get the PGP FAQ and MacPGP guide if you don't have ftp access. nic.funet.fi (128.214.6.100) /pub/crypt/pgp23A.zip /pub/crypt/pgp23srcA.zip /pub/crypt/pgp23A.tar.Z van-bc.wimsey.bc.ca (192.48.234.1) /m/ftp2/crypto/RSA/PGP/2.3a/pgp23A.zip /m/ftp2/crypto/RSA/PGP/2.3a/pgp23srcA.zip ftp.uni-kl.de (131.246.9.95) qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) StealthPGP: The Amiga version can be FTP'ed from the Aminet in /pub/aminet/util/crypt/ as StealthPGP1_0.lha. Also, try an archie search for PGP using the command: archie -s pgp23 (DOS Versions) archie -s pgp2.3 (MAC Versions) ftpmail: For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. For the ftp sites on netcom, send mail to ftp-request at netcom.com containing the word HELP in the body of the message. World Wide Web URLs: (Thanks to mathew at mantis.co.uk) UNIX PGP 2.3a Compiles best with GCC 2.4.x or higher. A straight port from DOS, so hardened UNIX users find it a bit chatty. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.tar.Z * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.tar.Z * _NL:_ ftp://svin02.info.win.tue.nl/pub/misc/pgp23A.tar.gz * _SE:_ ftp://ftp.sunet.se/pub/security/tools/crypt/pgp23A.tar.gz * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.tar.Z * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23A.tar.Z * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.tar.Z * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.tar.Z * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23A.tar.gz _________________________________________________________________ MS-DOS PGP 2.3 Program * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23A.zip * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23A.zip * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23A.zip * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23A.zip * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23A.zip * _IT:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23A.zip * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23A.zip Source code Designed to compile with Turbo C; compiles fine with Microsoft Visual C++ also. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23srcA.zip * _UK:_ ftp://black.ox.ac.uk/src/security/pgp23srcA.zip * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/pgp23srcA.zip * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp23srcA.zip * _FI:_ ftp://ftp.funet.fi/pub/crypt/pgp23srcA.zip * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp23srcA.zip * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23srcA.zip _________________________________________________________________ MACPGP 2.3 A slightly souped-up port of PGP to the Mac. Has help menus and other goodies, but is still not a real Mac application. However, it works. Note that the version 2.3 release of MacPGP contains the major bug-fix which was later added to UNIX/DOS PGP 2.3. There was therefore no need for a MacPGP 2.3A release; version 2.3 already had the bug fix by the time it was released. There is no MacPGP 2.3A. Program * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/macpgp2.3.cpt.hqx * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz Source code Requires Think C. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx -- version 2.2 only * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/macpgp2.3src.sea.hqx.pgp * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h qx.pgp Documentation PGP is rather counter-intuitive to a Mac user. Luckily, there's a guide to using MacPGP in ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP. _________________________________________________________________ OS/2 PGP You can, of course, run the DOS version of PGP under OS/2. Program * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp22os2.zip -- version 2.2 only, native binaries * _DE:_ ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23os2 A.zip Source code * _DE:_ ftp://ftp.informatik.tu-muenchen.de/pub/comp/os/os2/crypt/pgp23src A.zip _________________________________________________________________ AMIGA PGP * _UK:_ ftp://ftp.demon.co.uk/pub/amiga/pgp/pgp21ami.lha -- version 2.1 only * _DE:_ ftp://faui43.informatik.uni-erlangen.de/mounts/rzsuna/pub/aminet/u til/crypt/pgp21ami.lha -- version 2.1 only * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_2.lha * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_2.lha Source * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a2_src.lha * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a2_src.lha _________________________________________________________________ ARCHIMEDES PGP * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a _________________________________________________________________ DOCUMENTATION ONLY Want to know more about PGP, but too scared to download the actual program in case the Feds bust down your door? Fetch this. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp23docA.zip * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/pgp23docA.zip _________________________________________________________________ FOREIGN LANGUAGE MODULES These are suitable for most PGP versions. Italian * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp-lang.italian.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.italian.t ar.gz Spanish * _IT:_ ftp://ghost.dsi.unimi.it/pub/crypt/pgp-lang.spanish.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.t ar.gz German * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt Swedish * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt _________________________________________________________________ OTHER SITES Some cryptographic software is available from ftp://van-bc.wimsey.bc.ca/pub/crypto/software/. Read the README file and proceed from there. BBS sites: Colorado Catacombs BBS (See also the entry above for PGP 2.5) (303) 772-1062 Longmont, Colorado (2 lines) (303) 938-9654 Boulder, Colorado Verified: This morning. Hieroglyphics Voodoo Machine (Colorado) DOS, OS2, and Mac versions. (303) 443-2457 Verified: 5-2-94 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Carrying RIME, Throbnet, Smartnet, and Usenet Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel PGP 2.3A has been posted to the FidoNet Software Distribution Network and should on most if not all Canadian and U.S. nodes carrying SDN software. It has also been posted on almost all of the major private North American BBS systems, thence to countless smaller boards. Consult a list of your local BBSes; most with a sizeable file inventory should carry the program. If you find a version of the PGP package on a BBS or FTP site and it does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. ARCHIE WHO? There are many more sites. You can use archie and/or other "net-surfing" tools to find a more up-to-date listing, if desired. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.4 mQCNAi0aFSUAAAEEAOCOKpaLepvJCFgIR4m+UvZe0IN8g7Guwc+6GH4u6UGTPxQO iAhk/MJ7E8LE4c55A1G8to2W4y3aKAHvi9QCYKnsLV8Ag0BYWo3bGGTPEfkS7NAI N+Zy6vSjuF1D6MUnbvrQJ5p4efz7a28iYRKoAdan2bfnvIYWUD9nBjyFM+vFAAUR tDdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajQgW2V4cCAz MSBEZWMgOTRdiQCVAgUQLTqfXj9nBjyFM+vFAQGU7wP/ZuuHfdAnCIblNCtbLLG8 39CSg6JIVa3KWfe0WIz6dXFU3cvl2Wt094kJgZ+Nmq01INWlib2lTOznbkA9sV1W q0aJSBHFWQH29qGmIdEqThs7A5ES2w8eRjJD80lxHodRIkBcC5KI6x4Mxo8cib5V BrwsvtG0+81HD6Mrpvc+a0GJAJUCBRAtJc2rZXmEuMepZt0BAe4hA/9YANYPY4Z3 1pXv2mT6ReC09cZS5U3+xxC5brQdLsQGKuH6QVs/b5oc6NV84sh8A9tZyHG2067o 3XIEyN7PPQzRm2UUnHHqw9lBCNhMiFQsAJi4W+m8zXrVrpJWK0Wv61eV2/XIQl0V d4lxu0r+MNRP6ID6FBzA4C9rO+RYEZmwOIkAlQIFEC0aGRzb/VZRBVJGuQEBfaUD /3c2h//kg843OIcYHG4gMDqdeeZLzGlp3RVvh0Rs3/T0YylJZGjPL2L/BF/vfLlB 9E2Urh9mDG/7hiB5FncrUnkmN63IkSj+K9YyfPyYxBVx06Srj8ZzYynh0N+zledd 6cnwxRXhaD3Wc4EfSNR7BH9M2rjkGzyb5to9cgBb0ng+ =BLg5 - -----END PGP PUBLIC KEY BLOCK----- I didn't have to generate a new key to use version 2.5, but I think keys should be changed periodically anyway to limit damages just in case a key got compromised and I didn't know about it. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.5 mQCNAi3P6L4AAAEEAM4qXLLvN7dOVuEOIMjX3AFB8HtsCeYECF428Z1dVSf8OMGr KbTjGpuy0WvkigHm0yZmfmAdS8GkLReFmwv36TbhYYvjRaTou+qFjC9um9j4UPP3 /337HTEvFC+oVtCcqLVn2Xv0tTO/KB4nfbash8tzPZWn0WUfpQ9rDjx3TioRAAUR tCJNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+tB1tcGo2IDxtcGpv aG5zb0BueXguY3MuZHUuZWR1PokAlQIFEC3P7AA/ZwY8hTPrxQEBmEoD/RJZure0 ghGjOq2qxYIgrd8xebuFEchOQZwInerWd0izjpIMmfh3zlgkgejUhEfPafwCTYg6 BMdbxjNzYwC8/rq/R4EGR6pTe7dJqhvFfvzzLZyjBarX7lw6TJ2Oyt9oFMSQbGwF /BKqc0Ymr/8EmT+JsEDnypepm41otWMyYFfSiQCVAgUQLc/rww9rDjx3TioRAQF0 igQAkRrmuAmF1QLp1gFRxqMLw+dDzAtUjFpUrpvqN8yDu/TS3Ue/GdvBECFCzbcD jA3gGviXBWfRx4w6KRVpqTSsfJt5IvcrTbYGcscIQWHPzqLiq8iu22+Ao2ImcDUB Lu+Z+Wo2Ok00DnvAnzqjXrffo6Eq2qOoGhBlFfStXUCMvbe0HU1pa2UgSm9obnNv biA8bXBqQG5ldGNvbS5jb20+tDBEb24ndCB1c2UgZm9yIGVuY3J5cHRpb24gYWZ0 ZXIgMzEgRGVjZW1iZXIgMTk5NS60I01pY2hhZWwgSm9obnNvbiA8bWlrZWpAZXhh Ynl0ZS5jb20+tDBNaWNoYWVsIFBhdWwgSm9obnNvbiA8NzEzMzEuMjMzMkBjb21w dXNlcnZlLmNvbT60KU1pY2hhZWwgUC4gSm9obnNvbiA8bS5wLmpvaG5zb25AaWVl ZS5vcmc+ =w6Cu - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | | | / _ | mpj at csn.org ftp:csn.org//mpj/README.MPJ for crypto stuff | | |||/ /_\ | aka mpj at netcom.com mpjohnson at ieee.org mikej at exabyte.com | | |||\ ( | m.p.johnso at nyx.cs.du.edu CIS 71331,2332 PGP key by finger | | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLdz6Wz9nBjyFM+vFAQE52AP/XL+6drZrvFbdAiLKaXN5l7TyLHIITUow aiDWi71T/OmC5C+76nooRHS6U/9Elf2SNz1/fD1opf4wwQ47opNKHXElwluAja3Y IpyT9uBhoQsydnsa25Pafgszv8qMx0t0XxMoMWN/GqOK9tOoNUIlG0Dfl6VqSAxH UGgt2pRVwVU= =x75J -----END PGP SIGNATURE----- From gtoal at an-teallach.com Fri May 20 11:31:32 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 20 May 94 11:31:32 PDT Subject: PGP 2.5--some questions. Message-ID: <199405201830.TAA17866@an-teallach.com> : From: m1tca00 at newfed.frb.gov (Thomas C. Allard) : > > To respond to the sender of this message, send mail to : > > remailer at soda.berkeley.edu, starting your message with : > > the following 7 lines: : > > :: : > > Response-Key: ideaclipper : > : > > ====Encrypted-Sender-Begin==== : > > MI@```$US^P;+]AB?X9TW6\8WR:>P&2'9,7.YM5[D5-D0)[3;\@M3L:625SRF : > > E&M(.3FCF)SX,HK/F!CHPO!/>L.D#Z=4(++Q872W\KAK[:?GOT``` : > > ====Encrypted-Sender-End==== : > : > Thus the NSA just needs to crack the "soda" key in order to get hold : > of a person who knows something about an ITAR infringement. : > : > Is there a way to instruct a cypherpunk remailer to omit the last : > seven lines? : He most likely used a chain of remailers. That's the REASON for : the last seven lines (instead of a simple anonXXXX-type address. : When you send those 7 lines to the soda remailer, it decrypts it : and finds ANOTHER address to send it to. It can do this as many : times as you like. When this feature was put in recently, in response to a suggestion of mine (which I now regret because of...), I intended for each posting to be encrypted with a different randomly-generated key, and for the key to be deleted after being reused on reply. Unfortunately Eric chose not to implement it that way, and although he promised to cycle the keys periodically, he seems not to have done so. I agree with whoever it was above that was in fear of the key being compromised - it *is* a possibility, and that's why I wouldn't use that remailer, if I ever had to use a remailer. G From auerbach at denver.ssds.com Fri May 20 11:40:46 1994 From: auerbach at denver.ssds.com (Karl Auerbach - San Jose Consultant) Date: Fri, 20 May 94 11:40:46 PDT Subject: NSA's Baker to debate key escrow live on AOL, May 26 In-Reply-To: Message-ID: I'm going to add some annotations to clarify the transcript... I must say, it was fun! Overall, I believe that there were some good minds at work on Clipper, and that they are really sincere that they believe they have put in a workable set of protections. One must admit, that for the government, they have actually put in a pretty strong set of restrictions and limitations. But, overall, they simply missed the point that the starting point of the discussion is that people have a right to privacy, not that the government has a right to wiretap. --karl-- On Thu, 19 May 1994, Russell Nelson wrote: > Date: Thu, 19 May 94 10:12 EDT > From: Russell Nelson > To: cypherpunks at toad.com, auerbach at denver.ssds.com > Subject: Re: NSA's Baker to debate key escrow live on AOL, May 26 > > Date: Thu, 19 May 1994 03:03:31 -0700 > From: Phil Karn > > In article , you write: > |> I've heard Baker. He's not particularly articulate, especially when > |> confronted by another lawyer (viz Karl Auerbach at Interop). He tends > > I missed that session, opting to head for the airport before the rush. > What exactly did Auerbach say? Sorry I missed the fun. > > I missed it too, so I bought the tapes. This is transcribed from the > tape of the Networld+Interop "The Clipper Chip Controversy" debate > between Baker of the NSA and Weitzman of the EFF. Karl Auerbach was > the first questioner: > > Auerbach: Okay, well, my name is Karl Auerbach, and first a > calibration tone. I grew up reading the cases of Sacco and Vanzetti, > and Julius and Ethel Rosenberg, and I remember Kent State, and things > like that. So, do I trust my government? No. > > Certain things. First, a technical question. You said that you sent > the chip off to the national labs for reverse engineering. Did anyone > sent it to Taiwan? Next thing. > > Baker: Are these all going to be hypothetical? > > A: Did you really try giving it to the experts? I mean, is it really > reasonable to expect that someone isn't going to try to reverse > engineer this thing? > > B: I think it's quite reasonable to buy devices with the chip in it > and sent it to whomever you'd like. I don't necessarily believe that > I share your belief that you know who has the best technology for > doing this because the people at the national labs get to practice against > someone besides Intel and Motorola. Just a response, > Karl. > > A: I'd like to see them have a try. Anyway, getting more to the legal > matters, If I have a clipper phone, it's used by lots of people. And, > does that increase the expectation of privacy which is recognized by > the supreme court and what happens to other people -- are we going to > enact parallel legislation that restricts the further use of just > ancillary conversations on the phone by a third party. To make this > work, we're going to have to enact legislation that prohibits the use > of superencryption like pgp. Are we going to do that? And also The point that I was trying to make here is this: One of the ways to determine whether the government can simply use stuff it happens to encounter (perhaps with a little help in the encountering) is based on whether the subject has an "expectation of privacy." So, if I yell to another person in a crowded room, I don't have much expectation that my conversation is private. If I were to talk quietly in a room with just two people, my expectation is higher. On a normal telephone, I might be overhead by an operator. On a cellular phone, my expectation might be a bit less. On an encrypted phone I might have a pretty high expectation. Thus, if a third party were to use a phone which is being tapped, would the police be able to use what they overheard this person say, even though the search warrant only allows tapping for the main subject? From a later answer, it seems that there are some laws governing this. > > B: NO! > > A: And also, are we going to allow PGP then? And we're going to > superencrypt it. So that means that your total system is dead. > > B: I have to ask myself, what is the value to you of > superencrypting? > > A: So you can't read it! > > B: Yeah, that's right Of course, but > > A: If you want to do police work, get the police to find the key that > the pedophile used to encrypt his file. Get your warrant to look for > that key. He kept it somewhere. It was just sloppy police work that > didn't get the key he's got somewhere . And I > don't know what piece of information you had that led you to know that > that encrypted file had what you thought was in it. Can you point, > can you specifically articulate reasons that would give you probably > cause to think that that information was in those files? And I might > remind you, the Supreme Court requires that. whistles, claps> I was really incensed at this point. The guy from NSA was making all these assertions about what was purportedly in some PGP encrypted files, yet he failed to indicate one bit of information that would indicate why he believed that those files contained that information. In addition, while it is possible that someone might hold a PGP key in his head, it is more likely that it is written down somewhere. So rather than using this situation to justify Clipper, it should be used to educate the police to find the key to the door before breaking it down. > > B: I'm trying to figure out which of your points to address first. > Let me start with the suggestion that superencryption somehow makes > this pointless. I agree that if the government said that the only > kind of encryption you can use is clipper, that superencryption would > be a way of evading some kind of enforcement mechanism designed to > ensure that only clipper encryption was on the system. > > A: So if I use PGP then you'll have probable cause to get a warrant? > > B: No. First, there's no suggestion, hasn't been a suggestion, you've > got denials left and right, that this is going to be a required > system. If it's not a required system, what's the point of adding PGP > to clipper? You can encrypt with PGP if you want to, and you get > whatever strength PGP gives you. You add to that clipper and the > government has probably cause to decrypt your clipper conversations, > what you have is a single PGP-encrypted conversation, which is as good > as not having bothered going through the clipper encryption at all. > > A: No, what I was expecting was that you're going to make the argument > that if we've got clipper, and we find that someone is using PGP in > addition to clipper, that therefore they've got something to hide, and > we'd better go after them. > > B: Yeah, I think that's a paranoid suggestion. > > A: Well, I'm paranoid, but the government... And the > other thing is, we saw an earlier slide that says that this will only > be available to the federal government. Now, if my statistics memory > is right, most criminals are investigated by state governments. So is > this somehow, what's going to happen with the states? Are they going > to have access to this, or are we going to create more magistrates? > Are we going to deputize all the local police as federal agents? > > B: About 37 states have wiretap authority. If they encounter > > A: So the first slide lied. > > B: I don't think so. > > A: So those state police are now federal employees. So this is more > than federal wiretapping, this is state wiretapping as well then? And > I bet there's far more, how many state wiretaps are there per year? > > B: I think the 900 includes that. And the wiretapping proceeds in > this country pursuant to federal law. It's regulated by federal law > even when it's done by state authorities. That, probably, is the > answer to the other point you had suggested, which is that we need > some special law to protect third parties who might have conversations > with people. In fact, there are already requirements on the books > that, after all, if you're conducting a wiretap, of John Gotti, you're > always going to get two people in those conversations. There's not > much point in wiretapping him when he's not talking to somebody. > Consequently, if he calls somebody to order pizza, or if his daughter > orders pizza, or talks to her friends, there are already legal > requirements that you cease the recording of those conversations when > they're plainly not related to the crime. > > A: And finally in respect to the escrows, since this is personally > identifiable information, I assume that under the privacy act, I have > access to it. > > : Karl, it's not personally identifiable in the sense > that what the escrow agents maintain is a chip id and an encryption > key and there is not a mapping maintained in the system in general, at > any point, of who bought which device with chip id, so if that's what > you were referring to, I don't think it qualifies as you described it. > > : Let me just add that unfortunately there's a law > enforcement exception to the privacy act, so I think it's an > interesting question whether it is personally identifiable or not, but > either way, there is an exception for on ongoing investigation. > > I heard somebody made a good crack to Baker about how he must have > worked for the tobacco companies. Was that Auerbach? > > No, that was the person who spoke after him. It was "Mr. Baker, I > just have a very simple question about your position on all this. Do > you ever feel like a cigarette industry executive?" laughs, applauds> > > B: Let me turn that around a little, and I'll ask that about the EFF. > I wonder whether they don't ever feel like the NRA, because in fact, > the analysis we hear of this issue, and the stuff, > you've all heard it, "they'll get my crypto key when they pry it from > my dead, cold fingers". All that stuff is a deliberate invocation of > the same kind of analysis that gave us the gun policy that we have in > this country. And so I guess if you like the gun policy that the NRA > gave us, I think you're going to love the privacy consequences of the > policies that the EFF is urging on us. > > : Isn't that what the United States Constitution says, though? > > B: I don't think the constitution requires either of these > things. > > etc. > > -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav > Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key > 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light > Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From warlord at MIT.EDU Fri May 20 11:52:19 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 20 May 94 11:52:19 PDT Subject: Why PGP 2.5 sucks... In-Reply-To: <9405200919.AA00432@hio.tem.nhl.nl> Message-ID: <9405201852.AA25657@toxicwaste.media.mit.edu> - You can't use your old secret key. So you have to build a new one. Why? I don't know. But PGP 2.5 don't recognize your pass phrase anymore. Maybe that new RSA algoritme is easier to crack. So they force everybody to create a new key... Sure you can. If you can't, then this is a bug and should be reported. (There is a known bug in the idea code that causes it to lose on some platforms because memcpy does not deal with copying over overlapping bodies of memory). This bug has been fixed for 2.6! - A new RSA algorithm??? What's wrong with the old one??? NOT! It's the same RSA algorithm, just a different RSA engine. I hope this helps -derek From danisch at ira.uka.de Fri May 20 11:55:18 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 20 May 94 11:55:18 PDT Subject: Secure RPC? Message-ID: <9405201854.AA15841@deathstar.iaks.ira.uka.de> Hello, where can I get specs and informations about secure RPC? Thanks Hadmut From janzen at idacom.hp.com Fri May 20 12:24:37 1994 From: janzen at idacom.hp.com (Martin Janzen) Date: Fri, 20 May 94 12:24:37 PDT Subject: Secure RPC? In-Reply-To: <9405201854.AA15841@deathstar.iaks.ira.uka.de> Message-ID: <9405201924.AA12030@loki.idacom.hp.com> Hadmut Danisch writes: > >where can I get specs and informations about >secure RPC? You can get the source code and associated documentation from ftp://bcm.tmc.edu/nfs. You'll need the files rpc_40*.shar and secure_rpc*.shar. Note that this doesn't come with the actual DES encryption routines; you'll have to find or write your own. But: smb at research.att.com writes: > > I remember a referance to Sun's secure RPC where the puplic key > was "insecure" because the it did not use a large "key" (to few bits?) > > does anyone one have info on this? > > -Pete > >Yup. The modulus is too small, and the key exchange was cryptanalyze >by LaMacchia and Odlyzko. See > >@article{nfscrack, > author = {Brian A. LaMacchia and Andrew M. Odlyzko}, > journal = {Designs, Codes, and Cryptography}, > pages = {46--62}, > title = {Computation of Discrete Logarithms in Prime Fields}, > volume = {1}, > year = {1991}, >} -- Martin Janzen janzen at idacom.hp.com Pegasus Systems Group c/o Hewlett-Packard, IDACOM Telecom Operation From p.v.mcmahon.rea0803 at oasis.icl.co.uk Fri May 20 12:31:27 1994 From: p.v.mcmahon.rea0803 at oasis.icl.co.uk (p.v.mcmahon.rea0803 at oasis.icl.co.uk) Date: Fri, 20 May 94 12:31:27 PDT Subject: Secure RPC? Message-ID: <9405201930.AA08832@getafix.oasis.icl.co.uk> For ONC RPC, see Internet Draft ietf-draft-oncrpc-rpcv2-00.txt From cclark at CNRI.Reston.VA.US Fri May 20 12:34:26 1994 From: cclark at CNRI.Reston.VA.US (Cynthia Clark) Date: Fri, 20 May 94 12:34:26 PDT Subject: Secure RPC? In-Reply-To: <9405201854.AA15841@deathstar.iaks.ira.uka.de> Message-ID: <9405201528.aa11938@IETF.CNRI.Reston.VA.US> > where can I get specs and informations about secure RPC? Hello Hadmut, I'm forwarding the Internet Draft below. Is this exactly what you're looking for ? Anyone can retrieve these I-Ds by using the anonymous ftp at ds.internic.net cd /ftp/internet-drafts For more information about RPC, you might want to contact Raj Srinivasan at If you have any other questions, please do not hesitate to contact me directly. I might help as a "pointer". Kind Regards, Cynthia Clark Internet Drafts Administrator ----- Forwarded Message ------ INTERNET-DRAFT Raj Srinivasan March 4, 1994 Sun Microsystems RPC: Remote Procedure Call Protocol Specification Version 2 ietf-draft-oncrpc-rpcv2-00.txt ABSTRACT This document describes Sun Microsystems' Remote Procedure Call (ONC RPC Version 2) protocol as it is currently deployed and accepted. STATUS OF THIS MEMO Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. This Internet Draft expires on October 4, 1994. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a "working draft" or "work in progress." Please check the I-D abstract listing contained in each Internet Draft directory to learn the current status of this or any other Internet Draft. Distribution of this memo is unlimited. Expires: October 4, 1994 [Page 1] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 CONTENTS 1. INTRODUCTION 2. TERMINOLOGY 3. THE RPC MODEL 4. TRANSPORTS AND SEMANTICS 5. BINDING AND RENDEZVOUS INDEPENDENCE 6. AUTHENTICATION 7. RPC PROTOCOL REQUIREMENTS 7.1 RPC Programs and Procedures 7.2 Authentication 7.3 Program Number Assignment 7.4 Other Uses of the RPC Protocol 7.4.1 Batching 7.4.2 Broadcast Remote Procedure Calls 8. THE RPC MESSAGE PROTOCOL 9. AUTHENTICATION PROTOCOLS 9.1 Null Authentication 9.2 System Authentication 9.3 DES Authentication 9.3.1 Naming 9.3.2 DES Authentication Verifiers 9.3.3 Nicknames and Clock Synchronization 9.3.4 DES Authentication Protocol Specification 9.3.4.1 The Full Network Name Credential and Verifier (Client) 9.3.4.2 The Nickname Credential and Verifier (Client) 9.3.4.3 The Nickname Verifier (Server) 9.3.5 Diffie-Hellman Encryption 9.4 Kerberos-based Authentication 9.4.1 Kerberos-based Authentication Protocol Specification 9.4.1.1 The Full Network Name Credential and Verifier (Client) 9.4.1.2 The Nickname Credential and Verifier (Client) 9.4.1.3 The Nickname Verifier (Server) 10. RECORD MARKING STANDARD 11. THE RPC LANGUAGE 11.1 An Example Service Described in the RPC Language 11.2 The RPC Language Specification 11.3 Syntax Notes APPENDIX A: RPCBIND PROGRAM PROTOCOL A.1 RPCBIND Protocol Specification (in RPC Language) A.2 RPCBIND Operation A.2.1 RPCBIND Version 3 A.2.2 RPCBIND, Version 4 APPENDIX B: PORT MAPPER PROGRAM PROTOCOL B.1 Port Mapper Protocol Specification (in RPC Language) B.2 Port Mapper Operation REFERENCES Expires: October 4, 1994 [Page 2] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 1. INTRODUCTION This document specifies version two of the message protocol used in Sun's Remote Procedure Call (RPC) package. The message protocol is specified with the eXternal Data Representation (XDR) language [9]. This document assumes that the reader is familiar with XDR. It does not attempt to justify remote procedure calls systems or describe their use. The paper by Birrell and Nelson [1] is recommended as an excellent background for the remote procedure call concept. 2. TERMINOLOGY This document discusses clients, calls, servers, replies, services, programs, procedures, and versions. Each remote procedure call has two sides: an active client side that makes the call to a server, which sends back a reply. A network service is a collection of one or more remote programs. A remote program implements one or more remote procedures; the procedures, their parameters, and results are documented in the specific program's protocol specification (see Appendix A for an example). A server may support more than one version of a remote program in order to be compatible with changing protocols. For example, a network file service may be composed of two programs. One program may deal with high-level applications such as file system access control and locking. The other may deal with low-level file input and output and have procedures like "read" and "write". A client of the network file service would call the procedures associated with the two programs of the service on behalf of the client. The terms client and server only apply to a particular transaction; a particular hardware entity (host) or software entity (process or program) could operate in both roles at different times. For example, a program that supplies remote execution service could also be a client of a network file service. 3. THE RPC MODEL The Sun RPC protocol is based on the remote procedure call model, which is similar to the local procedure call model. In the local case, the caller places arguments to a procedure in some well- specified location (such as a register window). It then transfers control to the procedure, and eventually regains control. At that point, the results of the procedure are extracted from the well- specified location, and the caller continues execution. The remote procedure call model is similar. One thread of control logically winds through two processes: the caller's process, and a server's process. The caller process first sends a call message to the server process and waits (blocks) for a reply message. The call message includes the procedure's parameters, and the reply message includes the procedure's results. Once the reply message is received, the results of the procedure are extracted, and caller's execution is resumed. Expires: October 4, 1994 [Page 3] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 On the server side, a process is dormant awaiting the arrival of a call message. When one arrives, the server process extracts the procedure's parameters, computes the results, sends a reply message, and then awaits the next call message. In this model, only one of the two processes is active at any given time. However, this model is only given as an example. The Sun RPC protocol makes no restrictions on the concurrency model implemented, and others are possible. For example, an implementation may choose to have RPC calls be asynchronous, so that the client may do useful work while waiting for the reply from the server. Another possibility is to have the server create a separate task to process an incoming call, so that the original server can be free to receive other requests. There are a few important ways in which remote procedure calls differ from local procedure calls: 1. Error handling: failures of the remote server or network must be handled when using remote procedure calls. 2. Global variables and side-effects: since the server does not have access to the client's address space, hidden arguments cannot be passed as global variables or returned as side effects. 3. Performance: remote procedures usually operate one or more orders of magnitude slower than local procedure calls. 4. Authentication: since remote procedure calls can be transported over unsecured networks, authentication may be necessary. Authentication prevents one entity from masquerading as some other entity. The conclusion is that even though there are tools to automatically generate client and server libraries for a given service, protocols must still be designed carefully. 4. TRANSPORTS AND SEMANTICS The RPC protocol can be implemented on several different transport protocols. The RPC protocol does not care how a message is passed from one process to another, but only with specification and interpretation of messages. However, the application may wish to obtain information about (and perhaps control over) the transport layer through an interface not specified in this document. For example, the transport protocol may impose a restriction on the maximum size of RPC messages, or it may be stream- oriented like TCP with no size limit. The client and server must agree on their transport protocol choices, through a mechanism such as the one described in Appendix A. It is important to point out that RPC does not try to implement any kind of reliability and that the application may need to be aware of the type of transport protocol underneath RPC. If it knows it is running on top of a reliable transport such as TCP [6], then most of the work is already done for it. On the other hand, if it is running on top of an unreliable Expires: October 4, 1994 [Page 4] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 transport such as UDP [7], it must implement its own time-out, retransmission, and duplicate detection policies as the RPC protocol does not provide these services. Because of transport independence, the RPC protocol does not attach specific semantics to the remote procedures or their execution requirements. Semantics can be inferred from (but should be explicitly specified by) the underlying transport protocol. For example, consider RPC running on top of an unreliable transport such as UDP. If an application retransmits RPC call messages after time- outs, and does not receive a reply, it cannot infer anything about the number of times the procedure was executed. If it does receive a reply, then it can infer that the procedure was executed at least once. A server may wish to remember previously granted requests from a client and not regrant them in order to insure some degree of execute-at-most-once semantics. A server can do this by taking advantage of the transaction ID that is packaged with every RPC message. The main use of this transaction ID is by the client RPC entity in matching replies to calls. However, a client application may choose to reuse its previous transaction ID when retransmitting a call. The server may choose to remember this ID after executing a call and not execute calls with the same ID in order to achieve some degree of execute-at-most-once semantics. The server is not allowed to examine this ID in any other way except as a test for equality. On the other hand, if using a "reliable" transport such as TCP, the application can infer from a reply message that the procedure was executed exactly once, but if it receives no reply message, it cannot assume that the remote procedure was not executed. Note that even if a connection- oriented protocol like TCP is used, an application still needs time-outs and reconnection to handle server crashes. There are other possibilities for transports besides datagram- or connection-oriented protocols. For example, a request-reply protocol such as VMTP [2] is perhaps a natural transport for RPC. The Sun RPC package currently uses both TCP and UDP transport protocols. 5. BINDING AND RENDEZVOUS INDEPENDENCE The act of binding a particular client to a particular service and transport parameters is NOT part of this RPC protocol specification. This important and necessary function is left up to some higher-level software. (The software may use RPC itself; see Appendix A.) Implementors could think of the RPC protocol as the jump-subroutine instruction ("JSR") of a network; the loader (binder) makes JSR useful, and the loader itself uses JSR to accomplish its task. Likewise, the binding software makes RPC useful, possibly using RPC to accomplish this task. 6. AUTHENTICATION The RPC protocol provides the fields necessary for a client to identify itself to a service, and vice-versa, in each call and reply message. Expires: October 4, 1994 [Page 5] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 Security and access control mechanisms can be built on top of this message authentication. Several different authentication protocols can be supported. A field in the RPC header indicates which protocol is being used. More information on specific authentication protocols is in section 9: "Authentication Protocols". 7. RPC PROTOCOL REQUIREMENTS The RPC protocol must provide for the following: (1) Unique specification of a procedure to be called. (2) Provisions for matching response messages to request messages. (3) Provisions for authenticating the caller to service and vice- versa. Besides these requirements, features that detect the following are worth supporting because of protocol roll-over errors, implementation bugs, user error, and network administration: (1) RPC protocol mismatches. (2) Remote program protocol version mismatches. (3) Protocol errors (such as misspecification of a procedure's parameters). (4) Reasons why remote authentication failed. (5) Any other reasons why the desired procedure was not called. 7.1 RPC Programs and Procedures The RPC call message has three unsigned integer fields -- remote program number, remote program version number, and remote procedure number -- which uniquely identify the procedure to be called. Program numbers are administered by some central authority (like Sun). Once implementors have a program number, they can implement their remote program; the first implementation would most likely have the version number 1. Because most new protocols evolve, a version field of the call message identifies which version of the protocol the caller is using. Version numbers enable support of both old and new protocols through the same server process. The procedure number identifies the procedure to be called. These numbers are documented in the specific program's protocol specification. For example, a file service's protocol specification may state that its procedure number 5 is "read" and procedure number 12 is "write". Just as remote program protocols may change over several versions, the actual RPC message protocol could also change. Therefore, the call message also has in it the RPC version number, which is always equal to two for the version of RPC described here. The reply message to a request message has enough information to distinguish the following error conditions: (1) The remote implementation of RPC does not support protocol version 2. The lowest and highest supported RPC version numbers are returned. (2) The remote program is not available on the remote system. Expires: October 4, 1994 [Page 6] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 (3) The remote program does not support the requested version number. The lowest and highest supported remote program version numbers are returned. (4) The requested procedure number does not exist. (This is usually a client side protocol or programming error.) (5) The parameters to the remote procedure appear to be garbage from the server's point of view. (Again, this is usually caused by a disagreement about the protocol between client and service.) 7.2 Authentication Provisions for authentication of caller to service and vice-versa are provided as a part of the RPC protocol. The call message has two authentication fields, the credential and verifier. The reply message has one authentication field, the response verifier. The RPC protocol specification defines all three fields to be the following opaque type (in the eXternal Data Representation (XDR) language [9]): enum auth_flavor { AUTH_NONE = 0, AUTH_SYS = 1, AUTH_SHORT = 2, AUTH_DES = 3, AUTH_KERB = 4 /* and more to be defined */ }; struct opaque_auth { auth_flavor flavor; opaque body<400>; }; In other words, any "opaque_auth" structure is an "auth_flavor" enumeration followed by up to 400 bytes which are opaque to (uninterpreted by) the RPC protocol implementation. The interpretation and semantics of the data contained within the authentication fields is specified by individual, independent authentication protocol specifications. (Section 9 defines the various authentication protocols.) If authentication parameters were rejected, the reply message contains information stating why they were rejected. 7.3 Program Number Assignment Program numbers are given out in groups of hexadecimal 20000000 (decimal 536870912) according to the following chart: Expires: October 4, 1994 [Page 7] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 0 - 1fffffff defined by Sun 20000000 - 3fffffff defined by user 40000000 - 5fffffff transient 60000000 - 7fffffff reserved 80000000 - 9fffffff reserved a0000000 - bfffffff reserved c0000000 - dfffffff reserved e0000000 - ffffffff reserved The first group is a range of numbers administered by Sun Microsystems and should be identical for all sites. The second range is for applications peculiar to a particular site. This range is intended primarily for debugging new programs. When a site develops an application that might be of general interest, that application should be given an assigned number in the first range. Application developers may apply for blocks of RPC program numbers in the first range by sending electronic mail to "rpc at sun.com". The third group is for applications that generate program numbers dynamically. The final groups are reserved for future use, and should not be used. 7.4 Other Uses of the RPC Protocol The intended use of this protocol is for calling remote procedures. Normally, each call message is matched with a reply message. However, the protocol itself is a message-passing protocol with which other (non- procedure call) protocols can be implemented. 7.4.1 Batching Batching is useful when a client wishes to send an arbitrarily large sequence of call messages to a server. Batching typically uses reliable byte stream protocols (like TCP) for its transport. In the case of batching, the client never waits for a reply from the server, and the server does not send replies to batch calls. A sequence of batch calls is usually terminated by a legitimate remote procedure call operation in order to flush the pipeline and get positive acknowledgement. 7.4.2 Broadcast Remote Procedure Calls In broadcast protocols, the client sends a broadcast call to the network and waits for numerous replies. This requires the use of packet-based protocols (like UDP) as its transport protocol. Servers that support broadcast protocols usually respond only when the call is successfully processed and are silent in the face of errors, but this varies with the application. Broadcast calls use the RPCBIND service to achieve their semantics. See Appendix A for more information. 8. THE RPC MESSAGE PROTOCOL This section defines the RPC message protocol in the XDR data description language [9]. Expires: October 4, 1994 [Page 8] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 enum msg_type { CALL = 0, REPLY = 1 }; A reply to a call message can take on two forms: The message was either accepted or rejected. enum reply_stat { MSG_ACCEPTED = 0, MSG_DENIED = 1 }; Given that a call message was accepted, the following is the status of an attempt to call a remote procedure. enum accept_stat { SUCCESS = 0, /* RPC executed successfully */ PROG_UNAVAIL = 1, /* remote hasn't exported program */ PROG_MISMATCH = 2, /* remote can't support version # */ PROC_UNAVAIL = 3, /* program can't support procedure */ GARBAGE_ARGS = 4, /* procedure can't decode params */ SYSTEM_ERR = 5 /* errors like memory allocation failure */ }; Reasons why a call message was rejected: enum reject_stat { RPC_MISMATCH = 0, /* RPC version number != 2 */ AUTH_ERROR = 1 /* remote can't authenticate caller */ }; Why authentication failed: enum auth_stat { AUTH_OK = 0, /* success */ /* * failed at remote end */ AUTH_BADCRED = 1, /* bad credential (seal broken) */ AUTH_REJECTEDCRED = 2, /* client must begin new session */ AUTH_BADVERF = 3, /* bad verifier (seal broken) */ AUTH_REJECTEDVERF = 4, /* verifier expired or replayed */ AUTH_TOOWEAK = 5, /* rejected for security reasons */ /* * failed locally */ AUTH_INVALIDRESP = 6, /* bogus response verifier */ AUTH_FAILED = 7, /* reason unknown */ /* * kerberos specific errors */ AUTH_KERB_GENERIC = 8, /* kerberos generic error */ Expires: October 4, 1994 [Page 9] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 AUTH_TIMEEXPIRE = 9, /* time of credential expired */ AUTH_TKT_FILE = 10, /* something wrong with ticket file */ AUTH_DECODE = 11, /* can't decode authenticator */ AUTH_NET_ADDR = 12, /* wrong net address in ticket */ }; The RPC message: All messages start with a transaction identifier, xid, followed by a two- armed discriminated union. The union's discriminant is a msg_type which switches to one of the two types of the message. The xid of a REPLY message always matches that of the initiating CALL message. NB: The xid field is only used for clients matching reply messages with call messages or for servers detecting retransmissions; the service side cannot treat this id as any type of sequence number. struct rpc_msg { unsigned int xid; union switch (msg_type mtype) { case CALL: call_body cbody; case REPLY: reply_body rbody; } body; }; Body of an RPC call: In version 2 of the RPC protocol specification, rpcvers must be equal to 2. The fields prog, vers, and proc specify the remote program, its version number, and the procedure within the remote program to be called. After these fields are two authentication parameters: cred (authentication credential) and verf (authentication verifier). The two authentication parameters are followed by the parameters to the remote procedure, which are specified by the specific program protocol. struct call_body { unsigned int rpcvers; /* must be equal to two (2) */ unsigned int prog; unsigned int vers; unsigned int proc; opaque_auth cred; opaque_auth verf; /* procedure specific parameters start here */ }; Body of a reply to an RPC call: Expires: October 4, 1994 [Page 10] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 union reply_body switch (reply_stat stat) { case MSG_ACCEPTED: accepted_reply areply; case MSG_DENIED: rejected_reply rreply; } reply; Reply to an RPC call that was accepted by the server: There could be an error even though the call was accepted. The first field is an authentication verifier that the server generates in order to validate itself to the client. It is followed by a union whose discriminant is an enum accept_stat. The SUCCESS arm of the union is protocol specific. The PROG_UNAVAIL, PROC_UNAVAIL, GARBAGE_ARGS, and SYSTEM_ERR arms of the union are void. The PROG_MISMATCH arm specifies the lowest and highest version numbers of the remote program supported by the server. struct accepted_reply { opaque_auth verf; union switch (accept_stat stat) { case SUCCESS: opaque results[0]; /* * procedure-specific results start here */ case PROG_MISMATCH: struct { unsigned int low; unsigned int high; } mismatch_info; default: /* * Void. Cases include PROG_UNAVAIL, PROC_UNAVAIL, * GARBAGE_ARGS, and SYSTEM_ERR. */ void; } reply_data; }; Reply to an RPC call that was rejected by the server: The call can be rejected for two reasons: either the server is not running a compatible version of the RPC protocol (RPC_MISMATCH), or the server rejects the identity of the caller (AUTH_ERROR). In case of an RPC version mismatch, the server returns the lowest and highest supported RPC version numbers. In case of invalid authentication, failure status is returned. Expires: October 4, 1994 [Page 11] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 union rejected_reply switch (reject_stat stat) { case RPC_MISMATCH: struct { unsigned int low; unsigned int high; } mismatch_info; case AUTH_ERROR: auth_stat stat; }; 9. AUTHENTICATION PROTOCOLS As previously stated, authentication parameters are opaque, but open-ended to the rest of the RPC protocol. This section defines some "flavors" of authentication implemented at (and supported by) Sun. Other sites are free to invent new authentication types, with the same rules of flavor number assignment as there is for program number assignment. The "flavor" of a credential or verifier refers to the value of the "flavor" field in the opaque_auth structure. Flavor numbers, like RPC program numbers, are also administered by Sun, and developers may assign new flavor numbers by applying through electronic mail to "rpc at sun.com". Credentials and verifiers are represented as variable length opaque data (the "body" field in the opaque_auth structure). 9.1 Null Authentication Often calls must be made where the client does not care about its identity or the server does not care who the client is. In this case, the flavor of the RPC message's credential, verifier, and reply verifier is "AUTH_NONE". Opaque data associated with "AUTH_NONE" is undefined. It is recommended that the length of the opaque data be zero. 9.2 System Authentication The client may wish to identify itself, for example, as it is identified on a UNIX(tm) system. The flavor of the client credential is "AUTH_SYS". The opaque data constituting the credential encodes the following structure: struct authsys_parms { unsigned int stamp; string machinename<255>; unsigned int uid; unsigned int gid; unsigned int gids<16>; }; The "stamp" is an arbitrary ID which the caller machine may generate. The "machinename" is the name of the caller's machine (like "krypton"). The "uid" is the caller's effective user ID. The "gid" is the caller's effective group ID. The "gids" is a counted array of groups which contain the caller as a member. The verifier accompanying the credential should have "AUTH_NONE" flavor value (defined above). Note this credential is only unique within a particular domain of machine names, uids, and gids. Expires: October 4, 1994 [Page 12] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 The flavor value of the verifier received in the reply message from the server may be "AUTH_NONE" or "AUTH_SHORT". In the case of "AUTH_SHORT", the bytes of the reply verifier's string encode an opaque structure. This new opaque structure may now be passed to the server instead of the original "AUTH_SYS" flavor credential. The server may keep a cache which maps shorthand opaque structures (passed back by way of an "AUTH_SHORT" style reply verifier) to the original credentials of the caller. The caller can save network bandwidth and server cpu cycles by using the shorthand credential. The server may flush the shorthand opaque structure at any time. If this happens, the remote procedure call message will be rejected due to an authentication error. The reason for the failure will be "AUTH_REJECTEDCRED". At this point, the client may wish to try the original "AUTH_SYS" style of credential. 9.3 DES Authentication System authentication suffers from three major problems: (1) The naming is too UNIX(tm) oriented. (2) There is no universal name, uid, and gid space. (3) There is no verifier, so authentication can easily be faked by building an appropriate credential. DES authentication attempts to address these problems. 9.3.1 Naming The first problem is handled by addressing the client by a simple string of characters instead of by an operating system specific integer. This string of characters is known as the "netname" or network name of the client. The server is not allowed to interpret the contents of the client's name in any other way except to identify the client. Thus, netnames should be unique for every client in the Internet. It is up to each operating system's implementation of DES authentication to generate netnames for its users that insure this uniqueness when they call upon remote servers. Operating systems already know how to distinguish users local to their systems. It is usually a simple matter to extend this mechanism to the network. For example, a UNIX(tm) user at Sun with a user ID of 515 might be assigned the following netname: "unix.515 at sun.com". This netname contains three items that serve to insure it is unique. Going backwards, there is only one naming domain called "sun.com" in the Internet. Within this domain, there is only one UNIX(tm) user with user ID 515. However, there may be another user on another operating system, for example VMS, within the same naming domain that, by coincidence, happens to have the same user ID. To insure that these two users can be distinguished we add the operating system name. So one user is "unix.515 at sun.com" and the other is "vms.515 at sun.com". The first field is actually a naming method rather than an operating system name. It happens that today there is almost a one-to-one correspondence between naming methods and operating systems. If the world could agree on a naming standard, the first field Expires: October 4, 1994 [Page 13] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 could be the name of that standard, instead of an operating system name. 9.3.2 DES Authentication Verifiers Unlike System authentication, DES authentication does have a verifier so the server can validate the client's credential (and vice-versa). The contents of this verifier is primarily an encrypted timestamp. The server can decrypt this timestamp, and if it is within an accepted "window" relative to the real time, then the client must have encrypted it correctly. The only way the client could encrypt it correctly is to know the "conversation key" of the RPC session, and if the client knows the conversation key, then it must be the real client. The conversation key is a DES [5] key which the client generates and passes to the server in the first RPC call of a session. The conversation key is encrypted using a public key scheme in this first transaction. The particular public key scheme used in DES authentication is Diffie-Hellman [3] with 192-bit keys. The details of this encryption method are described later. The client and the server need the same notion of the current time in order for all of this to work, perhaps by using the Network Time Protocol [4]. If network time synchronization cannot be guaranteed, then the client can determine the server's time before beginning the conversation using a simpler time request protocol. The RPCBIND service supports a simple time request protocol - see Appendix A. The way a server determines if a client timestamp is valid is somewhat complicated. For any other transaction but the first, the server just checks for two things: (1) the timestamp is greater than the one previously seen from the same client. (2) the timestamp has not expired. A timestamp is expired if the server's time is later than the sum of the client's timestamp plus what is known as the client's "window". The "window" is a number the client passes (encrypted) to the server in its first transaction. You can think of it as a lifetime for the credential. In the first transaction, the server checks only that the timestamp has not expired. Also, as an added check, the client sends an encrypted item in the first transaction known as the "window verifier" which must be equal to the window minus 1, or the server will reject the credential. The client too must check the verifier returned from the server to be sure it is legitimate. The server sends back to the client the timestamp it received from the client, minus one second, encrypted with the conversation key. If the client gets anything different than this, it will reject it. 9.3.3 Nicknames and Clock Synchronization After the first transaction, the server's DES authentication subsystem returns in its verifier to the client an integer "nickname" which the Expires: October 4, 1994 [Page 14] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 client may use in its further transactions instead of passing its netname. The nickname could be an index into a table on the server which stores for each client its netname, decrypted conversation key and window. Though they originally were synchronized, the client's and server's clocks can get out of synchronization again. When this happens the client RPC subsystem may receive an "RPC_AUTHERROR" error at which point it should attempt to resynchronize. A client may still get the "RPC_AUTHERROR" error even though it is synchronized with the server. The reason is that the server's nickname table is a limited size, and it may flush entries whenever it wants. A client should resend its original credential in this case and the server will give it a new nickname. If a server crashes, the entire nickname table gets flushed, and all clients will have to resend their original credentials. 9.3.4 DES Authentication Protocol Specification There are two kinds of credentials: one in which the client uses its full network name, and one in which it uses its "nickname" (just an unsigned integer) given to it by the server. The client must use its fullname in its first transaction with the server, in which the server will return to the client its nickname. The client may use its nickname in all further transactions with the server. There is no requirement to use the nickname, but it is wise to use it for performance reasons. The following definitions are used for describing the protocol: enum authdes_namekind { ADN_FULLNAME = 0, ADN_NICKNAME = 1 }; typedef opaque des_block[8]; /* 64-bit block of encrypted data */ const MAXNETNAMELEN = 255; /* maximum length of a netname */ The flavor used for all DES authentication credentials and verifiers is "AUTH_DES". The opaque data constituting the client credential encodes the following structure: union authdes_cred switch (authdes_namekind namekind) { case ADN_FULLNAME: authdes_fullname fullname; case ADN_NICKNAME: authdes_nickname nickname; }; The opaque data constituting a verifier that accompanies a client credential encodes the following structure: Expires: October 4, 1994 [Page 15] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 union authdes_verf switch (authdes_namekind namekind) { case ADN_FULLNAME: authdes_fullname_verf fullname_verf; case ADN_NICKNAME: authdes_nickname_verf nickname_verf; }; The opaque data constituting a verifier returned by a server in response to a client request encodes the following structure: struct authdes_server_verf; These structures are described in detail below. 9.3.4.1 The Full Network Name Credential and Verifier (Client) First, the client fills out the following structure: +---------------------------------------------------------------+ | timestamp | timestamp | | | | seconds | micro seconds | window | window - 1 | | 32 bits | 32 bits | 32 bits | 32 bits | +---------------------------------------------------------------+ 0 31 63 95 127 The fields are stored in XDR (external data representation) format. The timestamp encodes the time since midnight, January 1, 1970. These 128 bits of data are then encrypted in the DES CBC mode, using the conversation key for the session, and with an initialization vector of 0. This yields: +---------------------------------------------------------------+ | T | | | | T1 T2 | W1 | W2 | | 32 bits | 32 bits | 32 bits | 32 bits | +---------------------------------------------------------------+ 0 31 63 95 127 where T1, T2, W1, and W2 are all 32-bit quantities, and have some correspondence to the original quantities occupying their positions, but are now interdependent on each other for proper decryption. The 64 bit sequence comprising T1 and T2 is denoted by T. The full network name credential is represented as follows using XDR notation: struct authdes_fullname { string name; /* netname of client */ des_block key; /* encrypted conversation key */ opaque w1[4]; /* W1 */ }; The conversation key is encrypted using the "common key" using the ECB mode. The common key key is a DES key that is derived from the Diffie- Expires: October 4, 1994 [Page 16] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 Hellman public and private keys, and is described later. The verifier is represented as follows: struct authdes_fullname_verf { des_block timestamp; /* T (the 64 bits of T1 and T2) */ opaque w2[4]; /* W2 */ }; Note that all of the encrypted quantities (key, w1, w2, timestamp) in the above structures are opaque. The fullname credential and its associated verifier together contain the network name of the client, an encrypted conversation key, the window, a timestamp, and a window verifier that is one less than the window. The window is actually the lifetime for the credential. The server will accept the credential if the current server time is "within" the time indicated in the timestamp plus the window. One way to insure that requests are not replayed would be for the server to insist that timestamps are greater than the previous one seen, unless it is the first transaction. 9.3.4.2 The Nickname Credential and Verifier (Client) In transactions following the first, the client may use the shorter nickname credential and verifier for efficiency. First, the client fills out the following structure: +-------------------------------+ | timestamp | timestamp | | seconds | micro seconds | | 32 bits | 32 bits | +-------------------------------+ 0 31 63 The fields are stored in XDR (external data representation) format. These 64 bits of data are then encrypted in the DES ECB mode, using the conversation key for the session. This yields: +-------------------------------+ | (T1) | (T2) | | T | | 64 bits | +-------------------------------+ 0 31 63 The nickname credential is represented as follows using XDR notation: struct authdes_nickname { unsigned int nickname; /* nickname returned by server */ }; The nickname verifier is represented as follows using XDR notation: Expires: October 4, 1994 [Page 17] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 struct authdes_nickname_verf { des_block timestamp; /* T (the 64 bits of T1 and T2) */ opaque w[4]; /* Set to zero */ }; 9.3.4.3 The Nickname Verifier (Server) The server never returns a credential. It returns only one kind of verifier, i.e., the nickname verifier. This has the following XDR representation: struct authdes_server_verf { des_block timestamp_verf; /* timestamp verifier (encrypted) */ unsigned int nickname; /* new client nickname (unencrypted) */ }; The timestamp verifier is constructed in exactly the same way as the client nickname credential. The server sets the timestamp value to the value the client sent minus one second and encrypts it in DES ECB mode using the conversation key. The server also sends the client a nickname to be used in future transactions (unencrypted). 9.3.5 Diffie-Hellman Encryption In this scheme, there are two constants "BASE" and "MODULUS" [3]. The particular values Sun has chosen for these for the DES authentication protocol are: const BASE = 3; const MODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b" The way this scheme works is best explained by an example. Suppose there are two people "A" and "B" who want to send encrypted messages to each other. So, A and B both generate "secret" keys at random which they do not reveal to anyone. Let these keys be represented as SK(A) and SK(B). They also publish in a public directory their "public" keys. These keys are computed as follows: PK(A) = ( BASE ** SK(A) ) mod MODULUS PK(B) = ( BASE ** SK(B) ) mod MODULUS The "**" notation is used here to represent exponentiation. Now, both A and B can arrive at the "common" key between them, represented here as CK(A, B), without revealing their secret keys. A computes: CK(A, B) = ( PK(B) ** SK(A)) mod MODULUS while B computes: CK(A, B) = ( PK(A) ** SK(B)) mod MODULUS Expires: October 4, 1994 [Page 18] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 These two can be shown to be equivalent: (PK(B) ** SK(A)) mod MODULUS = (PK(A) ** SK(B)) mod MODULUS We drop the "mod MODULUS" parts and assume modulo arithmetic to simplify things: PK(B) ** SK(A) = PK(A) ** SK(B) Then, replace PK(B) by what B computed earlier and likewise for PK(A). (BASE ** SK(B)) ** SK(A) = (BASE ** SK(A)) ** SK(B) which leads to: BASE ** (SK(A) * SK(B)) = BASE ** (SK(A) * SK(B)) This common key CK(A, B) is not used to encrypt the timestamps used in the protocol. Rather, it is used only to encrypt a conversation key which is then used to encrypt the timestamps. The reason for doing this is to use the common key as little as possible, for fear that it could be broken. Breaking the conversation key is a far less damaging, since conversations are relatively short-lived. The conversation key is encrypted using 56-bit DES keys, yet the common key is 192 bits. To reduce the number of bits, 56 bits are selected from the common key as follows. The middle-most 8-bytes are selected from the common key, and then parity is added to the lower order bit of each byte, producing a 56-bit key with 8 bits of parity. Only 48 bits of the 8-byte conversation key is used in the DES Authentication scheme. The least and most significant bits of each byte of the conversation key are unused. 9.4 Kerberos-based Authentication Conceptually, Kerberos-based authentication is very similar to DES based authentication. The major difference is, Kerberos-based authentication takes advantage of the fact that Kerberos tickets have encoded in them the client name and the conversation key. This RFC does not describe Kerberos name syntax, protocols and ticket formats. The reader is referred to [10], [11], and [12]. 9.4.1 Kerberos-based Authentication Protocol Specification The Kerberos-based authentication protocol described is based on Kerberos version 4. There are two kinds of credentials: one in which the client uses its full network name, and one in which it uses its "nickname" (just an unsigned integer) given to it by the server. The client must use its fullname in its first transaction with the server, in which the server will return to the client its nickname. The client may use its nickname in all further Expires: October 4, 1994 [Page 19] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 transactions with the server. There is no requirement to use the nickname, but it is wise to use it for performance reasons. The following definitions are used for describing the protocol: enum authkerb_namekind { AKN_FULLNAME, AKN_NICKNAME }; The flavor used for all Kerberos-based authentication credentials and verifiers is "AUTH_KERB". The opaque data constituting the client credential encodes the following structure: union authkerb_cred switch (authkerb_namekind namekind) { case AKN_FULLNAME: authkerb_fullname fullname; case AKN_NICKNAME: authkerb_nickname nickname; }; The opaque data constituting a verifier that accompanies a client credential encodes the following structure: union authkerb_verf switch (authkerb_namekind namekind) { case AKN_FULLNAME: authkerb_fullname_verf fullname_verf; case AKN_NICKNAME: authkerb_nickname_verf nickname_verf; }; The opaque data constituting a verifier returned by a server in response to a client request encodes the following structure: struct authkerb_server_verf; These structures are described in detail below. 9.4.1.1 The Full Network Name Credential and Verifier (Client) First, the client fills out the following structure: +---------------------------------------------------------------+ | timestamp | timestamp | | | | seconds | micro seconds | window | window - 1 | | 32 bits | 32 bits | 32 bits | 32 bits | +---------------------------------------------------------------+ 0 31 63 95 127 The fields are stored in XDR (external data representation) format. The timestamp encodes the time since midnight, January 1, 1970. These 128 bits of data are then encrypted in the DES CBC mode, using the conversation key for the session, and with an initialization vector of 0. This yields: Expires: October 4, 1994 [Page 20] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 +---------------------------------------------------------------+ | T | | | | T1 T2 | W1 | W2 | | 32 bits | 32 bits | 32 bits | 32 bits | +---------------------------------------------------------------+ 0 31 63 95 127 where T1, T2, W1, and W2 are all 32-bit quantities, and have some correspondence to the original quantities occupying their positions, but are now interdependent on each other for proper decryption. The 64 bit sequence comprising T1 and T2 is denoted by T. The full network name credential is represented as follows using XDR notation: struct authkerb_fullname { opaque ticket<>; /* kerberos ticket for the server */ opaque w1[4]; /* W1 */ }; The verifier is represented as follows: struct authkerb_fullname_verf { des_block timestamp; /* T (the 64 bits of T1 and T2) */ opaque w2[4]; /* W2 */ }; Note that all of the client-encrypted quantities (w1, w2, timestamp) in the above structures are opaque. The client does not encrypt the kerberos ticket for the server. The fullname credential and its associated verifier together contain the kerberos ticket (which contains the client name and the conversation key), the window, a timestamp, and a window verifier that is one less than the window. The window is actually the lifetime for the credential. The server will accept the credential if the current server time is "within" the time indicated in the timestamp plus the window. One way to insure that requests are not replayed would be for the server to insist that timestamps are greater than the previous one seen, unless it is the first transaction. 9.4.1.2 The Nickname Credential and Verifier (Client) In transactions following the first, the client may use the shorter nickname credential and verifier for efficiency. First, the client fills out the following structure: +-------------------------------+ | timestamp | timestamp | | seconds | micro seconds | | 32 bits | 32 bits | +-------------------------------+ 0 31 63 Expires: October 4, 1994 [Page 21] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 The fields are stored in XDR (external data representation) format. These 64 bits of data are then encrypted in the DES ECB mode, using the conversation key for the session. This yields: +-------------------------------+ | (T1) | (T2) | | T | | 64 bits | +-------------------------------+ 0 31 63 The nickname credential is represented as follows using XDR notation: struct authkerb_nickname { unsigned int nickname; /* nickname returned by server */ }; The nickname verifier is represented as follows using XDR notation: struct authkerb_nickname_verf { des_block timestamp; /* T (the 64 bits of T1 and T2) */ opaque w[4]; /* Set to zero */ }; 9.4.1.3 The Nickname Verifier (Server) The server never returns a credential. It returns only one kind of verifier, i.e., the nickname verifier. This has the following XDR representation: struct authkerb_server_verf { des_block timestamp_verf; /* timestamp verifier (encrypted) */ unsigned int nickname; /* new client nickname (unencrypted) */ }; The timestamp verifier is constructed in exactly the same way as the client nickname credential. The server sets the timestamp value to the value the client sent minus one second and encrypts it in DES ECB mode using the conversation key. The server also sends the client a nickname to be used in future transactions (unencrypted). 10. RECORD MARKING STANDARD When RPC messages are passed on top of a byte stream transport protocol (like TCP), it is necessary to delimit one message from another in order to detect and possibly recover from protocol errors. This is called record marking (RM). Sun uses this RM/TCP/IP transport for passing RPC messages on TCP streams. One RPC message fits into one RM record. A record is composed of one or more record fragments. A record fragment is a four-byte header followed by 0 to (2**31) - 1 bytes of fragment data. The bytes encode an unsigned binary number; as with XDR integers, the byte Expires: October 4, 1994 [Page 22] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 order is from highest to lowest. The number encodes two values -- a boolean which indicates whether the fragment is the last fragment of the record (bit value 1 implies the fragment is the last fragment) and a 31-bit unsigned binary value which is the length in bytes of the fragment's data. The boolean value is the highest-order bit of the header; the length is the 31 low-order bits. (Note that this record specification is NOT in XDR standard form!) 11. THE RPC LANGUAGE Just as there was a need to describe the XDR data-types in a formal language, there is also need to describe the procedures that operate on these XDR data-types in a formal language as well. The RPC Language is an extension to the XDR language, with the addition of "program", "procedure", and "version" declarations. The following example is used to describe the essence of the language. 11.1 An Example Service Described in the RPC Language Here is an example of the specification of a simple ping program. program PING_PROG { /* * Latest and greatest version */ version PING_VERS_PINGBACK { void PINGPROC_NULL(void) = 0; /* * Ping the client, return the round-trip time * (in microseconds). Returns -1 if the operation * timed out. */ int PINGPROC_PINGBACK(void) = 1; } = 2; /* * Original version */ version PING_VERS_ORIG { void PINGPROC_NULL(void) = 0; } = 1; } = 1; const PING_VERS = 2; /* latest version */ The first version described is PING_VERS_PINGBACK with two procedures, PINGPROC_NULL and PINGPROC_PINGBACK. PINGPROC_NULL takes no arguments and returns no results, but it is useful for computing round-trip times from the client to the server and back again. By convention, procedure 0 of any Expires: October 4, 1994 [Page 23] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 RPC protocol should have the same semantics, and never require any kind of authentication. The second procedure is used for the client to have the server do a reverse ping operation back to the client, and it returns the amount of time (in microseconds) that the operation used. The next version, PING_VERS_ORIG, is the original version of the protocol and it does not contain PINGPROC_PINGBACK procedure. It is useful for compatibility with old client programs, and as this program matures it may be dropped from the protocol entirely. 11.2 The RPC Language Specification The RPC language is identical to the XDR language defined in RFC 1014, except for the added definition of a "program-def" described below. program-def: "program" identifier "{" version-def version-def * "}" "=" constant ";" version-def: "version" identifier "{" procedure-def procedure-def * "}" "=" constant ";" procedure-def: type-specifier identifier "(" type-specifier ("," type-specifier )* ")" "=" constant ";" 11.3 Syntax Notes (1) The following keywords are added and cannot be used as identifiers: "program" and "version"; (2) A version name cannot occur more than once within the scope of a program definition. Nor can a version number occur more than once within the scope of a program definition. (3) A procedure name cannot occur more than once within the scope of a version definition. Nor can a procedure number occur more than once within the scope of version definition. (4) Program identifiers are in the same name space as constant and type identifiers. (5) Only unsigned constants can be assigned to programs, versions and procedures. APPENDIX A: RPCBIND PROGRAM PROTOCOL The RPCBIND program maps RPC program and version numbers to universal addresses, thus making dynamic binding of remote programs possible. Expires: October 4, 1994 [Page 24] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 Universal addresses are string representations of the transport dependent addresses. They are defined by the addressing authority of the given transport. The RPCBIND program is bound to a well-known address of each supported transport, and other programs register their dynamically allocated transport address with it. The RPCBIND program then makes those addresses publicly available. This is desirable because the range of well-known addresses is very small for some transports and the number of potential remote programs is very large. By running only the RPCBIND service on a well-known address, the transport addresses of other remote programs can be ascertained by querying the RPCBIND program. The RPCBIND program also aids in broadcast RPC. A given RPC program will usually have different transport address bindings on different machines, so there is no way to directly broadcast to all of these programs. The RPCBIND program, however, does have a well-known address. So, to broadcast to a given program, the client actually sends its message to the RPCBIND program located at the broadcast address. Each instance of the RPCBIND program that picks up the broadcast then calls the local service specified by the client. When the RPCBIND program gets the reply from the local service, it sends the reply on back to the client. Versions 3 and 4 of the RPCBIND protocol are described below. Version 2 is described separately as part of the Port Mapper protocol specification. A.1 RPCBIND Protocol Specification (in RPC Language) /* * rpcb_prot.x * rpcbind protocol, versions 3 and 4, in RPC Language */ /* * rpcbind address for TCP/UDP */ const RPCB_PORT = 111; /* * A mapping of (program, version, network ID) to address */ struct rpcb { unsigned long r_prog; /* program number */ unsigned long r_vers; /* version number */ string r_netid<>; /* network id */ string r_addr<>; /* universal address */ string r_owner<>; /* owner of this service */ }; struct rp__list { rpcb rpcb_map; Expires: October 4, 1994 [Page 25] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 struct rp__list *rpcb_next; }; typedef rp__list *rpcblist_ptr; /* results of RPCBPROC_DUMP */ /* * Arguments of remote calls */ struct rpcb_rmtcallargs { unsigned long prog; /* program number */ unsigned long vers; /* version number */ unsigned long proc; /* procedure number */ opaque args<>; /* argument */ }; /* * Results of the remote call */ struct rpcb_rmtcallres { string addr<>; /* remote universal address */ opaque results<>; /* result */ }; /* * rpcb_entry contains a merged address of a service on a particular * transport, plus associated netconfig information. A list of rpcb_entry * items is returned by RPCBPROC_GETADDRLIST. The meanings and values used * for the r_nc_* fields are given below. * * The network identifier (r_nc_netid): * This is a string that represents a local identification for a network. * This is defined by a system administrator based on local conventions, * and cannot be depended on to have the same value on every system. * * Transport semantics (r_nc_semantics): * This represents the type of transport, and has the following values: * NC_TPI_CLTS (1) Connectionless * NC_TPI_COTS (2) Connection oriented * NC_TPI_COTS_ORD (3) Connection oriented with graceful close * NC_TPI_RAW (4) Raw transport * * Protocol family (r_nc_protofmly): * This identifies the family to which the protocol belongs. The * following values are defined: * NC_NOPROTOFMLY "-" * NC_LOOPBACK "loopback" * NC_INET "inet" * NC_IMPLINK "implink" * NC_PUP "pup" Expires: October 4, 1994 [Page 26] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 * NC_CHAOS "chaos" * NC_NS "ns" * NC_NBS "nbs" * NC_ECMA "ecma" * NC_DATAKIT "datakit" * NC_CCITT "ccitt" * NC_SNA "sna" * NC_DECNET "decnet" * NC_DLI "dli" * NC_LAT "lat" * NC_HYLINK "hylink" * NC_APPLETALK "appletalk" * NC_NIT "nit" * NC_IEEE802 "ieee802" * NC_OSI "osi" * NC_X25 "x25" * NC_OSINET "osinet" * NC_GOSIP "gosip" * * Protocol name (r_nc_proto): * This identifies a protocol within a family. The following are * currently defined: * NC_NOPROTO "-" * NC_TCP "tcp" * NC_UDP "udp" * NC_ICMP "icmp" */ struct rpcb_entry { string r_maddr<>; /* merged address of service */ string r_nc_netid<>; /* netid field */ unsigned long r_nc_semantics; /* semantics of transport */ string r_nc_protofmly<>; /* protocol family */ string r_nc_proto<>; /* protocol name */ }; /* * A list of addresses supported by a service. */ struct rpcb_entry_list { rpcb_entry rpcb_entry_map; struct rpcb_entry_list *rpcb_entry_next; }; typedef rpcb_entry_list *rpcb_entry_list_ptr; /* * rpcbind statistics */ const rpcb_highproc_2 = RPCBPROC_CALLIT; const rpcb_highproc_3 = RPCBPROC_TADDR2UADDR; const rpcb_highproc_4 = RPCBPROC_GETSTAT; Expires: October 4, 1994 [Page 27] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 const RPCBSTAT_HIGHPROC = 13; /* # of procs in rpcbind V4 plus one */ const RPCBVERS_STAT = 3; /* provide only for rpcbind V2, V3 and V4 */ const RPCBVERS_4_STAT = 2; const RPCBVERS_3_STAT = 1; const RPCBVERS_2_STAT = 0; /* Link list of all the stats about getport and getaddr */ struct rpcbs_addrlist { unsigned long prog; unsigned long vers; int success; int failure; string netid<>; struct rpcbs_addrlist *next; }; /* Link list of all the stats about rmtcall */ struct rpcbs_rmtcalllist { unsigned long prog; unsigned long vers; unsigned long proc; int success; int failure; int indirect; /* whether callit or indirect */ string netid<>; struct rpcbs_rmtcalllist *next; }; typedef int rpcbs_proc[RPCBSTAT_HIGHPROC]; typedef rpcbs_addrlist *rpcbs_addrlist_ptr; typedef rpcbs_rmtcalllist *rpcbs_rmtcalllist_ptr; struct rpcb_stat { rpcbs_proc info; int setinfo; int unsetinfo; rpcbs_addrlist_ptr addrinfo; rpcbs_rmtcalllist_ptr rmtinfo; }; /* * One rpcb_stat structure is returned for each version of rpcbind * being monitored. */ typedef rpcb_stat rpcb_stat_byvers[RPCBVERS_STAT]; /* * netbuf structure, used to store the transport specific form of * a universal transport address. */ struct netbuf { unsigned int maxlen; Expires: October 4, 1994 [Page 28] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 opaque buf<>; }; /* * rpcbind procedures */ program RPCBPROG { version RPCBVERS { bool RPCBPROC_SET(rpcb) = 1; bool RPCBPROC_UNSET(rpcb) = 2; string RPCBPROC_GETADDR(rpcb) = 3; rpcblist_ptr RPCBPROC_DUMP(void) = 4; rpcb_rmtcallres RPCBPROC_CALLIT(rpcb_rmtcallargs) = 5; unsigned int RPCBPROC_GETTIME(void) = 6; netbuf RPCBPROC_UADDR2TADDR(string) = 7; string RPCBPROC_TADDR2UADDR(netbuf) = 8; } = 3; version RPCBVERS4 { bool RPCBPROC_SET(rpcb) = 1; bool RPCBPROC_UNSET(rpcb) = 2; string RPCBPROC_GETADDR(rpcb) = 3; rpcblist_ptr RPCBPROC_DUMP(void) = 4; /* * NOTE: RPCBPROC_BCAST has the same functionality as CALLIT; * the new name is intended to indicate that this * procedure should be used for broadcast RPC, and * RPCBPROC_INDIRECT should be used for indirect calls. */ Expires: October 4, 1994 [Page 29] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 rpcb_rmtcallres RPCBPROC_BCAST(rpcb_rmtcallargs) = RPCBPROC_CALLIT; unsigned int RPCBPROC_GETTIME(void) = 6; netbuf RPCBPROC_UADDR2TADDR(string) = 7; string RPCBPROC_TADDR2UADDR(netbuf) = 8; string RPCBPROC_GETVERSADDR(rpcb) = 9; rpcb_rmtcallres RPCBPROC_INDIRECT(rpcb_rmtcallargs) = 10; rpcb_entry_list_ptr RPCBPROC_GETADDRLIST(rpcb) = 11; rpcb_stat_byvers RPCBPROC_GETSTAT(void) = 12; } = 4; } = 100000; A.2 RPCBIND Operation RPCBIND is contacted by way of an assigned address specific to the transport being used. For TCP/IP and UDP/IP, for example, it is port number 111. Each transport has such an assigned, well-known address. The following is a description of each of the procedures supported by RPCBIND. A.2.1 RPCBIND Version 3 RPCBPROC_SET: When a program first becomes available on a machine, it registers itself with RPCBIND running on the same machine. The program passes its program number "r_prog", version number "r_vers", network identifier "r_netid", universal address "r_addr", and the owner of the service "r_owner". The procedure returns a boolean response whose value is TRUE if the procedure successfully established the mapping and FALSE otherwise. The procedure refuses to establish a mapping if one already exists for the ordered set ("r_prog", "r_vers", "r_netid"). Note that neither "r_netid" nor "r_addr" can be NULL, and that "r_netid" should be a valid network identifier on the machine making the call. RPCBPROC_UNSET: When a program becomes unavailable, it should unregister itself with the RPCBIND program on the same machine. The parameters and results have meanings identical to those of RPCBPROC_SET. The mapping of the ("r_prog", Expires: October 4, 1994 [Page 30] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 "r_vers", "r_netid") tuple with "r_addr" is deleted. If "r_netid" is NULL, all mappings specified by the ordered set ("r_prog", "r_vers", *) and the corresponding universal addresses are deleted. Only the owner of the service or the super-user is allowed to unset a service. RPCBPROC_GETADDR: Given a program number "r_prog", version number "r_vers", and network identifier "r_netid", this procedure returns the universal address on which the program is awaiting call requests. The "r_netid" field of the argument is ignored and the "r_netid" is inferred from the network identifier of the transport on which the request came in. RPCBPROC_DUMP: This procedure lists all entries in RPCBIND's database. The procedure takes no parameters and returns a list of program, version, network identifier, and universal addresses. RPCBPROC_CALLIT: This procedure allows a caller to call another remote procedure on the same machine without knowing the remote procedure's universal address. It is intended for supporting broadcasts to arbitrary remote programs via RPCBIND's universal address. The parameters "prog", "vers", "proc", and args are the program number, version number, procedure number, and parameters of the remote procedure. Note - This procedure only sends a response if the procedure was successfully executed and is silent (no response) otherwise. The procedure returns the remote program's universal address, and the results of the remote procedure. RPCBPROC_GETTIME: This procedure returns the local time on its own machine in seconds since the midnight of the First day of January, 1970. RPCBPROC_UADDR2TADDR: This procedure converts universal addresses to transport specific addresses. RPCBPROC_TADDR2UADDR: This procedure converts transport specific addresses to universal addresses. A.2.2 RPCBIND, Version 4 Version 4 of the RPCBIND protocol includes all of the above procedures, and adds several additional ones. Expires: October 4, 1994 [Page 31] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 RPCBPROC_BCAST: This procedure is identical to the version 3 RPCBPROC_CALLIT procedure. The new name indicates that the procedure should be used for broadcast RPCs only. RPCBPROC_INDIRECT, defined below, should be used for indirect RPC calls. RPCBPROC_GETVERSADDR: This procedure is similar to RPCBPROC_GETADDR. The difference is the "r_vers" field of the rpcb structure can be used to specify the version of interest. If that version is not registered, no address is returned. RPCBPROC_INDIRECT: Similar to RPCBPROC_CALLIT. Instead of being silent about errors (such as the program not being registered on the system), this procedure returns an indication of the error. This procedure should not be used for broadcast RPC. It is intended to be used with indirect RPC calls only. RPCBPROC_GETADDRLIST: This procedure returns a list of addresses for the given rpcb entry. The client may be able use the results to determine alternate transports that it can use to communicate with the server. RPCBPROC_GETSTAT: This procedure returns statistics on the activity of the RPCBIND server. The information lists the number and kind of requests the server has received. Note - All procedures except RPCBPROC_SET and RPCBPROC_UNSET can be called by clients running on a machine other than a machine on which RPCBIND is running. RPCBIND only accepts RPCBPROC_SET and RPCBPROC_UNSET requests by clients running on the same machine as the RPCBIND program. APPENDIX B: PORT MAPPER PROGRAM PROTOCOL The port mapper program maps RPC program and version numbers to transport- specific port numbers. This program makes dynamic binding of remote programs possible. The port mapper protocol differs from the newer RPCBIND protocols in that it is transport specific in its address handling. B.1 Port Mapper Protocol Specification (in RPC Language) const PMAP_PORT = 111; /* portmapper port number */ A mapping of (program, version, protocol) to port number: struct mapping { unsigned int prog; unsigned int vers; Expires: October 4, 1994 [Page 32] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 unsigned int prot; unsigned int port; }; Supported values for the "prot" field: const IPPROTO_TCP = 6; /* protocol number for TCP/IP */ const IPPROTO_UDP = 17; /* protocol number for UDP/IP */ A list of mappings: struct *pmaplist { mapping map; pmaplist next; }; Arguments to callit: struct call_args { unsigned int prog; unsigned int vers; unsigned int proc; opaque args<>; }; Results of callit: struct call_result { unsigned int port; opaque res<>; }; Port mapper procedures: program PMAP_PROG { version PMAP_VERS { void PMAPPROC_NULL(void) = 0; bool PMAPPROC_SET(mapping) = 1; bool PMAPPROC_UNSET(mapping) = 2; unsigned int PMAPPROC_GETPORT(mapping) = 3; pmaplist PMAPPROC_DUMP(void) = 4; call_result PMAPPROC_CALLIT(call_args) = 5; Expires: October 4, 1994 [Page 33] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 } = 2; } = 100000; B.2 Port Mapper Operation The portmapper program currently supports two protocols (UDP and TCP). The portmapper is contacted by talking to it on assigned port number 111 (SUNRPC) on either of these protocols. The following is a description of each of the portmapper procedures: PMAPPROC_NULL: This procedure does no work. By convention, procedure zero of any protocol takes no parameters and returns no results. PMAPPROC_SET: When a program first becomes available on a machine, it registers itself with the port mapper program on the same machine. The program passes its program number "prog", version number "vers", transport protocol number "prot", and the port "port" on which it awaits service request. The procedure returns a boolean reply whose value is "TRUE" if the procedure successfully established the mapping and "FALSE" otherwise. The procedure refuses to establish a mapping if one already exists for the tuple "(prog, vers, prot)". PMAPPROC_UNSET: When a program becomes unavailable, it should unregister itself with the port mapper program on the same machine. The parameters and results have meanings identical to those of "PMAPPROC_SET". The protocol and port number fields of the argument are ignored. PMAPPROC_GETPORT: Given a program number "prog", version number "vers", and transport protocol number "prot", this procedure returns the port number on which the program is awaiting call requests. A port value of zeros means the program has not been registered. The "port" field of the argument is ignored. PMAPPROC_DUMP: This procedure enumerates all entries in the port mapper's database. The procedure takes no parameters and returns a list of program, version, protocol, and port values. PMAPPROC_CALLIT: This procedure allows a client to call another remote procedure on the same machine without knowing the remote procedure's port number. It is intended for supporting broadcasts to arbitrary remote programs via the well-known port mapper's port. The parameters "prog", "vers", "proc", and the bytes Expires: October 4, 1994 [Page 34] INTERNET DRAFT Remote Procedure Call Protocol Version 2 4-Mar-94 of "args" are the program number, version number, procedure number, and parameters of the remote procedure. Note: (1) This procedure only sends a reply if the procedure was successfully executed and is silent (no reply) otherwise. (2) The port mapper communicates with the remote program using UDP only. The procedure returns the remote program's port number, and the reply is the reply of the remote procedure. REFERENCES [1] Birrell, A. D. & Nelson, B. J., "Implementing Remote Procedure Calls", XEROX CSL-83-7, October 1983. [2] Cheriton, D., "VMTP: Versatile Message Transaction Protocol", Preliminary Version 0.3, Stanford University, January 1987. [3] Diffie & Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory IT-22, November 1976. [4] Mills, D., "Network Time Protocol", RFC-958, M/A-COM Linkabit, September 1985. [5] National Bureau of Standards, "Data Encryption Standard", Federal Information Processing Standards Publication 46, January 1977. [6] Postel, J., "Transmission Control Protocol - DARPA Internet Program Protocol Specification", RFC-793, Information Sciences Institute, September 1981. [7] Postel, J., "User Datagram Protocol", RFC-768, Information Sciences Institute, August 1980. [8] Reynolds, J., and Postel, J., "Assigned Numbers", RFC-1010, Information Sciences Institute, May 1987. [9] Sun Microsystems, "XDR: External Data Representation Standard", RFC-1014, June 1987. [10] Miller, S., Neuman, C., Schiller, J., and J. Saltzer, "Section E.2.1: Kerberos Authentication and Authorization System", M.I.T. Project Athena, Cambridge, Massachusetts, December 21, 1987. [11] Steiner, J., Neuman, C., and J. Schiller, "Kerberos: An Authentication Service for Open Network Systems", pp. 191-202 in Usenix Conference Proceedings, Dallas, Texas, February, 1988. [12] Kohl, J. and Neuman, C., "The Kerberos Network Authentication Service (V5)", RFC-1510, September 1993. Expires: October 4, 1994 [Page 35] From catalyst-remailer at netcom.com Fri May 20 13:14:51 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Fri, 20 May 94 13:14:51 PDT Subject: public key of Lady Ada ??? Message-ID: <199405202005.NAA17542@netcom.com> Where is the public pgp key of Lady Ada? From danisch at ira.uka.de Fri May 20 13:18:37 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Fri, 20 May 94 13:18:37 PDT Subject: Wow, intelligent remailer Message-ID: <9405202017.AA15946@deathstar.iaks.ira.uka.de> Wow, what an intelligent remailer: I sent a ping to remail at hacktic.nl and he answered "PONG" Did they employ a human to do the remailing job? (The Netherlands, you know...) Hadmut From mpd1 at ix.netcom.com Fri May 20 13:40:07 1994 From: mpd1 at ix.netcom.com (Mike Duvos) Date: Fri, 20 May 94 13:40:07 PDT Subject: Ignore This Message Message-ID: <199405202040.NAA06995@ixserver.netcom.com> Test Message. From mech at eff.org Fri May 20 13:48:19 1994 From: mech at eff.org (Stanton McCandlish) Date: Fri, 20 May 94 13:48:19 PDT Subject: Smithsonian class on cryptography - with the NSA! Message-ID: <199405202048.QAA17597@eff.org> Forwarded message: Date: Fri, 20 May 1994 11:24:04 -0400 From: ssteele at eff.org (Shari Steele) Subject: Smithsonian class on cryptography Hi all. I am not making this up. In today's Weekend section of the Washington Post, the Smithsonian has a full page ad for its Campus on the Mall. Mixed in with classes called "Ice Cream, Ice Cream: Food for the Gods" and "Learning to Love Opera" is the following: "Intelligence and Cryptology" "The (Berlin) wall is down and the (Iron) curtain is up. This course peers into the world of cryptologic intelligence and information security. With tour of the National Cryptologic Museum at Fort Meade. Cosponsored with the National Security Agency. (Code U323-700) Wed, 6 pm July 6 -- Aug 10 (6 sessions) Members $76; Nonmembers $106" Anyone interested in signing up? Shari -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From hfinney at shell.portal.com Fri May 20 14:11:20 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 20 May 94 14:11:20 PDT Subject: D-H key exchange - how does it work? Message-ID: <199405202112.OAA18261@jobe.shell.portal.com> From: hughes at ah.com (Eric Hughes) > > In addition, changing the modulus can have unpleasant effects on > > traffic analysis, if not done properly. > > Of what sort? > > For D-H, the modulus must be transmitted in the clear. Unless you use > a different modulus for each conversation, there is a persistency to > the moduli that gives rise to a pseudo-identity. I don't follow this. If you never change the modulus (which is what it sounds like Eric was recommending), then isn't there an even greater persistency? Or is it the assumption that everyone uses the same modulus in that case? Hal From VACCINIA at UNCVX1.OIT.UNC.EDU Fri May 20 14:38:09 1994 From: VACCINIA at UNCVX1.OIT.UNC.EDU (VACCINIA at UNCVX1.OIT.UNC.EDU) Date: Fri, 20 May 94 14:38:09 PDT Subject: Lady ada's Key Message-ID: <01HCKK112YQA001MMK@UNCVX1.OIT.UNC.EDU> From: IN%"anonymous at extropia.wimsey.com" 5-MAY-1994 22:31:20.18 To: IN%"cypherpunks at toad.com" CC: Subj: Return-path: Received: from relay2.UU.NET by UNCVX1.OIT.UNC.EDU (PMDF V4.3-7 #6908) id <01HBZVPDJ1SG0005GD at UNCVX1.OIT.UNC.EDU>; Thu, 5 May 1994 22:31:10 EDT Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AAwoqr08382; Thu, 5 May 94 22:25:45 -0400 Received: by toad.com id AA29828; Thu, 5 May 94 19:22:41 PDT Received: from wolfe.wimsey.com by toad.com id AA29820; Thu, 5 May 94 19:22:36 PDT Received: by wolfe.wimsey.com (Smail3.1.28.1) id m0pzFYZ-0002PqC; Thu, 5 May 94 19:22 PDT Received: by xtropia id AA16656 (5.65c/IDA-1.4.4 for cypherpunks at toad.com) ; Thu, 5 May 1994 19:10:43 -0700 Date: Thu, 05 May 1994 19:10:43 -0700 From: anonymous at extropia.wimsey.com Sender: owner-cypherpunks at toad.com To: cypherpunks at toad.com Message-id: <199405060210.AA16656 at xtropia> Content-transfer-encoding: 7BIT Remailed-By: remail at extropia.wimsey.com Precedence: bulk Comments: This message was anonymously remailed. Do not reply to the address in the From: line, unless you wish to report a problem. Thank you. Ah, the problems of anonymity. In order to prevent impersonation, I'm passing my public key to the list. Future messages from me will be signed with this key. -Lady Ada -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAi2rMQAAAAEEALehNDQG2UpPhFLspypt6dPLFjSB1wnwFW9p8cEftZ+ga/ZU 06mywff21ODSYily2NMwOpw+mxSkxiOTJDdjJ3kenRW4qwpvmBGs96AK+0yv2DDh R3ff9cpOlIu3tUcJhmdTcSj+MXlkYwJwhJoA9o4uCFXahN5W1KXNQdJx1hMZAAUR tBZMYWR5IEFkYSA8bm93aGVyZUBhbGw+ =K9ps -----END PGP PUBLIC KEY BLOCK----- From usura at vox.hacktic.nl Fri May 20 15:21:04 1994 From: usura at vox.hacktic.nl (Usura) Date: Fri, 20 May 94 15:21:04 PDT Subject: Wow, intelligent remailer In-Reply-To: <9405202017.AA15946@deathstar.iaks.ira.uka.de> Message-ID: <052094230813Rnf0.78@vox.hacktic.nl > danisch at ira.uka.de (Hadmut Danisch) writes: > >Wow, what an intelligent remailer: > >I sent a ping to remail at hacktic.nl and he >answered "PONG" wich remailer did you try : remail at desert.hacktic.nl or remail at vox.hacktic.nl [BTW: remail at hacktic.nl is none existant the above mentioned remailers ] [are waffle based, hacktic.nl is the site they poll, just FYI .. ] > >Did they employ a human to do the remailing job? >(The Netherlands, you know...) > Nope this was implemented by Patrick who wrote this remailing software. You can send fanmail to kafka at desert.hacktic.nl, he'll appreciate it ! (What about my lovely country, you know... ? :) ) >Hadmut ____ Usura \ /__ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- \/ / "It's dangerous to be right when the government is wrong." \/ --Voltaire --finger usura at hacktic.nl for PGPKEY -kinky- From beker at netcom.com Fri May 20 15:58:42 1994 From: beker at netcom.com (Brian Beker) Date: Fri, 20 May 94 15:58:42 PDT Subject: Patent infringement (fwd) Message-ID: ---------- Forwarded message ---------- Date: Fri, 20 May 1994 13:43:10 -0700 (PDT) From: Netcom Support To: david at sternlight.com Cc: Brian Beker Subject: Re: Patent infringement [Deleted; copy of Mr. Sternlight's original letter of complaint about my PGP2.3a key in my .plan file] You should take the matter up with him; we thank you for your information and opinions but will be taking no further action at this time. If you wish to pursue this matter legally you should have RSADSI's lawyers contact him directly. ___________________________________________________________________________ Support support at netcom.com Technical Support Staff NETCOM On-line Communication Services From beker at netcom.com Fri May 20 16:01:06 1994 From: beker at netcom.com (Brian Beker) Date: Fri, 20 May 94 16:01:06 PDT Subject: Complaint against beker@netcom.com (fwd) Message-ID: With this and the previous response to Mr. Sternlight from Netom, this matter is for now laid to rest. Brian Beker ---------- Forwarded message ---------- Date: Fri, 20 May 1994 13:46:29 -0700 (PDT) From: Netcom Support To: david at sternlight.com Cc: Brian Beker Subject: Re: Complaint against beker at netcom.com David Sternlight writes: > From strnlght Thu May 19 12:31:19 1994 > Return-Path: > Received: by netcom.com (8.6.8.1/SMI-4.1/Netcom) > id MAA01913; Thu, 19 May 1994 12:30:20 -0700 > From: strnlght (David Sternlight) > Message-Id: <199405191930.MAA01913 at netcom.com> > Subject: Complaint against beker at netcom.com > To: support (Netcom Support) > Date: Thu, 19 May 1994 12:30:18 -0700 (PDT) > In-Reply-To: <199405191033.EAA29745 at spot.Colorado.EDU> from "Richard Johnson" at May 19, 94 04:33:51 am > Reply-To: david at sternlight.com > X-Mailer: ELM [version 2.4 PL23] > MIME-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > Content-Length: 6613 > > I mailed a complaint to netcom support. At the suggestion of the netcom > support person I spoke to on the phone, I sent a copy to the user in > question as well. > > That user posted a copy of the complaint to a newsgroup without my > permission. This is, of course, a violation of my copoyright. Thus he has > compounded his violation of RSADSI's patent in PGP with a violation of my > copyright in my e-mail. > > By trying to make what should be a private matter between the user and > netcom support, and myself and netcom support into a public cause celebre, > and generate pressure mail on netcom support such as that below, I believe > the user in question has further violated his agreement, and request netcom > to take appropriate action. This time I have a personal interest in seeing > this resolved. Postng another person's email, while annoying, is not necessarily a violation of copyright in our eyes. Again, we have no intention of taking action at this time; if you want to pursue the matter legally, then have your lawyer talk to him. ___________________________________________________________________________ Support support at netcom.com Technical Support Staff NETCOM On-line Communication Services From snyderra at dunx1.ocs.drexel.edu Fri May 20 16:37:28 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Fri, 20 May 94 16:37:28 PDT Subject: RSA's "Sink Clipper" poster Message-ID: <199405202336.TAA13012@dunx1.ocs.drexel.edu> Got home today, and found a poster tube attached to my doorknob. Inside I found a poster from RSADSI ("Because some things are better left unread.") with the picture of a ship going down and the words "Sink Clipper!" on it. It's not a bad poster, saying how Clipper "allows government to eavesdrop on the communications of criminals, suspects, and unfortunately, law-abiding citizens alike," and lists what you can do to stop it. (Boycott, write Washington, and, of course, buy only real RSA products :-) ) It's a pretty good poster. I believe I got it because I inquired of their various products and PEM services a while back. I don't know what their policy is, but I don't suppose it'd hurt to mail info at rsa.com and ask. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From wcs at anchor.ho.att.com Fri May 20 20:19:21 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 20 May 94 20:19:21 PDT Subject: FAQ: Where to get PGP latest version Message-ID: <9405210127.AA02578@anchor.ho.att.com> Mike Johnson's list of where to get PGP has teh following: > Platforms | Released | Version | Notes & restrictions > | by | | Other restrictions may apply. >-------------------------------------------------------------------------- > Dos & Unix | MIT | 2.5 | Uses RSAREF 2.0. Not for use in any > | | BETA | application that you get paid for. > | | | Patents licensed for personal use only. > | | | Not for export from the USA or Canada. >-------------------------------------------------------------------------- The export situation is far better than that, actually. There used to be *two* reasons you couldn't export RSAREF. One was that the U.S. Government threatens people who do export crypto, though they have to catch you to enforce it. The other was that the RSAREF license documents said you couldn't export it or use it outside the US/Canada, which means you'd be violating their copyright if you used it in, say, Europe, where US copyrights are enforceable. The current RSAREF license, however, does not forbid export or use outside the US/Canada - it only says that it ay be subject to export laws and recommends consulting a lawyer if you want to export it. This means that, if a copy were to find its way out of the US, it would be perfectly legal to use it within the other terms of the license, which would make it possible to do things like, say, compile it along with a PGP-2.5-bones library. (The alternative approach would be to get someone to rewrite it from scratch outside the US, and make sure it was a good clone.) While I don't have enough lawyers, guns, and money to go exporting it myself, I must say I'd be *shocked* to find it appearing on, say, ftp.funet.fi in the near future :-) Bill Stewart From hughes at ah.com Fri May 20 20:39:13 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 20 May 94 20:39:13 PDT Subject: D-H key exchange - how does it work? In-Reply-To: <199405202112.OAA18261@jobe.shell.portal.com> Message-ID: <9405210342.AA12045@ah.com> Or is it the assumption that everyone uses the same modulus in that case? Yes. Same modulus for all users. Not so bad a thing, really, although sometimes long-term secrecy is worth more than traffic analysis. Eric From wcs at anchor.ho.att.com Fri May 20 21:51:11 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 20 May 94 21:51:11 PDT Subject: D-H key exchange - how does it work? Message-ID: <9405210110.AA02486@anchor.ho.att.com> Eric Hughes, replying to somebody, says: > It takes hours and hours of searching to find > a 1024 bit strong prime on a workstation. Granted, you don't need to change > very often perhaps, but some people would like to change every day. > If they really want to change that often, they can buy a dedicated > machine. There's no good cryptographic reason to change that often, > if the modulus is large enough. In addition, changing the modulus can > have unpleasant effects on traffic analysis, if not done properly. For basic PGP mail, there's no need to change keys that often. There are other applications, though, that tend to want new keypairs on each transaction, and looking for strong primes would make them much more annoying, if strong primes matter with the current factoring algorithms... Bill From catalyst-remailer at netcom.com Fri May 20 22:12:30 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Fri, 20 May 94 22:12:30 PDT Subject: Is my DH exchange secure? Message-ID: <199405210512.WAA04068@mail.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- nelson at sgi.com describes some of the precautions required to use DH exchange safely: ** begin quoted text *** The prime p wants to be chosen with a little care, and the "random" numbers a and b may want to be "selected" to eliminate certain undesirable values. I'll explain below. Within the field Z_p (the set of integers 0..p-1) where p is prime, there are elements whose successive powers make up all the elements of the field Z_p. These numbers are called "primitive" elements or "generators" of the field Z_p. That is, if g is a generator of the field Z_p, then the successive powers g, g^2, g^3, ... g^(p-2), g^(p-1) mod p include all the p-1 non-zero elements of Z_p. The set of unique numbers produced by taking succesive powers mod p of an element m of Z_p is a group, the "multiplicative span" of m, which is a subgroup of Z_p. The number of elements in the group generated by m is called the "order" of m. Primitive elements of Z_p have order p-1. Not all of the elements of Z_p are primitive. Some elements of Z_p have very small orders. At least one element will have order 2. Given that p is prime, the orders of the elements of Z_p will all have values that are products of some or all of the prime factors of p-1. Since p is prime (and p=2 is not interesting ;-), p-1 will contain the factor 2. An small example may make this point clear. Let p == 11. The prime factors of p-1 are 2 and 5. Hence we expect the orders of the elements of Z_11 to be 2, 5, or 10. By enumerating the groups of the elements of Z_11 we see this is so (for Z_11). E.g. Element Ring Order - ------ ----------------------------- ----- 1 1 1 2 2, 4, 8, 5, 10, 9, 7, 3, 6, 1 10 3 3, 9, 5, 4, 1 5 4 4, 5, 9, 3, 1 5 5 5, 3, 4, 9, 1 5 6 6, 3, 7, 9, 10, 5, 8, 4, 2, 1 10 7 7, 5, 2, 3, 10, 4, 6, 9, 8, 1 10 8 8, 9, 6, 4, 10, 3, 2, 5, 7, 1 10 9 9, 4, 3, 5, 1 5 10 10, 1 2 There are 4 primitive elements in Z_11, 2, 6, 7, & 8. The orders of all the elements are as predicted by Euler. Now, let us imagine that Alice and Bob have chosen 11 as their prime and 7 as "g", their generator. Following the steps outlined above: > Alice generates a random number a. say 3 > Bob generates a random number b. say 5. > Bob tells alice g^b, Alice tells Bob g^a. 10 2 > Alice knows a and g^b, and thus generates g^(ab) trivially. 10 > Similarly, Bob knows g^a and b, and trivially generates g^(ab). also 10. > An interceptor only knows g^a and g^b, and because the discrete log > problem is hard cannot get a or b easily, and thus cannot generate g^(ab). Except that the interceptor, evil Eve, took g^a and g^b and tested them for short order, and found that one of them, g^b, had a very short order indeed. So, without knowing a or b, Eve knows that g^(ab) is one of a very few numbers, the elements of the group of g^b. She can now try the elements of that group until, by exhaustion, she finds the value that reveals the key g^(ab). > g^(ab) is now a shared secret of Alice and Bob. And Eve, too. Some primes produce lots and lots of elements with small orders. For example, Z_37 has 12 primitives, 6 elements of order 18, and all the rest have order 9 or less. So, is DH all wet (insecure)? No. There are some simple steps to prevent this problem. First, pick p to minimize the number of elements with small order. This means that we need to know the factorization of p-1. Of course, factoring large numbers is a hard problem, but there are several ways to pick p with known factorization of p-1. The simplest seems to be to pick p such that (p-1)/2 is prime; that is, such that p-1 has two factors, 2 and (p-1)/2. Now, all the elements of Z_p will have orders of either 2, or (p-1)/2, or p-1. There are other methods, that permit other small orders, but we won't explore them here. Second, after "randomly" choosing a, and computing g^a, Alice takes the additional step of making sure that the order of g^a is not small (i.e. is more than 2). If g^a is of small order, she picks another random a, and repeats the process. This is trivial indeed. Bob does likewise for his numbers b and g^b. Since Alice and Bob have eliminated the small groups, Eve will never encounter a g^a or g^b number whose order is less than (p-1)/2, and given that (p-1)/2 is a _very_ large prime number, Eve won't live long enough to try all of the elements of groups of that order. I haven't checked to see if the RSAREF code takes these precautions. *** end quoted text *** I wrote a Diffie-Hellman exchange program as an extension to PGP Tools. It uses the PGP MPILIB and does up to 1024-bit key exchange, then MD5's the shared secret to get an IDEA key. I took most of the precautions above. - From the DHEX10A manual (csn.org): >To use DH, we need a modulus n and a generator g. Unlike an RSA modulus, >which is a product of two primes, a DH modulus must be prime. (n-1)/2 must >also be prime. This makes the moduli slightly painful to find, but they can >be reused indefinitely. DHEX tests a modulus by first testing both n and >(n-1)/2 with fastsieve. Only if both pass is slowtest used. It still took >me a whole day to find the 1024-bit modulus in the demo. There is also a >512-bit modulus there. > >To find the generator, we need the factors of n-1. They are 2 and (n-1)/2. >For each factor f, we compute ((g^((n-1)/f)) mod n). If this is 1 for >either factor, the number is NOT a generator. Generators are easy to find, >usually in one to three tries. The one precaution I did not take is: (from discussion above) >Second, after "randomly" choosing a, and computing g^a, Alice takes the >additional step of making sure that the order of g^a is not small (i.e. >is more than 2). If g^a is of small order, she picks another random a, >and repeats the process. This is trivial indeed. Bob does likewise for >his numbers b and g^b. Does the careful choosing of n and g eliminate this problem, or do I need to modify my Diffie-Hellman code to check g^a for short order? How do you check a number for short order? Pr0duct Cypher -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLd1CL8GoFIWXVYodAQGnhAP+KI+w8ihQCrwKorBpkshwxBOLStIsC1uo 0e/weUyl6SqIaPCvPbYdhoKXfwpMkLxTJLvwb0wCZPtrfUDWJiCao4H7dV8VCh/q ksWDYdVBpxupdMni+vkbuewQz105FaSTz1tHXiy1hgWYO+/OrHXy2r3WEEx8+zcF ZqDMDbdvToU= =sZT1 -----END PGP SIGNATURE----- From karn at unix.ka9q.ampr.org Sat May 21 01:46:36 1994 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sat, 21 May 94 01:46:36 PDT Subject: Some 1024-bit DH moduli, and a program to generate them Message-ID: <199405210847.BAA10936@unix.ka9q.ampr.org> Here are some randomly generated 1024-bit Diffie-Hellman moduli, along with the smallest generator for each. Each modulus p is a strong prime, i.e., both p and (p-1)/2 are prime. I've appended the generating program, which uses the GNU gmp library. On a 486-66 DX2 running BSDI 1.1, it generally runs in less than an hour though of course the actual run time is probably a Poisson distributed random variable. It turns out that almost any amount of sieving is worthwhile given the cost of the Miller-Rabin test and that the density of 1024-bit strong primes is on the order of only one every 500,000 or so. Before running this again I'd probably decrease the large number sieve size to perhaps 1 million and make the small number sieve as large as possible, rather than keep them the same size. --Phil a4788e2184b8d68bfe02690e4dbe485b17a80bc5f21d680f1a8413139734f7f2b0db4e253750018aad9e86d49b6004bbbcf051f52fcb66d0c5fca63fbfe634173485bbbf7642e9df9c74b85b6855e94213b8c2d89162abeff43424350e96be41edd42de99a6961638c1dac598bc90da069b50c414d8eb8652adcff4a270d567f Generator = 5 de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f23d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef356a05180c3bec7ddd5ef6fe76b0531c3 Generator = 2 97dd36c5a63213d5c9a6ab0e1dac722053e6f398beb699dcbaa17368406c9efe2d2b29ccd78fd6faa497d096e07854ea57cf51a621c8a7f01175d39c9b25cda8225b3b4318cfa7d42cf81437272d8d4a8bbb8450fe257a0554bf3c9e53f3c8fdfd7f5effe88885ebd1c36b7e3216e3b19b65a42ea07fe53d4e403d0a3235307f Generator = 5 97f64261cab505dd2828e13f1d68b6d3dbd0f313047f40e856da58cb13b8a1bf2b783a4c6d59d5f92afc6cff3d693f78b23d4f3160a9502e3efaf7ab5e1ad5a65e554313828da83b9ff2d941dee95689fadaea0936addf1971fe635b20af470364603c2de059f54b650ad8fa0cf70121c74799d7587132be9b999bb9b787e8ab Generator = 2 fc642ddf24aa0d3fc50f4bac2f616d1e556c413373fcf4e1188f1f416473d2ac447abba857f8f8d3ab63ba9ee5762b47c59e3048e19f05d84a161e46d319c78fae02779fb6e35a165902633a76fefec77d75c0703818a37fb1bff6613b63ebac287449a9f8a101a3b33769f6cc7a3576f06283e1d45738a88380ee3e85607523 Generator = 2 d4bd8e44f0a05dcb319025b47ff7da8702665c3d1b2a8518a0d46073b499014b6ad8655569cd1655766747cb1e5e1a1fa8a275fd83bc02297784c00952d04bb6b50f79ba9befb1696a85908221a4765880d6dc0680d2ac5c136cfe694255972cebf1f1239beee5b168054ea2b2c08a91b6f22e8bf14153d26f69999a1782990f Generator = 5 da76402bdddbb5dda51f79dae442fe010688b652825ffecb6a04ec6e368a95ef35e729bc30e947ce19d7fa6946c7939d6c62791d9ac705f1509d496e10fbc7795e8197129a09283f5faf8636152c151c5f3910b06e485456fae1df094cb4da07f86e67054be8f2f0b94010d91fcd7fb66d03c57e1bea80839d874856b567403b Generator = 2 f47bddad1d4cf2f8c14985b954e6a9dbd79bd72ee40691c288d34e922a4ffd5486d39fec4e9f6dd64f0b6e9b16b628e44602f701e736d735996b03163f7c6a63152e3d0a7f04f5a6490f2b845340e015dc3c63bd5f9e7d3aaf4c49cc4fa97ff19fa8446ceb7dc2ab632cc6ebccce60163eb1b7930afbcbf077726ffce904a583 Generator = 2 c292efe525ea4315de43b0c620448009100cbf68a83c948f72809bee0c77c13e166fb6264355bcfb8c4457291f82f080bf6ca8328fa52c1b1e4a8cce696026222db8d1122923d2072bde6e373b6a92acfe1c5107512ffaadd35fe5ef74e61dc025436b3715d07bb382f8d2e114dabe57b8b574aeb20fb9d287105d98d130792b Generator = 2 bd36e0fa98b48c678052192bfe614c0b5d6f5d0c9fe906e1e279e03a935b73e47a334873eea7dcee079e685b0fe86220b90878f1949bec73263e68b1f5d1529a2d0fd334eddb33a1750e313e85fa635b04c58a9519eb2295cd8518a81ae294bec10f42e3f6e9e90298df2d1ae470dde6ad40a301877d8fbbabdedfced5fe5fbf Generator = 7 /* Generate a prime suitable for use as a Diffie-Hellman modulus, * i.e., (p-1)/2 is also prime. Also find a generator. * P. Karn, April 1994. */ #include #include #define PLEN 1024 /* 1024 bits */ #define SEARCHSPACE 5000000 /* Search range beyond starting point */ #define SIEVESIZE (SEARCHSPACE/2) /* Sieve only includes odd numbers */ #define BIT_SET(a,n) ((a)[(n)>>5] |= 1 << ((n) & 31)) #define BIT_CLEAR(a,n) ((a)[(n)>>5] &= ~(1 << ((n) & 31))) #define BIT_TEST(a,n) ((a)[(n)>>5] & (1 << ((n) & 31))) unsigned long Smallsieve[SIEVESIZE/32]; long generator(MP_INT *p); /* Construct sieve of prime numbers [3...SIEVESIZE*2] (odd numbers only) */ smallsieve(void) { int j,k,p; memset(Smallsieve,0,sizeof Smallsieve); for(k=0;k < SIEVESIZE;k++){ if(BIT_TEST(Smallsieve,k)) continue; /* 2*k+3 is composite */ p = 2*k+3; /* The next small prime */ for(j=k+p;j>= 1; for(;k < SIEVESIZE;k += s){ BIT_SET(sieve,k); /* s divides start+2*k */ } /* r = p mod s */ r = mpz_mmod_ui(NULL,&p,s); k = s - r; /* p+k is first entry divisible by s */ if(k == s) k = 0; /* s divides p */ while(k & 3) k += s; /* The sieve omits the numbers divisible by 4 */ k >>= 2; for(;k < SIEVESIZE;k += s){ BIT_SET(sieve,k); /* s divides p+2*k */ } } printf("Sieve done, checking remaining candidates...\n"); for(k=0;k AP reported on 5/20/94: >The federal government will begin using computer-generated >signatures to verify the identities of people submitting bids, >contracts and other information electronically. [...] > It is up to people outside the government to decide whether >they want to use the standard, which produces the electronic signature. >Government agencies that currently use some other method of electronic >verification will have to switch to the new standard on Dec. 1, said >Miles Smid, manager of security and technology for the institutes. >[...] > >[The standard employs] a 320-bit number that makes up the >electronic signature. The government computer then compares >the signature against the person's public key, which would be stored in >a government database. Brad bdolan at well.sf.ca.us From hughes at ah.com Sat May 21 07:05:14 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 21 May 94 07:05:14 PDT Subject: Is my DH exchange secure? In-Reply-To: <199405210512.WAA04068@mail.netcom.com> Message-ID: <9405211408.AA12666@ah.com> [Please don't quote entire messages. It's a good way to make sure your words afterwards get read by far fewer people.] The one precaution I did not take is: (from discussion above) [looking for number of small order] Does the careful choosing of n and g eliminate this problem, or do I need to modify my Diffie-Hellman code to check g^a for short order? How do you check a number for short order? If you wish to use generators mod p, proper choice of the prime will minimize the problem; the generator has nothing to do with it. All generators are symmetric, or, more precisely, the automorphism group takes each generator to every other. Picking the prime p so that p=2q+1 and q prime will reduce the number of elements with small order to 2, namely 1 and -1. In the more general case, let p=kq+1, where q is the large prime factor of p-1 necessary for security. Now the order of an element x must divide p-1, so if it's not of order q or larger, i.e. safe, then it must be of order k. So calculate x^k (mod p) and see if it's equal to 1. If it is, then x has small order. On the other hand, the tests for small order can be minimized by using a generator of the subgroup of size q inside the group mod p, rather than a generator of the full group. Let p=kq+1 and let g be a generator of Z/pZ (notation for the group of integers modulo p). Then g^k has order q in Z/pZ. Since g generates the group, kq is the smallest positive integer t such that g^t = 1 (mod p). g^(kq) = (g^k)^q, so g^k has order q. Now if you use h=g^k as the base for the D-H exchange, the only h^x with small order happens when x=0. One can simply make the range of the random numbers from 1 to q-1. Because h has order q, and since q is prime, every h^x except x=0 will also have order q. Therefore there are no "bad" values for x. They have been removed by construction in advance. Eric From hfinney at shell.portal.com Sat May 21 09:28:38 1994 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Sat, 21 May 94 09:28:38 PDT Subject: Is my DH exchange secure? Message-ID: <199405211629.JAA13647@jobe.shell.portal.com> With a strong prime, there is no need to use generators, as Eric implied. Looking at Phil's list, we see 2's and 5's being chosen as generators. Even for those cases where 2 is not a generator, it has period (n-1)/2. This is just as good, from what I understand. Finding the discrete log depends on the size of the modulus, not on the size of the group, unless the size of the group is drastically less than the size of the modulus. That is why the DSA uses a modulus of 512 bits and a group of size 160 bits. Even a group this small provides all the security associated with a 512 bit modulus. (Caveat: I haven't been able to find my reference to this, but I read it a few weeks ago in a crypto paper, and I am confident it is standard number theory/cryptography.) In the case of a 1024 bit strong prime, non-generators (other than 1 and -1) have period of size 1023 bits, just as good for all prac- tical purposes. For what I was calling "strongish" primes, which are about 100 times easier to find (primes of the form kq+1, where q is prime and k is around 100), I think it is also unnecessary to check for generator-hood. Non-generators are overwhelmingly likely to have periods greater than 1000 bits in size, which provides all the security of the 1024 bit modulus. Putting this together, secure Diffie-Hellman is much easier to do than the more careful implementations require. Picking a strongish prime need not take much longer than choosing an RSA key of twice the size (e.g. it takes about as long to choose a strongish 1024 bit prime as to create a 2048 bit RSA key). Then pick a random element as the base for the DH exponentiation, choose your x's and y's at random, and go. Adding the extra checks really doesn't increase the security. Hal From CCGARY at MIZZOU1.missouri.edu Sat May 21 16:48:27 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sat, 21 May 94 16:48:27 PDT Subject: *Here they come Message-ID: <9405212348.AA10525@toad.com> Peter Murphy asks for some clarifications. In "DEATH TO STATISTS", I, of course, exclude minarchists from the term "statists". For "DEATH TO STATISTS", I should have substituted "DEATH TO LEFT WING STATISTS" as they are the kind that particularly infuriate me. A PC would not be equivalent to a left wing statist. A PC would have more characteristics that a left wing statist. I have not figured out the exact recipe for such monsters yet. Would "DEATH TO PC'S" violate campus speech codes? Anyway, I think that its important to let them know that we really don't approve of them. They disapprove of so many things & are go aggressive about showing their disapproval & intolerance that I think its only fair. Incidentally, I think that people should be aware of the debt that we owe NEWSWEEK with respect to the "POLITICALLY CORRECT". In their Dec. 24, 1990 issue, NEWSWEEK attacked the politically correct enforcers. It was their "THOUGHT POLICE" issue & it devoted at least 10 pages to their abuses. That issue collectivized the term "POLITICALLY CORRECT". Before that issue, the "POLITICALLY CORRECT" were nameless & nearly invisible monsters. NEWSWEEK gave us a collectivized sneer word that we could attack them with. I don't know why the term "THOUGHT POLICE" didn't catch on big. Sorry to be so late in replying. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKK! BBBEEEAAATTT STATE ! From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU Sat May 21 18:56:14 1994 From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU) Date: Sat, 21 May 94 18:56:14 PDT Subject: "Email-Firewalls" / Instant Corporate PGP Message-ID: <769568028/vac@FURMINT.NECTAR.CS.CMU.EDU> Companies like the idea of firewall machines to protect the security of their internal nets. I bet they would also like something called an "email-firewall". Names are important. :-) I think of the email-firewall as a slightly modified anonymous-remailer. Outsiders could send encrypted mail to the remailer and it would decrypt it and send it on to the right person inside the company over internal (more secure) nets. The email-firewall could also encrypt outgoing mail when it was going to a person who either had a listed PGP key or who was working at another company with an email-firewall. Also, this remailer would not make the mail anonymous. Corporations need security, not anonimity. Each company would only need to buy one copy of ViaCrypt PGP. For a company this cost is, of course, negligible. With this people inside the company would not need to deal with the encryption directly. They getting encrypted mail would not take anything new, and sending might take a slight change. Of course this is only a step towards true end-to-end encryption, but it is easy and far better than what they have now. Also, it fits with the way companies work. There is a security guard at the entrance to the plant, but once inside people generally trust each other and don't worry about security. With this, internal mail is still like postcards, but external would have an envelope. I thought about this after making a short script (below) so that mail to vac+pgp at cs.cmu.edu (the low security envelope) would be decrypted automatically. This also needed the following line in my .maildelivery: Addr vac+pgp pipe ? /usr/vac/pgp/incoming I am not going to make the "email-firewall" at this time, but thought I would throw the idea out. Has anyone done this? Let me know if you do. One question. How do I extract 2 public keys into one ASCII keyblock? Now that I want to make 2 keys FTPable ... -- Vince #!/bin/csh -f # # Vince Cate setenv PGPPATH /usr/vac/pgp setenv PGPPASS "not really vinces passphrase" cd $PGPPATH cat > mailtmp.asc egrep 'Date:|From:|Subject:|To:' mailtmp.asc > mailtmp echo " " >> mailtmp pgp -f < mailtmp.asc >> mailtmp /usr/ucb/mail -s "Was encrypted" vac < mailtmp exit 0 From joshua at cae.retix.com Sat May 21 20:53:52 1994 From: joshua at cae.retix.com (joshua geller) Date: Sat, 21 May 94 20:53:52 PDT Subject: *Here they come Message-ID: <199405220353.UAA01550@sleepy.retix.com> Gary Jeffers writes: > In "DEATH TO STATISTS", >I, of course, exclude minarchists from the term "statists". For "DEATH >TO STATISTS", I should have substituted "DEATH TO LEFT WING STATISTS" >as they are the kind that particularly infuriate me. right wing statists are no prize either. I see little difference between stalin and hitler, or (on a slightly less elevated plane) between reagan and johnson. josh From merriman at metronet.com Sat May 21 21:55:36 1994 From: merriman at metronet.com (David Merriman) Date: Sat, 21 May 94 21:55:36 PDT Subject: U.S. Card info sites? Message-ID: <199405220457.AA24132@metronet.com> I'm looking for any ftp sites that have any information on the proposed U.S. Card, similar to what the cypherpunks site has on Clipper. Thanks. Dave Merriman From hfinney at shell.portal.com Sat May 21 22:26:18 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 21 May 94 22:26:18 PDT Subject: "Email-Firewalls" / Instant Corporate PGP Message-ID: <199405220527.WAA12131@jobe.shell.portal.com> From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU > #!/bin/csh -f > # > # Vince Cate > > setenv PGPPATH /usr/vac/pgp > setenv PGPPASS "not really vinces passphrase" > > cd $PGPPATH > > cat > mailtmp.asc > > egrep 'Date:|From:|Subject:|To:' mailtmp.asc > mailtmp > echo " " >> mailtmp > > pgp -f < mailtmp.asc >> mailtmp > > /usr/ucb/mail -s "Was encrypted" vac < mailtmp > > exit 0 A more secure way is not to setenv PGPPASS but rather: setenv PGPPASSFD 1 and then (echo "vinces passphrase" ; cat mailtmp.asc) | pgp -f >> mailtmp The PGPPASSFD means take the passphrase from file descriptor 1, which is the standard input. This way it never appears in the environment of a process. Many unix systems have a switch to ps to show all processes' environments. Hal From jamesd at netcom.com Sat May 21 22:28:21 1994 From: jamesd at netcom.com (James A. Donald) Date: Sat, 21 May 94 22:28:21 PDT Subject: *Here they come In-Reply-To: <199405220353.UAA01550@sleepy.retix.com> Message-ID: <199405220528.WAA21550@netcom.com> This is very far of topic, and I promise not to make any further postings on this thread, but: joshua geller writes > right wing statists are no prize either. I see little difference between > stalin and hitler, or (on a slightly less elevated plane) between > reagan and johnson. It is unreasonable to call Hitler a right wing Statist. He was a socialist, and the radical left had very mixed feelings about him and vigorously opposed US action against him, until he made war on Stalin. Franco and Pinochet can reasonably be called right wing statists I would say there is a substantial difference between right wing and left wing statists. The right wingers, being conservative, do not change things so drastically, and so are less inclined to wreak havok than the left wing statists. I would rather have king log than king stork any day. -- --------------------------------------------------------------------- | We have the right to defend ourselves and our James A. Donald | property, because of the kind of animals that we | are. True law derives from this right, not from jamesd at netcom.com | the arbitrary power of the omnipotent state. From anonymous at extropia.wimsey.com Sat May 21 23:38:57 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Sat, 21 May 94 23:38:57 PDT Subject: No Subject Message-ID: <199405220621.AA00432@xtropia> -----BEGIN PGP SIGNED MESSAGE----- Hello again. I have been too busy to post very much to the net recently, but I'm still here. As an experiment, I wanted to hack PGP 2.3A to produce and use 2048-bit keys. There was nothing sophisticated about this hack. I just changed MAX_BIT_PRECISION in mpilib.h to 4096, upgraded the POOLSIZE in random.c to 1024, and changed the version number to "2.3b" in pgp.c so I would know when I am running the hacked version. Generating 2048 bit keys is very painful, because over 260 bytes need to be typed for the pool. It took over five minutes to generate the key after the pool was full. Once created, though, encryption and decryption are not significantly slower than with 1024 bit keys, at least not on my 486DX2/66 running Linux 1.0. It only took 3 seconds to encrypt pgpdoc1.txt (using -ea) and 8 seconds to decrypt the result. Of course, the large keys created with "2.3b" are not compatible with any other version. I attempted to use the PSEUDORANDOM compiling flag, but pgp refused to link. I suppose I should put some more effort into resolving this problem. I am sending this note out for those who would like to play with big keys, but did not want to take the time to hunt through the source looking for the necessary values to change. Please treat this as an *experiment*. It is entirely possible that "2.3b" is potentially insecure, because I have not made any attempt to locate all of the memory-erasing routines that clean up after key generation and encryption and confirm that they erase all of the new memory used. I hope that the more sophisticated cypherpunks will not sneer too much at my feeble beginner's efforts. I would like to hear from anyone who performs this experiment, perhaps with a more sophisticated hack, and does timing tests on other machines, especially slower machines like 386's and 68020's. Lady Ada -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLd53bKXNQdJx1hMZAQHaEwQApOWGq0P+OqsgYolbZrjaIWhrghhV9KcY X5DqgKK8NLdND1aR17JVwUEQeo3eFok6NTjioiLg4sIQdTQNOX8Nd9bQgMxswyyi EIe/6Ki9YrxlArteUoc0zy7MaB0V1sxH3CdvEQmLnr8XKU03pnD7FCZXedjhic93 +Tt4fNrNGYk= =LmWA -----END PGP SIGNATURE----- From lile at netcom.com Sun May 22 02:28:38 1994 From: lile at netcom.com (Lile Elam) Date: Sun, 22 May 94 02:28:38 PDT Subject: PGP2.5 pulled and PGP2.6 coming.... Message-ID: <199405220928.CAA00680@netcom.com> I found this on MIT's ftp server... -lile at: net-dist.mit.edu ftp> pwd 257 "/pub/PGP" is current directory. ftp> ftp> get README - 200 PORT command successful. 150 Opening ASCII mode data connection for README (1670 bytes). -----BEGIN PGP SIGNED MESSAGE----- The beta version of PGP 2.5 is now being removed from MIT file servers. In about a week, MIT will begin distribution of a new release numbered PGP 2.6. PGP 2.6 will incorporate a new version of RSAREF, scheduled for release by RSA Data Security next week, and will also correct bugs that were reported in PGP 2.5. In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions. MIT's intent is to discourage continued use of the earlier infringing software, and to give people adequate time to upgrade. As part of the release process, MIT has commissioned an independent legal review of the intellectual property issues surrounding earlier releases of PGP and PGP keyservers. This review determined that PGP 2.3 infringes a patent licensed by MIT to RSADSI, and that keyservers that primarily accept 2.3 keys are mostly likely contributing to this infringement. For that reason, MIT encourages all non-commercial users in the U.S. to upgrade to PGP 2.6, and all keyserver operators to no longer accept keys that are identified as being produced by PGP 2.3. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQBVAgUBLdezEVUFZvpNDE7hAQGRhAH+KACuaOfMynsL9QGmJpp9ToWEJB+1OFGb whoZbHbw/H268zIrFoCcm24UITcBiIcuSsk3ydpMyFTb/YBgIbzgqQ== =EbV1 -----END PGP SIGNATURE----- 226 Transfer complete. remote: README 1704 bytes received in 0.27 seconds (6.1 Kbytes/s) ftp> From hfinney at shell.portal.com Sun May 22 10:49:16 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 22 May 94 10:49:16 PDT Subject: "Email-Firewalls" / Instant Corporate PGP Message-ID: <199405221750.KAA17007@jobe.shell.portal.com> From: ecarp at netcom.com (Ed Carp) > > A more secure way is not to setenv PGPPASS but rather: > > setenv PGPPASSFD 1 > > The PGPPASSFD means take the passphrase from file descriptor 1, which is > > the standard input. > > I thought stdin was 0, and stdout was 1... Oops; Ed is right, of course; that should be setenv PGPPASSFD 0. Hal From hfinney at shell.portal.com Sun May 22 11:11:08 1994 From: hfinney at shell.portal.com (Hal) Date: Sun, 22 May 94 11:11:08 PDT Subject: Is my DH exchange secure? Message-ID: <199405221812.LAA17924@jobe.shell.portal.com> > With a strong prime, there is no need to use generators, as Eric implied. My wording here was a little clumsy; I was not contradicting Eric but rather attempting to amplify his comments. There is no need to look for primitive roots (elements of maximal order); rather you just want to avoid elements of low order. I found the paper I referred to which described the tradeoffs between the order of the group and the size of the modulus. It is "Efficient Signature Generation by Smart Cards", by C.P. Schnorr, in the Journal of Cryptology, 1991, v4, pp161-174. This is the patented Schnorr signature which has been the basis for PKP's claim that the federal Digital Signature Standard infringes the Schnorr patent. (Bruce Schneier recently posted on sci.crypt that a paper presented at Eurocrypt 94 analyzed all the different discrete- log based signature scheme, and in his opinion cast doubt on this claim of infringement.) Schnorr deals with a prime p, and a smaller prime q which divide p-1. In his system, q is a lot smaller than p, just big enough to provide the requisite security. Small q's allow for faster calculation of g^x since x is, say, 140 bits rather than 512 bits. Here is what Schnorr writes on page 163 (he uses "alpha" where we were using g, as the generator of the group): "The Security Complexity 2^t. We wish to choose the parameters p, q so that forging a signature or an authentication requires about 2^t steps by known methods. For this we choose q >= 2^(2t) and p such that 2^t is about exp(sqrt(ln p ln ln p)). The security number t may depend on the application intended. For signature we consider in particular t=72 rather that [sic] t=64, since 2^64 steps may be insufficient in view of the rapid technological progress in computing power and speed. For p>=2^512 and q>=2^140 the discrete logarithm problem requires at least 2^72 steps by known algorithms. (It may soon be necessary to increase the lower bound p>=2^512 due to the current progress in computing discrete logarithms.) The restriction that the order of [alpha] is a prime much smaller than p provides no advantage in any of the known discrete logarithm algorithms provided that q>=2^140. The prime q is necessary to avoid an index calculus attack and a square root attack (see Section 2)." The attack described in section 2 is interesting. Also known as the baby-step-giant-step attack, it is a simple meet-in-the-middle-technique. Suppose you wanted to solve a^x=y given a and y. Suppose for simplicity that x is known to be in the range of 0 to 100. What you can do is to calculate two lists. The first is ( a^10, a^20, a^30, ..., a^90 ). The second is ( y/(a^1), y/(a^2), y/(a^3), y/(a^4), ..., y/(a^9) ). Then you just look for a number which is common to both lists. If a^20 is the same as y/(a^4) then we know that y = a^24. So this takes square root of q in time and space. Schnorr says that Pollard has a trick to use less space. (Remember the discussion we had here some time back of the prac- ticality of meet-in-the-middle attacks given the huge space needs for even 2^64 hashes? I think Pollard's trick may apply to those as well.) Hal From ecarp at netcom.com Sun May 22 12:05:03 1994 From: ecarp at netcom.com (Ed Carp) Date: Sun, 22 May 94 12:05:03 PDT Subject: "Email-Firewalls" / Instant Corporate PGP In-Reply-To: <199405220527.WAA12131@jobe.shell.portal.com> Message-ID: <199405221435.HAA22130@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- > A more secure way is not to setenv PGPPASS but rather: > setenv PGPPASSFD 1 > and then > (echo "vinces passphrase" ; cat mailtmp.asc) | pgp -f >> mailtmp > > The PGPPASSFD means take the passphrase from file descriptor 1, which is > the standard input. This way it never appears in the environment of a > process. Many unix systems have a switch to ps to show all processes' > environments. I thought stdin was 0, and stdout was 1... - -- Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLd9ttCS9AwzY9LDxAQFS8AP/YdcP2+2q/4en/CfOMT1CmiTDNMYHkHre 7r9u3I3wT4kvO525+rEvN5o4/QY0xIlSk1DVgdHI6s+mgthxCQOC+J+2nI22Ojq5 i3pwr+Wkdq9DAmKLVfKqEVxZ2wqnJtE7nZHrio03V6zMFlotyjp3HsQeM5g+uVgY 2k/GraN3P6k= =Trn6 -----END PGP SIGNATURE----- From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU Sun May 22 13:05:42 1994 From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU) Date: Sun, 22 May 94 13:05:42 PDT Subject: "Email-Firewalls" / Instant Corporate PGP Message-ID: <769636657/vac@FURMINT.NECTAR.CS.CMU.EDU> ecarp at netcom.com (Ed Carp): >I thought stdin was 0, and stdout was 1... That works much better!!!! Thanks. I also made an outgoing "pgp-send" and renamed the incoming to "pgp-receive". The pgp-send can be used for many users but does need a new line in your .maildelivery for each. They are both FTPable from: ftp://furmint.nectar.cs.cmu.edu/security I also include them below. -- Vince #!/bin/csh -f # # pgp-send # # This lets you set up mail addresses like "vac+eric" so you # can send that you send encrypted mail without any extra work. # To use this add lines like the following to your .maildelivery # file: # # Addr vac+tovince pipe ? /usr/vac/pgp/pgp-send vac+pgp at cs.cmu.edu # # The "vac+tovince" is your own alias for this person. The # vac+pgp at cs.cmu.edu is both the mailing address and what PGP uses # to find the key. # # This assumes PGPPATH is set and pgp is on your PATH. # If not either fix that, or add a "cd" to that directory. # # Note that the unecrypted mail will be on your machine a little # longer this way so this is a bit less secure than encrypting the # mail by hand. However, this is a short period, and if your # machine's security is broken they could have read your mail as you # wrote it. # # With this, someone would need to do some "breaking and entering" # to get at your mail. # # Vince Cate # vac at cs.cmu.edu # # cd /usr/vac/pgp set TO = $1 cat > sendtmp.txt pgp -fe $TO < sendtmp.txt | /usr/ucb/mail -s "encrypted mail" $TO /bin/rm sendtmp.txt exit 0 #!/bin/csh -f # # pgp-receive # # The idea is to have an email address like "vac+pgp" that causes # this script to be run which decrypts the mail and then sends it # to your normal address. # # This lets you receive encrypted mail on a Unix machine without # having to do anything extra. It will work with any Unix machine # that supports .maildelivery files using any mail reader. It # could even be used to forward mail to non-Unix machines if you # thought you were on a reasonably secure net. The entry in the # .maildelivery file should be something like: # # Addr vac+pgp pipe ? /usr/vac/pgp/pgp-receive # # This would be safe if your host machine were safe. In any case, # someone has to do some "breaking and entering" to get your mail. # So this is much better than no encryption at all. # # This file is ftp://furmint.nectar.cs.cmu.edu/security/pgp-receive # Vince Cate # vac at cs.cmu.edu # # For me the pgp directory is protected, so is a good to be in # that directory both to drop the temporary file. # The setenve PGPPASSFD 1 tells PGP to get the passphrase from # the standard input. To install this you need to edit the 3 # places with a "vac". setenv PGPPATH /usr/vac/pgp setenv PGPPASSFD 1 cd $PGPPATH cat > mailtmp.asc egrep 'Date:|From:|Subject:|To:' mailtmp.asc > mailtmp echo " " >> mailtmp # This is less secure since some Unix ps commands can show other # user's environemnts. # # setenv PGPPASS "not really vacs passphrase" # pgp -f < mailtmp.asc >> mailtmp setenv PGPPASSFD 0 (echo "not really vacs passphrase" ; cat mailtmp.asc) | pgp -f >> mailtmp /usr/ucb/mail -s "Was encrypted" vac < mailtmp exit 0 From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU Sun May 22 13:31:17 1994 From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU) Date: Sun, 22 May 94 13:31:17 PDT Subject: "Email-Firewalls" / Instant Corporate PGP Message-ID: <769638533/vac@FURMINT.NECTAR.CS.CMU.EDU> The pgp-send body should just be: >set TO = $1 > >cat | pgp -fe $TO | /usr/ucb/mail -s "encrypted mail" $TO Can always check: ftp://furmint.nectar.cs.cmu.edu/security/pgp-send ftp://furmint.nectar.cs.cmu.edu/security/pgp-receive For latest version... -- Vince From jmdaluz at kquest.com Sun May 22 14:34:30 1994 From: jmdaluz at kquest.com (Jose M. daLuz) Date: Sun, 22 May 94 14:34:30 PDT Subject: Cantwell Bill Clears Committee Message-ID: <199405222134.RAA09344@zork.tiac.net> I found this in sci.crypt today. Does anyone know if a full House vote on the export bill is the next step here? In any case, it's definitely time to contact our Reps again and remind them of the importance of this act. --------------------------------------------- From: castor at hassle.Stanford.EDU (Castor Fu) Newsgroups: sci.crypt Subject: US Crypto Export controls may weaken -- Cantwell bill clears committee Followup-To: talk.politics.crypto Date: 21 May 1994 20:15:58 GMT Organization: Stanford University Lines: 21 Distribution: world Message-ID: NNTP-Posting-Host: hassle.stanford.edu X-status: N In the clari.nb.govt an article () reports that Maria Cantwell's (D-WA) amendment to the Export Administration Act has cleared the House Foreign Affairs committee. The bill would turn over responsibility for all non-military crypto to the Commerce dept, and that most forms will be exportable without licensing. For more information on the bill, HR3627, look for Cantwell at ftp://ftp.eff.org/pub/EFF/Policy/Legislation/Bills_by_sponsor Presumably, this means the bill will proceed to a vote before the House. (Question for US readers: does your rep's position on HR3627 match yours?) I realize this does not quite meet the "charter" of sci.crypt, but since it is relevant news, I hope you will forgive the intrusion. I have directed followups to talk.politics.crypto -Castor Fu -- Jose M. daLuz KnowledgeQuest Online Research jmdaluz at kquest.com (508)996-6101(vox)/(508)996-6215(fax) From djb at silverton.berkeley.edu Sun May 22 16:33:57 1994 From: djb at silverton.berkeley.edu (D. J. Bernstein) Date: Sun, 22 May 94 16:33:57 PDT Subject: why moderate when you can write some code instead? Message-ID: <199405222229.PAA24497@silverton.berkeley.edu> (I'm not on cypherpunks... but alt.fan.david-sternlight is. [chuckle]) Attached is an article I wrote recently on the proposed moderation of alt.sources. You can see its possible relevance to talk.politics.crypto and sci.crypt. Someone just has to sit down and add a few lines to rn. ---Dan Path: silverton.berkeley.edu!djb From: djb at silverton.berkeley.edu (D. J. Bernstein) Message-ID: <5423.May2612.03.1993 at silverton.berkeley.edu> Date: Wed May 26 12:03:19 GMT 1993 Newsgroups: alt.sources.d,alt.config Subject: Re: Serious proposal to make alt.sources MODERATED References: <1993May10.171718.26298 at infodev.cam.ac.uk> Organization: IR Whenever a social problem is caused by technology, it can be fixed by better technology. I want to tell rn, ``Make me a newsgroup consisting of certain articles from alt.sources. Which articles? Well, read through alt.sources.index, take all the Message-ID's listed there, and select those articles from alt.sources for me. Call this new newsgroup alt.sources.indexed. Oh, yeah, dump all the other articles into alt.sources.nonindexed.'' Maybe this would be easier for rn if alt.sources.index articles had a specialized ``article selector'' format. No big deal. All that's important is that there be _some_ selector format which we can use. Note that I might decide later that I don't like alt.sources.index; I prefer the selectors which Joe Shmoe posts every day in alt.frobozz. I should be able to tell rn, ``Make me a virtual group with every article from Joe titled SOURCE SELECTOR. Call it alt.frobozz.shmoe.'' Then I can use alt.frobozz.joeshmoe in place of alt.sources.index. I expect that selectors, when properly implemented, will entirely replace moderated groups. They'd be an easy first step for the USENET Interface Project. ---Dan From nelson at crynwr.com Sun May 22 17:05:46 1994 From: nelson at crynwr.com (Russell Nelson) Date: Sun, 22 May 94 17:05:46 PDT Subject: How bout that unbiased Clipper debate? Message-ID: In re Phil Karn's comment that Stuart Baker was an asshole. Perhaps he was just being one for pay? (see below): Newsgroups: alt.wired From: brian at tired.wired.com (Brian Behlendorf) Finally, the article by Baker was almost word-for-word the same pitch he had given at CFP and other places he's had the opportunity to speak. I wonder if his recent resignation from the NSA has anything to do with this... -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From gtoal at pizzabox.demon.co.uk Sun May 22 23:35:36 1994 From: gtoal at pizzabox.demon.co.uk (gtoal@gtoal.com) Date: Sun, 22 May 94 23:35:36 PDT Subject: Kick-starting the eeconomy - my view of ecash... Message-ID: <9405230629.AA09270@pizzabox.demon.co.uk> Well, I once dived into the anon remailer thread when knowing nothing about them, and something useful came of it, so I'll risk diving into the electronic money argument today, and I warn you in advance I know even less about that - it's something I haven't been following closely because I couldn't see how anonymous cash could work without some non-anonymous means of stopping double spending, like a central bank. So, my conclusion, based on no research whatsover :-) is that anonymous e-cash is probably not going to work but that a reputation-based system might, and I'm now going to describe what I think is how a reputation- based system would work: it's based on the exchange of personal IOUs and it seems to get round the other problem I've seen here of how to kick-start the eeconomy... Firstly, there's no central money-issuer. Let's say I am running a service for sale - say a newsclipping service where I will scan my mailspool and send you articles matching a set of patterns you've registered with me (I just pick this example because it's a program I'm currently working on), then if you want to use my service, you write me a personal eIOU for the fee, demonimated in the currency of this scheme. Let's call the currency the Ob. (SF readers might recognise it. It stands for an 'Obligation' - a personal IOU of one unit) So, you mint however many Obs I decide I want to charge for the service, and we enter a contract where you transfer the Obs to me. I can either accept them directly, or via a third-party exchange at a central bank which *doesn't* hold any money, but is simply a reputation server - this is necessary when accepting new Obs from someone you've never heard of, on a transaction for an amount greater than you are willing to risk on an unverified transaction. In the simple case, if, at any time in the future, I want something from you, I give you your Obs back in exchange for the service. However, you *have* to be willing to exchange your Obs for cash *or* the Obs of someone with a good reputation at the bank. If you can't, your reputation value at the bank goes down, but that doesn't mean people can't still do business with you - individual people who trust you personally might still take your minted money if they believe that you will be able to repay someday - but total strangers most likely won't accept your personal Obs any more... but they will still deal with you, as long as you pay in Obs from other trustworthy people. You might however be better off enhancing your reputation back up by using these trustworthy Obs you've earned to buy back your own IOUs. (Later you'll see that simply acquiring these Obs is equivalent since it enhances your reputation and revalues your personal IOUs, but I'm talking about the early days of this system where personal IOUs still are treated as such and haven't morphed into a more notional currency) (Note that if I cash in your Obs for servives, that's straight barter, albeit rather complex, if they've been passed round a lot, but provably barter and therefore exempt from tax. If I demand cash from your obs then it's income and expenditure and one would have to pay tax on the money exchanged.) This scheme allows a lot of money to get into circulation quickly, probably starting with small sums exchanging between friends, until the reputation server gets enough data to be meaningful. I haven't worked out the details of how a good reputation server would structure its algorithms - that's probably a full-time PhD-level project, but it looks to me intuitively obvious that something could be made to work. (Note that you *could* simply make the reputation server a strict account-balancer, weighing up what a person has issued against what they've received, and the reputation value being the bottom line, but I think for the scheme I describe here to work, it has to be much more than that, and in fact I'd like to explore the possibility here of working on reputation alone and ignoring the strict bottom-line...) The significance of a good reputation server is to block frauds such as person A mints a large amount of money and exchanges it with a similar number of Obs from person B a few times (or in practice a larger clique of conspirators) in order to enhance the reputations of A and B as trustworthy individuals that people do business with. Anyway, the end result of this is that the economy takes off straight away, possibly even with large sums involved, but restricted at first to cliquish groups of friends who all trust each other, but slowly the cliques merge as people accept Obs from others outside their clique - initially they would make personal real-world reputation checks to verify that someone could back up an Ob, but after enough transactions had happened at this level, a pgp-like web-of-trust would build up in the reputation server which would allow you to accept people's Obs whom you'd never met. Of course, once the system was in place, when you did a transaction with someone you could have the choice of insisting not on their personal Obs as payment, but for an Ob from someone with a sound reputation. This *isn't* like a central bank note - there wouldn't be millions out there under one person's name - but there *might* be millions of people with very sound reputations. Eventually it would get to the point as with current currency that you no longer feel you have to trade it in for gold (as we used to do) to be sure that the currency is still valued - because the reputation system would give more confidence than the gold reserves did, especially if you had a good spread of originators for all the Obs you held. And it would make you appreciate the riskiness of big business at a personal level - would you want to hold a million bucks in money backed only by Bill Gate's personal IOU? The biggest flaw in this scheme you might have spotted already is what to do when someone with a good reputation turns bad - or dies. Well, dying is relatively easy - when someone dies, notionally all the Obs they've issued are returned to their estate to be replaced with all the Obs they've received (ie their current bank balance held in Obs). Any shortfall is taken out their estate in real terms by the executors; and surplus is given to their inheritors. If they're insolvent and can't exchange their Obs for those of people with good reputations, well, unfortunately the holders of the Obs have to take the loss and their reputation is wiped out at the bank. *However*... what would really happen is that in general people's Obs would be continued to be traded after their death. The executor would do the calculation above, to see if the person was in real debt when they died, and if they were their reputation at the bank would be lowered by a percentage, but not wiped out. This would devalue the utility of their Obs for use in large transactions but they could continue to be used in small transactions where people didn't care too much about the risk (eg trivial net services, like my newsclip example, which I'd be using to generate low-level money) Of course, people would have to trake care never to build up a portfolio of money from too many people of poor reputation - it would be effectively like small change - no-one ever keeps millions in nickles and dimes, but everyone needs them for day-to-day small transactions. So in all likelihood after someone's death the money would simply remain in the economy, because if their books balanced it wouldn't be necessary to call them in. And their books balancing would at a first approximation be equivalent to them having a good reputation at the time of death. The other problem I mention is the harder one; someone genuinely builds up a good reputation, then makes some transactions and ducks out of the system with real good paid for with their personally-minted cash which is now valueless. Well, we have similar problems at the moment with real cash - it's called counterfeiting. Counterfeiters are criminals and once identified have to go on the run and avoid being detected; anyone who copped out of this system would be instantly detected: If reputation servers would be based on real IDs, they would never be able to get back into society, so there would be a great disincentive to doing this in the first place, if reputation servers were based on nyms, it would take them a *long* time to build up a new reputation that would allow people to do business with them. (I guess they could sell off all the stolen goods for 'clean' Obs, but they could never trade on their own reputation for a long time, and anyone doing business with them would insist on reputable Obs, so as soon as the stolen money ran out, they'd be in trouble - broke) But that's just waffle saying the event is unlikely; in reality, it probably would happen. So how is it handled? I guess by trashing the reputation of that person, which would mean that the loss from the theft would be spread out over all the personal Obs they've ever issued - anyone who held a lot of them would be wiped out - they wouldn't be valueless, but they could only be used as small change and would take a long time to offload. Which is fitting I guess, because it's people who took a lot of money from this person who built up the undeserved strong reputation in the first place. Though by the time this scheme turned into a global large-scale economy, I guess personal integrity checks for large transactions would be rarer - on the other hand, once the economy gets to that size, the risk of leaving bad money in the system lessens, as it's slowly decoupled from the original strong concept of a personal IOU. Well, hey, it's Science Fiction, I don't expect it all to make sense. So what do folks think? Is this like any of the existing schemes? (I don't think so - the guy who did the Ghostmark scheme seemed to have limited the currency supply to a fixed amount and only money that he minted could be used, although I may have misunderstood entirely) - I'm afraid I've never been interested in this field until I had the thoughts above last night, so I haven't read the Chaum papers yet. Is this the sort of scheme he proposes? I know you guys are gung-ho on anonymity, and a reputation-based system seems to preclude that. But I'm not so sure - either it could be made to work on nyms (the reputation server software would have to be pretty slick, but it needs to be anyway, and the input from a real-life credit check part of the initial reputation value would become less and less significant as time went on, when this scheme worked effectively from birth...) or anyone who wanted anonymity *in a particular transaction* would merely have to deal in other people's well-reputed Obs. In fact, once there was a good money supply going, people would tend towards doing that anyway - issuing of a personal Ob would have to be done *very* carefully, because it would automatically decrease your reputation - it would be like taking out a bank loan that *could* be called in at any moment, so you'd be sure to do it only when you could afford to, and you'd only be *able* to when you had a good strong reputation or could make a transaction with someone with a strong reputation, who trusted you to pay *them* off - in fact, this mechanism would cover both a real live electronic bank manager, *or* a personal backed loan, like a parent's guarantee to help you through college, for instance. Hell, I was almost finished, but I ran off at the mouth again. I'll stop now until I can get some feedback... G PS If its an idea worth trying on a small scale, what do you say we try it ourselves? - now we find out what our reputations are *really* worth :-) Would *you* sell a used car for tmp at netcom notes? :-) Oh hell, I feel another tract coming on... here goes (sorry)... I mentioned at the start that the scheme didn't rely on a central bank but on a shared unit of currency. There's no reason why there only needs to be *one* shared unit of currency. Long-term, globally, yes, it could be desirable. But in kick-starting the system there could be several independant schemes running - for instance, the Cypherpunk Ob, started by trading among ourselves; the Extropian Ob for those people next door who I've never really understood what they're up to; the RKBA Ob shared by everyone that hasn't yet left rec.politics.guns; the Queer Ob shared by everyone on soc.motss; the Worthless Ob, used by the clique on alt.religion.kibology; the Boston Ob, used geographically among people in Boston because of physical proximity being used to kick-start the reputation server, etc etc. So it's reasonable to trial it here, and if the scheme takes off, the various currencies might eventually set up an exchange rate like national currencies, or they might merge into one - who knows... (this is how the banking system in Scotland developed - we originally had lots of competing banks issuing their own money) G (*really* signing off this time...) From wcs at anchor.ho.att.com Sun May 22 23:45:09 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Sun, 22 May 94 23:45:09 PDT Subject: PGP2.5 pulled and PGP2.6 coming.... Message-ID: <9405230644.AA21809@anchor.ho.att.com> Yeah, it was pretty weird (they also posted it to sci.crypt and *.pgp.) If you need a copy, it's available on ftp.eff.org and probably half a dozen other sites that grabbed it before they announced they were pulling it. I couldn't tell if they did it this was because they'd had a misunderstanding about what RSA would really let them get away with and got burned, or if they did it on purpose either to give RSA a way to save face on PGP while preserving deniability or to give RSA partial control over "PGP", since competing with RIPEM wasn't doing the job. But it's nice to have available out either way. If anybody's got connections with the PGP 2.6 development folks, it would be *very* nice if they can make PGP 2.6 be more Stealthy, since it's going to be incompatible with the previous versions anyway. Bill From tcmay at netcom.com Mon May 23 00:50:27 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 23 May 94 00:50:27 PDT Subject: I posted "gtoal" string to 3 groups Message-ID: <199405230750.AAA28631@netcom.com> Just to let you know, I took up the challenge Graham Toal proposed: I posted messages with the string "gtoal" somewhere in them. For good measure, I did it in 3 Usenet newsgroups. I did this more than a week ago, and have not seen any reponse, any indication that Graham found the messages. (I didn't announce that I was planning to send the messages, as that would make it "too easy"--a real signal would not be planned in advance like this, so I chose to say nothing.) Any comments from Graham? If I missed this, I'm sorry. I've been travelling, but think I've at least _seen_ most or all messages. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From catalyst-remailer at netcom.com Mon May 23 02:11:17 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Mon, 23 May 94 02:11:17 PDT Subject: Magic Money status and future Message-ID: <199405230911.CAA25072@mail2.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- How is the budding digital cash economy going? How many coins are in circulation, and how many transactions are taking place per day? Are people just playing around, or are they exchanging things or services of genuine value? What's the address of the DigiFrank server, and where's it's key? Recently I posted a functional spec for an automatic Magic Money client. Nobody said anything about it. Does this mean that (a) it was good, or (b) nobody cares? If you would have a use for this, please post and tell me what you want it to do. For a robust digital cash economy to develop, we will need multiple servers. In fact, lots of them. We need a currency exchange, preferably third-party (i.e. not a server operator) and for-profit. To use digital cash safely, if servers are going to be run by arbitrary people, you would have to hold many different currencies. This way if one server goes bust (inflates its currency, gets its secret key stolen, ...) you have not lost too much. That means we need Magic Money 2.0. It needs to handle multiple currencies transparently. You should be able to list your holdings of all currencies, and the program should be able to track currency rates. A special message format would allow a currency exchange to update the values stored in the client automatically, just as the server can update the elist automatically. I'm looking for design suggestions (and volunteers to code parts of it!) One point I'm not sure on is: should you be able to pay out multiple currencies in one payment? It could be done as long as a server-id field was added to the coins.dat file. The problem is that when you go to exchange those coins, the client would have to generate multiple messages, each for a different server, and then you would have to mail each one to the correct server. Is the complication worth it? How about a command-line option to put the address of each server before its message? Then those with direct net access could use a script to do all the mailing for them. If PGP 2.6 comes out and becomes a de-facto standard, I will probably update PGP Tools to support both formats. I might even write a patent-safe PGP Tools which only does the 2.6 format and calls RSAREF (ugggh). But if I do there will also be an MPILIB-based version which supports both. Pr0duct Cypher -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeBnp8GoFIWXVYodAQGeYAQAoqquLcWcWRF8QNWP4mAY2qF0gYiBH3h7 WPAXIfp4niDtNwOvvLZ5iJQwjY88cuSm/LCqSWSSK4FPifm4M0wrUeWNnzXdzmLe g4IMGNzrup8Xx38REiVxU8wDSht15/GYbBV4Co57EXBoSBqaCylezSCnHnGsn4nM nGblnRjmPQ8= =GfG2 -----END PGP SIGNATURE----- From rishab at dxm.ernet.in Mon May 23 02:25:44 1994 From: rishab at dxm.ernet.in (Rishab Aiyer Ghosh) Date: Mon, 23 May 94 02:25:44 PDT Subject: Dr Dobbs CDROM In-Reply-To: <199405192127.OAA26067@servo.qualcomm.com> Message-ID: Phil Karn writes: > I wouldn't necessarily assume anything about Dr. Dobbs filing a CJ > request. Actually it was a hypothesis. If they haven't, they may be violating ITAR as they _do_ export it. My point was that, due to the difficulty of using the DDJ code, this case is very different from Schneier's. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Mon May 23 02:33:25 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 23 May 94 02:33:25 PDT Subject: Secure mosaic crippled Message-ID: hughes at ah.com (Eric Hughes): > The transaction model has a crippled mode for people > outside the US and Canada > > Crippled? [from the press release]: non-U.S. residents may have to use weaker 40-bit keys in conjunction with RSA's RC2 and RC4 variable keysize ciphers. EIT intends to publish Secure-HTTP as an Internet _40_ bit keys!!!??? And that's _not_ crippled? That's decapitated! -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Mon May 23 02:33:33 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 23 May 94 02:33:33 PDT Subject: TLAs, AOLs and Tim May's FAQ Message-ID: Tim May, after complaining about discussions on Oldsmobiles and housing policy has absolutely fallen madly in love with ackronyms, going by his recent posts (after a long silence indeed). What's up, Tim? Trying to get our minds off that wonderful FAQ you keep leaking tidbits from? ;-] -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From bart at netcom.com Mon May 23 02:38:03 1994 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 23 May 94 02:38:03 PDT Subject: Bruce Sterling's talk at CFP Message-ID: <199405230937.CAA04258@netcom.com> I read this in the May 2nd issue of Microtimes, and asked the author's permission to post it here. On rereading I think it suffers in the transcription, since it was originally a speech. And I'm not sure I understand or agree with everything in it. But I think it does contain some arguments worth disseminating. Forwarded message: > From bruces at well.sf.ca.us Sun May 22 08:41:47 1994 > Date: Sun, 22 May 1994 08:41:33 -0700 > From: Bruce Sterling > Message-Id: <199405221541.IAA22662 at well.sf.ca.us> > To: bart at netcom.com > Subject: Re: Fan mail & request > > Yeah, you can post it if you want. Here. > > Bruce Sterling > bruces at well.sf.ca.us > > LITERARY FREEWARE: NOT FOR COMMERCIAL USE > > Remarks at Computers, Freedom and Privacy Conference IV > Chicago, Mar 26, 1994 > > I've been asked to explain why I don't worry much about the > topics of privacy threat raised by this panel. And I don't. One reason > is that these scenarios seem to assume that there will be large, > monolithic bureaucracies (of whatever character, political or > economic) that are capable of harnessing computers for one-way > surveillance of an unsuspecting populace. I've come to feel that > computation just doesn't work that way. Being afraid of monolithic > organizations especially when they have computers, is like being > afraid of really big gorillas especially when they are on fire. > > The threat simply doesn't concur with my historical > experience. None of the large organizations of my youth that > compelled my fear and uneasy respect have prospered. Let me just > roll off a few acronyms here. CCCP. KGB. IBM. GM. AEC. SAC. > > It was recently revealed that the CIA has been of actual > negative worth -- literally worse than useless -- to American > national security. They were in the pockets of the KGB during our > death struggle with the Soviet Union -- and yet we still won. > Japanese zaibatsus -- Japan Inc. -- the corporate monoliths of Japan > -- how much hype have we heard about that lately? I admit that > AT&T has prospered, sort of -- if you don't count the fact that > they've hollowed themselves out by firing a huge percentage of their > personnel. > > Suppose that, say, Equifax, turned into an outright fascist > organization and stated abusing privacy in every way they could. > How could they keep that a secret? Realistically, given current > employment practices in the Western economies, what kind of > loyalty could they command among their own personnel? The low > level temps have no health insurance and no job security; the high > level people are ready to grab their golden parachutes and bail at any > time. Where is the fanatically loyal army of gray flannel > organization men who will swear lifelong allegiance to this > organization, or *any* organization in this country with the possible > exception of the Mafia? > > I feel that the real threat to our society isn't because people > are being surveilled but because people are being deliberately > ignored. People drop through the safety nets. People stumble > through the streets of every city in this country absolutely wrapped > in the grip of demons, groping at passersby for a moment's attention > and pity and not getting it. In parts of the Third World people are > routinely disappeared, not because of high-tech computer > surveillance but for the most trivial and insane reasons -- because > they wear glasses, because they were seen reading a book -- and if > they survive, it's because of the thin thread of surveillance carried > out by Amnesty International. > > There may be securicams running 24 hours a day all around us, > but mechanical surveillance is not the same as people actually > getting attention or care. Sure, rich people, like most of us here, are > gonna get plenty of attention, probably too much, a poisonous > amount, but in the meantime life has become so cheap in this society > that we let people stagger around right in front of us exhaling > tuberculosis without treatment. It's not so much information haves > and have-nots and watch and watch-nots. > > I wish I could speak at greater length more directly to the > topic of this panel. But since I'm the last guy to officially speak at > CFP IV, I want the seize the chance to grandstand and do a kind of > pontifical summation of the event. And get some irrepressible > feelings off my chest. > > What am I going to remember from CFP IV? I'm going to > remember the Chief Counsel of NSA and his impassioned insistence > that key escrow cryptography represents normality and the status > quo, and that unlicensed hard cryptography is a rash and radical leap > into unplumbed depths of lawlessness. He made a literary reference > to BRAVE NEW WORLD. What he said in so many words was, "We're > not the Brave New World, Clipper's opponents are the Brave New > World." > > And I believe he meant that. As a professional science fiction > writer I remember being immediately struck by the deep conviction > that there was plenty of Brave New World to go around. > > I've been to all four CFPs, and in my opinion this is the darkest > one by far. I hear ancestral voices prophesying war. All previous > CFPs had a weird kind of camaraderie about them. People from the > most disparate groups found something useful to tell each other. > But now that America's premiere spookocracy has arrived on stage > and spoken up, I think the CFP community has finally found a group of > outsiders that it cannot metabolize. The trenchworks are going up > and I see nothing but confrontation ahead. > > Senator Leahy at least had the elementary good sense to > backpedal and temporize, as any politician would when he saw the > white-hot volcano of technological advance in the direct path of a > Cold War glacier that has previously crushed everything in its way. > > But that unlucky flak-catcher the White House sent down here > -- that guy was mousetrapped, basically. That was a debacle! Who > was briefing that guy? Are they utterly unaware? How on earth > could they miss the fact that Clipper and Digital Telephony are > violently detested by every element in this community -- with the > possible exception of one brave little math professor this high? > Don't they get it that everybody from Rush Limbaugh to Timothy > Leary despises this initiative? Don't they read newspapers? The > Wall Street Journal, The New York Times? I won't even ask if they > read their email. > > That was bad politics. But that was nothing compared to the > presentation by the gentleman from the NSA. If I can do it without > losing my temper, I want to talk to you a little bit about how > radically unsatisfactory that was. > > I've been waiting a long time for somebody from Fort Meade to > come to the aid of Dorothy Denning in Professor Denning's heroic and > heartbreaking solo struggle against twelve million other people with > email addresses. And I listened very carefully and I took notes and I > swear to God I even applauded at the end. > > He had seven points to make, four of which were disingenuous, > two were half-truths, and the other was the actual core of the > problem. > > Let me blow away some of the smoke and mirrors first, more > for my own satisfaction than because it's going to enlighten you > people any. With your indulgence. > > First, the kidporn thing. I am sick and tired of hearing this > specious blackwash. Are American citizens really so neurotically > uptight about deviant sexual behavior that we will allow our entire > information infrastructure to be dictated by the existence of > pedophiles? Are pedophiles that precious and important to us? Do > the NSA and the FBI really believe that they can hide the structure of > a telephone switch under a layer of camouflage called child > pornography? Are we supposed to flinch so violently at the specter > of child abuse that we somehow miss the fact that you've installed a > Sony Walkman jack in our phones? > > Look, there were pedophiles before NII and there will be > pedophiles long after NII is just another dead acronym. Pedophiles > don't jump out of BBSes like jacks in the box. You want to impress > me with your deep concern for children? This is Chicago! Go down > to the Projects and rescue some children from being terrorized and > recruited by crack gangs who wouldn't know a modem if it bit them > on the ass! Stop pornkidding us around! Just knock it off with that > crap, you're embarrassing yourselves. > > But back to the speech by Mr. Baker of the NSA. Was it just me, > ladies and gentlemen, or did anyone else catch that tone of truly > intolerable arrogance? Did they guy have to make the remark about > our missing Woodstock because we were busy with our > trigonometry? Do spook mathematicians permanently cooped up > inside Fort Meade consider that a funny remark? I'd like to make an > even more amusing observation -- that I've seen scarier secret > police agencies than his completely destroyed by a Czech hippie > playwright with a manual typewriter. > > Is the NSA unaware that the current President of the United > States once had a big bushel-basket-full of hair? What does he > expect from the computer community? Normality? Sorry pal, we're > fresh out! Who is it, exactly, that the NSA considers a level-headed > sober sort, someone to sit down with and talk to seriously? Jobs? > Wozniak? Gates? Sculley? Perot -- I hope to God it's not Perot. > Bob Allen -- okay, maybe Bob Allen, that brownshoe guy from AT&T. > Bob Allen seems to think that Clipper is a swell idea, at least he's > somehow willing to merchandise it. But Christ, Bob Allen just gave > eight zillion dollars to a guy whose idea of a good time is Microsoft > Windows for Spaceships! > > When is the NSA going to realize that Kapor and his people and > Rotenberg and his people and the rest of the people here are as good > as people get in this milieu? Yes they are weird people, and yes they > have weird friends (and I'm one of them), but there isn't any > normality left for anybody in this society, and when it comes to > computers, when the going got weird the weird turned pro! The > status quo is *over!* Wake up to it! Get used to it! > > Where in hell does a crowd of spooks from Fort Meade get off > playing "responsible adults" in this situation? This is a laugh and a > half! Bobby Ray Inman, the legendary NSA leader, made a stab at > computer entrepreneurism and rapidly went down for the third time. > Then he got out of the shadows of espionage and into the bright > lights of actual public service and immediately started gabbling like > a daylight-stricken vampire. Is this the kind of responsive public > official we're expected to blindly trust with the insides of our > phones and computers? Who made him God? > > You know, it's a difficult confession for a practiced cynic like > me to make, but I actually trust EFF people. I do; I trust them; > there, I've said it. But I wouldn't trust Bobby Ray Inman to go down > to the corner store for a pack of cigarettes. > > You know, I like FBI people. I even kind of trust them, sort of, > kind of, a little bit. I'm sorry that they didn't catch Kevin Mitnick > here. I'm even sorry that they didn't manage to apprehend Robert > Steele, who is about one hundred times as smart as Mitnick and ten > thousand times as dangerous. But FBI people, I think your idea of > Digital Telephony is a scarcely mitigated disaster, and I'll tell you > why. > > Because you're going to be filling out your paperwork in > quintuplicate to get a tap, just like you always do, because you don't > have your own pet court like the NSA does. And for you, it probably > is going to seem pretty much like the status quo used to be. But in > the meantime, you will have armed the enemies of the United States > around the world with a terrible weapon. Not your court-ordered, > civilized Digital Telephony -- their raw and tyrannical Digital > Telephony. > > You're gonna be using it to round up wiseguys in streetgangs, > and people like Saddam Hussein are gonna be using it to round up > democratic activists and national minorities. You're going to > strengthen the hand of despotism around the world, and then you're > going to have to deal with the hordes of state-supported > truckbombers these rogue governments are sending our way after > annihilating their own internal opposition by using your tools. You > want us to put an axe in your hand and you're promising to hit us > with only the flat side of it, but the Chinese don't see it that way; > they're already licensing fax machines and they're gonna need a lot > of new hardware to gear up for Tiananmen II. > > I've talked a long time, but I want to finish by saying > something about the NSA guy's one real and actual argument. The > terrors of the Brave New World of free individual encryption. When > he called encryption enthusiasts "romantic" he was dead-on, and > when he said the results of spreading encryption were unpredictable > and dangerous he was also dead-on, because people, encryption is not > our friend. Encryption is a mathematical technique, and it has about > as much concern for our human well-being as the fact that seventeen > times seventeen equals two hundred and eighty-nine. It does, but > that doesn't make us sleep any safer in our beds. > > Encrypted networks worry the hell out of me and they have > since the mid 1980s. The effects are very scary and very > unpredictable and could be very destabilizing. But even the Four > Horsemen of Kidporn, Dope Dealers, Mafia and Terrorists don't worry > me as much as totalitarian governments. It's been a long century, > and we've had enough of them. > > Our battle this century against totalitarianism has left > terrible scars all over our body politic and the threat these people > pose to us is entirely and utterly predictable. You can say that the > devil we know is better than the devil we don't, but the devils we > knew were ready to commit genocide, litter the earth with dead, and > blow up the world. How much worse can that get? Let's not build > chips and wiring for our police and spies when only their police and > spies can reap the full benefit of them. > > But I don't expect my arguments to persuade anyone in the NSA. > If you're NSA and I do somehow convince you, by some fluke, then I > urge you to look at your conscience -- I know you have one -- and > take the word to your superiors and if they don't agree with you -- > *resign.* Leave the Agency. Resign now, and if I'm right about > what's coming down the line, you'll be glad you didn't wait till later. > > But even though I have a good line of gab, I don't expect to > actually argue people out of their livelihood. That's notoriously > difficult. > > So CFP people, you have a fight on your hands. I'm sorry that a > community this young should have to face a fight this savage, for > such terribly high stakes, so soon. But what the heck; you're > always bragging about how clever you are; here's your chance to > prove to your fellow citizens that you're more than a crowd of net- > nattering MENSA dilettantes. In cyberspace one year is like seven > dog years, and on the Internet nobody knows you're a dog, so I figure > that makes you CFP people twenty-eight years old. And people, for > the sake of our society and our children you had better learn to act > your age. > > Good luck. Good luck to you. For what it's worth, I think you're > some of the best and brightest our society has to offer. Things look > dark but I feel hopeful. See you next year in San Francisco. > > From nelson at crynwr.com Mon May 23 04:11:51 1994 From: nelson at crynwr.com (Russell Nelson) Date: Mon, 23 May 94 04:11:51 PDT Subject: The American money capture In-Reply-To: <199405011708.KAA16423@jobe.shell.portal.com> Message-ID: Date: Sun, 1 May 1994 10:08:14 -0700 From: Hal (Also, note that a constant money supply in a growing economy is effectively deflationary. Below, you call this a "view". I call this a clear fact, and feel sorry for anyone who doesn't immediately see it also! The money supply must increase at least as fast as economic growth or it will serve as an active brake on the economy, IMO. I don't know what economic school this view comes from, but I first heard it from Milton Friedman.) They thought that the inflation they saw was due to psychological factors, people not trusting the bank, or greedy merchants trying to take advantage of the public. (These arguments were echoed in the 1970's and 1980's, but they have of course been widely discredited now. The issue was far less clear in 1850.) Discredited but still bandied about. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From nelson at crynwr.com Mon May 23 04:13:21 1994 From: nelson at crynwr.com (Russell Nelson) Date: Mon, 23 May 94 04:13:21 PDT Subject: Zero-balance money supply Message-ID: I wonder how well a zero-balance money supply would work (having positive and negative money)? Positive and negative money is created simultaneously by a single transfer of wealth. The only problem I see is the possibility of reneging on negative money. Of course, when that happens nowadays, we call it bankruptcy. So I guess we deal one way or another. The banking system would have to constantly take a percentage of all transfers to pay its costs, one of which is bankruptcies. I *think* it would be impossible to inflate or deflate such a currency. Inflation might occur if people lost faith in it, but it would also have a negative feedback effect. Inflation increases people's ability to pay off their negative money, which puts a cap on the amount of inflation that could occur. As soon as the money inflated a little, people who could pay off their negative balances would do so at the newly inflated value. I also think it would be impossible to run such a currency anonymously, because a negative balance is essentially a loan, and how could you loan money to someone who could be anyone? Only if they had established a reputation with their public key... Hmmm... Interesting, then. You could only effectively work anonymously if you had created a reputation for your anonym. And that reputation would have to be established in some way *before* anyone would loan you money, otherwise such a loan would end up being a gift. One way to establish such a reputation would be to write some free software, or answer Usenet questions, or were otherwise seen to be knowledgable and responsible. I haven't seen anyone try it yet, though. Does anyone know of such an attempt? -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From rishab at dxm.ernet.in Mon May 23 04:14:17 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 23 May 94 04:14:17 PDT Subject: Skipjack backdoor? NOT! Message-ID: grendel at netaxs.com (Michael Handler): > In short, is it possible that the NSA built in a backdoor to > Skipjack so they can stay ahead of the game like they used to in the > pre-Clipper days? > > Also, at the risk of starting a "computing power increases vs. > difficulty of factoring vs. potential cost" flamewar: Is it possible that > the NSA can brute force Skipjack? _Applied Crypto_ says that Skipjack only > has an 80-bit key. How easily could the NSA break an 80-bit key? > If they were that smart, they'd simply have made Skipjack weak enough to easily break, and not cause all the outcry by suggesting escrows. See my earlier post, "Why dumb criminals will NOT use Clipper". -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Mon May 23 04:14:22 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 23 May 94 04:14:22 PDT Subject: Restoring list membership Message-ID: gtoal at an-teallach.com (Graham Toal): > : I'll wait for two days in case anyone on this list has strong objections to > : returning the membership to status quo ante. If not, I'll send the form letter. > > I think it was an excellent opportunity to cull the dead wood. How about > instead of resubbing all 500+, you just send them all a mail telling them > what happened and how to resub. That way we only get the interested ones > back... Hey! I wasn't dreaming of spending all the trouble to forge mail manually through telnet 25 to resubscribe them. I'm just sending them a form letter, like Mike Ingle's. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From danielce at mullian.ee.mu.OZ.AU Mon May 23 05:43:24 1994 From: danielce at mullian.ee.mu.OZ.AU (Daniel AMP Carosone) Date: Mon, 23 May 94 05:43:24 PDT Subject: Zero-balance money supply In-Reply-To: Message-ID: <199405231243.WAA26469@munagin.ee.mu.OZ.AU> [just rejoined after a period of absence, sorry if this has been covered before, but Russ' post looked like a thread-starter so I thought I'd jump in.] Russell Nelson writes: > I wonder how well a zero-balance money supply would work (having > positive and negative money)? Positive and negative money is created > simultaneously by a single transfer of wealth. Some friends of ours tried starting up a regional group of a system called LETS, which works on this principle. The group members traded `spots' for services or items - in this case generally stuff like gardening/handyman work, computer programming, whatever their skills were. The spots were tallied in each member's account with a community `bank'. The key to the whole thing was that there is no value in the currency itself, only in the *exchange*. It never really got far enough off the ground to become self sustaining, due to lack of interest or general apathy, but was an interesting idea. Apparently there are a number of communities in the US with this kind of system established, as well as other kinds of barter economies. > I also think it would be impossible to run such a currency > anonymously, because a negative balance is essentially a loan, and > how could you loan money to someone who could be anyone? Only if > they had established a reputation with their public key... One of the interesting features of such an alternative economy, especially when when it operates side-by-side with a traditional one where debtors could leave the system, is that there is a strong community incentive to prevent anyone building up either too large a debt or too great wealth. In both cases such a person becomes a risk and a burden. But there is never any problem of someone keeping money out of circulation, or being short of small change. In the LETS system I mentioned above, everyone's current balance and trading volume were published in a newsletter. That way, community members were encouraged to keep their balances, and those of their trading partners, near zero. > Hmmm... Interesting, then. You could only effectively work > anonymously if you had created a reputation for your anonym. And that > reputation would have to be established in some way *before* anyone > would loan you money, otherwise such a loan would end up being a gift. This is the same situation as now. However, consider that you don't actually *need* anyone to lend you money -- you can make as much as you like yourself by contributing to the community, or borrow some from the community at any time. > One way to establish such a reputation would be to write some free > software, or answer Usenet questions, or were otherwise seen to be > knowledgable and responsible. I haven't seen anyone try it yet, > though. Does anyone know of such an attempt? Sure.. lots of people are doing those things you mention.. in fact I'm sure I've seen you do *all* of them yourself, Russ :) -- Dan. From gtoal at an-teallach.com Mon May 23 06:09:04 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 23 May 94 06:09:04 PDT Subject: I posted "gtoal" string to 3 groups Message-ID: <199405231308.OAA15960@an-teallach.com> : From: "Timothy C. May" : Just to let you know, I took up the challenge Graham Toal proposed: I : posted messages with the string "gtoal" somewhere in them. For good : measure, I did it in 3 Usenet newsgroups. : I did this more than a week ago, and have not seen any reponse, any : indication that Graham found the messages. : (I didn't announce that I was planning to send the messages, as that : would make it "too easy"--a real signal would not be planned in : advance like this, so I chose to say nothing.) : Any comments from Graham? Heh, smart aleck! Since no-one seemed to be interested, I didn't bother looking closely at the 90K of logs that Larry Wall's clip program generates every day when you've got a big pattern file, *and* as luck would have it, the damn program started breaking the very day after I posted that so I could have missed it anyway. And now my wife is visiting me for a couple of weeks holiday so I'm afraid I don't have time at the moment for net.fun. Actually I'm slowly rewriting the clip program in C with more powerful functionality so it can be used to extract multiple threads and file them separately - currently it all goes into one big file, for all patterns - either that or you run multiple processes, and they're expensive. When I get a more robust and useful system going I'll mention it here and maybe we can try the experiment again. Also if it works well, I hope to make the service available to others under a magic-money kind of scheme. : If I missed this, I'm sorry. I've been travelling, but think I've at : least _seen_ most or all messages. I'm setting off for a tour of the Scottish highlands myself, in about 30 minutes. Bye for now, everyone. G From mech at eff.org Mon May 23 08:07:58 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 23 May 94 08:07:58 PDT Subject: House hearings on NII (fwd) Message-ID: <199405231505.LAA04636@eff.org> Forwarded message: Date: Sat, 21 May 1994 07:51:02 -0400 From: farber at central.cis.upenn.edu (David Farber) Subject: House hearings on NII MAY 26, 1994 (THURSDAY) TECHNOLOGY, ENVIRONMENT AND AVIATION SUBCOMMITTEE: 9:30 A.M. - 12:00 NOON - 2318 RHOB HEARING: Electronic Commerce and Interoperability in the National Information Infrastructure -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From mech at eff.org Mon May 23 08:44:08 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 23 May 94 08:44:08 PDT Subject: Update on AOL Baker/NSA/Quittner/EFF appearances Message-ID: <199405231543.LAA05557@eff.org> [From HotWIRED 1.04] Reminders/changes - AOL speakers: +--+--+--+--+--+--+--+--+--+--+-- Stewart Baker, the FORMER (his scheduled resignation became effective last week) chief counsel for the National Security Agency, will appear in AOL's Center Stage (from AOL type the keyword "Center Stage") on Thursday, May 26, 7-9p.m. EST. He will be taking questions from the audience regarding Clipper. His article, "Don't Worry, Be Happy - Why Clipper is Good for You," from WIRED 2.06 is currently available from WIRED Online. Josh Quittner, Newsday technology reporter, will appear in the WIRED Auditorium (from AOL, type keyword "wired" and then click on the WIRED Auditorium Icon) on June 1, 9-10 p.m. EST. He will discuss the making of the Electronic Frontier Foundation. -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From nelson at crynwr.com Mon May 23 09:08:02 1994 From: nelson at crynwr.com (Russell Nelson) Date: Mon, 23 May 94 09:08:02 PDT Subject: Zero-balance money supply In-Reply-To: <199405231243.WAA26469@munagin.ee.mu.OZ.AU> Message-ID: From: Daniel AMP Carosone Date: Mon, 23 May 1994 22:43:10 +1000 [crypto content: has anyone tried to impart reputation to an anonym? ] Russell Nelson writes: > I wonder how well a zero-balance money supply would work (having > positive and negative money)? Positive and negative money is created > simultaneously by a single transfer of wealth. Some friends of ours tried starting up a regional group of a system called LETS, which works on this principle. Yes, I'm sorry, I should have mentioned LETS by way of crediting them. One of the interesting features of such an alternative economy, especially when when it operates side-by-side with a traditional one where debtors could leave the system, is that there is a strong community incentive to prevent anyone building up either too large a debt or too great wealth. In both cases such a person becomes a risk and a burden. But there is never any problem of someone keeping money out of circulation, or being short of small change. I think that it's more a matter of trust. If you trust the system to work well, you can carry a high positive balance (e.g. selling a house to someone). In the LETS system I mentioned above, everyone's current balance and trading volume were published in a newsletter. That way, community members were encouraged to keep their balances, and those of their trading partners, near zero. Right. It encourages you to keep your wealth as wealth, and not wealth receipts. But then again, inflation encourages that also. :) > Hmmm... Interesting, then. You could only effectively work > anonymously if you had created a reputation for your anonym. And that > reputation would have to be established in some way *before* anyone > would loan you money, otherwise such a loan would end up being a gift. This is the same situation as now. However, consider that you don't actually *need* anyone to lend you money -- you can make as much as you like yourself by contributing to the community, or borrow some from the community at any time. Hmmm, hadn't thought of that (tho it's obvious now that I do). Yes, it's community-based, trust-based borrowing. But also hmmm, it lets individuals make borrowing decisions for the corporate body. Not necessarily such a good thing. > One way to establish such a reputation would be to write some free > software, or answer Usenet questions, or were otherwise seen to be > knowledgable and responsible. I haven't seen anyone try it yet, > though. Does anyone know of such an attempt? Sure.. lots of people are doing those things you mention.. in fact I'm sure I've seen you do *all* of them yourself, Russ :) No, I meant "establish a reputation for an anonym". But thanks for the complement (NOT)!. [sorry, I guess I'm a looser, a looser of bad jokes.] [ but then again if I was *that* sorry I wouldn't make them in the first place, eh? ] -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From fnerd at smds.com Mon May 23 10:13:13 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 23 May 94 10:13:13 PDT Subject: Charge for Internet, Please. Message-ID: <9405231712.AA03272@smds.com> Re: the latest "Taxpayer Assets Project" pettition against charges for internet use. Personally, internet charges, combined with dropping of NSF involvement, can't come too quickly for me. I want to sign the counter-pettition: To whom it may concern: I'm willing to pay, just get out of the way. I don't mind if schools subsidize their students' accounts (tuitions pay for it already and would still do so), or if whoever funds research would subsidize researchers' accounts. But then I believe in the separation of school and state, science and state, art and state. If a charge of $20/month (and falling) gets rid of the whiners, charge on. Fat chance, of course, but they don't bother me as long as no one takes their advice. - -Steve Witham quote me - - - - - - - - - - - - - - - To auditors without the code, calls seem indistinguishable from noise. --George Gilder -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From mech at eff.org Mon May 23 11:05:51 1994 From: mech at eff.org (Stanton McCandlish) Date: Mon, 23 May 94 11:05:51 PDT Subject: NIST UPDATE for 23 May 1994 (fwd) Message-ID: <199405231804.OAA10514@eff.org> See first article (others deleted - measurment devices, medical standards, etc.) Forwarded message: Date: Mon, 23 May 1994 09:06:52 -0400 (EDT) From: NIST Public Affairs Division Subject: NIST UPDATE for 23 May 1994 To: NIST UPDATE Distribution Reply-to: baum at micf.nist.gov FILE: NIST UPDATE DATE: May 23, 1994 CONTENTS: Standard Helps Users `Sign' Electronic Data [...] --------------------------------------------------------------------- This is the e-mail edition of NIST UPDATE. NIST UPDATE is a bi-weekly synopsis for journalists of current activites, research results, and program announcements from the National Institute of Standards and Technology. If you are interested in an electronic subscription to NIST UPDATE, send e-mail with your request (including the name of the news organization you represent, if you are not a free-lance writer) to: media at micf.nist.gov (Internet) or 71742,1344 (CompuServe). NIST UPDATE may also be found on the NIST gopher service: gopher-server.nist.gov --------------------------------------------------------------------- COMPUTER SECURITY Standard Helps Users `Sign' Electronic Data NIST recently announced approval of the Digital Signature Standard, which can be used to indicate that electronic messages and forms are authentic, much as handwritten signatures are used on checks, contracts and other paper documents. Many applications of the National Information Infrastructure, including electronic commerce, will benefit from the authentication service offered by digital signatures. The DSS, known as Federal Information Processing Standard 186, can be used in such areas as electronic mail, electronic funds transfer, software distribution, data storage and electronic data interchange. The government is not aware of any patents that would be infringed by this standard and will not charge royalties to those using the standard. The DSS applies to all federal departments, agencies and their contractors for the protection of unclassified information when digital signatures are required. Copies of the DSS (FIPS PUB 186) are available from the National Technical Information Service, Springfield, Va. 22161, (703) 487-4650. Media Contact: Anne Enright Shepherd, (301) 975-4858 aeshep at micf.nist.gov [...] -- Stanton McCandlish * mech at eff.org * Electronic Frontier Found. OnlineActivist "In a Time/CNN poll of 1,000 Americans conducted last week by Yankelovich Partners, two-thirds said it was more important to protect the privacy of phone calls than to preserve the ability of police to conduct wiretaps. When informed about the Clipper Chip, 80% said they opposed it." - Philip Elmer-Dewitt, "Who Should Keep the Keys", TIME, Mar. 14 1994 From mimir at illuminati.io.com Mon May 23 11:14:26 1994 From: mimir at illuminati.io.com (Al Billings) Date: Mon, 23 May 94 11:14:26 PDT Subject: Roger Clarke on authoritarian IT (fwd) Message-ID: ---------- Forwarded message ---------- INFORMATION TECHNOLOGY WEAPON OF AUTHORITARIANISM OR TOOL OF DEMOCRACY? Paper being presented at the IFIP World Congress, Hamburg, 31 August 1994 Roger Clarke Department of Commerce Australian National University Canberra ACT 0200 Roger.Clarke at anu.edu.au Strong tendencies exist to apply information technology to support centralist, authoritarian world views. It is argued that alternative architectures can be readily created, which are more attuned to the openness and freedoms which are supposed to be the hallmarks of democratic government. It is questioned whether authoritarianism will be capable of surviving the complexities, dynamism and widely distributed power which are features of the emergent information societies. Keyword Codes: H.1, J.1, K.4 Keywords: information systems; administrative data processing; computers and society 1. INTRODUCTION The genre of 'anti-utopian' novels described futures repugnant to humanity. The classic image of an information-rich government dominating citizens' thoughts and actions is associated with Zamyatin's 'We' (1922) and Orwell's '1984' (1948), but the technological basis of the surveillance culture had been established as early as the late nineteenth century by Jeremy Bentham's designs for a model prison, incorporating the all-seeing and ubiquitous 'panopticon' (1791). Foucault (1975) argued that the prison metaphor was the leitmotiv of authoritarian society. Bradbury's 'Fahrenheit 451' (1953) and Umberto Eco's 'The Name of the Rose' (1980) speculated on the process and implications of denying information to the public.=20 Art anticipated reality. Information technology (IT) is now being systematically applied to public administration in ways consistent with the anti-utopian nightmare. This paper's purpose is to review the authoritarian model as a basis for applying IT in government, and to champion an alternative, democratic model of IT use. 2. AUTHORITARIANISM'S UNDERLYING ASSUMPTIONS AND VALUES An authoritarian society favours obedience to Authority over individual freedoms, to the extent of demanding subservience of the individual to the State. The notion clusters with tyranny (the cruel exercise of power), despotism and dictatorship (the exercise of absolute power), totalitarianism (single-party government) and fascism (a usually savage blend of authoritarianism with nationalism). Authoritarianism is associated with logical positivist and utilitarian philosophies. These perspectives place very high value on rational social engineering, law and order, and resource efficiency. The populace is perceived as unsophisticated, uneducated, unreliable, chaotic, and/or incorrigibly venal and immoral. For their own good, the organised State must impose control on the unruly people. A further assumption of the authoritarian perspective is that there exist humans with a level of both intelligence and morality superior to the common herd. In different ideologies, their innate superiority derives from different sources, such as the divine right of kings, wealth, force of arms, mystical power, what Machiavelli called virt=FA, wisdom, intellectual merit, technical capability, political cunning, demagogery, and/or public popularity. These superior humans are accepted as being the appropriate ones to make judgements on behalf of their society, with a minimum of checks and balances. They do this through social engineering; that is to say by organising and re-organising society in what they consider the rational way of achieving order and efficiency, and hence of delivering material well-being, and therefore spiritual happiness, for all. 3. THE AUTHORITARIAN MODEL OF I.T. APPLICATIONS Under an authoritarian regime, the populace must be managed. Tools and techniques that have proven effective in managing raw materials, manufactured goods and animals, can be applied to humans too. A unique identifier for each person, and its general use by government agencies and other organisations which conduct transactions with people, are highly desirable tools for efficient social administration. Public administration systems must be designed to exercise control over people, in all of their various roles. There may be scope for at least some semblance of choice by individuals, but employees need to operate within a corporate culture, consumer demand needs to be statistically predictable, and citizens' freedom of choice needs to be constrained, lest unworkable parliaments eventuate, with too many splinter parties, independents and conscience votes. It is only logical that an authoritarian society should recognise the benefits of a unary executive branch, in which the boundaries between agencies are porous. In this way, data can flow freely (such that transaction data and client histories can be cross-verified, and changes of address and status cross-notified), and systems can be tightly integrated and efficient (and hence misdeameanours by people in one arena, such as traffic fines, can be readily punished through another, such as denial of a marriage licence, permission to move apartments, or approval for travel). Authoritarian IT-based systems use a centralised architecture. Elements may be physically dispersed, however, to achieve efficiency in data transmission, and to provide resilience against localised threats such as natural disasters and sabotage by dissidents. The general shape of such systems is that provided by cyberneticians: a cascade of control loops, culminating in a master-controller. In authoritarian regimes, information privacy and data security play important roles. These have little to do with the protection of people, however, but rather serve to protect the integrity of data, and of the system, and to legitimate the repressive system through the provision of nominal rights for data subjects. =46or discussions of the authoritarian application of technology in general, see Ellul (1964) and Packard (1964), and of IT in particular, see Rule (1974), Weizenbaum (1976), Kling (1978), Rule et al. (1980), Burnham (1983), OTA (1986), Laudon (1986), Clarke (1988), Davies (1992) and Ronfeldt (1992, pp.277-287). 4. INSTANCES OF AUTHORITARIAN APPLICATION OF I.T. The reader is by now (hopefully) annoyed by the extent to which the foregoing description has been a caricature, hyperbole, a 'straw man' designed to be easily criticised. However there are manifold instances of just these features in IT-based public administration systems, both those in operation and being conceived, in countries throughout the world. In North America, whose use of IT has been well ahead of that in most other countries, a 'national data center' was proposed as early as 1966. Elements of it have emerged, such as the widespread use of the Social Security Number (SSN) as a unique identifier, proposals for a health id card, and the all-but uncontrolled use of computer matching and profiling. Some protagonists in the current debates surrounding the national information infrastructure (NII) are seeking a network consistent with authoritarian control; for example, by insisting on use only of those cryptographic techniques which are 'crackable' by national security agencies. Australia has followed the North American tendency. It flirted with a national identification scheme in the late 1980s (Greenleaf & Nolan 1986, Clarke 1987, Graham 1990). When that was overwhelmingly rejected by the populace, senior executives in public sector agencies 'went underground'. They have variously gained Parliamentary support for, and smuggled through, a series of measures whose cumulative impact is in some ways already more emphatic than the 'Australia Card' would have been (Clarke 1992). The cultures of many Asian nations are well-suited to authoritarian regimes. There are elements of high-social-efficiency applications of IT in such nations as Singapore. Busy Asian countries have shown especial interest in vehicle monitoring systems. Thailand and the Phillipines appear eager to act as laboratories for United States corporations developing identification and surveillance technologies. Under China's strongly authoritarian political system, it is unlikely that IT will be applied in any way other than to bolster existing relationships between its citizens and the State. In Western Europe, Scandinavian countries lead the way with their social welfare systems and the heavy dependence of their citizens on the State. Denmark's citizen register is a model for authoritarian regimes everywhere, and a looming export success. Other countries are keenly adopting proposals to use IT to constrain the populace, by such means as identification cards (variously for football fans, patients, and the public in general), and the integration of data systems between government agencies, and between countries within and beyond the European Community. In Central and Eastern Europe, there was an expectation that democratic, free enterprise systems would arise to replace the authoritarianism of the collapsed communist regimes. In practice, few of those countries have ever known freedom of choice, and genuine democracy (as distinct from variants of authoritarianism referred to in local lexicons as 'democracy') is not on the agenda of many of these countries. Their focus is on economic growth, rationalist solutions to economic and social problems, and centralism. IT is seen as a tool of authoritarianism, not of democracy; of centralised power, not of a pluralist body politic; and of control, not of freedom. It can come as no surprise that public administration systems are being conceived in these ways. Applications of all kinds are developed by well-trained and self-confident engineers, using unequivocally rationalist techniques. System design comprises the expression of relevant parts of the present and near-future world in a formal model which has the important characteristic of being 'mappable' onto a machine. The application's users and 'usees' (i.e. the people affected by it) are treated as objects to be modelled, not as stakeholders with interests in the process and its outcomes. Human language is treated as though it were an (imprecise) formalism, rather than a means of interaction among people. The designers fail to notice that their formalisms cannot reflect the complexities, ambiguities and dynamism inherent in social systems, and the negotiation and accommodation processes which take place among humans and social groups (Clarke 1992b, Ciborra 1992, Agre 1994, Gronlund 1994). Hence the problems highlighted in this paper are to a considerable degree inherent in the techniques currently used to develop IT applications generally. Nonetheless, their greatest impact on people's freedom is by way of public administration systems. 5. THE DEMOCRATIC ALTERNATIVE The technological determinism notion has been applied to IT. In particular, IT has been accused of being inherently de-humanising, centralist and authoritarian (e.g. Roszak 1986). The standpoint adopted by this author is that technology is essentially morally 'ambivalent' (i.e. it has potential applications and potential impacts variously supportive of, and inimical to, any particular social value - Ellul, 1990). IT may make some paths easier than others, but the choice is made not by blind fate, but by politicians, government executives, and, not least, IT professionals. The alternative political philosophy to authoritarianism is democracy, popularly expressed as 'government of the people by the people for the people', and commonly implemented through representatives chosen regularly and frequently by the combined and equal vote of all competent adults. The democratic ideal derives from the assumption that no class of people has the right to dominate other classes. It reflects the renaissance conception of mankind, whereby each individual should have the opportunity to access and interpret for themselves the ideas of other people and of Gods; and, in more modern terms, should have the scope for self-determination and self-fulfilment. Early computer technology may indeed have encouraged centralisation, but since the marketplace debut of integrated circuitry and the mini-computer about 1970, modern IT has been readily applied in the service of democracy. Open IT-based systems involve nodes which are 'peers', with equal authority in respect of particular functions. For example, in a national health network, each node might take responsibility for all processing and storage relating to a particular aspect of the system's functionality (e.g. support of a particular regional clinic, or epidemiological research into a particular class of diseases), and have special rights recognised by all other nodes in that regard (e.g. the right of access, respectively, to identified data relating to specific patients, and to identifiable data relating to particular diseases and procedures). Similarly, particular kinds of data held at each node (e.g. data identifying a patient) might be recognised as being controlled by that node and require special authority before it could be released to any other node. One form of democratic topology is the unconstrained network, with maximum inter-connectivity, and dominion by each node over the services it provides. Another model is a variant on simple-minded cybernetics: a cascade of controllers which folds around, such that the ultimately controlled (the populace) are also the ultimate controllers (the voters). Before modern communications became available, the only practicable democratic mechanism for geographically large countries was periodic (typically, 3- or 4-yearly) election of representatives. In information societies of the very near future, however, major policy decisions can be instigated, formulated, and decided by direct democracy. Voters may choose to delegate the articulation of broad policies to their elected representatives, but even this can be subject to the over-riding of unpopular decisions, and the removal of representatives the electorate considers are not performing their functions. Hierarchical topologies serve authoritarianism, whereas non-hierarchical ones are consistent with a free society. Access to data under the control of each node must be restricted, until and unless, via due process, disclosure is justified in fulfilment of some higher interest. Such topologies provide not only robustness and adaptability, but also integrity, because clients can trust them, and there is a lower risk of loss of quality (through suspicion and uncooperativeness), and of sabotage (through active attempts to mislead, and direct, destructive action). 6. INSTANCES OF DEMOCRATIC APPLICATION OF I.T. Is this image of democratic computing just a caricature too? Possibly, but examples exist. Local Area Network architectures are inverting the old notion of centralist processors accessed by terminals. The now-conventional names reflect the fact that 'client' workstations demand data and processing from 'servers': the user's device is in control, and the central facility performs at its bidding. In wide-area networking also, peer-to-peer protocols are rivalling and may be progressively replacing the older, hierarchical or 'star' configurations. At the level of inter-networking, the topology of the world-wide TCP/IP-based Internet is essentially flat, the systems software is highly distributed, the redundancy is very high, and its robustness, its resilience and its capacity to resist authoritarian governments are therefore all of a high order. The Internet's technical features have resulted in a culture very different from that on hierarchical nets. It provides a space in which imaginations have substantial freedoms. Some people use those freedoms to create new services and products; others to experiment with self-expression and group-experiences; some as a 'cybernetic' analogue to psychotropic drugs; and some just to distribute pornography or racist materials. Nor are the boundaries between these activities always clear-cut. It seems ironical that the Internet was sponsored by the United States military complex, but the irony is more apparent than real. Systems which support military operations cannot risk the fragility of centralisation, but rather demand robustness and resilience, and therefore redundancy. Moreover, aero-space-defense R. & D. is dispersed across vast numbers of universities and private sector research laboratories. It then seeks to complement competition by collaborative interaction among individual researchers and among potential research partners. To retain its technological and intellectual leadership, it was essential that the U.S.A. avoid the temptation to sustain centralised, authoritarian topologies; and to its credit it knowingly spawned a dynamic, world-wide, democratic network laboratory. 7. A SYNTHESIS This paper has considered the extremes of authoritarianism and democracy. Clearly, any society will demand not only freedoms, but also protections against those who use those freedoms to harm others. Naive authoritarian models are doomed to fail, because they deny freedoms; and naive democratic models are doomed to fail too, because they deny protections. Ronfeldt concluded that IT-based public administration (which he calls 'cyberocracy') "far from favoring democacy or totalitarianism ... may facilitate more advanced forms of both" (1990, p.283). How should new 'cyberocracies' be designed, and how should existing public administration systems be adapted to exploit the new opportunities, while balancing the needs for control and freedom? Authoritarian aspects of schemes could be justifiable in some societies as interim measures. Lenin and then Stalin judged that the country's large peasant population, and its institutions, were insufficiently mature for immediate implementation of the full Communist platform. Unfortunately the repression inherent in their interim arrangements became ingrained, and was only relieved by counter-revolution. Authoritarian elements in public administration should therefore be not only justified, but also demonstrably interim, i.e. the means must be shown whereby they will be replaced, by evolutionary processes, with alternative mechanisms consistent with democratic principles. In any case, the feasibility of grafting democratic features onto an essentially hierarchical model must be regarded as very slim. All power vests in the centre, and any softening of the system's features is by gift of the powerful. Moreover, the system can be manipulated by the powerful (for example, by monitoring nominally confidential communications), and privileges can be withdrawn by the powerful. No freedom-loving populace could regard such a system as credible, and would therefore only submit to it as a result of coercion. Is the alternative feasible: to graft control mechanisms onto an essentially open model? Communication channels can still be tapped and storage devices searched (under warrant). Evidence arising from such interceptions and searches can still be presented in a court of law. Certain actions and uses of IT can be expressly made illegal. The ex post facto controls can therefore still function within open, democratically conceived public administration. Toffler distinguished this form of IT application by coining the term 'practopia' (1980, p.368). What is not so simple to contrive within open systems is effective real-time monitoring and control: Foucault's 'prison' is readily implemented using hierarchical topologies, but if the nodes and arcs of networks are not all under the control of Authority, then preventive controls become much harder to bring to fruition. That, then, is the essential battleground between authoritarian and democratic models of IT: should someone or some class of people, and in particular politicians and senior public sector executives, be permitted to have the power to prevent transgressions? Because it is that kind of control over the public which is at the very heart of the anti-utopian nightmare. 8. CONCLUSIONS Power does not need to be explicitly and consciously granted to public administrators by the voting public, or by their elected representatives. It can accrue, slowly and gently, through developments in IT, through new applications of established techniques, through the gradual 'creep' of existing schemes into new functions, and through seemingly harmless refinements to statutes. As frogs are reputed to do, a society might resist being put into boiling water, yet be lulled to sleep in warm water slowly brought to the boil. This paper commenced by referring to early literary premonitions of authoritarian applications of IT. The fictional literature has undergone a transition. The turning-point was John Brunner's 'The Shockwave Rider' (1975), which explicitly owed a debt to Alvin Toffler's 'Future Shock' (1971). For much of the novel, the hero appears to be putting up a brave fight against inevitable defeat by the State. By turning the power of the net against its sponsors, the hero discovers pockets of surviving resistance, and galvanises the latent opposition to the State. Unlike anti-utopian novels, the book ends on an ambiguous, but (from the humanistic perspective) an optimistic note. Subsequent novels have adopted a quite different pattern. In such works as William Gibson's 'Neuromancer' (1984), and the 'cyberpunk' genre it spawned (see Sterling 1986), people are prosthetic-enhanced cyborgs, plug directly into the net, and induce their 'highs' through a mix of drugs and cyberspace. More importantly for the argument being pursued here, national and regional governments exercise very little power. The hypercorps (successors to the transnational corporations) are responsible for organised economic activity, the majority of the net, and a great deal of the information. Outside this limited, polite society skulk large numbers of people, in communities in which formal law and order have broken down and tribal patterns have re-emerged. Officialdom has not been able to sustain the myth that it was in control; society has become ungovernable. Little echoes of these patterns are evident in contemporary societies. The use of the Internet for anti-social purposes is proving much harder to control than similar behaviour using the telephone network. IT contributed significantly to the breakdown of the Soviet Union because, in addition to improving production effectiveness and efficiency, PCs delivered 'samizdat' - the means for cheap reproduction of dissident newsletters. Lies that had been lived for seven decades could not withstand the heat generated by eager users of a potentially democratising technology. And that was before inter-networking and computer-mediated communications had achieved any degree of sophistication. IT may be applied to public administration in ways consistent with authoritarianism or with democracy. Proponents of hierarchical structures and social engineering, chief amongst them senior public sector executives, must at the very least appreciate the limits of tolerance of authoritarian measures within their society. Preferably, governments should ensure that social administration schemes are not emphatically centralised and incapable of adaptation towards more liberal patterns. And most desirably, public servants, governments and voters themselves, should be exploiting the opportunities for more effective democracy which are being created by information technology. References Agre P. (1994) 'Design for Democracy' Working Paper, Department of Communication, Uni. of California at San Diego (February 1994) Beniger J.R. (1986) 'The Control Revolution: Technological and Economic Origins of the Information Society' Harvard Uni. Press, Cambridge MA, 1986 Bentham J. (1791) 'Panopticon; or, the Inspection House', London, 1791 Bradbury R. (1953) 'Fahrenheit 451 ... The Temperature at Which Books Burn' Ballantine Books, 1953 Brunner J. (1975) 'The Shockwave Rider' Ballantine, 1975 Burnham D. (1983) 'The Rise of the Computer State' Random House, New York, 1983 Ciborra C. (1992) 'From Thinking to Tinkering: The Grassroots of Strategic Information Systems' The Information Society 8,4 (Oct-Dec 1992) Clarke R.A. (1987) 'Just Another Piece of Plastic for Your Wallet: The Australia Card' Prometheus 5,1 June 1987. Republished in Computers & Society 18,1 (January 1988), with an Addendum in Computers & Society 18,3 (July 1988) Clarke R.A. (1988) 'Information Technology and Dataveillance' Commun. ACM 31,5 (May 1988) 498-512 Clarke R.A. (1992a) 'The Resistible Rise of the Australian National Personal Data System' Software L. J. 5,1 (January 1992) Clarke R.A. (1992b) 'Extra-Organisational Systems: A Challenge to the Software Engineering Paradigm' Proc. IFIP World Congress, Madrid (September 1992) Davies S. (1992) 'Big Brother: Australia's Growing Web of Surveillance' Simon & Schuster, Sydney, 1992 Eco U. (1980) 'The Name of the Rose' Picador, 1980, 1984 Ellul J. (1964) 'The Technological Society' Knopf, New York, 1964 Ellul J. (1990) 'The Technological Bluff' William B. Eerdmans, Grand Rapids MI, 1986 Foucault M. (1975) 'Discipline and Punish: The Birth of the Prison' Penguin, 1975, 1979 Gibson W. (1984) 'Neuromancer' Grafton/Collins, London, 1984 Gibson W. (1993) 'Virtual Light' Bantam, New York, 1993 Graham P. (1990) 'A Case Study of Computers in Public Administration: The Australia Card' Austral. Comp. J. 22,2 (May 1990) Greenleaf G.W. & Nolan J. (1986) 'The Deceptive History of the Australia Card' Aust. Qtly 58,4 407-25 (1986) Gronlund A. (1994) 'Public Information Systems' Proc. IFIP World Congress, Hamburg (September 1994) Kling R. (1978) 'Automated Welfare Client Tracking and Welfare Service Integration: The Political Economy of Computing' Comm ACM 21,6 (June 1978) 484-93 Laudon K.C. (1986) 'Dossier Society: Value Choices in the Design of National Information Systems' Columbia U.P., 1986 Orwell G. (1948) '1984' Penguin, 1948, 1980 OTA (1986) 'Federal Government Information Technology: Electronic Record Systems and Individual Privacy' OTA-CIT-296, U.S. Govt Printing Office, Washington DC, Jun 1986 Packard V. (1964) 'The Naked Society' McKay, New York, 1964 Ronfeldt D. (1992) 'Cyberocracy is Coming' The Information Society 8,4 (Oct-Dec 1992) Roszak T. (1986) 'The Cult of Information' Pantheon, 1986 Rule J.B. (1974) 'Private Lives and Public Surveillance: Social Control in the Computer Age' Schocken Books, 1974 Rule J.B., McAdam D., Stearns L. & Uglow D. (1980) 'The Politics of Privacy' New American Library, 1980 Sterling B. (Ed.) (1986) 'Mirrorshades: The Cyberpunk Anthology' Arbor House, New York, 1986 Toffler A. (1971) 'Future Shock' Bantam Books, New York, 1971 Toffler A. (1980) 'The Third Wave' Pan Books, 1980, 1981 Weizenbaum J. (1976) 'Computer Power and Human Reason, Publisher, 1976 Zamyatin E. (1922) 'We' Penguin, 1992, 1980 From nobody at soda.berkeley.edu Mon May 23 12:08:30 1994 From: nobody at soda.berkeley.edu (Tommy the Tourist) Date: Mon, 23 May 94 12:08:30 PDT Subject: Personal message: Lady Ada Message-ID: <199405231908.MAA11588@soda.berkeley.edu> -----BEGIN PGP MESSAGE----- Version: 2.3a hIwCpc1B0nHWExkBBAC0l0t1ES3aiOy4/wR5BX4jMai6bxt7LWK2lxo/fxWJUCmZ id88Z0fCw/6AtK1VbOzWBBbmjSr5LcNm1qU8WKKn1latfB3L5njqlo3ANjSSfkNs fM4Pl0TFszMkrZGpdHCQ8lHnuxmvz4SZlzwUWKhtN9tqFqeKrRDcSUlee7HGt6YA AAIMtgE9dgpaP45zr1hFtZgaFcKHbhDutbGXphlDCWN3pbYTBGZv1yAu7oP6QSzY ye/JFiSU8/eUl8D3p5ZI48gCKSBGagIuGXgPd6KrI0ftosMfUu5XOUlfXSUK0IWs qEQ/k8JFt+UMgGiU3jkOKVxmyhSXaaEzLbxjOmYFrjSS5whdNIiRRvEJqRM6Lm/g CQA8+I72HvIzvFReIyrO65s0jQzPQ52gwtKcn34cpzJ6Uc9uo5p823Iq5mrg25M7 ihSGj57udFEXjhZmOpCiGX8pesE3I+hbBC24jqb8OWUEnT/4T4jmsWiE55qepjpI 5pEwBIyswcCpdpdCbU9sX4XUKRNEdMA8pA1B7zIJfzxHKF2nPsWwdg9btP1aOand NistvPPzTxb7dF68aeQfcbcfx0R/8YjaJ7W37zau4899epaSdX5biyfRNr43EF1m gxasGrR36S50HYg+Qp6Vh+qAAOhR7YNrSyrXx/LvdVzGOGuHxSEZTN03xd7VfGcY ox96Iln2NDnPYJHL+uiPa9Uumy95pF1GwYTE2wjjmSbJ7hetZj+BDOpd1aWLdq6y kBBAOHiojK7MgqTWeRJ9BsXBNGq106YPg4lcoYsLj2cqYwEEdIRF47nVm76O+fht XWgu2sW8dvwlRGlYzGvXr+suHyFNhc0uVCVPDScfm8ScV7+Po7fAYSnslIavMaU= =kZSb -----END PGP MESSAGE----- ------------ To respond to the sender of this message, send mail to remailer at soda.berkeley.edu, starting your message with the following 7 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```$-S^P;+]AB?X9TW6\8W2:&P&2$;<_/=V`OWU[\V$R%+N-I=9;S$:.F.\,; ====Encrypted-Sender-End==== From ravage at bga.com Mon May 23 13:49:51 1994 From: ravage at bga.com (Jim choate) Date: Mon, 23 May 94 13:49:51 PDT Subject: SUE - the legal morass (fwd) Message-ID: <199405232049.AA20196@zoom.bga.com> Forwarded message: From lefty at apple.com Mon May 23 14:02:22 1994 From: lefty at apple.com (Lefty) Date: Mon, 23 May 94 14:02:22 PDT Subject: SUE - the legal morass (fwd) Message-ID: <9405232101.AA13800@internal.apple.com> {A convoluted tale of woe involving Indians, archaeologists, the Feds and a fossil named "SUE" elided...} This is all very exciting, but, contrary to (apparently) popular belief, steganography has _nothing_ to do with dinosaurs. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jamiel at sybase.com Mon May 23 14:22:00 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 23 May 94 14:22:00 PDT Subject: SUE - the legal morass (fwd) Message-ID: <9405232121.AA24834@ralph.sybgate.sybase.com> Was the dinosaur encrypted? -j From peb at netcom.com Mon May 23 14:23:18 1994 From: peb at netcom.com (Paul E. Baclace) Date: Mon, 23 May 94 14:23:18 PDT Subject: Bruce Sterling's talk at CFP Message-ID: <199405232123.OAA05708@netcom.com> Let me guess...is Wired going to run Sterling's talk (or a variant thereof) to counter Baker's 6.5 lies about false myths about Clipper? I happy to see that he skewered the pedophile boogeyman, but... Sterling plays right into their hands when he goes on about terrorist governments, etc. The Clipper debate is about U.S. citizens and internal policy--not about how we shouldn't be worried about our government because it isn't as totalitarian as others. That's all besides the point because the cat is already out of the bag and there is nothing to stop it--the NSA can merely slow down the use (expansion) of encryption at the cost of lost profits to U.S. companies. Paul E. Baclace peb at netcom.com From hayden at krypton.mankato.msus.edu Mon May 23 14:49:31 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 23 May 94 14:49:31 PDT Subject: SUE - the legal morass (fwd) In-Reply-To: <9405232121.AA24834@ralph.sybgate.sybase.com> Message-ID: On Mon, 23 May 1994, Jamie Lawrence wrote: > Was the dinosaur encrypted? Yes, once decrypted, the dinosaur becomes Bob Hope. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From pjanke at maroon.tc.umn.edu Mon May 23 12:10:55 1994 From: pjanke at maroon.tc.umn.edu (pjanke at maroon.tc.umn.edu) Date: Mon, 23 May 1994 15:10:55 -0400 Subject: SUE - the legal morass Message-ID: <0012de0ff75a01157@maroon.tc.umn.edu> The Legal Battle for SUE the Tyrannosaurus rex __________________________________________________________________ Disclaimer: I'm not a lawyer and don't claim to have a full understanding of some of these legal issues, so what follows is my best try at assessing this twisted case. I welcome any corrections and contributions from others in unravelling things and getting at the truth. -Paul ------------------------------------------------------------------- ---Background Information--- On Aug. 12, 1990, the BHIGR(Sue Hendrickson) discovered SUE on deeded land owned by Maurice Williams. The Williams ranch is located within the boundaries of the Cheyenne River Sioux reservation. A sale of the fossil(while still in the ground) occurred between the Maurice Williams and the BHIGR for the amount of $5000. Williams is an enrolled member of the Cheyenne River Sioux Tribe. He had placed much of his land into trust status with the U. S. government Department of the Interior, Bureau of Indian Affairs. The legal effects of trust status are that 1) The landowner is exempt from paying federal taxes on the land for a specified period, and 2) The landowner cannot sell the land without the consent of the Dept. of the Interior. NOTE: Although this has no legal bearing on the case at this time, even under trust status Williams retained the mineral rights to his land. In other words, Williams could extract gold or allow oil drilling WITHOUT permission of the Dept. of Interior. Everyone agrees that SUE was found on land in "trust status". By September 1, 1990, SUE was at the BHIGR lab facility. Most of the fossil was still encased in rock matrix and the long tedious prep work began. The BHIGR immediately went public with their spectacular find. As word reached the Cheyenne River Sioux Tribe, they proceeded to pass a resolution(E-335-90CR) demanding the return of the T. rex skeleton and requesting the assistance of the Bureau of Indian Affairs. The U.S. Attorney at that time(not Schieffer) found no wrongdoing and took no action. >From the beginning, the BHIGR maintained that SUE was not for sale. In March, 1992, the BHIGR announced the establishment of the Black Hills Museum of Natural History in Hill City with SUE as the main attraction. In the two months following the Black Hills Museum of Natural History announcement, things began to hit the fan. Acting U.S. Attorney Kevin Schieffer had been recently appointed and said that his office was taking a look at the legal questions surrounding SUE, but would not to comment on the specifics of the investigation. Around the same time, Maurice Williams decides that he didn't sell SUE to the BHIGR after all. It is also revealed that a private fossil collector from Canada has suddenly offered Williams 1 million dollars for the skeleton if he can get SUE back. When asked what he thought the $5000 check from the BHIGR was for, Williams said he didn't know but "maybe it might have been for mitigation". --------------------------------------------------------------------- ---The Seizure--- On May 14, 1992, over 30 federal agents and national guardsmen arrive at the BHIGR and began the seizure of SUE. Pete Larson of the BHIGR was quoted as saying "I knew we were in trouble when acting U.S. Attorney Kevin Schieffer showed up for the raid wearing television makeup". One Hill City resident, when asked by a TV reporter what he thought of the raid, replied: "If this isn't a publicity stunt, I don't know what is. There could have been a gang in this town...with a ton of cocaine and human bodies hanging from the rafters...and they wouldn't have sent in 30 armed federal agents and the national guard..." Sue was hauled off to be deposited in a boiler room with no temperature or humidity controls at the South Dakota School of Mines, where she remains to this day, unavailable for scientific study, all because of Mr. Schieffer. So began the custody battle. The parties claiming SUE include: -The BHIGR, who maintain that they purchased SUE in the context of a legal business transaction with Maurice Williams. The $5000 they paid Williams for SUE was at that time the largest sum ever paid for any fossil in the ground. -Maurice Williams, who although seemingly content with the transaction initially, changed his tune when the magnitute of the discovery becomes apparent. He is quoted as saying that the $5000 check he cashed from the BHIGR was only for the "right to disturb his land", not to actually take possession of whatever was unearthed in the course of excavation. Perhaps the 1 million dollar offer affected his memory somehow? -The Cheyenne River Sioux Tribe, who assert that SUE belongs to the tribe because it was found on tribal land. This claim is disputed by tribe member Maurice Williams himself, who asserts that the land is his private property and not the tribe's. -The U.S. Gov't. Acting U.S. Attorney Kevin Schieffer, in the wake of his seizure of SUE, claims that the fossil is the property of the "United States, period". ------------------------------------------------------------------------ ---The grounds for seizure, as explained by Schieffer--- The raid and seizure was ordered by acting Attorney Schieffer and authorized by District Judge Richard Battey. Acting Attorney Schieffer said: "We have seized these fossils as evidence in a criminal investigation, it is against the law to remove fossils from federal land. The one most on-point as it relates to fossils is the federal Antiquities Act of 1906. Unless somebody convinces me that I've misread the law, it's not going to the tribe either. It's the property of the U.S. government and will be preserved for scientific and educational purposes pursuant to the Antiquities Act. The ultimate fate of these priceless scientific fossils will take some time to resolve with finality. But we should have the case wrapped up in less than 100 million years." In spite of his reference to a criminal investigation and his clear misunderstanding of the 1906 Antiquities Act, Shieffer seizes the fossils without filing any criminal charges. For the rest of his tenure in office as acting U.S. Attorney(which ended around January, 1993) he still did not file any criminal charges. Think about this folks, he not only seizes SUE and locks her up, but he seizes almost all the records, current invoices, business and legal correspondences of BHIGR, virtually decimating the business, WITHOUT EVER EVEN FILING A CRIMINAL CHARGE!!! When a bewildered media sought answers with senior FBI agent Charles Draper of Pierre, he responded that confiscation of property before charges are filed is not unusual, but that any further questions on the matter must be referred to Schieffer. ------------------------------------------------------------------------ The saga takes many strange turns in the following months. The Cheyenne River tribe and Maurice Williams were both dismayed by Schieffer's claim that the U.S. owns the fossil(although they supported Schieffer earlier). When it became apparent that Schieffer considers land held in trust to be federal land(i.e the land owner is irrelevant), the tribe and Williams became disillusioned with him. The tribe then offered Williams a deal if he will just sign over his rights of the fossil to the tribe, but Williams rejected the deal. The tribe then approached the BHIGR to try to work out a deal. Talks collapsed after a few days with both sides still claiming ownership of SUE. The tribe also claimed that the transaction between Williams and BHIGR was invalid because Williams did not purchase a $100 "business license" from the tribe. ----------------------------------------------------------------------- ---The Legal Morass--- 1) The Antiquities Act of 1906 Acting Attorney Schieffer cited the 1906 Antiquities Act as the legal basis for the seizure. We now know he was wrong. Even the government admits this now. The Antiquities Act pertains to Native American cultural artifacts, not fossils. The BHIGR have never been charged with violating the Antiquities Act. 2) Then what is the BHIGR currently charged with? This would be almost unbelieveable if it weren't true. Four officers of the BHIGR(Pete Larson, Neal Larson, Bob Farrar and Terry Wentz) currently face a 30something count indictment on a variety of charges but get this: NONE OF THESE CHARGES INVOLVE SUE WHATSOEVER !!!!!!! When asked why no charges were filed pursuant to SUE, new U.S. Attorney Karen Shreier would not comment. 3) The BHIGR has filed a suit to get SUE back. U.S. Judge Richard Battey (the same judge who authorized the initial seizure) ruled that SUE was real estate(yes, you read that right) and thus Williams needed permission from the Dept. of Interior before he could sell her. This was appealed and upheld and now is pending appeal to the Supreme Court. If SUE were considered private property and not "real" property, the transaction between Williams and BHIGR would be considered proper. (i.e. Williams can sell private property in spite of trust status, but not land itself). In other words, the BHIGR broke no laws with respect to SUE !!! Can you imagine the ramifications if fossils are considered "real estate". How many illegal "real estate" transactions are we going to retroactively prosecute based on this interpretation of the law? This might also explain in part why no charges involving SUE have been filed to date or are ever likely to be. Imagine how many museums worldwide have been involved in illegal "real estate" transactions because they have purchased a fossil. Not eager to open this can of worms, the U.S. Attorney might be steering clear of the SUE issue completely. ------------------------------------------------------------------------ ---The Current Status--- All parties listed above still maintain their claim to the fossil except for the federal government. It seems that the Feds tacitly admit Schieffer was in error in claiming it for the U.S., but they are also caught between two difficult choices: 1)Return SUE the the BHIGR and drop charges. This would cost the Feds lots of reputations and embarrassment after the department spent millions on the case. It would also fail to appease the Indian claims including both the tribe and Maurice Williams, and lead to more political heat from that direction. 2)Continue with the prosecution of BHIGR to show that they are guilty of _something_, even if they committed no crimes with regard to SUE. This seems to be the course they are following. It would allow them to save some face by demonstrating that even if Schieffer was wrong in his actions and interpretation of the law, the BHIGR still broke some laws on unrelated matters. But what happens if the are acquitted on all charges? What will they try next? Are they just digging a deeper hole and shoveling away good money after bad? If the Supreme Court were to hear this case, there is virtually no chance that they will uphold the classification of any fossil as "real estate". The original transaction between Maurice Williams and BHIGR would be ruled a valid transaction of private property, and SUE would return to the Black Hills Natural History Foundation Museum. The big problem with this scenario is that the Supreme Court picks and chooses what they will hear, and the chance of them hearing this any time soon is very small. Meanwhile the court date for the BHIGR officers on the unrelated criminal charges has been scheduled for October, 1994. In the words of Patrick Duffy, Attorney for BHIGR, "They are going to have a very difficult time pursuading 12 South Dakotans that my clients committed 39 serious crimes." -Paul ________________________________________________________________________ Sources: Timber Lake Topic, vol 81 #49, 5-7-1992. Will Hill City SUE become Cheyenne River SUE? by Jim Nelson. The Argus Leader, 5-15-1992. Feds Nab Dinosaur Fossils. (AP) Rapid City Journal, 5-16-1992. Sioux may drop complaint over fossil. by Bill Harlan and Hugh O'Gara. Rapid City Journal, 5-17-1992. T. rex's future still up in the air. by Bill Harlan. The New York Times, 5-19-1992. FBI Seizes Tyrannosaur in Fight Over Fossils on Tribe Land. The Huntsville Times, 5-18-1992. Dinosaur caught in custody battle. by Martin Burkey. Omaha World Herald, 5-20-1992 . Gigantic Fossil Sits at the Center of South Dakota Tug of War. (from the New York Times). USA Today, 5-20-1992. Tyrannosaurus Sue, In whose closet does this skeleton belong? by James Harney. Custer County Chronicle, 5-20-1992. Tyrannosaurus rex confiscated by FBI in Hill City. by Don Gerken. Lakota Times, 5-20-1992. Hill City and CRST work together to save "Sue". by Konnie LeMay. From grendel at netaxs.com Mon May 23 15:24:57 1994 From: grendel at netaxs.com (Michael Handler) Date: Mon, 23 May 94 15:24:57 PDT Subject: Skipjack backdoor? NOT! In-Reply-To: Message-ID: <199405231925.PAA14786@access.netaxs.com> > If they were that smart, they'd simply have made Skipjack weak enough to > easily break, and not cause all the outcry by suggesting escrows. The thing is, the rest of the law enforcement agencies and the government have wised up to how easily people can be monitored on the Internet and other computer networks. Now, these other agencies want the NSA's ability to monitor encrypted communications, but the NSA, in typical spook fashion, is understandably reluctant to let other agencies in on its deep dark secrets of cryptanalysis. So, they created the Clipper scheme, which is a compromise. [1] It has a key-escrow scheme, so those other agencies, who actually have to worry about little things like the validity of searches and the Constitutionality of their actions, can go through proper channels and legally obtain the plaintext of the messages. [2] My guess is that Skipjack is compromised in some way (not releasing the algorithm was *really* suspicious) or that the NSA can easily break 80-bit keys, so that the NSA can continue to have a leg up on all of the other agencies (ie they don't have to deal with the key escrow departments or other little trivial legal details). Considering how easily RSA-129 was broken, my guess is that 80-bit keys are a joke for the NSA. All IMAO, of course. -- Michael Brandt Handler Philadelphia, PA, USA PGP v2.3a public key via server / finger / mail "I am iron, I am steel, nobody can touch me when I'm on the wheel" -- Curve From lile at netcom.com Mon May 23 15:59:46 1994 From: lile at netcom.com (Lile Elam) Date: Mon, 23 May 94 15:59:46 PDT Subject: removed from list.... Message-ID: <199405232259.PAA29008@netcom.com> Hi folks, Looks like I have been removed from the list with out any notice. I could tell because I stopped receiving your mail. Guess I just wasn't punk enough. :) Or prehaps this list doesn't care for artist who are interested in encryption... Anyways, if you would like to reach me, you can send mail directly to me at lile at netcom.com. I will not be posting to cypherpunks after this message. be seeing you, -lile ps. My art is in a virtual art gallery called OTIS. http://sunsite.unc.edu/otis/otis.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From joshua at cae.retix.com Mon May 23 16:41:21 1994 From: joshua at cae.retix.com (joshua geller) Date: Mon, 23 May 94 16:41:21 PDT Subject: removed from list.... Message-ID: <199405232338.QAA03213@sleepy.retix.com> there was a mass unsubscribing, probably from nalbandian. so it is very likely that you did nothing whatever and that no one is pissed off at you. eric wouldn't unsubscribe you without telling you why it was happening and asking you to stop whatever it was that was causing to be frustrated. josh From unicorn at access.digex.net Mon May 23 19:01:18 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 23 May 94 19:01:18 PDT Subject: I sued tmp@netcom.com.... Message-ID: <199405240201.AA20714@access1.digex.net> I ask humbly that no one redistribute this post. I would prefer it to remain within the "family" of cypherpunks, and not filter out to the Usenet community or anyone else for that matter. In addition, please do not bait or harass tmp at netcom.com, who is under non-disclosure obligations and has been through quite a lot. As trust is key in our proto-community here, I have little reservation in revealing what is not restricted by non-disclosure agreements to you all. Please do not make me regret it. -uni- (Dark) In early May I incited a flame war of significant proportions in the newsgroups of alt.security.pgp, sci.crypt, and most of the crypto- politics groups on Usenet. I responded to a post by everyone's favorite net personality, tmp at netcom.com. Mr. tmp had written a scathing and somewhat damning review of the politics and goals of the "cryptoanarchists," a term lifted from Mr. May of this list. While usually Mr. tmp's rants are laughable, here he had formulated at least some cognitive ability and integrated it into a fairly well written message. As most of the regulars were probably taken to ignoring, or killing any writings by tmp, his postings would usually not be a concern. In the face of a new, kinder, gentler tmp at netcom.com however, I feared some of the newbies at impressionable stages might side with tmp and become rooted in the belief that crypto is a basically dangerous thing that should be "born classified." I'm sure each of us will recall a moment, or a period where such a fork in the road might have existed for us. In any event, I composed and posted, crosspostings intact, a rebuttal. I can't recall if I posted a copy here or not, but I suspect that I did. I think I even got some compliments for the posting from associates and friends of mine. Regardless, the result was an enraged tmp at netcom.com who began an increasingly deteriorating set of attacks which finally ended up in purely personal degradation with myself and the cypherpunks in general as the primary targets. tmp at netcom.com also felt free to adopt my own writings as form letters, changing the names where appropriate and misattributing them to himself. In all I posted 5 messages. Over 50 messages, about half of which were replies to his own postings, appeared from tmp at netcom.com. When I had just about forgotten the matter, I received a phone call from a business associate and former classmate of mine. He wanted to know if there was any truth to the rumor that I was a published anarchist of revolutionary proportions, set on toppling the government of the United States and eliminating the boarders of the world. Now, those of you who know me in any personal way will know that I travel in extremely conservative circles. For those of you who don't, I own businesses and to a lesser degree do some legal work in the states and abroad. I'm a Georgetown Law graduate and I hold a LL.M. and a M.A. in International Relations. Among other things, I own a manufacturer and distributor of highest end, handmade, wood furnishings based in the states, with the majority of business having a distinctly international character. (Shameless pitch) I am known for my business like character, a valuable asset needed to maintain some respect in that I am quite young for my position. In Europe, business associates and family of mine would look quite dimly at my views, mostly unable to see that I am in essence a moderate, even a slightly rightist moderate economically. Such a leftist reputation, deserved or not, would doubtless brush off on my family as well, with the accompanying negative impact. I would add that in my section of Europe, such reputational concerns are much amplified, especially in business relations. I post here and about Usenet with an assumed identity to guard against just such an event. This in itself makes quite an interesting case for anonymous remailers and identity firewalls on the net in general. After some questions, I traced the source of the rumor back through a state side friend of mine who, ironically, I had introduced to Usenet. Said friend had forwarded a few of the tmp at netcom.com postings to another mutual acquaintance, intending, innocently enough, such as a humorous diversion The rest of the story looks like that old shampoo commercial (and she told two friends, and they told two friends....), modernized with fax machines and e-mail. Clearly, some recipients farther down the line were not privy to the context of the posts, others assumed the sources to be the print media, by virtue of the type set one recipient printed in ("New Century School Block"), and thus thought them "accurate." Earlier, I asked for a public retraction an apology from tmp at netcom.com, and was predictably, laughed at. I explained to tmp at netcom.com that if he did not tender an apology and retraction, I would consider legal action. Laughter could be heard at the other end of the e-mail message I received in return, and tmp at netcom.com felt free to repost my e-mail, with some dramatic license, to his ever growing, self replied, Usenet thread. A client called from Switzerland and asked about the rumor this same day. Said client is a frequent legal client and the recipient of our lowest bid for the furnishing of the executive offices of a new world headquarters nearing completion, a rare order in this economy. I am not a person prone to law suits, this was, however, a bit much to stomach. I contacted some of my legal friends and co-workers and we did some research on the problem. (Interestingly enough the David Sternlight libel suit was suggested by Mr. Sandfort on this list right when I was concluding my research on the same topic for my own legal problem). In many ways the tmp posting seemed a classic libel/defamation suit, the only difference being the introduction of Usenet and e-mail to the formula. One of my attorneys suggested we treat the initial distribution as a mass mailing, and bring some caselaw on that line into the brief. Interestingly enough the parallels here are quite close. The Usenet distribution was made to several parties who "subscribed" to a public forum. This had the additional effect of making tmp at netcom.com's later postings (which were almost entirely personal attacks) appear out of place with the "forum's" topic and look very much like "reckless disregard for the truth," a standard which would have allowed significant punitive damages to be invoked. It also kept tmp out of the "member of the print media" category which would have put the burden of proof of the falsehood of tmp's statements on me. I spoke to a Federal Court of Appeals Judge who I have known for a number of years to try and poke some holes in the suit on substantive merits. As far as he was concerned, the suit was one that he would entertain in his court room "without reservation." We decided on a initial suit of damages in Federal Court and in the mid to high six figures. This allowed an amended complaint, if the Swiss deal fell through, in the low seven figures. Had this been the case I could not have even begun to accurately peg the damages as this client was often a significant "rain maker" for us. Needless to say, and as is the practice with all suits, no one expected we would be awarded the full amount in any event, or that tmp could afford to pay for it. I contacted netcom.com to see how they might respond to the suit, and to ask about the need for a preliminary injunction to prevent data in and about tmp's account from being destroyed inadvertently or intentionally. Netcom.com was initially not very cooperative. They suggested I sort the problem out with tmp, and that it was not their issue. This was until my attorney called Mr. Bruce Woodcock at Netcom support services. Mr. Woodcock was VERY cooperative. He was very interested in avoiding liability and was perhaps the best card we had in the suit. While I cannot go into detail as to the specific support he provided, I think it is safe to say AS A GENERAL MATTER that while most internet providers will be very strict about privacy for their account holders, the appearance of legal proceedings and potential court orders make a provider very interested in not being named as a co-defendant. (Note 1) I must thank Mr. Woodcock and commend him on his excellent balance of client privacy and respect for the judicial system. Our request for the seizure of materials potentially discoverable under Federal Rule 26 of Civil Procedure was (at our request) carbon copied to tmp at netcom.com. The next day I received a mail bomb with the phrase "I do not appreciate your threatened lawsuit!" copied ten thousand (10,000) times, and forged through a telnet (STMP?) port (25?). Some hours later I received a rather more subdued letter from tmp at netcom.com suggesting that from his (unknown) legal perspective I had little grounds for a case and that he was sure EFF would be interested in defending him. On the advice of counsel, I did not reply to the letter. I did however begin to notice the following disclaimers on tmp's messages: DISCLAIMER: the above statement in no way implies that the pseudonymous entity Black Unicorn, unicorn at access.digex.net, is a cryptoanarchist. Furthermore this message does not reflect any views of L.Detweiler. sincerely, tmp at netcom.com The next day I received an even more subdued letter, highlighting tmp's lack of resources for a legal defense, and sounding even a little like an apology. Against the advice of counsel, I decided to answer this one, and suggested that we talk over the phone about settling. I agreed that whatever happened, I would not reveal his identity, a small concession in my view. I settled with tmp at netcom.com for terms which I will not disclose. I will say that it was worth my while. In a way I'm sorry the case didn't go to the courts. While it probably would not have been a precedent setting one, because it doesn't seem tmp at netcom.com could have appealed a ruling and gotten it into the record books as an appeals case with some precedent, it would have been interesting to see what sort of liability Usenet might present. In a way I felt guilty. Usenet and the net in general is such a break from the normal rules and fears of liability it seemed a shame in a way to introduce the ugly head of jurisdiction and subservience to the legal system to cyberspace. I also don't like to be a bully. In another way it seemed like a no-lose situation. If I won a suit, I would be vindicated (as petty as that is), and there would be some clue as to how far one could go on Usenet and in cyberspace in general. If I lost, I would be just as pleased that the line had been drawn and the results of basic immunity to defamation and libel would have been quite a social experiment, a result still quite worth the expenditure for me. In addition, I was very interested in discovering how a court, the ultimate throwback to the real world, would impose (or refuse to impose) traditional legal theory on Usenet and electronic mailing lists in general. As a legal scholar, it was a problem that presented a wonderful chance to see the law evolve literally right before my eyes. In retrospect, I'm not sure I would have been so pleased if the Swiss deal had been compromised in the process. Note 1: It seems to me that the entire event highlights the potential demand for anonymous utilities on both sides. tmp would have been much better off for his ability to use remailers, and I would have been much better off had I guarded my pseudonym more effectively. The interesting solution would be a multi-jurisdictional remailer making records non- reconstructable, and guarding the operator from jurisdiction and liability. tmp's greatest weak spot was Netcom's potential liability. I would have been hard pressed to sue had Netcom not been so easily included as a defendant. Netcom's cooperation (which was not at all "voluntary" I must add, but rather based on significant perceived, potential liability) made expensive depositions and numerous interrogatories throughout the discovery game unnecessary, and probably would have been much more difficult if Netcom had insisted on pursuing a hearing in court on each request and fought tooth and nail as (I assume) Julf might have. This applies even under the revised Federal Rules of Civil Procedure which recently went in effect and are in part designed to reduce the adversarial nature of discovery. Should the rules continue to evolve away from the adversarial direction, forcing defendants and plaintiffs to reveal more for less, anonymous utilities will become more and more valuable. Anonymous utilities with multi- jurisdictional components are CRUCIAL in this litigious, sue happy country. (Call me part of the problem if you like.) I would have been SOL had tmp decided to post through an overseas remailer, or one which, regardless of jurisdiction, had a means to avoid civil liability. In any event this raises another matter. How then are remailers to be supervised? My personal feeling is that Julf, or any remailer operator, would have blocked tmp's use of a remailer far before Netcom would have. (Note that Netcom STILL has not revoked tmp's account, I guess they are just asking for trouble?) In as much as remailers are operated by those who have some degree of respect for Usenet and cyberspace in general, the kind of self patrolling that goes on seems to me as effective, provided there isn't an imposition by the operator of the morality legislation that remailers are often used to circumvent (pornography, etc.) In my view the traffic level alone of tmp's Usenet posts is more offensive than any pornography, tax avoidance, political activism, or free marketing that goes on through remailers. It should be this, along with harassment or obvious forum abuse that should dictate the line at which a remailer operator blocks access. In the current system, as displayed by Netcom's policy, it is quite the opposite that is affected. Potential legal liability (which is based on the whims of the empowered jurisdiction) is the only effective bar against misconduct. The implications of a nationalized internet are quite unnerving in this context. In a way Netcom is a victim here. They are at the mercy of the U.S. legal system despite what is or is not morally acceptable in cyberspace. In a way they have dug their own hole. Their restrictions, and motivations are based on profit, not on ethics. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jis at mit.edu Mon May 23 21:23:46 1994 From: jis at mit.edu (Jeffrey I. Schiller) Date: Mon, 23 May 94 21:23:46 PDT Subject: MIT has released PGP 2.6 Message-ID: <9405240423.AA20999@big-screw> -----BEGIN PGP SIGNED MESSAGE----- MIT is pleased to announce the release of PGP 2.6, a free public-key encryption program for non-commercial use. PGP 2.6 provides for digital signatures and confidentiality of files and messages. PGP 2.6 is distributed in source form for all platforms. For convenience, an MSDOS executable is also part of this release. Because source is available, anyone may examine it to verify the program's integrity. PGP 2.6 uses the RSAREF(TM) Cryptographic Toolkit, supplied by RSA Data Security, Inc. PGP 2.6 is being released by MIT with the cooperation of RSADSI. In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 is designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions. Because earlier versions of PGP (including MIT's Beta test PGP 2.5 release) will not be able to read messages created by PGP 2.6 after September 1, 1994, MIT strongly urges all PGP users to upgrade to the new format. The intent of the format change is to discourage continued use of earlier infringing software in the U.S., and to give people adequate time to upgrade. As part of the release process, MIT commissioned an independent legal review of the intellectual property issues surrounding earlier releases of PGP and PGP keyservers. This review determined that use of PGP 2.3 within the United States infringes a patent licensed by MIT to RSADSI, and that keyservers that primarily accept 2.3 keys are mostly likely contributing to this infringement. For that reason, MIT encourages all non-commercial PGP users in the U.S. to upgrade to PGP 2.6, and all keyserver operators to no longer accept keys that are identified as being produced by PGP 2.3. How to get PGP 2.6 from MIT: PGP 2.6 is available from MIT only over the Internet. Use anonymous FTP to login to net-dist.mit.edu. Login as anonymous. Look in the directory /pub/PGP. In this directory, available to everyone, is a README file a copy of the RSAREF license and a copy of a software license from MIT. Please read the README file and these licenses carefully. Take particular note of the provisions about export control. THe README file contains more detailed instructions on how to get PGP 2.6. Also in /pub/PGP is a copy of the PGP Manual (files pgpdoc1.txt and pgpdoc2.txt) and the file pgformat.doc that describes the PGP message, signature and key formats, including the modifications for PGP 2.6. These are being made available without the distribution restrictions that pertain to the PGP source and executable code. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAgUBLeGAOlUFZvpNDE7hAQG4yQH+PbABiBvnFQU0u084Ed9whx988IaUNpIp Sl4Ab950SChJbewZNvcpQ/yEMjF2wi6PhUx4k3VySUvKmaC6W7rhNQ== =+qTj -----END PGP SIGNATURE----- From hayden at krypton.mankato.msus.edu Mon May 23 21:30:05 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 23 May 94 21:30:05 PDT Subject: MIT has released PGP 2.6 In-Reply-To: <9405240423.AA20999@big-screw> Message-ID: How long do you think it will take before someone releases 2.7 that fixes many of the 'shortcomings' and 'bugs' in 2.6? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From catalyst-remailer at netcom.com Mon May 23 21:40:23 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Mon, 23 May 94 21:40:23 PDT Subject: Siferpuks. A morsel, tossed. Grab grab. Message-ID: <199405240440.VAA04452@mail.netcom.com> Blacknet? Unicorn said knot. Two-horns untied it. Whitenet! Ask two-h's Eric. Mister Magic, I ca da septendecim. Of a locust, a million born. Fly white butterfly. Release it, eh. From johnkc at well.sf.ca.us Mon May 23 22:06:04 1994 From: johnkc at well.sf.ca.us (John K Clark) Date: Mon, 23 May 94 22:06:04 PDT Subject: Shore on Quantum Computers Message-ID: <199405240505.WAA25147@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- I found this in sci.crypt, its by Peter Shore, the mathematician who caused the resent excitement by finding a way to program a quantum computer to factor numbers AND find discrete logarithms in polynomial time. I realize nobody has even made a quantum logic element yet, much less a working computer but the implications are breathtaking. John K Clark johnkc at well.sf.ca.us - ----------------------------------------------------------------------------- Sun, 22 May 1994 11:24:13 sci.crypt Thread 20 of 102 Lines 32 Re: New Factoring Method via Chaos? Respno 18 of 19 shor at alice.att.com Peter Shor at AT&T Bell Laboratories, Murray Hill NJ >In article , >a_rubin at dsg4.dse.beckman.co m (Arthur Rubin) writes: > In ><2rgh3l$rie at news.delphi.com> edfromnj at news.delphi.com >(EDFROMNJ at DELPHI.COM) writes: > > >This week's science news has >a good general article on quantum computing. > > ... > > >My >question is - could a quantum computer be simulated in software? >> > No. > I should try clearing up some of the misconceptions that are multiplying on sci.crypt on quantum computers. So far, the only things quantum computers are known to do in polynomial time that cannot be done on regular computers are a few contrived-looking problems, factoring, and discrete logarithms. In the original mention of quantum computers, Feynman suggested they be used for simulating quantum mechanics, and this is probably another case they do better than regular computers. Quantum computers can be simulated by ordinary computers, but doing so (as far as we know) entails an exponential factor in increased computation time, so factoring via simulating a quantum computer will be much slower than trial division (and you probably thought that was the slowest algorithm possible for factoring (-: ). Quantum computing can be accomplished by the action of Schrodinger's equation on a (somewhat complicated) Hamiltonian, where the number of bits of precision for needed for the Hamiltonian is at most logarithmic in the length of the computation, so it's not cheating by using exponentially many bits. Peter Shor -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCzAgUBLeGJt303wfSpid95AQH/qwTwhMh2NcIygoNE/GEHKxJZCoDWBX77lZR0 YsQt+gypIehDDOkIUgYbR0x4QDE5lcbSaErT3HJlCYPj0zgi6oPfBFzUjJh7Nndp jUvzr6CcDeJ4d1EknFEiVeeB2kaDZtONpx61l5EIMldJ/pL54B/Gfg5blG2Lzz/g vwhOVH8Vw8NjKpyjbyGZlJInRmYfNrWOD4tEm3oYr4VKGGEiThg= =8Nbd -----END PGP SIGNATURE----- From adam at bwh.harvard.edu Mon May 23 22:09:28 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 23 May 94 22:09:28 PDT Subject: MIT has released PGP 2.6 In-Reply-To: <9405240423.AA20999@big-screw> Message-ID: <199405240444.AAA04729@duke.bwh.harvard.edu> You wrote: The file net-dist.mit.edu:/pub/PGP/mitlicen.txt contains the following: >2. Software included in this compilation includes a feature that >causes the format of messages generated by it to change on September >1, 1994. Modification to this software to disable this feature is not >authorized and will make this license, and the license in the >underlying software, null and void. Thus is seems that all freedom loving individuals will be forced to use version 2.5, which came with no such bone-headed restrictions. Too bad the RSA license included in 2.5 was specifically perpetual. There was also no limitation that I saw on redistributing 2.5, except in regards to possible ITAR violations. Adam -- Adam Shostack adam at bwh.harvard.edu "If you love wealth better than liberty, the tranquility of servitude better than the animating contest of freedom, go home from us in peace. We ask not your counsels or arms. Crouch down and lick the hands which feed you. May your chains set lightly upon you, and may posterity forget that ye were our countrymen." -- Samuel Adams, 1776 From cfrye at mason1.gmu.edu Mon May 23 22:38:38 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Mon, 23 May 94 22:38:38 PDT Subject: Response to Uni's "Lawsuit" Message Message-ID: <9405240538.AA21324@mason1.gmu.edu> First off, many thanks to Uni for deciding to share his venture into the legal ramifications of Usenet. It's a shame things had to be taken to this extreme, though his reasoning (edited to conserve bandwidth) is flawless and the potential harm quite grave. I address this issue from my George Mason University account as it presents my personal opinions on the subject and does not necessarily reflect the views of Digital Gateway Systems, Inc., a DC-area Internet access provider where I am Director of Sales and Marketing. However, Uni's comments on Netcom's role in the matter are, to say the least, thought-provoking for someone in my position. I have deleted quite a bit of the background and history, though I believe the context of all relevant points has been preserved. Should I make an error in that sense, or misrepresent one of Uni's positions, I hope to be corrected quickly. <--uni's words begin--> I contacted netcom.com to see how they might respond to the suit, and to ask about the need for a preliminary injunction to prevent data in and about tmp's account from being destroyed inadvertently or intentionally. Netcom.com was initially not very cooperative. They suggested I sort the problem out with tmp, and that it was not their issue. This was until my attorney called Mr. Bruce Woodcock at Netcom support services. Mr. Woodcock was VERY cooperative. He was very interested in avoiding liability and was perhaps the best card we had in the suit. While I cannot go into detail as to the specific support he provided, I think it is safe to say AS A GENERAL MATTER that while most internet providers will be very strict about privacy for their account holders, the appearance of legal proceedings and potential court orders make a provider very interested in not being named as a co-defendant. (Note 1) I must thank Mr. Woodcock and commend him on his excellent balance of client privacy and respect for the judicial system. <--uni's words end--> I would imagine that the folks who received the initial communication were not in a position to realize the potential damage that being named on such a suit could cause even if a court chose not to impose monetary liabilities. I live in fear of that sort of occurrence and, while cooperation with lawyers and striking an "excellent balance of client privacy and respect for the judicial system" can be turned into your favor, the risk of someone not being of a mind to settle with the defendant and also willing to drag as many people/organizations down with the defendant as possible is daunting. A question I don't ever expect to have answered, as it involves both a hypothetical situation and is, by its nature, unfair: What if you had lost the Swiss furniture deal? You admitted that you would not have been as sanguine about the affair -- would the rage have led you to forego contacting Netcom and name them as a co-defendant? Even had you later dropped them from the suit, substantial damage would have been done. Also, that action might have caused them to entrench and force you to go through discovery, a long and trying process. Not to mention the expense... One way I had foreseen providing (relatively) anonymous Internet access for my Cypherpunk comrades was to establish an account with no personal information in the system log, post a cash or money order payment to DGS's bank account, and retain an account name-indexed list where I could email individuals whose accounts were due to expire. The problems with this scheme? Keeping track of who was who and making sure no one grabbed someone else's userid (zero knowledge proofs, anyone???) is one, legal liability for providing such a service is another. I need to research the applicable regulations which state how much customer information we are required to maintain, if any. Anyone out there familiar with the laws of the Commonwealth of Virginia on this point? The weak link in the system? Me. Numerous points of failure and susceptible to lawsuits and other legal/non-legal forms of "rubber hose de- anonymization". <--uni's words begin--> In a way I'm sorry the case didn't go to the courts. While it probably would not have been a precedent setting one, because it doesn't seem tmp at netcom.com could have appealed a ruling and gotten it into the record books as an appeals case with some precedent, it would have been interesting to see what sort of liability Usenet might present. In a way I felt guilty. Usenet and the net in general is such a break from the normal rules and fears of liability it seemed a shame in a way to introduce the ugly head of jurisdiction and subservience to the legal system to cyberspace. <--uni's words end--> Agreed, though your willingness to settle mitigates the "sin" of the original action, IMHO. I fear that future suits, when they inevitably occur, will be based on a much less extravagant disregard for the truth, possibly setting the threshold for libel/slander on the Usenet at intolerably low levels. As you mention later, the possibility of government-controlled nationwide information networks would be a frightening proposition if the government were to choose a test case, get the best lawyers they could afford (!!??) and take a chance with twelve "peers" sitting on a pine bench for $5 per day. <--uni's words begin--> I also don't like to be a bully. In another way it seemed like a no-lose situation. If I won a suit, I would be vindicated (as petty as that is), and there would be some clue as to how far one could go on Usenet and in cyberspace in general. If I lost, I would be just as pleased that the line had been drawn and the results of basic immunity to defamation and libel would have been quite a social experiment, a result still quite worth the expenditure for me. In addition, I was very interested in discovering how a court, the ultimate throwback to the real world, would impose (or refuse to impose) traditional legal theory on Usenet and electronic mailing lists in general. As a legal scholar, it was a problem that presented a wonderful chance to see the law evolve literally right before my eyes. In retrospect, I'm not sure I would have been so pleased if the Swiss deal had been compromised in the process. <--uni's words end--> As I do not share your frame of reference, it's hard for me to make a judgment on these points. Moving from the theoretical to the practical, seeing the law made before your eyes is an unnerving experience that, as a non-lawyer, I find a bit difficult to view with the detachment you seem to show in this passage. (I'm sure you're concerned as well, it's just that this paragraph, read out of context, is a bit dispassionate.) Also see my points about thresholds of abuse above. <--uni's words begin--> Note 1: It seems to me that the entire event highlights the potential demand for anonymous utilities on both sides. tmp would have been much better off for his ability to use remailers, and I would have been much better off had I guarded my pseudonym more effectively. The interesting solution would be a multi-jurisdictional remailer making records non- reconstructable, and guarding the operator from jurisdiction and liability. tmp's greatest weak spot was Netcom's potential liability. I would have been hard pressed to sue had Netcom not been so easily included as a defendant. Netcom's cooperation (which was not at all "voluntary" I must add, but rather based on significant perceived, potential liability) made expensive depositions and numerous interrogatories throughout the discovery game unnecessary, and probably would have been much more difficult if Netcom had insisted on pursuing a hearing in court on each request and fought tooth and nail as (I assume) Julf might have. <--uni's words end--> What exactly is Netcom's liability in this case? If a service provider is treated as a phone company, abuse of the service could be grounds for discontinuing the service. As Netcom did not discontinue tmp's service (see below), perhaps there is room for suit there. Should, however, an access provider be treated as analogous to a direct mail firm, the responsibility is much more obvious. As various Internet services perform different functions (Usenet is like mass mailing, email is like phone service, IRC is like public conversation etc.), the range of liabilities is staggering. What protection should Netcom, and other access providers, have against the abuses of their subscribers? Damn if I know, but it's an important question to stay awake at night worrying about... <--uni's words begin--> In any event this raises another matter. How then are remailers to be supervised? My personal feeling is that Julf, or any remailer operator, would have blocked tmp's use of a remailer far before Netcom would have. (Note that Netcom STILL has not revoked tmp's account, I guess they are just asking for trouble?) <--uni's words end--> As Julf provides his service as a favor to the Internet community and appears not to be driven by any profit motive (he hasn't solicited a contribution from me, though I haven't used my penet.fi account in a few years), he can allow his "cultural expectations" of the Internet/Usenet community to temper his judgments. As for Netcom, they are taking a foolish risk by allowing tmp to remain as a subscriber. I can say with 99% probability that any DGS user exhibiting behavior similar to tmp's would have been bounced and their money cheerfully refunded. And I'd hope the door would hit him on the ass on the way out... <--uni's words begin--> In as much as remailers are operated by those who have some degree of respect for Usenet and cyberspace in general, the kind of self patrolling that goes on seems to me as effective, provided there isn't an imposition by the operator of the morality legislation that remailers are often used to circumvent (pornography, etc.) In my view the traffic level alone of tmp's Usenet posts is more offensive than any pornography, tax avoidance, political activism, or free marketing that goes on through remailers. It should be this, along with harassment or obvious forum abuse that should dictate the line at which a remailer operator blocks access. In the current system, as displayed by Netcom's policy, it is quite the opposite that is affected. Potential legal liability (which is based on the whims of the empowered jurisdiction) is the only effective bar against misconduct. The implications of a nationalized internet are quite unnerving in this context. <--uni's words end--> See above, and amen. <--uni's words begin--> In a way Netcom is a victim here. They are at the mercy of the U.S. legal system despite what is or is not morally acceptable in cyberspace. In a way they have dug their own hole. Their restrictions, and motivations are based on profit, not on ethics. <--uni's words end--> Very much in line with your earlier thoughts on the potential (non-) application of traditional libel/slander law to the Net -- would the Courts allow cyberspace to be that much more rough-and-tumble, with higher standards of abuse required for successful suits? The proof is left as an exercise for the original poster :-). As for profit motive (and please take this as a VERY GENTLE rebuke), you admitted that your disposition may have been different if the Swiss deal had fallen through. My company is also motivated by profit -- my job is to write the ads and market the groups that will bring in more and more money. I would agree that Netcom, by valuing tmp's $20 per month over the potential harm to the Net community, has taken that view to a bit of an extreme. I would hope that my company would draw the line closer to... well, closer to what I subjectively feel is a reasonable place to draw some sort of distinction on a case-by-case basis. ***Conclusion*** So many issues out here on the bleeding edge...so much to stay up on, let alone get ahead. I'd like to thank Uni for trusting us enough to share many of the details of his suit and hope he continues his valuable contributions to Cypherpunks and net.culture in general. -- Curtis Frye, speaking for himself and trying to put it all together... From catalyst-remailer at netcom.com Mon May 23 22:42:30 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Mon, 23 May 94 22:42:30 PDT Subject: Siferpuks. A morsel, tossed. Grab grab. Message-ID: <199405240542.WAA11094@mail.netcom.com> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBPAi3hAFAAAAECAM4UylMZlbmZEb0tECk9iAW3VeCylA0cIlIJUQMnxbdM+uEi 6qtFwzMnVxUsLVBKuYgN53bFksEhapSMcCZkEY0AEQEAAbQKTWFjUEdQIEtleYkA VQIFEC3hBLZqlIxwJmQRjQEBvtsB/R4pqgRg4rmJU0BGCPNVkbIBy5J9sGK+xq0p OsA2OYWpQJzj+MykIamQYKDPtYD73omUxNyG0tB/psqlt2JYHhg= =3Hnl -----END PGP PUBLIC KEY BLOCK----- From Richard.Johnson at Colorado.EDU Mon May 23 23:54:31 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Mon, 23 May 94 23:54:31 PDT Subject: MIT has released PGP 2.6 In-Reply-To: Message-ID: <199405240654.AAA11896@spot.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- What will we have to do to get MIT-PGP 2.6 via anonymous ftp from net-dist.mit.edu? Like with MIT-PGP 2.5, telnet to net-dist.mit.edu, and answer questions. This time there are 4. The first three questions help MIT protect itself from possible legal problems related to their distributing PGP - they cover their rear ends with regard to ITAR regs (questions 1 and 2) and patent infringement (question 3). First, we must assure net-dist that we're not trying to export MIT-PGP 2.6. Second, we must promise not to export MIT-PGP 2.6. Third, we must agree to the terms and conditions in the RSAREF license. Finally, we must agree that we won't use MIT-PGP 2.6 for commercial purposes. A "yes" answer to that last question is the only thing specifically required by the RSAREF license. Note well that we aren't required to obey strictures in some kind of "README" file. Remember this for when someone tries to muddy the waters with baseless obfuscatory claims about what we agreed to in some auxiliary file, and how that auxiliary file somehow overrules the license terms. :-) I find the RSAREF license quite reasonable, as I did their previous version. I have not yet seen the MIT license. I don't know about the source, because I haven't grabbed it yet. Richard - --------- Here are the details: boojum(101) % telnet net-dist.mit.edu ULTRIX V4.2A (Rev. 47) (bitsy) login: getpgp Warning: no Kerberos tickets obtained. Athena Server (DSMAXINE) Version 7.4G Mon Jul 27 10:22:03 1992 Unable to open /usr/tmp/attachtab: No such file or directory This distribution of PGP 2.6 incorporates the RSAREF(tm) Cryptographic Toolkit under license from RSA Data Security, Inc. A copy of that license is in the file /pub/PGP/rsalicen.txt available via anonymous FTP from net-dist.mit.edu (note: login as anonymous *not* getpgp). In accordance with the terms of that license, PGP 2.6 may be used for non-commercial purposes only. PGP 2.6 and RSAREF may be subject to the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls. Users who wish to obtain a copy of PGP 2.6 are require to answer the following questions: Are you a citizen or national of the United States or a person who has been lawfully admitted for permanent residence in the United States under the Immigration and Naturalization Act? XXXXX Do you agree not to export PGP 2.6, or RSAREF to the extent incorporated therein, in violation of the export control laws of the United States of America as implemented by the United States Department of State Office of Defense Trade Controls? XXXXX Do you agree to the terms and conditions of the RSAREF license (in /pub/PGP/rsalicen.txt)? XXXXX Will you use PGP 2.6 solely for non-commercial purposes? XXXXX To get PGP 2.6 use anonymous FTP to net-dist.mit.edu and look in the directory: /pub/PGP/dist/U.S.-only-XXXXX Note: Use anonymous FTP, do not attempt to login to on the "getpgp" account. Holding for 60 seconds ^C to quit sooner. telnet> quit -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLeGyAPobez3wRbTBAQHvqwQApqr3yozjVheZxLE7VI8hrPp7eTylUWT1 qh6wtlqVjrsJWnYh+LwOzCEL+o6ZZzuXaKwnoaVZO2C6sf9666ZETSMnCRiCvIBv 0mhgbyc96DCLJVkv1O7gAOmzq3B+bNauXQndjdTr58lRZgoTd7A8FfK0m3xP7y8P 1WYXytLPomI= =ls3s -----END PGP SIGNATURE----- From catalyst-remailer at netcom.com Tue May 24 02:11:26 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Tue, 24 May 94 02:11:26 PDT Subject: Fix for pgp23a to make it 2.6 compatible Message-ID: <199405240911.CAA02919@mail2.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- I found a bug in pgp 2.3a : it's incompatible with pgp 2.6 messages made after September first. Here's the fix, in both uuencode and pgp armored format. Uudecode or pgp-extract this, and you will get a file called fixpgp.com. Go into the directory where your pgp 2.3a DOS executable is (pgp.exe) and run fixpgp. It should print "Done". That's it! 2.3a is now fully compatible with 2.6. If it prints "File error" pgp.exe is either not present or not writable. Fixpgp must be run with pgp.exe in the current directory. Do not run on anything but a virgin copy of the pgp23a for dos distribution. If you compiled it yourself, modify the source as described below. Pr0duct Cypher section 1 of uuencode 4.13 of file FIXPGP.COM begin 644 FIXPGP.COM MN`(]NCL!S2%R*(O8N`!"N0``NH?"S2%R&;1`N0$`NE,!S2%R#;0^S2&T";I.W G` Message-ID: <9405241029.AA29454@elvis.tamu.edu> -----BEGIN PGP SIGNED MESSAGE----- I wonder if tmp at netcom.com would have used a "temporary insanity" plea. :-) Sorry, I couldn't resist that.... - -- Allan Bailey, allan at elvis.tamu.edu | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu Esperanto: MondLingvo, lingvo internacia. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeHW7k19fA0AcDy9AQGKQwP/ScEweMVBGlhmeQZ71zj3uepq7cSLpnlF 9Zm9aFJWpXBW3h0kE4A3XzJkSVJIVjYClvz5ukN8Px9QSwemK5MEJRumInYeSsOg tpGHDt3NCPjg0sDTgnlJJlYf8Wfo/0bdYZF3p5+iplWTSQn/5Icaq2GA9WFlomcf J+33KscFMKE= =LEBr -----END PGP SIGNATURE----- From whitaker at dpair.csd.sgi.com Tue May 24 05:59:29 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 24 May 94 05:59:29 PDT Subject: (Fwd) The Guardian OnLine Message-ID: <9405240556.ZM13697@dpair.csd.sgi.com> Forwarded from Ian Geldard, with his permission. Note that the address is "online at guardian.co.uk"; misspelling of guardian, below. The Guardian (still known to most Brits as "the Manchester Guardian") is a national daily broadsheet newspaper. -Russell --- Forwarded mail from igeldard at capital.demon.co.uk To: russw at netcom.com Russell, Thought you might like to know, if you don't already know, that the Guardian has started to produce a new weekly supplement called The Guardian OnLine, which is "exclusively devoted to the startling developments in computing, science and technology." The first edition (Thursday May 19) had a lot about the Internet and the recent crackdown on the Fidonet system by Italian police. Might be worth sending them items about cypherpunks etc. email: online at guradian.co.uk snail: OnLine, The Guardian, 119 Farringdon Road, London EC1R 3ER TTFN - Ian -- +-----------------------------------------------------+ | Ian Geldard | FidoNet 2:254/151 CIS 70734,426 | | London U.K. | Internet igeldard at capital.demon.co.uk | +-----------------------------------------------------+ --- End of forwarded mail from igeldard at capital.demon.co.uk -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From sinclai at ecf.toronto.edu Tue May 24 06:14:04 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Tue, 24 May 94 06:14:04 PDT Subject: MIT has released PGP 2.6 In-Reply-To: <199405240654.AAA11896@spot.Colorado.EDU> Message-ID: <94May24.091352edt.13433@cannon.ecf.toronto.edu> > Are you a citizen or national of the United States or a person who > has been lawfully admitted for permanent residence in the United > States under the Immigration and Naturalization Act? > > XXXXX What happened to Canada? I got a legal copy of RSAREF from rsa.com. From crame001 at hio.tem.nhl.nl Tue May 24 06:44:00 1994 From: crame001 at hio.tem.nhl.nl (ER CRAMER) Date: Tue, 24 May 94 06:44:00 PDT Subject: Testing compatibility 2.6 v. 2.3a Message-ID: <9405241438.AA00955@hio.tem.nhl.nl> Please could someone change the date of his computer after 1 september 1994 and send a PGP-ed message to me so I can test the compatibily of 2.6 (I also implemented the patch send to this server in 2.3a so I can check that too...). My public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3c mQCNAiv3vSkAAAEEAMGWtCrT8eIhK0qR0yqYepYCcRdjw+EhiIzP4XkHlwkR9iVt 4xnTGHKuuCnGJG0ftez4hEZsTpdrz8mQ0SnYy0KLQ6DUvKH9IMgl6S9yJiYAgtC2 4TN15+t/9ZJjlVMgwtRY5tPLgrZ7h6Jw/rZIj+Wwj78yjcdguYDAdPKe9hHLAAUR tCZFZWxjbyBDcmFtZXIgPGNyYW1lMDAxQGhpby50ZW0ubmhsLm5sPokAlQIFEC20 ++aAwHTynvYRywEBJ/UD+QEah9xIn/Vt3GbJYA3b6i/vXnEhG/z6qrqaJ8fubFin Ia2JMT4AceNEtz+6j7lIz/iJbj9CPIOASnSIQ/hmrERlWcsgWR7U29QnQjunZ6BE S64pONVmEA207lDwgAzUJ4+h+urYTIfz4qW/jHcs6nTfwe5qhfbDM1b6yTe301A/ iQCVAgUQK/qELegWAlGwR3dDAQEd/AQA1iny6lLuQFxVg6yvJ6xjnjSmOpHkz2Un ZTfbnXHtDBLA0CDFT8A4nfW/hLT1j7dx6yD5+lUPkMX1GTttlOMp819VyK8Wm8lv HnkFbehTTmmlY2BxBqWC7EUml39BqQEWbxqlt6M/btScsMVlQJyiluEW1cacYt68 DPpqScQWzz0= =cAIH -----END PGP PUBLIC KEY BLOCK----- ... If you outlaw Privacy, only the Outlaws will have Privacy! Eelco Cramer ------ -------------------------------------------------- From rishab at dxm.ernet.in Tue May 24 06:46:45 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 24 May 94 06:46:45 PDT Subject: Anonymous libel and Unicorn's lawsuit Message-ID: The two basic reasons for anonymity, as I see it, are: 1. freedom of expression 2. freedom from analysis, i.e. context-based 'profiling' by companies or governments, based on your non-anonymous posts. In an ideal world one would have the freedom to express without any risk of damage, whether it be economic, material or social. Ideally, I should be able to publicly discuss my views, on anarchy or religion or sadism or whatever, without risking social censure. In an ideally tolerant society, the need for anonymity would then be reduced to (2), freedom from analysis. Unfortunately our society is far from ideal. Though Unicorn could freely post on the relatively more tolerant Net, he still faces intolerance in the 'real' world. For all we may talk about reputation systems, multiple identities and so on, the seven-digit possible loss Unicorn talks about is _real_, in a way cyberspace just isn't, yet. Suppose tmp _had_ posted through chains of remailers? The damage would have been just as real; the remedy would have been far less. Would, and should, remailer operators facing such a situation 'open up'? Uni says Julf would disable tmp though Netcom didn't, Julf understands netiquette. Maybe, but it's not that easy to disable an account through a chain of cypherpunk-style remailers. I remember when we discussed the Usenet libel case in Australia, someone (Tim?) said that anonymous posts, and libellious posts in general, should not be taken that seriously. Uni's business associates are not likely to be so familiar with net culture, and would not understand the anonymous part of it, just the slight (from their perspective) on Uni's character. Of course, Uni should have posted everything through a chain of remailers himself, if he was concerned about his views leaking out of the Net. Does that mean he'd never be able to attend cypherpunk meetings, or have truename contact with anyone, lest he be identified with his anonymously held opinions? If tmp, or anyone else for that matter, were to suspect that Uni was behind specific anon posts, he'd just make that accusation anonymously, in 100 news groups. Libel doesn't have to be proven to be damaging. What I find amusing is that Detweiler was the one who started going nuts while making paranoid warnings about the dangers of anonymity, such as in libel. He seems bent on proving his predictions correct, as many of the recent examples of identity abuse (tm) were instigated by him. (Of course, by this I'm not saying that Detweiler's views are reflected in tmp's posts... ;-) -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From hughes at ah.com Tue May 24 07:45:06 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 24 May 94 07:45:06 PDT Subject: compatibility with future PGP Message-ID: <9405241450.AA16918@ah.com> The only change the future post-September PGP 2.6 messages will have is a change in the version number byte from 2 to 3. PC's little hack not to check version numbers will work, but as a patch it's not the most robust. It would be more robust if it checked for the range [2..3]. Another thing a patched 2.3 release would have to do to be fully indistinguishable is to generate new version numbers itself after the given date. Eric From ravage at bga.com Tue May 24 07:53:19 1994 From: ravage at bga.com (Jim choate) Date: Tue, 24 May 94 07:53:19 PDT Subject: Pocket Data Encryptor Message-ID: <199405241453.AA16464@zoom.bga.com> LAN Computing May 94 V5#5 pp.41 Cylink has released a pocket sized DES encryptor that is designed to fit between a modem and a serial port. Cylink 310 N. Mary Av. Sunnyvale, CA 94086 408-735-6643 Check them out... From pcw at access.digex.net Tue May 24 08:12:39 1994 From: pcw at access.digex.net (Peter Wayner) Date: Tue, 24 May 94 08:12:39 PDT Subject: PGP 2.6 Message-ID: <199405241512.AA22672@access1.digex.net> Here is an exchange I had with the folks at MIT who did PGP2.6. I've suggested that they delay their anti-patent-infringement gadgetry until PGP2.6 is more widely available for _all_ platforms. >> I use a Macintosh. Is there a Mac PGP 2.6? > >Me too. Hopefully we will have a MacPGP 2.6 shortly (I am not sure whether >we will do the port at MIT, or whether the traditional MacPGP development >team will do it, probably the later). > > -Jeff Perhaps you should delay the expiration of old, pre-RSAREF PGP keys until after a Mac version is available. That would avoid cutting off a large part of the populace. From sandfort at crl.com Tue May 24 08:29:35 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 24 May 94 08:29:35 PDT Subject: Response to Uni's "Lawsuit" Message In-Reply-To: <9405240538.AA21324@mason1.gmu.edu> Message-ID: C'punks, On Tue, 24 May 1994, Curtis D Frye commented on Black Unicorn's recent post about his threatened law suit against "tmp" and Netcom. While I agree with Curtis' response, that is not the purpose I am writing this response. I would like to focus on one suggestion for providing anonymous Internet access. Curtis wrote: > . . . > One way I had foreseen providing (relatively) anonymous Internet access for > my Cypherpunk comrades was to establish an account with no personal > information in the system log, post a cash or money order payment to DGS's > bank account, and retain an account name-indexed list where I could email > individuals whose accounts were due to expire. The problems with this > scheme? Keeping track of who was who and making sure no one grabbed > someone else's userid (zero knowledge proofs, anyone???) is one, legal > liability for providing such a service is another. I need to research the > applicable regulations which state how much customer information we are > required to maintain, if any. Anyone out there familiar with the laws of > the Commonwealth of Virginia on this point? > > The weak link in the system? Me. Numerous points of failure and > susceptible to lawsuits and other legal/non-legal forms of "rubber hose de- > anonymization". How about this, instead: A company called "ID Anonymous, Ltd." sets up in a business secrecy jurisdiction. It buys Internet access accounts in bulk from DGS, Netcom, etc. (ID1, ID2, ID3, . . .). It then resells them to people living in the service territories of the various access providers. ID Anonymous, Ltd. collects monthly fees from all of its sub-users. It pays the Internet provider a single check each month for the monthly fees of all its anonymous account. Under such a system, there is no weak link. If a user misbehaves, DGS or Netcom can cut off the offending account, but nobody can reveal the identity of the underlying user. By being located in an offshore jurisdiction, ID Anonymous, Ltd. is not susceptible to lawsuits or rubber hose techniques. QED. S a n d y From jazz at hal.com Tue May 24 08:46:14 1994 From: jazz at hal.com (Jason Zions) Date: Tue, 24 May 94 08:46:14 PDT Subject: Response to Uni's "Lawsuit" Message Message-ID: <9405241549.AA12883@jazz.hal.com> Quoting from Curtis Frye's response: What exactly is Netcom's liability in this case? If a service provider is treated as a phone company, abuse of the service could be grounds for discontinuing the service. As Netcom did not discontinue tmp's service (see below), perhaps there is room for suit there. By your phrase "treated as a phone company", are you implying Common Carrier status? If so, I wonder under what grounds a common carrier is allowed to terminate service? Certainly, non-payment of bills is one. If person A alleges person B has made threatening phone calls, can the phone company terminate person B's service unilaterally based solely on the allegations? Must it wait until civil suits or criminal charges are brought? My understanding of common carriage was that the carrier was obligated to provide service to everyone within its service area, whether or not it liked their politics, or bedmates, or the content of their communications. What protection should Netcom, and other access providers, have against the abuses of their subscribers? Damn if I know, but it's an important question to stay awake at night worrying about... What was in the contract signed by the subscribers? You can bet that if I ever start an on-line service, there will be an "indemnify and hold harmless" clause, and provisions for demanding proof of umbrella liability coverage; lack of coverage upon demand would be grounds for termination. In other words, if tmp at netcom were a subscriber to my service, and someone alleged wrongdoing to this degree, my action would be to demand of tmp proof of umbrella liability coverage of $1,000,000; without such proof, account revoked. The only way to put teeth in an indemnify-and-hold-harmless clause for an individual, I guess. Very much in line with your earlier thoughts on the potential (non-) application of traditional libel/slander law to the Net -- would the Courts allow cyberspace to be that much more rough-and-tumble, with higher standards of abuse required for successful suits? They'll have to, with the current state of the art with respect to authentication and non-repudiation. A plaintiff will have to work pretty hard to prove a particular human generated a piece of email, given the ease of spoofing, remailers, anonymity and pseudonymity. I also thank Uni for posting. Jason Zions From dave.hodgins at canrem.com Tue May 24 09:24:50 1994 From: dave.hodgins at canrem.com (Dave Hodgins) Date: Tue, 24 May 94 09:24:50 PDT Subject: Canadian site Message-ID: <60.64709.104.0C19F711@canrem.com> For any other Canrem.com members reading this, I've uploaded a file called PGP26INF.ZIP, that contains a copy of all files that can be downloaded from net-dist.mit.edu, without recognition as a Canadian, or U.S. Site. Regards, Dave Hodgins. ********** Original From: DAVE HODGINS * CARBON * To: MIT POSTMASTER * COPY * Date/Number: 05/24/94 - Not Yet Posted ********** On: CRS - 0104 - Internet_Mail ----------------------------------------------------------------------- As per my message, to you, on 05/15, PLEASE add canrem.com to your list of Canadian sites, that should be allowed access, to the PGP 2.6 files! I just tried to download the files, and was again, denied access to the directory. Please send me an email message confirming completion of the above, so I don't have to waste telenet time (which I pay for), looking up a directory name, that I cannot access! Regards, Dave Hodgins, (416) 538-6516 2350 Dundas Street West, Apt. 2505, Toronto, Ontario, Canada M6P 4B1 -----BEGIN PGP SIGNED MESSAGE----- 230-If you are FTP'ing in to get PGP, and your DNS name of your host isn't 230-one that is "obviously" from the U.S., you may get a permission denied 230-message when you try to cd into /pub/PGP. If this happens to you, and 230-your host is located in the United States or Canada, send mail to 230-postmaster at bitsy.mit.edu to be added to a special exception list. The site I'm using is being denied access. Please add canrem.com (CRS Online, formerly Canada Remote Systems) to your special exception list. The IP address is 198.133.43.nn, where nn is any number from 1 to around 200. Could you email me when this has been completed? Thanks, Dave Hodgins, Toronto, Ontario, Canada. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdZptKsStlBrWUZ9AQEtXgQAlRYyMbQ+e1zc8Igr4xL6o7BzmR7wr2Mj HJL4qAYjwIErG/QuAay8c+rDsiHulaM5aoXRifWa7NI46qfD33mQ5be89gjCzB/D CpUoH81Vfb+bqi9PiJDqZsBhoPgRJ8cot47P3EYxM/9ZgrtUKlWJZlLLV2XPlqQ4 9qihKaa3adI= =9hvn -----END PGP SIGNATURE----- cc: ALL in 8 on CRS cc: CYPHERPUNKS at TOAD.COM in 0104 on CRS --- * RM 1.3 00820 * Internet:Dave.Hodgins at Canrem.com Rime->118 Fido(1:229/15) From adam at bwh.harvard.edu Tue May 24 09:56:06 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 24 May 94 09:56:06 PDT Subject: compatibility with future PGP In-Reply-To: <9405241450.AA16918@ah.com> Message-ID: <199405241655.MAA05076@bwnmr5.bwh.harvard.edu> You wrote: | Another thing a patched 2.3 release would have to do to be fully | indistinguishable is to generate new version numbers itself after the | given date. While I understand that people prefer the 2.3 code because of its availablility outside of the US, and speed advantages, I think that its important to remember PGP has not really caught on in the US because of questions about its legality. I'm trying to push for the widespread use of PGP 2.5 here at the Brigham & Women's hospital where I work. I can't push for version 2.3 for legal reasons. There is a significant advantage to pacthing both the US-legal and world legal versions of PGP. Both are useful & neccessary to the future of strong encryption. I've heard that 2.5 is available outside of the US. If this is so, would it make sense to make 2.5 the version which is patched and enhamced as the standard? Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From jis at mit.edu Tue May 24 09:59:32 1994 From: jis at mit.edu (Jeffrey I. Schiller) Date: Tue, 24 May 94 09:59:32 PDT Subject: Minor edit to the PGP 2.6 distribution Message-ID: <9405241659.AA21887@big-screw> About one half hour ago I replaced the PGP 2.6 distribution files with a newer version. The change represents a new mitlicen.txt file (minor wording correction, no big deal) and a corrected UNIX makefile. The source itself and the executables were not changed. -Jeff From perry at imsi.com Tue May 24 10:06:36 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 24 May 94 10:06:36 PDT Subject: compatibility with future PGP In-Reply-To: <199405241655.MAA05076@bwnmr5.bwh.harvard.edu> Message-ID: <9405241706.AA02531@snark.imsi.com> Adam Shostack says: > You wrote: > | Another thing a patched 2.3 release would have to do to be fully > | indistinguishable is to generate new version numbers itself after the > | given date. > > While I understand that people prefer the 2.3 code because of > its availablility outside of the US, and speed advantages, I think > that its important to remember PGP has not really caught on in the US > because of questions about its legality. I'm trying to push for the > widespread use of PGP 2.5 here at the Brigham & Women's hospital where > I work. I can't push for version 2.3 for legal reasons. People overseas want to be able to use this program, too. There are 250 million people in the U.S., which constitutes under 1/20th of the Earth's population. Quit being provincial. This discussion is about what the other 4.75 billion people have to do to interoperate with the brain-damaged MIT stuff. Perry From rfb at lehman.com Tue May 24 10:34:31 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 24 May 94 10:34:31 PDT Subject: compatibility with future PGP In-Reply-To: <9405241706.AA02531@snark.imsi.com> Message-ID: <9405241733.AA12507@fnord.lehman.com> Date: Tue, 24 May 1994 13:06:22 -0400 From: "Perry E. Metzger" There are 250 million people in the U.S., which constitutes under 1/20th of the Earth's population. These statistics are somewhat misleading given that the vast majority of users that are on the net are in the U. S. I suspect that the same is true for computer users in general, but I'm much less certain. I agree that this legal silliness is unfortunate, but I don't think that it's especially terrible that Adam would like to be able to advocate PGP use at work without putting himself at risk. I think it's great that patches are coming out to bridge the gaps between 2.3 and 2.6 from either direction. It's also nice that the newer versions of PGP appear to have a propensity toward travel :-) Rick From perry at imsi.com Tue May 24 10:41:46 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 24 May 94 10:41:46 PDT Subject: compatibility with future PGP In-Reply-To: <9405241733.AA12507@fnord.lehman.com> Message-ID: <9405241741.AA02631@snark.imsi.com> Rick Busdiecker says: > There are 250 million people in the U.S., which constitutes under > 1/20th of the Earth's population. > > These statistics are somewhat misleading given that the vast majority > of users that are on the net are in the U. S. I suspect that the same > is true for computer users in general, but I'm much less certain. > > I agree that this legal silliness is unfortunate, but I don't think > that it's especially terrible that Adam would like to be able to > advocate PGP use at work without putting himself at risk. You've misunderstood. The point is only that overseas users, technically speaking, do not have access to 2.[56], and might want patches. I didn't say anything about whether Adam should be running 2.[56] on his machine. Perry From ecarp at netcom.com Tue May 24 10:48:44 1994 From: ecarp at netcom.com (Ed Carp) Date: Tue, 24 May 94 10:48:44 PDT Subject: compatibility with future PGP In-Reply-To: <9405241741.AA02631@snark.imsi.com> Message-ID: <199405241748.KAA17892@netcom.com> > Rick Busdiecker says: > > There are 250 million people in the U.S., which constitutes under > > 1/20th of the Earth's population. > > > > These statistics are somewhat misleading given that the vast majority > > of users that are on the net are in the U. S. I suspect that the same > > is true for computer users in general, but I'm much less certain. > > > > I agree that this legal silliness is unfortunate, but I don't think > > that it's especially terrible that Adam would like to be able to > > advocate PGP use at work without putting himself at risk. > > You've misunderstood. The point is only that overseas users, > technically speaking, do not have access to 2.[56], and might want > patches. I didn't say anything about whether Adam should be running > 2.[56] on his machine. That is a snotty answer to avoid answering the question, Perry. Non-US/ Canadian users weren't supposed to have access to PGP in the first place, so what's the problem? If they want it, they can probably get it from the place where they got PGP 2.X in the first place. -- Ed Carp, N7EKG/VE3 ecarp at netcom.com 519/824-3307 Finger ecarp at netcom.com for PGP 2.3a public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From perry at imsi.com Tue May 24 10:59:12 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 24 May 94 10:59:12 PDT Subject: compatibility with future PGP In-Reply-To: <199405241748.KAA17892@netcom.com> Message-ID: <9405241758.AA02676@snark.imsi.com> Ed Carp says: > > You've misunderstood. The point is only that overseas users, > > technically speaking, do not have access to 2.[56], and might want > > patches. I didn't say anything about whether Adam should be running > > 2.[56] on his machine. > > That is a snotty answer to avoid answering the question, Perry. What question precisely is it that I'm not answering? I was unaware that any question had even been asked. Adam said that he didn't think patches were useful. I simply noted that there are lots of people outside the U.S. who might want them. Hell, there are lots of people inside the U.S. who might want them. No one was implying by the distribution of such patches that Adam should be running any software on his computer he doesn't feel comfortable with. Perry From adam at bwh.harvard.edu Tue May 24 11:07:25 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 24 May 94 11:07:25 PDT Subject: compatibility with future PGP In-Reply-To: <9405241741.AA02631@snark.imsi.com> Message-ID: <199405241807.OAA05660@bwnmr5.bwh.harvard.edu> Perry: | > I agree that this legal silliness is unfortunate, but I don't think | > that it's especially terrible that Adam would like to be able to | > advocate PGP use at work without putting himself at risk. | | You've misunderstood. The point is only that overseas users, | technically speaking, do not have access to 2.[56], and might want | patches. I didn't say anything about whether Adam should be running | 2.[56] on his machine. Technically, they never had access to v1, either. As I said in my first message, I've heard 2.5 has already found its way out of the US. If that is the case, then the non-US users have access to 2.5. If they do have access to 2.5, then could we discuss the technical merits of patching 2.5 v. patching 2.3? Benefits of starting with 2.3: * widespread use * no RSA code * faster? 2.5: * clearly legal in the USA * single code base for future modifications Its my opinion that the single code base, developed outside of the US, based on 2.5, is the way to go. Patching 2.3 is worthwhile, but does not address all (potential) users of PGP. Patching 2.5 does (again, assuming that its been exported), and as such, I feel it is a better way to go. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From perry at imsi.com Tue May 24 11:12:55 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 24 May 94 11:12:55 PDT Subject: compatibility with future PGP In-Reply-To: <199405241807.OAA05660@bwnmr5.bwh.harvard.edu> Message-ID: <9405241812.AA02712@snark.imsi.com> Adam Shostack says: > Technically, they never had access to v1, either. As I said > in my first message, I've heard 2.5 has already found its way out of > the US. If that is the case, then the non-US users have access to > 2.5. I wouldn't know where to find 2.5 outside the U.S. Besides, there are other scenarios in which one would want such patches. Here are just a couple. 1) You have a friend with an old PGP who wants to send you mail and who can't get a new PGP. Old PGP will read old PGP generated files, but new will not read old. 2) You have a friend eight months from now who only has old PGP and who you would like to send new PGP to. He knows your old-form signature but can't read the new one. The patch is simple enough that he can verify it himself. You can send it to him and then send him a signed copy of the new PGP. In any case, I see no reason to oppose people posting patches. This is the last time I'll post on this topic. Its getting old fast. Perry From ravage at bga.com Tue May 24 11:15:42 1994 From: ravage at bga.com (Jim choate) Date: Tue, 24 May 94 11:15:42 PDT Subject: (fwd) FBI infiltrates Connected.com Message-ID: <199405241815.AA18897@ghostwheel.bga.com> Path: bga.com!news.sprintlink.net!connected.com!connected.com!not-for-mail From: turmoil at hebron.connected.com (Turmoil) Newsgroups: seattle.general,alt.activism,alt.2600,alt.drugs Subject: FBI infiltrates Connected.com Date: 21 May 1994 11:48:31 -0700 Organization: Connected INC -- Internet Services Lines: 22 Message-ID: <2rll1v$jmb at hebron.connected.com> NNTP-Posting-Host: hebron.connected.com X-Newsreader: TIN [version 1.2 PL2] Xref: bga.com seattle.general:3840 alt.activism:10793 alt.2600:9216 alt.drugs:20914 Recently the staff at connected. has admitted that they have "invited" two FBI agents to roan that system. According to connected.staff these FBI agents are looking for "hackers phreaks" and people having copywritten programs. I am pretty peaved about this, we don't know how long thev'e been here, what rights they have on the system, or much else. Just that they are here. Watching us. Of course, I never use my account for illegal activities. Shit, I don't even do much illegal (except smoke a bit of pot) But I do not like the idea of giving up my rights against undue searches. This seems a reflection on the state of America today. This used to be a free country, but now there is a pig or FBI agent watching EVERYTHING you do. This is NOT the America described in the constitution. It's not a society of free, independent people. It is a dictatorship that must spy on it's own people in order to survive. I am anxious to here what others that read these groups think about this. Have A Nice Day turmoil at hebron.connected.com The FBI have infiltrated this site, I am activly searching for a new site From rishab at dxm.ernet.in Tue May 24 11:24:09 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 24 May 94 11:24:09 PDT Subject: Email firewall etc Message-ID: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU: > Companies like the idea of firewall machines to protect the security of > their internal nets. I bet they would also like something called an > "email-firewall". Names are important. :-) I think of the > email-firewall as a slightly modified anonymous-remailer. I haven't delved into the wide world of remailers out there, but I'd like a remailer that encrypted, though did not necessarily anonymize, incoming mail. I'm not really bothered about the NSA reading my mail. In fact, I'm not usually concerned whether someone in New York, for instance read my mail. But I might not want people closer to home (local sysadmins, etc) to read it. I'm sure many others share this position. The problem is that I can't ensure that people encrypt their mail to me. They may not bother, or be unable. An alternative would be for them to send it to a remailer, which, knowing my public key, would encrypt and forward it to me. Comments? -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From paul at hawksbill.sprintmrn.com Tue May 24 11:24:48 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Tue, 24 May 94 11:24:48 PDT Subject: compatibility with future PGP In-Reply-To: <199405241807.OAA05660@bwnmr5.bwh.harvard.edu> Message-ID: <9405241926.AA08867@hawksbill.sprintmrn.com> > > Technically, they never had access to v1, either. As I said > in my first message, I've heard 2.5 has already found its way out of > the US. If that is the case, then the non-US users have access to > 2.5. If they do have access to 2.5, then could we discuss the > technical merits of patching 2.5 v. patching 2.3? > > Benefits of starting with 2.3: > > * widespread use > * no RSA code > * faster? > > > 2.5: > > * clearly legal in the USA > * single code base for future modifications > > Its my opinion that the single code base, developed outside of > the US, based on 2.5, is the way to go. Patching 2.3 is worthwhile, > but does not address all (potential) users of PGP. Patching 2.5 does > (again, assuming that its been exported), and as such, I feel it is > a better way to go. > Perhaps, but I think that many folks still do not have the answers they are looking for -- primarily, can you use the secring generated by 2.3 or below with the new (2.6) release, if you so desired? - paul From rfb at lehman.com Tue May 24 11:25:12 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 24 May 94 11:25:12 PDT Subject: compatibility with future PGP In-Reply-To: <9405241758.AA02676@snark.imsi.com> Message-ID: <9405241821.AA13722@fnord.lehman.com> From: Adam Shostack Date: Tue, 24 May 94 12:55:36 EDT There is a significant advantage to pacthing both the US-legal and world legal versions of PGP. Both are useful & neccessary to the future of strong encryption. Date: Tue, 24 May 1994 13:58:34 -0400 From: "Perry E. Metzger" Adam said that he didn't think patches were useful. Hmmmmm.... Rick From cort at ecn.purdue.edu Tue May 24 11:31:03 1994 From: cort at ecn.purdue.edu (cort) Date: Tue, 24 May 94 11:31:03 PDT Subject: patch to PGP 2.6 In-Reply-To: <9405241450.AA16918@ah.com> Message-ID: <199405241830.NAA12504@en.ecn.purdue.edu> > The only change the future post-September PGP 2.6 messages will have > is a change in the version number byte from 2 to 3. PC's little hack > not to check version numbers will work, but as a patch it's not the > most robust. It would be more robust if it checked for the range > [2..3]. Agreed. > Another thing a patched 2.3 release would have to do to be fully > indistinguishable is to generate new version numbers itself after the > given date. Is "indistinguishability" the point or "interoperability"? If the latter, then no change to generated version numbers should be necessary/desired. I believe that 2.6 plans to read previous versions just fine. Cort. From ebrandt at jarthur.cs.hmc.edu Tue May 24 11:46:11 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Tue, 24 May 94 11:46:11 PDT Subject: compatibility with future PGP In-Reply-To: <9405241706.AA02531@snark.imsi.com> Message-ID: <9405241846.AA26490@toad.com> > From: "Perry E. Metzger" > People overseas want to be able to use this program, too. There are > 250 million people in the U.S., which constitutes under 1/20th of the > Earth's population. You dropped the part of his message where he said that he believed v2.5 was available abroad. If it's not, I don't think it will take long. And once it's escaped from this little prison state of ours, overseas users incur no risk in using it: they can't even be Noriega'd, since they've broken no law in any country. Eli ebrandt at hmc.edu From Richard.Johnson at Colorado.EDU Tue May 24 12:04:47 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Tue, 24 May 94 12:04:47 PDT Subject: SRA telnet and ftp (FYI) Message-ID: <199405241904.NAA24143@spot.Colorado.EDU> A note about a package that uses D-H to generate a key for telnet and ftp authentication. Has anyone here played with it? Richard ------- Forwarded Message Subject: SRA telnet and ftp Date: Tue, 24 May 1994 08:57:40 -0400 To: Firewalls at GreatCircle.COM From: bukys at cs.rochester.edu After hearing about David Safford's SRA telnet/ftp package from numerous sources, I finally went and got a copy (from ftp://net.tamu.edu/pub/security/TA MU). It's nice work. I would like to clarify one point, though: This package uses the Diffie-Hellman code from the Secure RPC implementation, to securely compute a session key which the SRA code uses to encrypt an authentication transaction. The code does NOT use the session key to encrypt the whole session. It would probably be relatively easy to add, but it's not in there in the current code. This is from my perusal of the code, and correspondence with the author. FYI ------- End of Forwarded Message From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU Tue May 24 12:26:28 1994 From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU) Date: Tue, 24 May 94 12:26:28 PDT Subject: PGP 2.5 is outside... Message-ID: <769806624/vac@FURMINT.NECTAR.CS.CMU.EDU> Adam Shostack : >As I said in my first message, I've heard 2.5 has already found its way >out of the US. If that is the case, then the non-US users have access >to 2.5. If they do have access to 2.5, then could we discuss the >technical merits of patching 2.5 v. patching 2.3? Lets do a quick check and see where that might be... > dirs /alex/edu/cmu/cs/sp/alex/links/security >gunzip -c < Index.gz | grep -i pgp | grep -v pgpkey | grep 5 /alex/edu/berkeley/csua/ftp/pub/cypherpunks/pgp/pgp25 [...] /alex/org/eff/ftp/pub/Net_info/Tools/Crypto/PGP/README.PGP2.5 [...] /alex/edu/umich/eecs/ftp/software/crypt/pgp25src.tar [...] /alex/it/unimi/dsi/ftp/pub/security/crypt/PGP/p25.tar Yup. Not only is it out, it is FTPable from outside. > alex2url /alex/it/unimi/dsi/ftp/pub/security/crypt/PGP/p25.tar ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/p25.tar -- Vince (For info on Alex see ftp://alex.sp.cs.cmu.edu/www/alex.html) From warlord at MIT.EDU Tue May 24 12:27:45 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 24 May 94 12:27:45 PDT Subject: compatibility with future PGP In-Reply-To: <9405241812.AA02712@snark.imsi.com> Message-ID: <9405241927.AA23276@toxicwaste.media.mit.edu> > 1) You have a friend with an old PGP who wants to send you mail and > who can't get a new PGP. Old PGP will read old PGP generated files, > but new will not read old. Wrong, Perry. Go read the announcement again. 2.6 will read old messages, but after sept 1 it will start generating incompatible messages that old versions cannot read. -derek From perry at imsi.com Tue May 24 12:54:38 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 24 May 94 12:54:38 PDT Subject: compatibility with future PGP In-Reply-To: <9405241927.AA23276@toxicwaste.media.mit.edu> Message-ID: <9405241954.AA02903@snark.imsi.com> Derek Atkins says: > > 1) You have a friend with an old PGP who wants to send you mail and > > who can't get a new PGP. Old PGP will read old PGP generated files, > > but new will not read old. > > Wrong, Perry. Go read the announcement again. 2.6 will read old > messages, but after sept 1 it will start generating incompatible > messages that old versions cannot read. Ahem. This is only true if the pkccompat mode was on. I have plenty of text around that 2.5 will not read. This is not tragic, but the situation might arise. In any case, I don't understand why anyone would rationally oppose the distribution of Pr0duct Cypher's patches -- you don't have to use them if you don't like. Perry From an99420 at anon.penet.fi Tue May 24 13:40:38 1994 From: an99420 at anon.penet.fi (an99420 at anon.penet.fi) Date: Tue, 24 May 94 13:40:38 PDT Subject: Testing compatibility 2.6 v. 2.3a Message-ID: <9405242028.AA06514@anon.penet.fi> Please could someone change the date of his computer after 1 september 1994 and send a PGP-ed message to me so I can test the compatibily of 2.6 (I also implemented the patch send to this server in 2.3a so I can check that too...). My public key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3c mQCNAiv3vSkAAAEEAMGWtCrT8eIhK0qR0yqYepYCcRdjw+EhiIzP4XkHlwkR9iVt 4xnTGHKuuCnGJG0ftez4hEZsTpdrz8mQ0SnYy0KLQ6DUvKH9IMgl6S9yJiYAgtC2 4TN15+t/9ZJjlVMgwtRY5tPLgrZ7h6Jw/rZIj+Wwj78yjcdguYDAdPKe9hHLAAUR tCZFZWxjbyBDcmFtZXIgPGNyYW1lMDAxQGhpby50ZW0ubmhsLm5sPokAlQIFEC20 ++aAwHTynvYRywEBJ/UD+QEah9xIn/Vt3GbJYA3b6i/vXnEhG/z6qrqaJ8fubFin Ia2JMT4AceNEtz+6j7lIz/iJbj9CPIOASnSIQ/hmrERlWcsgWR7U29QnQjunZ6BE S64pONVmEA207lDwgAzUJ4+h+urYTIfz4qW/jHcs6nTfwe5qhfbDM1b6yTe301A/ iQCVAgUQK/qELegWAlGwR3dDAQEd/AQA1iny6lLuQFxVg6yvJ6xjnjSmOpHkz2Un ZTfbnXHtDBLA0CDFT8A4nfW/hLT1j7dx6yD5+lUPkMX1GTttlOMp819VyK8Wm8lv HnkFbehTTmmlY2BxBqWC7EUml39BqQEWbxqlt6M/btScsMVlQJyiluEW1cacYt68 DPpqScQWzz0= =cAIH -----END PGP PUBLIC KEY BLOCK----- ... If you outlaw Privacy, only the Outlaws will have Privacy! Eelco Cramer ------ ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From adam at bwh.harvard.edu Tue May 24 13:42:11 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 24 May 94 13:42:11 PDT Subject: compatibility with future PGP In-Reply-To: <9405241954.AA02903@snark.imsi.com> Message-ID: <199405242041.QAA05953@bwnmr5.bwh.harvard.edu> Perry writes: | In any case, I don't understand why anyone would rationally oppose the | distribution of Pr0duct Cypher's patches -- you don't have to use them | if you don't like. I wasn't opposing them; I was suggesting that patching 2.5 would be more productive in the long run than patching 2.3 Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From perry at imsi.com Tue May 24 13:46:42 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 24 May 94 13:46:42 PDT Subject: compatibility with future PGP In-Reply-To: <199405242041.QAA05953@bwnmr5.bwh.harvard.edu> Message-ID: <9405242046.AA03094@snark.imsi.com> Adam Shostack says: > Perry writes: > | In any case, I don't understand why anyone would rationally oppose the > | distribution of Pr0duct Cypher's patches -- you don't have to use them > | if you don't like. > > I wasn't opposing them; I was suggesting that patching 2.5 > would be more productive in the long run than patching 2.3 Again, as I've noted, there are people who will need, for whatever reason, to fix their old 2.3a (or pre-2.3a) system so that it will interoperate. Assuming that 2.5 finds its way overseas, it is not an unreasonable code base for FUTURE development. However, what we are talking about is not new development but retrofits. Perry From jpp at jpplap.markv.com Tue May 24 14:20:29 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Tue, 24 May 94 14:20:29 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: <9405242046.AA03094@snark.imsi.com> Message-ID: I've been out of the literature for quite a while now so pardon me if this is a dumb question. Do any of you know of any public key cryptosystems based on the graph isomorphism problem? Last I heard there weren't any. But I think I've found one. j' From rishab at dxm.ernet.in Tue May 24 14:34:18 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 24 May 94 14:34:18 PDT Subject: Reputation systems, sources? Message-ID: Marcos Javier Polanco : [in private mail] > Is there a mailing list explictly talking about the "distributed > trust' issue? I am very interested in reputational mechanisms. If not > mailing lists, what papers should I download? I don't think there's a mailing list on this. I know that at least Bill Garland wants to set up an experimental reputation market. Anyone else know about papers or projects? > - marcos j. polanco > - marcos at dogen.persona.com > - nataraja (contact at dogen.persona.com) -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From perry at imsi.com Tue May 24 15:12:15 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 24 May 94 15:12:15 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: Message-ID: <9405242211.AA03230@snark.imsi.com> Jay Prime Positive says: > I've been out of the literature for quite a while now so pardon me > if this is a dumb question. Do any of you know of any public key > cryptosystems based on the graph isomorphism problem? Last I heard > there weren't any. But I think I've found one. There was a powerful result a while back concerning public key systems based on NP complete problems -- in particular, I recall that there was a large class of them that were flawed -- the original knapsack problem based public key system suffered from the defect from the limited amount my neurons will disgorge. Sadly, I can't remember the details any longer. Anyone else have a vague recollection on this? It would be cool to hear about your graph isomorphism based system in any case. I have heard of zero knowledge systems based on graph isomorphism, but never public key systems. By the way, there is a neat paper circulating in samizdat form from China about public key systems based on compositions of finite automata. However, I'm more or less obligated not to spread it about until the paper has been published (sigh). Its quite tantalizing, though. Perry From ebrandt at jarthur.cs.hmc.edu Tue May 24 17:08:13 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Tue, 24 May 94 17:08:13 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: Message-ID: <9405250008.AA01719@toad.com> > From: jpp at jpplap.markv.com (Jay Prime Positive) > cryptosystems based on the graph isomorphism problem? Last I heard > there weren't any. But I think I've found one. Interesting. Have you tested it against the known methods for the isomorphism problem? Van Leeuwen* references an O(n log n) average-case algorithm, and ones that are pseudopolynomial w.r.t. degree, genus, and treewidth. There are also methods based on "signatures" (hash functions on graphs, basically); there's an O(n^2) expected-time perfect signature, and an O(n) (worst-case?) one with exponentially small failure rate. These might provide attacks, though none solve the general problem. * (in Handbook of Theo. Comp. Sci., Vol. A) BTW, the graph isomorphism problem is not known to be NP-complete, and van Leeuwen comments that there is some theoretical basis for expecting it not to be. Disclaimer: I don't know much about graph theory, I'm just getting paid to do it. :-> Eli ebrandt at hmc.edu From hughes at ah.com Tue May 24 18:27:55 1994 From: hughes at ah.com (Eric Hughes) Date: Tue, 24 May 94 18:27:55 PDT Subject: patch to PGP 2.6 In-Reply-To: <199405241830.NAA12504@en.ecn.purdue.edu> Message-ID: <9405250132.AA18036@ah.com> > Another thing a patched 2.3 release would have to do to be fully > indistinguishable is to generate new version numbers itself after the > given date. Is "indistinguishability" the point or "interoperability"? Reference is not advocacy. I was speaking of what was necessary to ensure indistinguishability. If that is your goal, then this is directly relevant. If not, then it may be beside the point. The change in version numbers seems to have two effects, both of which I addressed. Use these statements as they are appropriate to your goals. Eric P.S. The "you" is the general "you". From mccoy at ccwf.cc.utexas.edu Tue May 24 18:41:02 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Tue, 24 May 94 18:41:02 PDT Subject: Looking for a paper... Message-ID: <199405250140.UAA10218@foghorn.cc.utexas.edu> I am trying to hunt up a copy of: The Dining Cryptographers in the Disco: Unconditional Sender and Recipient Untracability with Computationally Secure Serviceability by Michael Waidner and Birgit Pfitzmann So far the only ref I have found is the abstract in Eurocrypt '89, but I can't seem to locate a copy of the entire paper. If anyone knows of where I might find a copy I would appreciate it... jim From mgream at acacia.itd.uts.edu.au Tue May 24 19:41:31 1994 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Tue, 24 May 94 19:41:31 PDT Subject: PGP 2.6 is dangerous in the long term ? Message-ID: <9405250243.AA03397@acacia.itd.uts.EDU.AU> Personally, I happen to dislike the PGP 2.6 saga; I think it's effectively turning the wheel back viz. "US only software" as well as confusing the issue ("oh, which PGP do you have ?"). Some say that it's not a problem in the sense that PGP 2.3a will be upgraded to "support" PGP 2.6. Even this situation is clearly undesirable as PGP itself becomes a fragmented product -- esp. as I think "new users" will opt for PGP 2.6, and others will change too because of the purported "legitimacy". The result is that PGP 2.6 _will_ become heavily adopted in the US. This it not the point, however. As the RSA patent is expected to expire in the coming years, one would expect the liberation of PGP, at least in terms of the RSA algorithm (negating the export control issues). The sinister fact of PGP 2.6, and other derived RSAREF product is that even as the patent itself expires, RSADSI still exerts control over PGP by way of RSAREF. Being Australian, I've not read the RSAREF conditions, but there is at the point that commercial use will still not be possible (at it would be under non-RSAREF 2.3a) when the RSA patent expires. So quite possibly, PGP 2.6 is doing a great deal more longer term damage to the viablity of PGP than is immediately obvious. Is this a valid viewpoint ? Matthew. -- Matthew Gream Consent Technologies Sydney, (02) 821-2043 M.Gream at uts.edu.au From blancw at microsoft.com Tue May 24 20:13:48 1994 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 24 May 94 20:13:48 PDT Subject: Bruce Sterling's talk at CFP Message-ID: <9405250214.AA16507@netmail2.microsoft.com> I'm glad that Bruce Sterling made the comments which he did, in that gathering of the right people to hear these statements. Although he sounds as though he thinks that everyone ought to be their brother's keeper, I think the paragraphs below do point out the hypocrisy in worrying about the gravity of what could be communicated in a telephone conversation or over the net that might result in advancing a criminal act, when "People stumble through the streets of every city in this country absolutely wrapped in the grip of demons, groping at passersby for a moment's attention and pity and not getting it." The contrast between cries for safety legislation and the abhorent conditions under which many live, do not demonstrate a delicate sensitivity towards higher standards of functioning which could make one sympathize with the alarms about opening up a pandora's box of crime, in such a climate of seeming disconcern for the sufferings of the individual. Who is being saved from what, and who really cares? If the answers to these questions are not resolved, then what sense does it make to put such alarms into a non-existent context. "There may be securicams running 24 hours a day all around us, but mechanical surveillance is not the same as people actually getting attention or care." And it's not the same as actually knowing what is important to an individual, and it does not convince that, although truly important values which could build up a society are being neglected, attending to these exceptional threats to safety will keep everyone from total disaster. "You want to impress me with your deep concern for children? This is Chicago! Go down to the Projects and rescue some children from being terrorized and recruited by crack gangs who wouldn't know a modem if it bit them on the ass!" Another convincing demonstration of efficacy in responding in a coordinated fashion to the safety requirements of a great society, protecting the sacredness of vulnerable littel children, the purity of the moral atmosphere, and being of practical use to all. Maybe I could appreciate someone's deep concern for my safety, but yet be unconvinced of the consequential benefit of their ministrations when there is so much evidence to the contrary. I wouldn't make the points which B. Sterling made in quite the same way, but he did present the message to our "guardians" that they are not pulling the wool over *every*one's eyes, that their hypocricy is patent, and that their motives are ridiculous about their proposed goodwill to mankind. Blanc From hal at martigny.ai.mit.edu Tue May 24 21:03:48 1994 From: hal at martigny.ai.mit.edu (Hal Abelson) Date: Tue, 24 May 94 21:03:48 PDT Subject: PGP 2.6 uses RSAREF version 1 Message-ID: <9405250403.AA05186@toad.com> MIT's release of PGP 2.6 uses RSAREF version 1, under the RSAREF license of January 5, 1993. Some people have wondered whether including RSAREF 1, rather than RSAREF version 2, is an oversight in the PGP 2.6 distribution. It is not an oversight. Version 1 is what we intended. The change from RSAREF 2.0 (in PGP 2.5) to RSAREF version 1 (in PGP 2.6) was done on the advice of RSA Data Security, which has granted MIT permission to access non-published routines in all RSAREF versions 1.nn, and rights in accordance with the version 1 license. -- Hal Abelson Dept. of Elect. Eng. and Comp. Sci. MIT From joshua at cae.retix.com Tue May 24 21:13:53 1994 From: joshua at cae.retix.com (joshua geller) Date: Tue, 24 May 94 21:13:53 PDT Subject: PGP 2.6 uses RSAREF version 1 Message-ID: <199405250413.VAA03791@sleepy.retix.com> >Some people have wondered whether including RSAREF 1, rather than >RSAREF version 2, is an oversight in the PGP 2.6 distribution. It is >not an oversight. Version 1 is what we intended. uh huh.... >The change from RSAREF 2.0 (in PGP 2.5) to RSAREF version 1 (in PGP >2.6) was done on the advice of RSA Data Security, which has granted >MIT permission to access non-published routines in all RSAREF versions >1.nn, what the FUCK? what mean non-published routines? > and rights in accordance with the version 1 license. something smells here. josh From markh at wimsey.bc.ca Tue May 24 21:43:15 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Tue, 24 May 94 21:43:15 PDT Subject: Graph isomorphism based PK cryptosystems? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: Graph isomorphism based PK cryptosystems? > Interesting. Have you tested it against the known methods for the > isomorphism problem? Van Leeuwen* references an O(n log n) > average-case algorithm, and ones that are pseudopolynomial w.r.t. > degree, genus, and treewidth. Luks did the trivalent case and then later the bounded valence case. bounded genus is due to Miller. Also bounded eigenvalue multiplicity due to Babai and others. There are also a number of related problems which are believed to be difficult. Finding a small generating set for the automorphism group of a graph is polynomial time equivalent. The graph isomorphism problem also reduces to several of computational problems in permutation groups where these groups are given by small generating sets (e.g. calculation of the centraliser of a permutation, group intersection, double coset membership, subset stabiliser, normaliser) This is one of those problems where the "average" case is relatively easy. Take a random graph (with a reasonable definition), finding the automorphism group is usually relatively easy by backtracking. The hard cases are ones which superficially look like they have lots of symmetry but really have small non-trivial automorphism groups. Similarly for graph isomorphism, i.e. take two random graphs (again one needs to define this), it is usually pretty easy to determine whether they are isomorphic (just look at the degree sequence and work from there). Approaches involving backtracking to find isomorphisms can be effective in more subtle cases. So you need to be careful to avoid the easy cases. I remember some really hard (practically) cases for the usual backtracking approaches to determining automorphism groups came from graphs derived from certain designs. I'd sure like to see more details about a public key system based on Graph Isomorphism. (For a book on graph isomorphism and related computational problems take a look at C.M. Hoffmann, Group-Theoretic Algorithms and Graph Isomorphism, Lecture Notes in Computer Science #136, Springer-Verlag, 1982. A little old but it covers a fair bit). There is a point to this, I remember some papers by Magliveras (sp?) on cryptosystems from problems in permutation groups. Anyone have copies or remember any details? -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBVAgUBLeLV9WrJdmD9QWqxAQHKYAH9EuLksdWKLvnhr6FIRjBZO6O2eyKCY6rI MsDvo2V8QJTLdXDHR/rDuChdOQRIQtsa7H1k3/ZEZnP331Roeg3/3w== =yJZr -----END PGP SIGNATURE----- -- Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 low security key fingerprint: EC E7 C3 A9 2C 30 25 C6 F9 E1 25 F3 F5 AF 92 E3 cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto From markh at wimsey.bc.ca Tue May 24 21:47:42 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Tue, 24 May 94 21:47:42 PDT Subject: PGP 2.6 uses RSAREF version 1 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: PGP 2.6 uses RSAREF version 1 > >Some people have wondered whether including RSAREF 1, rather than > >RSAREF version 2, is an oversight in the PGP 2.6 distribution. It is > >not an oversight. Version 1 is what we intended. > something smells here. Most likely the fact that the RSAREF 2.x licence is a lot more liberal about commercial use. (read it yourself, but to sum it up it does allow limited commercial use). This means that one can still use RIPEM and TIS/PEM for many commercial applications. With PGP one would have to buy a licence (presumably from ViaCrypt). e.g. communications between employees of a company about business matters. Mark -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBVAgUBLeLXBWrJdmD9QWqxAQGigwIAl1moi1OPFa78yVNeNBd1JGyQ59jnOfUL FOOuqE/9zNQCQBoYZtTtHtGxQQLWOw1YtbgDcW3Q3jHQ3pkeQwlwWA== =m3Zf -----END PGP SIGNATURE----- -- Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 low security key fingerprint: EC E7 C3 A9 2C 30 25 C6 F9 E1 25 F3 F5 AF 92 E3 cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto From an60011 at anon.penet.fi Tue May 24 22:25:02 1994 From: an60011 at anon.penet.fi (Ezekial Palmer) Date: Tue, 24 May 94 22:25:02 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <9405250243.AA03397@acacia.itd.uts.EDU.AU> Message-ID: <199405250506.AA01867@xtropia> -----BEGIN PGP SIGNED MESSAGE----- From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Subject: PGP 2.6 is dangerous in the long term ? Date: Wed, 25 May 94 12:43:46 EST Being Australian, I've not read the RSAREF conditions, but there is at the point that commercial use will still not be possible (at it would be under non-RSAREF 2.3a) when the RSA patent expires. The GNU copyleft is supposed to disallow a lot of for-profit uses. Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeK/+xVg/9j67wWxAQGNqgP9FrqJ77ru0vH6mii7m9AElRfdqLvrFuum 7pRINtNpyW9qLtU8cQbdriAWJaxZX7CK70XkHPiSOXaIJ/A+pWrp4VW0f2F9vGBX W3HkERqGT9ikOxDVHAq5Qk3IvvXss+Ms+QdzGSDRK1bAgzJLH/YYbsdpsXW4+fgi raltpxGcZvg= =i4MI -----END PGP SIGNATURE----- From jpp at jpplap.markv.com Tue May 24 22:52:35 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Tue, 24 May 94 22:52:35 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: <9405242211.AA03230@snark.imsi.com> Message-ID: Date: Tue, 24 May 1994 18:11:51 -0400 From: "Perry E. Metzger" There was a powerful result a while back concerning public key systems based on NP complete problems Hmm. Was it the set of 'super increasing' knapsack problems? It would be cool to hear about your graph isomorphism based system in any case. I only worry that if I publish, it could be patented. And I don't want the algorithm to end up in the hands of the software patent folks. Especially if they will be making money off it, and I wont. Solutions? Perry From bal at martigny.ai.mit.edu Tue May 24 23:43:50 1994 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Tue, 24 May 94 23:43:50 PDT Subject: MIT AI Lab PGP keyserver back up... Message-ID: <9405250643.AA07360@toad.com> The PGP public key server at the MIT AI lab is now back up, running PGP 2.6. You can access the keyserver via e-mail to: public-key-server at pgp.ai.mit.edu, or pgp-public-keys at pgp.ai.mit.edu Please use the alias "pgp.ai.mit.edu" when sending mail to the server. I expect the keyserver to move from its current host (martigny.ai) to another machine sometime this summer. The CNAME pgp.ai.mit.edu will always point to the right place. If you have a WWW client with forms support (Mosaic, Lynx, Emacs-W3) you can also use my WWW interface to the keyserver. The URL is: http://www-swiss.ai.mit.edu/~bal/pks-toplev.html [www-swiss is another alias. Our WWW server is moving soon, too.] NOTE: As a result of MIT's legal review of the patent issues surrounding PGP 2.3 and PGP keyservers, this keyserver has been configured to not accept "add" requests containing keys identified as being produced by PGP 2.3 or earlier versions. If you're running a PGP keyserver and would like to sync with this server, drop me a note. --Brian LaMacchia pgp-public-keys-request at pgp.ai.mit.edu From bart at netcom.com Wed May 25 01:44:13 1994 From: bart at netcom.com (Harry Bartholomew) Date: Wed, 25 May 94 01:44:13 PDT Subject: Pocket Data Encryptor In-Reply-To: <199405241453.AA16464@zoom.bga.com> Message-ID: <199405250844.BAA01166@netcom.com> > > LAN Computing May 94 V5#5 pp.41 > > Cylink has released a pocket sized DES encryptor that is designed to fit > between a modem and a serial port. > > Cylink > 310 N. Mary Av. > Sunnyvale, CA 94086 > 408-735-6643 > > Check them out... > The number given above is a fax machine. I don't speak faxish so I used 735 5800 for an English speaking person. From bart at netcom.com Wed May 25 02:41:20 1994 From: bart at netcom.com (Harry Bartholomew) Date: Wed, 25 May 94 02:41:20 PDT Subject: crypto in June Byte Message-ID: <199405250941.CAA04272@netcom.com> Three items. On p.41 at 2/3 page review of Schneier's "Applied Cryptography" favorable if not raving. In the What's New Hardware pages: The Crypto-Com V.32bis asynchronous pocket modem ($895) from Western Datacom (Westlake, OH) encrypts all data transmissions between two of the companies modems. 800 262 3311 [ It uses single DES they said when I called ] Lastly a seven page article "Distributed and Secure" by a Russell Kay whose bio says he edited Infosecurity News and Computer Security Journal. The box on the front page says "When you distribute information and processing, you also delegate security responsibility. Good access controls, eyes open administration, and communication encryption can make all the difference". Login control token technology is reviewed, Kerberos discussed and explained, PK crypto including PGP, and the Andrew file system. Something new to me was: "... NSA recently placed a large order for what it calls 'sniffless password generators' with Secure Computing in Roseville, Minnesota. With the company's Lockout system, instead of sending a password over the wire "in clear," you send a cryptographic representation of it, using a one time encryption key. Each time you login, the password is encrypted with a different key. The NSA will use Lockout in conjunction with its Tessera Crypto Card, a PCMCIA device. ... It uses both NIST's Digital Signature Algorithm and the NSA's Mosaic encryption algorithms." From frissell at panix.com Wed May 25 02:43:51 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 25 May 94 02:43:51 PDT Subject: MIT has released PGP Message-ID: <199405250943.AA20817@panix.com> R.>the following questions: R.>Are you a citizen or national of the United States or a person who R.>has been lawfully admitted for permanent residence in the United R.>States under the Immigration and Naturalization Act? Wait a goddamned minute. Since when does the ITAR prevent illegal aliens (who are resident in the US) from obtaining munitions? And what about our Canadian bretheran? I guess they didn't want to register as a munitions seller which I gather you have to do if you export to Canada. DCF --- WinQwk 2.0b#1165 From perry at imsi.com Wed May 25 04:42:20 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 25 May 94 04:42:20 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <199405250506.AA01867@xtropia> Message-ID: <9405251142.AA03820@snark.imsi.com> Ezekial Palmer says: > The GNU copyleft is supposed to disallow a lot of for-profit uses. The GNU copyleft in no way prohibits any commercial use whatsoever. Please do not spread inaccurate rumors about copyleft. Perry From perry at imsi.com Wed May 25 04:45:58 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 25 May 94 04:45:58 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: Message-ID: <9405251144.AA03868@snark.imsi.com> Jay Prime Positive says: > I only worry that if I publish, it could be patented. And I don't > want the algorithm to end up in the hands of the software patent > folks. Especially if they will be making money off it, and I wont. If you publish, only you could patent it. There is only danger if you don't publish, in which case others can independently make the same discovery and patent it. Perry From perry at imsi.com Wed May 25 04:51:38 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 25 May 94 04:51:38 PDT Subject: MIT has released PGP In-Reply-To: <199405250943.AA20817@panix.com> Message-ID: <9405251151.AA03879@snark.imsi.com> Duncan Frissell says: > R.>the following questions: > > R.>Are you a citizen or national of the United States or a person who > R.>has been lawfully admitted for permanent residence in the United > R.>States under the Immigration and Naturalization Act? > > Wait a goddamned minute. Since when does the ITAR prevent illegal aliens > (who are resident in the US) from obtaining munitions? It does. It appears that under the ITAR, giving technical information on munitions to an alien in the U.S. is equivalent to export. I know its insane. Its an obvious violation of the first amendment. It is none the less in the regulations. Perry From nelson at crynwr.com Wed May 25 05:16:23 1994 From: nelson at crynwr.com (Russell Nelson) Date: Wed, 25 May 94 05:16:23 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <9405250243.AA03397@acacia.itd.uts.EDU.AU> Message-ID: From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Wed, 25 May 94 12:43:46 EST Organization: University of Technology, Sydney. As the RSA patent is expected to expire in the coming years, one would expect the liberation of PGP, at least in terms of the RSA algorithm (negating the export control issues). The sinister fact of PGP 2.6, and other derived RSAREF product is that even as the patent itself expires, RSADSI still exerts control over PGP by way of RSAREF. You have to assume that RSA isn't being run by idiots. Either they're looking at closing their doors in seven years, or they've got a plan. If it were *my* company, I'd make sure that everyone depends on running my software. And since that's what I'd do, it's only reasonable to assume that that's what RSA is trying to do. So maybe what we (the c'punk community) need to do is maintain parallel versions of PGP (ick), one which continues to use 100% GPL'ed code, and another which uses RSAREF to stay legal. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From limpe001 at next1.tem.nhl.nl Wed May 25 05:21:15 1994 From: limpe001 at next1.tem.nhl.nl (HHM LIMPENS) Date: Wed, 25 May 94 05:21:15 PDT Subject: PGP 2.5 is outside... In-Reply-To: <769806624/vac@FURMINT.NECTAR.CS.CMU.EDU> Message-ID: <9405251315.AA06738@ next1.tem.nhl.nl > > > > Adam Shostack : > >As I said in my first message, I've heard 2.5 has already found its way > >out of the US. If that is the case, then the non-US users have access > >to 2.5. If they do have access to 2.5, then could we discuss the > >technical merits of patching 2.5 v. patching 2.3? > Lets do a quick check and see where that might be... > Hmm, recently I received a enourmous amount of diffs, patches and what so ever, to make pgp 2.3(a) compatible with pgp 2.6 (har) now were at it, there isn't really a big difference between the two versions (as far as I can tell) and the little hack from PC does the trick nice. However you could also do it your self, letting the VERSION_BYTE change when september 1 1994 is passed. We'll try to make a nice new PGP 2.3c, which will be 100% compatible with the 2.6 version. (Bug fixes from 2.3 to 2.4 from Branko Lankester are already applied, now the compatibility problem will be to let 2.3 know it is 2.6) --Eric-- "they'll get my crypto key when they pry it from my dead, cold fingers" -NSA's (former) chief counsel Stewart Baker "the NSA being the devious bastards" - Michael Handler +----------------------------------------+----------------------------+ | Eric Limpens | Where is my spycamera !? | | | ..Bart Simpson.. | | +----------------------------+ | S=limpe001;OU=hio;OU=tem;O=nhl;PRMD=surf;ADMD=400net;C=nl | +---------------------------------------------------------------------+ "they'll get my crypto key when they pry it from my dead, cold fingers" -NSA's (former) chief counsel Stewart Baker "the NSA being the devious bastards" - Michael Handler +----------------------------------------+----------------------------+ | Eric Limpens | Where is my spycamera !? | | | ..Bart Simpson.. | | +----------------------------+ | S=limpe001;OU=hio;OU=tem;O=nhl;PRMD=surf;ADMD=400net;C=nl | +---------------------------------------------------------------------+ From habs at panix.com Wed May 25 06:30:38 1994 From: habs at panix.com (Harry S. Hawk) Date: Wed, 25 May 94 06:30:38 PDT Subject: [Q} IBM's NetSP encyption; what is it Message-ID: <199405251330.AA14419@panix.com> I read: > IBM also plans to integrate security features based on > IBM-developed NetSP encryption technology, which provides sufficient > security for tapping corporate data. NetSP is not subject to US export > controls and can be implemented outside the US. > [05-24-94 at 19:00 EDT, Copyright 1994, International Data Group They are using this with a new service that will compete with AT&T's PersonalLink (which uses RSA encypt via Telescript). Does anyone know anything about NetSP, how secure it is, etc. FYI, the service is agent "based" > Moreover, Intelligent Communications service will include a permanent > personalized agent, called an Alter Ego, which contains a range of > user- specific information. The Alter Ego is a "rules-based static > agent" that can respond to, or filter, incoming messages on behalf of > the user. > [05-24-94 at 19:00 EDT, Copyright 1994, International Data Group -- Harry S. Hawk habs at panix.com Product Marketing Manager PowerMail, Inc. Producers of MailWeir(tm) & PowerServ(tm) From lstanton at sten.lehman.com Wed May 25 06:32:38 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Wed, 25 May 94 06:32:38 PDT Subject: PGP 2.5 is outside... In-Reply-To: <9405251315.AA06738@ next1.tem.nhl.nl > Message-ID: <9405251333.AA07035@sten.lehman.com> In message <9405251315.AA06738@ next1.tem.nhl.nl >you write: > We'll try to make a nice new PGP 2.3c, which will be 100% compatible with > the 2.6 version. (Bug fixes from 2.3 to 2.4 from Branko Lankester are already > applied, now the compatibility problem will be to let 2.3 know it is 2.6) Why not have that version advertize itself as 2.6? Then everyone would see a key that says its 2.6, and which would be legal (under different rules) worldwide. Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi3iC/MAAAEEAOj2cr49PeFwa78Swqf3nBZHspCfZ+IgX8nGU8rbm2oJ6VYj u8o2M4c3Nv/tkoou24gDtM43/jSrRAalcX40pbGRqWJkkayJ52J8o4KupCrgsKLg fBE5P4tcUo9KaeJIaOfItJ2qrfTOcFuN7GiyTQ1E2/FGPSHDoqz3kXhxoZcNAAUR tCFMaW5uIEguIFN0YW50b24gPHN0YW50b25AYWNtLm9yZz4= =H8OV -----END PGP PUBLIC KEY BLOCK----- From frissell at panix.com Wed May 25 06:36:07 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 25 May 94 06:36:07 PDT Subject: MIT has released PGP In-Reply-To: <9405251151.AA03879@snark.imsi.com> Message-ID: On Wed, 25 May 1994, Perry E. Metzger wrote: > > It does. It appears that under the ITAR, giving technical information > on munitions to an alien in the U.S. is equivalent to export. I know > its insane. Its an obvious violation of the first amendment. It is > none the less in the regulations. > > Perry > So all those aliens who want to legally receive "munitions" within the US can form a US "corporation, business association, partnership, society, trust, or any other entity organization or group including governmental entities" and have that institution which would legally be a "US person" receive the "munitions." In fact, I think that the multiplication of entities can be a useful tool. Transfering your car or your assault rifles to corporations formed in convenient jurisdictions can be a good way to dodge regulations that apply to "persons" within a particular jurisdiction. Note that under the current assault weapons control legislation you are supposed to record the sale of your weapons over time. If they are owned by a corporation, they need never be transfered. The corporation can be transferred instead. DCF "If I join the Haitian Legion will they let me keep my assault rifles." From lstanton at sten.lehman.com Wed May 25 06:36:51 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Wed, 25 May 94 06:36:51 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <9405250243.AA03397@acacia.itd.uts.EDU.AU> Message-ID: <9405251337.AA07048@sten.lehman.com> In message <9405250243.AA03397 at acacia.itd.uts.EDU.AU>you write: > As the RSA patent is expected to expire in the coming years, one would > expect the liberation of PGP, at least in terms of the RSA algorithm > (negating the export control issues). The sinister fact of PGP 2.6, and > other derived RSAREF product is that even as the patent itself expires, > RSADSI still exerts control over PGP by way of RSAREF. I don't see this as a real worry. Once the use of RSA is legal worldwide, it is fairly easy to just yank the RSAREF code and drop in functionally equivalent, but legally unencumbered, code. Or, everyone in the US/Canada could just copy the compatable code from abroad. Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi3iC/MAAAEEAOj2cr49PeFwa78Swqf3nBZHspCfZ+IgX8nGU8rbm2oJ6VYj u8o2M4c3Nv/tkoou24gDtM43/jSrRAalcX40pbGRqWJkkayJ52J8o4KupCrgsKLg fBE5P4tcUo9KaeJIaOfItJ2qrfTOcFuN7GiyTQ1E2/FGPSHDoqz3kXhxoZcNAAUR tCFMaW5uIEguIFN0YW50b24gPHN0YW50b25AYWNtLm9yZz4= =H8OV -----END PGP PUBLIC KEY BLOCK----- From steven at echonyc.com Wed May 25 06:50:20 1994 From: steven at echonyc.com (Steven Levy) Date: Wed, 25 May 94 06:50:20 PDT Subject: seeking Pr0duct Cypher Message-ID: <9405251353.AA23595@echonyc.com> I am working on a story for WIRED about digital money, and notice here that someone named Pr0duct Cypher is behind the scheme that some people are experimenting with. Would Pr0duct Cypher mind contacting me? Use this email (steven at echonyc.com) to make the connection. Also, if anyone else wants to point me to interesting stuff, feel free. I'm probably on top of the obvious (Chaum, etc), but better to assume that I'm missing stuff. Steven Levy _______________________________________________________ Steven Levy steven at well.com steven at echonyc.com author, Hackers, Artificial Life, Insanely Great contributor, Macworld, Wired "When the going gets weird, the weird turn pro." _______________________________________________________ From sommerfeld at localhost.medford.ma.us Wed May 25 07:21:51 1994 From: sommerfeld at localhost.medford.ma.us (Bill Sommerfeld) Date: Wed, 25 May 94 07:21:51 PDT Subject: PGP 2.6 uses RSAREF version 1 Message-ID: <199405251415.KAA00354@localhost> Has anyone been able to FTP a copy of RSAREF from rsa.com recently? I get "permission denied" when I attempt to cd into the directory named by the README file.. - Bill From anonymous at extropia.wimsey.com Wed May 25 07:55:10 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Wed, 25 May 94 07:55:10 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <9405251142.AA03820@snark.imsi.com> Message-ID: <199405251438.AA04385@xtropia> -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: PGP 2.6 is dangerous in the long term ? Date: Wed, 25 May 1994 07:42:09 -0400 From: "Perry E. Metzger" Ezekial Palmer says: > The GNU copyleft is supposed to disallow a lot of for-profit uses. The GNU copyleft in no way prohibits any commercial use whatsoever. Please do not spread inaccurate rumors about copyleft. That's a pretty big statement and it's at least partly wrong. Does selling something count as a commercial use? By using "for-profit" instead of "commercial", I meant you're not supposed to profit directly from the software, like by selling it. Of course it's possible to walk the line, but you have to be careful. The way that Lucid's Energize development environment relates to their version of GNU Emacs is a good example of establishing where the line is and making it clear what's being sold, "for-profit", and what's free. Zeke -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeNeVxVg/9j67wWxAQHVRAP9E/gumxwwQ0vbCLH8O72gPpEze96/G0DM 6IA7RnwBlT8yuIXmbCi9LmWw6/rekOVo0HU+0A4JOWtJ2xASMDr+zRmwtVUKts+1 3RKUDicxt1jrTo4Mu9o4vJilaCIlgd5x4TA0skGKujXGrTl7cmRQKNfkREYprmpg Gmqzmj/7cY8= =O23T -----END PGP SIGNATURE----- From perry at imsi.com Wed May 25 08:12:46 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 25 May 94 08:12:46 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <199405251438.AA04385@xtropia> Message-ID: <9405251512.AA04257@snark.imsi.com> anonymous at extropia.wimsey.com says: > From: "Perry E. Metzger" > > Ezekial Palmer says: > > The GNU copyleft is supposed to disallow a lot of for-profit uses. > > The GNU copyleft in no way prohibits any commercial use whatsoever. > Please do not spread inaccurate rumors about copyleft. > > That's a pretty big statement and it's at least partly wrong. Does > selling something count as a commercial use? You are allowed to sell copylefted software. You just aren't allowed to stop other people from then giving it away. There is no prohibition on selling the software -- although one must remember that what you end up charging is for the act of providing a copy and not for a license for the software itself. Perry From bart at netcom.com Wed May 25 08:37:49 1994 From: bart at netcom.com (Harry Bartholomew) Date: Wed, 25 May 94 08:37:49 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: <9405251144.AA03868@snark.imsi.com> Message-ID: <199405251536.IAA26718@netcom.com> > > > Jay Prime Positive says: > > I only worry that if I publish, it could be patented. And I don't > > want the algorithm to end up in the hands of the software patent > > folks. Especially if they will be making money off it, and I wont. > > If you publish, only you could patent it. There is only danger if you > don't publish, in which case others can independently make the same > discovery and patent it. > > Perry But you would then need to file within one year of the publication date I think. Bart From perry at imsi.com Wed May 25 08:50:43 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 25 May 1994 08:50:43 -0700 Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: <199405251536.IAA26718@netcom.com> Message-ID: <9405251543.AA04343@snark.imsi.com> From peace at BIX.com Wed May 25 08:58:35 1994 From: peace at BIX.com (peace at BIX.com) Date: Wed, 25 May 94 08:58:35 PDT Subject: Trust Models Message-ID: <9405251152.memo.66694@BIX.com> marcos> Is there a mailing list explicitly talking about the "distributed > trust' issue? I am very interested in reputational mechanisms. If not > mailing lists, what papers should I download? rishab>I don't think there's a mailing list on this. I know that at least Bill Garland >wants to set up an experimental reputation market. Anyone else know about >papers or projects? I have a paper that I am preparing for publication called "Trust Models" that discusses the difference between PGP & PEM and looks towards a synthesis of these two models. Since it is not yet published, I will only send it to those who agree (1) not to rebroadcast it, and (2) send me their thoughts on it. Peace From bshantz at spry.com Wed May 25 09:19:10 1994 From: bshantz at spry.com (Brad Shantz) Date: Wed, 25 May 94 09:19:10 PDT Subject: Graph isomorphism based PK cryptosystems? Message-ID: <9405251619.AA23090@homer.spry.com> >Harry Bartholomew says: > > > Jay Prime Positive says: > > > > I only worry that if I publish, it could be patented. And I don't > > > > want the algorithm to end up in the hands of the software patent > > > > folks. Especially if they will be making money off it, and I wont. > > > > > > If you publish, only you could patent it. There is only danger if you > > > don't publish, in which case others can independently make the same > > > discovery and patent it. > > > > > > Perry > > > > But you would then need to file within one year of the publication > > date I think. > > His whole point was that he wanted to render the process unpatentable. > > Perry So, if JPP publishes it, it would be a matter of trust that he wouldn't patent it. Okay, I have no problems with that. However, it is still patentable. What could be done to make it unpatentable? Brad :::::::::::::::::<<< NETWORKING THE DESKTOP >>>::::::::::::::::: Brad Shantz Internet : bshantz at spry.com SPRY Inc Ph# (206) 447-0300 316 Occidental Avenue S. 2nd Floor FAX (206) 447-9008 Seattle, WA 98104 ---------------------------------------------------------------- "In gopherspace no one can hear you scream." :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: From barrett at daisy.ee.und.ac.za Wed May 25 09:31:40 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Wed, 25 May 94 09:31:40 PDT Subject: Patches to make PGP2.3a compatible with 2.6 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Here's a set of patches relative to PGP 2.3a to make it do the following: * Display and accept hexadecimal key IDs with 8 digits. * Accept input "packets" with version 2 or 3. * Produce output "packets" with either version 2 or 3, under control of the new "version_byte" variable in the config file or on the command line. * Produce ASCII armour (or "armor" for USAans) with an desired version string, under control of the new "armor_version" variable in the config file or on the command line. This stuff needs testing and documentation. No warranty, etc. Please send comments to me. If it works the way I hope, then pgp +armor_version=2.6 +version+byte=2 should be compatible with MIT PGP 2.6 before September, and pgp +armor_version=2.6 +version+byte=2 should be compatible with MIT PGP 2.6 after September. Enjoy, - --apb (Alan Barrett) diff -u3 -r pgp/src/armor.c pgp-apb/src/armor.c - --- pgp/src/armor.c Sat Jul 3 00:32:38 1993 +++ pgp-apb/src/armor.c Wed May 25 17:38:32 1994 @@ -29,6 +29,8 @@ #include "crypto.h" #include "armor.h" +char armor_version[20] = ""; /* version text in armor output */ + static int dpem_file(char *infile, char *outfile); static crcword crchware(byte ch, crcword poly, crcword accum); static int pem_file(char *infilename, char *outfilename, char *clearfilename); @@ -508,7 +510,8 @@ else fprintf (outFile, "-----BEGIN PGP MESSAGE, PART %02d/%02d-----\n", 1, noSections); - - fprintf (outFile, "Version: %s\n",rel_version); + fprintf (outFile, "Version: %s\n", (armor_version[0] != '\0' ? + armor_version : rel_version)); fprintf (outFile, "\n"); init_crc(); diff -u3 -r pgp/src/config.c pgp-apb/src/config.c - --- pgp/src/config.c Mon Jun 14 02:44:57 1993 +++ pgp-apb/src/config.c Wed May 25 18:00:33 1994 @@ -84,7 +84,7 @@ MYNAME, TEXTMODE, TMP, TZFIX, VERBOSE, BAKRING, ARMORLINES, COMPLETES_NEEDED, MARGINALS_NEEDED, PAGER, CERT_DEPTH, CHARSET, CLEAR, SELF_ENCRYPT, - - INTERACTIVE, PKCS_COMPAT, + INTERACTIVE, PKCS_COMPAT, ARMOR_VERSION, VERSION_BYTE, /* options below this line can only be used as command line * "long" options */ #define CONFIG_INTRINSICS BATCHMODE @@ -96,7 +96,7 @@ "MYNAME", "TEXTMODE", "TMP", "TZFIX", "VERBOSE", "BAKRING", "ARMORLINES", "COMPLETES_NEEDED", "MARGINALS_NEEDED", "PAGER", "CERT_DEPTH", "CHARSET", "CLEARSIG", "ENCRYPTTOSELF", - - "INTERACTIVE", "PKCS_COMPAT", + "INTERACTIVE", "PKCS_COMPAT", "ARMOR_VERSION", "VERSION_BYTE", /* command line only */ "BATCHMODE", "FORCE", }; @@ -106,7 +106,7 @@ STRING, BOOL, STRING, NUMERIC, NUMERIC, STRING, NUMERIC, NUMERIC, NUMERIC, STRING, NUMERIC, STRING, BOOL, BOOL, - - BOOL, NUMERIC, + BOOL, NUMERIC, STRING, NUMERIC, /* command line only */ BOOL, BOOL, }; @@ -392,6 +392,20 @@ case INTERACTIVE: interactive_add = flag; + break; + + case ARMOR_VERSION: + strncpy(armor_version, str, + sizeof(armor_version)); + armor_version[sizeof(armor_version)-1] = '\0'; + break; + + case VERSION_BYTE: + version_byte = value; + if (version_byte < VERSION_BYTE_MIN) + version_byte = VERSION_BYTE_MIN; + if (version_byte > VERSION_BYTE_MAX) + version_byte = VERSION_BYTE_MAX; break; case BATCHMODE: batchmode = flag; break; diff -u3 -r pgp/src/crypto.c pgp-apb/src/crypto.c - --- pgp/src/crypto.c Fri Jul 2 23:55:07 1993 +++ pgp-apb/src/crypto.c Wed May 25 17:53:53 1994 @@ -59,6 +59,7 @@ #define USE_LITERAL2 +int version_byte = VERSION_BYTE_DEFAULT; /* PGP packet format version */ /* This variable stores the md5 hash of the current file, if it is available. It is used in open_strong_pseudorandom. */ @@ -313,7 +314,15 @@ */ int version_error(int val, int checkval) - -{ if (val != checkval) +{ return version_range_error(val, checkval, checkval); +} + +/* Return nonzero if val isn't in range from minval to maxval, after + * printing a warning. + */ +int +version_range_error(int val, int minval, int maxval) +{ if (val < minval || val > maxval) { fprintf (pgpout, PSTR( "\n\007Unsupported packet format - you need a newer version of PGP for this file.\n")); return(1); @@ -786,7 +795,7 @@ put_word16((word16) ske_length, certificate+certificate_length); certificate_length+=2; /* advance past word */ - - certificate[certificate_length++] = VERSION_BYTE; + certificate[certificate_length++] = version_byte; /* Begin fields that are included in MD calculation... */ @@ -1367,7 +1376,7 @@ goto badcert; /* complain and return bad status */ version = *certificate++; - - if (version_error(version, VERSION_BYTE)) + if (version_range_error(version, VERSION_BYTE_MIN, VERSION_BYTE_MAX)) goto err1; mdlensave = mdlen = *certificate++; /* length of material to be added to MD */ @@ -1807,7 +1816,7 @@ goto badcert2; /* complain and return bad status */ version = *certificate++; - - if (version_error(version, VERSION_BYTE)) + if (version_range_error(version, VERSION_BYTE_MIN, VERSION_BYTE_MAX)) goto err2; mdlensave = mdlen = *certificate++; /* length of material to be added to MD */ @@ -2361,7 +2370,7 @@ FALSE); /* Write version byte */ - - ver = VERSION_BYTE; + ver = version_byte; fwrite (&ver, 1, 1, g); writekeyID( n, g ); @@ -2745,7 +2754,8 @@ /* Read and check version */ fread (&ver, 1, 1, f); - - if (version_error(ver, VERSION_BYTE)) + if (version_range_error(ver, VERSION_BYTE_MIN, + VERSION_BYTE_MAX)) { fclose (f); return (-1); } diff -u3 -r pgp/src/crypto.h pgp-apb/src/crypto.h - --- pgp/src/crypto.h Mon May 10 01:38:27 1993 +++ pgp-apb/src/crypto.h Wed May 25 17:11:46 1994 @@ -75,6 +75,9 @@ /* Print an error message and return nonzero if val != checkval */ int version_error (int val, int checkval); +/* Print an error message and return nonzero if val not in [minval..maxval] */ +int version_range_error (int val, int minval, int maxval); + int check_key_sig(FILE *fkey, long fpkey, int keypktlen, char *keyuserid, FILE *fsig, long fpsig, char *keyfile, char *siguserid, byte *xtimestamp, byte *sigclass); diff -u3 -r pgp/src/keymgmt.c pgp-apb/src/keymgmt.c - --- pgp/src/keymgmt.c Wed Jun 23 22:53:53 1993 +++ pgp-apb/src/keymgmt.c Wed May 25 18:06:31 1994 @@ -137,7 +137,7 @@ char *bufptr; /* ptr to Key ID string */ static char keyIDbuf[2*KEYFRAGSIZE+1]; - - /* only show bottom 3 bytes of keyID */ + /* only show bottom 4 bytes of keyID */ bufptr = keyIDbuf; @@ -156,7 +156,7 @@ ** MSB-first keyID format */ - - for (i = KEYFRAGSIZE-3; i < KEYFRAGSIZE; i++) + for (i = KEYFRAGSIZE-4; i < KEYFRAGSIZE; i++) { sprintf( bufptr, "%02X", keyID[i] ); bufptr += 2; @@ -302,7 +302,7 @@ fwrite(&ctb,1,1,f); /* write key certificate header byte */ convert(cert_length); /* convert to external byteorder */ fwrite(&cert_length,1,sizeof(cert_length),f); - - version = VERSION_BYTE; + version = version_byte; fwrite(&version,1,1,f); /* set version number */ convert_byteorder(timestamp,4); /* convert to external form */ fwrite(timestamp,1,4,f); /* write certificate timestamp */ @@ -467,7 +467,8 @@ else if (is_ctb_type (ctb, CTB_SKE_TYPE)) { if (sigkeyID) { fread(&version,1,1,f); /* Read version of sig packet */ - - if (version_error(version, VERSION_BYTE)) + if (version_range_error(version, VERSION_BYTE_MIN, + VERSION_BYTE_MAX)) SKIP_RETURN(-6); /* Need a later version */ /* Skip timestamp, validity period, and type byte */ fread(&mdlen, 1, 1, f); @@ -493,7 +494,7 @@ if (n != NULL) set_precision(MAX_UNIT_PRECISION); /* safest opening assumption */ fread(&version,1,1,f); /* read and check version */ - - if (version_error(version, VERSION_BYTE)) + if (version_range_error(version, VERSION_BYTE_MIN, VERSION_BYTE_MAX)) SKIP_RETURN(-6); /* Need a later version */ if (timestamp) { fread(timestamp,1,SIZEOF_TIMESTAMP,f); /* read certificate timestamp */ @@ -1214,10 +1215,10 @@ } /* Here's a good format for display of key or signature certificates: - -Type bits/keyID Date User ID - -pub 1024/xxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - -sec 512/xxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - -sig 384/xxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +Type bits/keyID Date User ID +pub 1024/xxxxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +sec 512/xxxxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +sig 384/xxxxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa */ if (moreflag) @@ -1406,7 +1407,7 @@ if (mcguffin && strlen(mcguffin) > 0) fprintf(pgpout,PSTR(", looking for user ID \"%s\"."),LOCAL_CHARSET(mcguffin)); } - - fprintf(pgpout,PSTR("\nType bits/keyID Date User ID\n")); + fprintf(pgpout,PSTR("\nType bits/keyID Date User ID\n")); } for ( ; ; ) { long fpos = ftell(f); diff -u3 -r pgp/src/pgp.h pgp-apb/src/pgp.h - --- pgp/src/pgp.h Fri Jun 11 09:44:11 1993 +++ pgp-apb/src/pgp.h Wed May 25 17:33:27 1994 @@ -118,7 +118,9 @@ #define CK_ENCRYPTED_BYTE 2 /* Conventional key is encrypted */ /* Version byte for data structures created by this version of PGP */ - -#define VERSION_BYTE 2 /* PGP2 */ +#define VERSION_BYTE_MIN 2 /* PGP2 to 2.5 */ +#define VERSION_BYTE_MAX 3 /* PGP2.6 */ +#define VERSION_BYTE_DEFAULT 2 /* PGP2 */ /* Values for trust bits in keycntrl packet after key packet */ #define KC_OWNERTRUST_MASK 0x07 /* Trust bits for key owner */ @@ -230,6 +232,8 @@ extern int compl_min; /* number of fully trusted signatures needed */ extern int max_cert_depth; extern char pager[]; /* file lister command */ +extern char armor_version[20]; /* version text in armor output */ +extern int version_byte; /* PGP packet format version */ /* These lists store hashed passwords for future use. */ /* passwds are passwords of as-yet-unknown purpose; keypasswds diff -u3 -r pgp/src/zipup.c pgp-apb/src/zipup.c - --- pgp/src/zipup.c Mon May 10 01:39:19 1993 +++ pgp-apb/src/zipup.c Wed May 25 17:49:09 1994 @@ -37,7 +37,7 @@ # define fhow (O_RDONLY|O_BINARY) # else /* !MSDOS */ #ifndef AMIGA - - long lseek(); + off_t lseek(); #endif /* AMIGA */ # define fhow 0 # endif /* ?MSDOS */ -----BEGIN PGP SIGNATURE----- Version: 2.whatever iQCVAgUBLeN86t7alOJsS1cfAQFS1gQArASHvKV51lLRIuaSiyAqF6h9XXQpalZo jdeZpoCC7P8oEe4inKNbtmFqPcQl8uTVlpTdUxJeErDLxSoDXlw04csW6gNssaFL 07+DpXqoogrOV9+kaPflNl+U3O1EWEDMGG064uDSSgJXLldYs8gGONOWpMV3EqZr tdQzYgc0rBM= =wsTt -----END PGP SIGNATURE----- From smb at research.att.com Wed May 25 09:33:14 1994 From: smb at research.att.com (smb at research.att.com) Date: Wed, 25 May 94 09:33:14 PDT Subject: Graph isomorphism based PK cryptosystems? Message-ID: <9405251633.AA15051@toad.com> So, if JPP publishes it, it would be a matter of trust that he wouldn't patent it. Okay, I have no problems with that. However, it is still patentable. What could be done to make it unpatentable? Nothing. Under current U.S. practice -- and I think non-U.S. as well -- his system is quite patentable. Furthermore, patent applications in the U.S. are confidential. If jpp wants to patent it, he can. If he publishes first, he can only patent it in the U.S. If someone else has invented it first, they can file for a patent, or try to have jpp's thrown out if he should file. (The U.S., unlike the rest of the world, has a first-to-invent rule for patents.) But the one thing that's unconditionally barred is someone else filing a patent on something jpp invents and publishes. From adam at bwh.harvard.edu Wed May 25 10:13:26 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 25 May 94 10:13:26 PDT Subject: IBM's NetSP Message-ID: <199405251712.NAA22131@spl.bwh.harvard.edu> (This is a set of excerpts from a 1000 line file I got from a guy @IBM. If anyone wants the whole thing, just ask.) | Network Security Program Version 1 Release 2 is a distributed authentication | and key distribution program. The Network Security Program authenticates the | identity of two communicating principals in the network and provides each | with the ability to verify the identity of the other via a common third-party | server. | Network Security Program provides secured single sign-on (SSO) to 3270 host | applications via an EHLLAPI emulator interface to a RACF* host system. | Through the implementation of PassTickets, the user at the client workstation | need only provide one log-on password that will allow secured access to | multiple host applications. In addition to the TCP/IP transfer protocols for | these platforms NetBIOS is supported on AIX*, OS/2*, DOS*, and Windows; LU6.2 | is supported on AIX and OS/2. | | Network Security Program provides distributed security services that user | applications may invoke through the Generic Security Services Application | Programming Interface (GSSAPI). GSSAPI is approved as an Request for Comment | (RFC) by the Internet Engineering Task Force (IETF). The underlying security | mechanism is based on KryptoKnight, an advanced authentication technology | developed by IBM Research Laboratories in Zurich, Switzerland and Yorktown | Heights, New York. | | In V1R2 we are extending our platforms from the AIX/6000, OS/2 and DOS | operating systems to include HP, SUN, and DOS/Windows for client and | application server workstations. IPX/SPX is supported on OS/2 and Windows | for authentication servers and clients running on workstations with Novell | Netware. TCP/IP is supported on all the specified platforms. Single sign-on | (SSO) support for OS/2 has been extended to LanServer and Novell. | In DCE environments, Network Security Program is offered to customers whose | environments pose authentication problems at the transport layer and below. | Because of its compact tickets and flexible authentication protocols, Network | Security Program can be more effective in satisfying this set of | requirements. Network Security Program also provides secure LU2 sign-on to | RACF host applications without requiring re-entry of host user names or | passwords. Single sign-on to LANServer and Novell is also available. DCE is | the recommended solution for customers requiring authentication above the | transport layer (through secure RPC), for use by the application layer, for | more complete security services, or for integration with other services, such | as data access control or integration with resource managers. | DATA CONFIDENTIALITY | | Commercial Data Masking Facility (CDMF) is a new technology recently | developed by the IBM Crypto Competence Center. CDMF has a scrambling | algorithm that will be supported under the GSS-API (GSS-SEAL / GSS-UNSEAL API | calls). It provides the application programmer the capability to easily | scramble selected packets of data sent in the network. Data confidentiality | is secured from indiscriminate use and your assets stay protected. | | CDMF alleviates the worry of having your data flow across the network in | clear text. The degree of security is equivalent to encryption using DES but | with keys limited to 40 bits. IBM has obtained approval from the US | Government to export CDMF in products without the license required to export | products containing DES. | TEXT | | TECHNICAL DESCRIPTION | | Network Security Program was developed to exploit key distribution and | authentication technologies based on a third party authentication server. | Several technologies exist in the industry today, one of which is | KryptoKnight, which was developed by the IBM Research Division laboratories | in Yorktown Heights, NY, and Zurich, Switzerland. The KryptoKnight | technology, from a user viewpoint, appears on the surface much the same as | another security service developed at MIT, Kerberos. Though Kerberos has | been made widely available through public access, it presents several | limitations in certain network environments. Network Security Program | provides extensions to the Kerberos technology that can prove most desirable | to customers operating such networks environments. For example, the smaller | KryptoKnight tokens make implementation of security at lower networking | layers possible. Other technical advantages include a use of cryptography | that is not subject to export controls, flexibility in authentication | protocols for situations in which the client cannot contact the | authentication server directly and the reduced dependency on clock | synchronization among communicating principals. | Network Security Program is being developed as an 'open' multi-platform | security solution. The intent is to provide a port to as many different | systems as is possible given the time and resource constraints. In the | workstation environment, a customer typically will have many varieties of | hardware/software in their network. Interoperability is a key requirement | for any security solution. This release of the Network Security Program will | address the AIX/6000, OS/2, DOS, DOS/Windows, SUN and HP platforms. | | Network Security Program is developed with a user-friendly Graphical User | Interface (GUI). The security mechanisms residing below the Application | Programming Interface (API) are transparent to the client. At the | Authentication Server, there is also an administration interface. Industry | standards are supported to provide as seamless a transition among all | platforms as possible; MOTIF standards for AIX/6000 and CUA91 standards for | OS/2 and DOS. | RISC System/6000* POWERstation*. The client code shipped with the Network | Security Program runs on the following workstations: OS/2, DOS/Windows, | AIX/6000, SUN, and HP. The minimum machine requirements are: | o DOS Workstation | Approximately 400KB of free disk space is required for the Network | Security Program. If the Network Security Program software is installed | o SUN Workstation | - A SUN microsystem spark [sic] station running Solaris 1.1 or later. (Most UNIX systems req. 5mb disk, 8mb ram. Seems that Solaris 2 is not later enough to count as 'solaris 1.1 or later;' It was not listed as a supported OS.) -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From hayden at krypton.mankato.msus.edu Wed May 25 10:14:51 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 25 May 94 10:14:51 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: Message-ID: On Tue, 24 May 1994, Russell Nelson wrote: > So maybe what we (the c'punk community) need to do is maintain > parallel versions of PGP (ick), one which continues to use 100% GPL'ed > code, and another which uses RSAREF to stay legal. I may be foolish, but... What if (the cypherpunk community) comes out with a secure program that doesn't rely on RSAREF? Can it be done? NOTE: I very likely don't know what I'm talking about. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hughes at ah.com Wed May 25 10:16:51 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 25 May 94 10:16:51 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: <9405251619.AA23090@homer.spry.com> Message-ID: <9405251722.AA19275@ah.com> So, if JPP publishes it, it would be a matter of trust that he wouldn't patent it. Okay, I have no problems with that. However, it is still patentable. What could be done to make it unpatentable? You can eliminate any advantage to patenting by granting one or more people unlimited sublicensing rights. JPP and I could sign a contract. He agrees to allow me to give out licenses to his encryption system to whomever I want, as many as I want, and for whatever money I want. I give him one dollar for this ability; some consideration (see legal dictionary) is necessary to make the contract binding. We can even put the intent of this agreement--to make the cipher free and to ensure that people know it will stay this way--in the contract to make our intentions clear. JPP could do this with several people. All these contracts could be made public. These people can all say publicly that they will sublicense for free. No single one of them will be able to charge money effectively, when someone else will give it out for free. JPP could even make enough money for a couple of burritos this way. :-) Now, if JPP were to patent it, he could--no problem. But I, say, have been granted the right to grant other people the right to use the cipher, so patenting does not do anything to restrict distribution. The patent fees would be a waste of money. Note that these contracts have two purposes. One, to ensure that the cipher stays free, and two, to communicate that to the general public. Both are necessary. Eric From hughes at ah.com Wed May 25 10:20:15 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 25 May 94 10:20:15 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: Message-ID: <9405251725.AA19292@ah.com> You have to assume that RSA isn't being run by idiots. Either they're looking at closing their doors in seven years, or they've got a plan. I asked Jim Bidzos about this last year. He told me they're planning on becoming a supplier of cryptography code and expertise. By using patent protection to restrict distribution of other implementations, they can sell their own libraries now and get them deployed. After the patents run out, they can rely on the cost of changeover and copyright protection to keep a viable business running. Plus they're going to continue to buy up patents. Eric From hughes at ah.com Wed May 25 10:23:35 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 25 May 94 10:23:35 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: Message-ID: <9405251728.AA19322@ah.com> I only worry that if I publish, it could be patented. And I don't want the algorithm to end up in the hands of the software patent folks. Especially if they will be making money off it, and I wont. If you publish, only you can patent. One must be the 'true inventor' (or some similar term of art) in order to file a patent on an invention. As someone pointed out, a system can be re-invented; then that person is also a true inventor and can patent. Publication is protection against patenting. This is one of the main reasons behind such publications as the IBM Technical Journal--the publication of results not worth patenting themselves, but definitely worth preventing others from patenting. Publication of a result precludes this. Eric From jamesd at netcom.com Wed May 25 10:28:00 1994 From: jamesd at netcom.com (James A. Donald) Date: Wed, 25 May 94 10:28:00 PDT Subject: Factoring with a quantum computer (Citation) Message-ID: <199405251727.KAA24317@netcom.com> First: Don't panic. So far no usable quantum computer has been built. It will be a long time before one is. Secondly a quantum computer capable of factoring 1024 bit keys will require polynomially high precision in its extremely tiny components, whereas a classical computer will only require order one precision, regardless of the number of bits. This may well not be feasible until we are close to achieving nanotechnology. (That is polynomially high precision, which achievable. Non polynomially high component precision is of course impossible for problems large enough to be interesting) Secondly: Yes, quantum computers will indeed be able to solve in polynomial time many problems that require non polynomial time for classical computers. In plain English that means that they can solve problem classes that ordinary computers cannot solve. Factoring is one of those problems. This result was established by E. Bernstein and U. Vazirani, and has recently been published as: Quantum Complexity Theory, Proc. 25th ACM Symp. on Theory of Computation, pp. 11--20 (1993). Barak Pearlmutter summarizes the current status as follows: The class of things a quantum computer can compute in polynomial time is called QRP. The class of things a regular randomized computer can compute in polynomial time is called RP. It is not known whether RP>P. But, under the usual assumptions, we know RP < QRP <= P^#P. It is not known whether QRP < NP. Factoring has not been shown to be in RP, nor has it been shown to be NP-complete. (If factoring were shown to be NP-complete, then we would have NP=coNP, a big deal, and also NP <= QRP, an immense deal assuming that accuracy problems don't make them impossible to build.) So it might be that NP <= QRP. Also plausible is RP < QRP < NP. In any case, the public key cryptosystems we thought were secure (RSA, discrete logs) has now had their viability brought into serious question. Even if QRP Message-ID: <9405251735.AA04614@snark.imsi.com> "Robert A. Hayden" says: > I may be foolish, but... > > What if (the cypherpunk community) comes out with a secure program that > doesn't rely on RSAREF? Can it be done? I notice that you advertise a PGP 2.3a key. Perry From bshantz at spry.com Wed May 25 10:43:20 1994 From: bshantz at spry.com (Brad Shantz) Date: Wed, 25 May 94 10:43:20 PDT Subject: PGP 2.6 is dangerous in the long term ? Message-ID: <9405251743.AA23853@homer.spry.com> >What if (the cypherpunk community) comes out with a secure program that >doesn't rely on RSAREF? Can it be done? >NOTE: I very likely don't know what I'm talking about. >____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu >\ /__ -=-=-=-=- <=> -=-=-=-=- > \/ / Finger for Geek Code Info <=> Political Correctness is > \/ Finger for PGP 2.3a Public Key <=> P.C. for "Thought Police" >-=-=-=-=-=-=-=- >(GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ > n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) Robert, The c-punk community could come up with a secure data encryption program that did not rely on RSAREF, but it would take time. When you look at the code for RSAREF, the algorithm really isn't all that bad. (In fact, IMHO, it's quite good.) Several questions that need to be brought up are, "How much time would it take?" "How solid is the algorithm", "Can it be accessible to the public?" Also, "Will whatever the c-punk community comes up with eventually turn into a PGP-like international version control nightmare as is happening now (Patents, international embargo's, NSA complaints, lack of backwards compatibility)?" It is my opinion, that since we do not live in a perfect world, eventually we'd run into the same problem we have now. Is it worth it? (Oooh, I smell a discussion about to start.) Brad :::::::::::::::::<<< NETWORKING THE DESKTOP >>>::::::::::::::::: Brad Shantz Internet : bshantz at spry.com SPRY Inc Ph# (206) 447-0300 316 Occidental Avenue S. 2nd Floor FAX (206) 447-9008 Seattle, WA 98104 ---------------------------------------------------------------- "In gopherspace no one can hear you scream." :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: From jim at bilbo.suite.com Wed May 25 10:48:47 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Wed, 25 May 94 10:48:47 PDT Subject: IBM's NetSP Message-ID: <9405251746.AA21263@bilbo.suite.com> > CDMF alleviates the worry of having your data flow across > the network in clear text. The degree of security is > equivalent to encryption using DES but with keys limited > to 40 bits. IBM has obtained approval from the US > Government to export CDMF in products without the > license required to export products containing DES. > Exportable and limited to 40 bits? Sounds like they're using RSA's RC2 algorithm. Jim_Miller at suite.com From pierre at eshop.com Wed May 25 10:59:29 1994 From: pierre at eshop.com (Pierre Omidyar) Date: Wed, 25 May 94 10:59:29 PDT Subject: Patentability (was Graph Message-ID: <199405251740.KAA02487@netcomsv.netcom.com> Reply to: RE>Patentability (was Graph isomorphism based PK cr) [disclaimer: I'm not an expert, but I've done some work with patents.] I believe the best way to ensure that something becomes unpatentable is to: 1. Publish it first. That reserves your right to file a patent if you want. No one else can patent your original work. 2. Don't file a patent within one year of publication. After one year you lose your right to file. No one else can file, because by then the invention is considered to be public knowledge (since it was published), so it would not satisfy the "original and novel" patentability test. If you keep the process a secret, someone else could independantly invent it and patent it. If you publish it before someone else files, it becomes public knowledge and is unpatentable except by the original inventor within one year of publication. Pierre -------------------------------------- Date: 5/25/94 9:21 AM To: Pierre Omidyar From: perry at imsi.com Harry Bartholomew says: > > Jay Prime Positive says: > > > I only worry that if I publish, it could be patented. And I don't > > > want the algorithm to end up in the hands of the software patent > > > folks. Especially if they will be making money off it, and I wont. > > > > If you publish, only you could patent it. There is only danger if you > > don't publish, in which case others can independently make the same > > discovery and patent it. > > > > Perry > > But you would then need to file within one year of the publication > date I think. His whole point was that he wanted to render the process unpatentable. Perry ------------------ RFC822 Header Follows ------------------ From nelson at crynwr Wed May 25 11:35:46 1994 From: nelson at crynwr (Russell Nelson) Date: Wed, 25 May 94 11:35:46 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <199405251438.AA04385@xtropia> Message-ID: Date: Wed, 25 May 1994 07:38:05 -0700 From: anonymous at extropia.wimsey.com Ezekial Palmer says: The GNU copyleft is supposed to disallow a lot of for-profit uses. I think the word you're looking for is "proprietary". I earn a living from my commercial, for-profit, GPL'ed collection of packet drivers. No reason why anyone can't do the same with PGP, absent stupid software patents and stupid export restrictions. There's a LOT of room for adding value to PGP. From markh at wimsey.bc.ca Wed May 25 12:02:08 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Wed, 25 May 94 12:02:08 PDT Subject: Canadian site Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: Canadian site > > For any other Canrem.com members reading this, I've uploaded a file > called PGP26INF.ZIP, that contains a copy of all files that can be > downloaded from net-dist.mit.edu, without recognition as a Canadian, > or U.S. Site. You should be able to get PGP 2.6 from either ftp.netcom.com:/pub/mpj or ftp.wimsey.bc.ca:/pub/crypto/software/dist/US_or_Canada_only_XXXXXXXX/PGP/2.6 for wimsey cd /pub/crypto/software read the README file if you agree to the conditions follow the instructions contained in that file. for ftp.netcom.com cd /pub/mpj read the file README.MPJ and follow the instructions. (the version of PGP 2.6 on wimsey is an image of the version from netcom). Mark -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBVAgUBLeOfHmrJdmD9QWqxAQEZQwH9HpaZ6urIrcC2n7X9PrYLlHVExEBrCjx7 5Qrab4U/CD3A+lreO0KVPLBZuKmLLD2hEDZ2REPkiPbU+Rd54KPjrw== =gXzD -----END PGP SIGNATURE----- -- Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 low security key fingerprint: EC E7 C3 A9 2C 30 25 C6 F9 E1 25 F3 F5 AF 92 E3 cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto From lefty at apple.com Wed May 25 12:30:16 1994 From: lefty at apple.com (Lefty) Date: Wed, 25 May 94 12:30:16 PDT Subject: PGP 2.6 is dangerous in the long term ? Message-ID: <9405251929.AA08134@internal.apple.com> >What if (the cypherpunk community) comes out with a secure program that >doesn't rely on RSAREF? Can it be done? Bizdos and gang will _still_ hold the patent on RSA-style public key encryption. What you're suggesting is, in essence, exactly what Phil Zimmerman did with PGP 1.0. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From hayden at krypton.mankato.msus.edu Wed May 25 12:49:38 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Wed, 25 May 94 12:49:38 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <9405251929.AA08134@internal.apple.com> Message-ID: On Wed, 25 May 1994, Lefty wrote: > >What if (the cypherpunk community) comes out with a secure program that > >doesn't rely on RSAREF? Can it be done? > > Bizdos and gang will _still_ hold the patent on RSA-style public key > encryption. What you're suggesting is, in essence, exactly what Phil > Zimmerman did with PGP 1.0. Ah, ok. I wasn't sure if the patent covered just the use of the algorithm or also the use of public-key-like systems. As I said, I am most likely completely wrong :-) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> Political Correctness is \/ Finger for PGP Public Key <=> P.C. for "Thought Police" -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From smb at research.att.com Wed May 25 12:50:50 1994 From: smb at research.att.com (smb at research.att.com) Date: Wed, 25 May 94 12:50:50 PDT Subject: Graph isomorphism based PK cryptosystems? Message-ID: <9405251950.AA18145@toad.com> This is one of the main reasons behind such publications as the IBM Technical Journal--the publication of results not worth patenting themselves, but definitely worth preventing others from patenting. Actually, no. IBM has a separate publication for just that purpose. The Technicnal Journal (and others like it) are intended as PR vehicles and as gold stars for researchers -- that's an important part of our salary, as it were. From norm at netcom.com Wed May 25 12:57:45 1994 From: norm at netcom.com (Norman Hardy) Date: Wed, 25 May 94 12:57:45 PDT Subject: Trust Models Message-ID: <199405251957.MAA26154@netcom.netcom.com> At 11:52 5/25/94 -0400, peace at BIX.com wrote: ... >I have a paper that I am preparing for publication called "Trust >Models" that discusses the difference between PGP & PEM and looks >towards a synthesis of these two models. Since it is not yet >published, I will only send it to those who agree (1) not to >rebroadcast it, and (2) send me their thoughts on it. ... I agree to your condition and would be glad to look at your paper. Trust issues are at the core of secure operating system design as well. From norm at netcom.com Wed May 25 12:59:08 1994 From: norm at netcom.com (Norman Hardy) Date: Wed, 25 May 94 12:59:08 PDT Subject: Graph isomorphism based PK cryptosystems? Message-ID: <199405251957.MAA26125@netcom.netcom.com> At 11:43 5/25/94 -0400, Perry E. Metzger wrote: >Harry Bartholomew says: >> > Jay Prime Positive says: >> > > I only worry that if I publish, it could be patented. And I don't >> > > want the algorithm to end up in the hands of the software patent >> > > folks. Especially if they will be making money off it, and I wont. >> > >> > If you publish, only you could patent it. There is only danger if you >> > don't publish, in which case others can independently make the same >> > discovery and patent it. >> > >> > Perry >> >> But you would then need to file within one year of the publication >> date I think. > >His whole point was that he wanted to render the process unpatentable. > >Perry I talked to a lawyer very recently about this. She does not specialize in patent law but does deal with it. The situation is confusing and fluid. Here is what I think I heard, ommiting occasional caveats: If the patent office knows of prior art (as indicated in some publication) it will not issue a patent. If it does not know then it may issue the patent even if the art is well known outside the patent office. (Software is very new to the PO.) When a patent is contested by virtue of duplicating prior art the PO may admit that they goofed and invalidate part or all of the patent. The PO doesn't like to do this. Litigation is the next step and a judge decides if there was prior art. This is usually expensive. The case of the recent Compton multimedia (?) patent was so egregious that the patent office said that they had goofed and would reconsider. I have not seen the patent but the rumour is that there were few ideas that had not been covered in Goodman's (?) book on Hypercard (?). The book had been out for while before the patent was granted (or submited, I think). From fnerd at smds.com Wed May 25 13:27:44 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 25 May 94 13:27:44 PDT Subject: Orthogonal Checksums? Message-ID: <9405252005.AA16279@smds.com> Bob is storing a file for Alice. Once in a while Alice wants to check that Bob still has it. The first time, she can ask him to take the MD5 of the file. What about the second time? (A single MD5 he could just store). I've looked it up in Schneier. There doesn't seem to be anything about this exact situation; will the following work? Alice makes a 128-bit random string and asks Bob to take the MD5 of the file with her random string prepended. This is impossible for Bob to compute without the file. Right? Alice, however, can precompute as many of these as she wants (as long as she keeps them secret) so she doesn't have to actually keep the file. -fnerd ps. MD5 of a file with a random string appended to the *end* *can* be computed after having discarded the file. - - - - - - - - - - - - - - - To auditors without the code, calls seem indistinguishable from noise. --George Gilder -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From smb at research.att.com Wed May 25 13:33:37 1994 From: smb at research.att.com (smb at research.att.com) Date: Wed, 25 May 94 13:33:37 PDT Subject: Graph isomorphism based PK cryptosystems? Message-ID: <9405252033.AA18948@toad.com> I talked to a lawyer very recently about this. She does not specialize in patent law but does deal with it. The situation is confusing and fluid. Here is what I think I heard, ommiting occasional caveats: If the patent office knows of prior art (as indicated in some publicat ion)it will not issue a patent. If it does not know then it may issue the patent. Etc. Note that the patent office itself has a publication for stuff that you don't want to patent. I know of no better way to get something into their files. From perry at imsi.com Wed May 25 13:56:45 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 25 May 94 13:56:45 PDT Subject: Orthogonal Checksums? In-Reply-To: <9405252005.AA16279@smds.com> Message-ID: <9405252055.AA04974@snark.imsi.com> FutureNerd Steve Witham says: > I've looked it up in Schneier. There doesn't seem to be > anything about this exact situation; will the following work? > > Alice makes a 128-bit random string and asks Bob to take the > MD5 of the file with her random string prepended. This is > impossible for Bob to compute without the file. Right? > > Alice, however, can precompute as many of these as she wants > (as long as she keeps them secret) so she doesn't have to > actually keep the file. Sounds like it should work. The one provisio that I would make is that if you want to have the hashes work for years, you have to accept the fact that MD5 will become weaker and weaker as years wear on. I trust it today, but I'm not sure its good to trust it to last ten or fifteen years... Perry From paul at hawksbill.sprintmrn.com Wed May 25 14:05:30 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Wed, 25 May 94 14:05:30 PDT Subject: (fwd) EPIC: 1993 US Electronic Surveillance Stats Message-ID: <9405252207.AA21514@hawksbill.sprintmrn.com> From: Dave Banisar Newsgroups: alt.privacy,alt.privacy.clipper,talk.politics.crypto Subject: EPIC: 1993 US Electronic Surveillance Stats Date: 25 May 1994 11:12:20 GMT Organization: Electronic Privacy Information Center Lines: 101 Distribution: world Message-ID: <2rvbqk$60e at news1.digex.net> NNTP-Posting-Host: cpsr.digex.net X-UserAgent: Version 1.1.3 X-XXMessage-ID: X-XXDate: Wed, 25 May 94 23:13:36 GMT >From the EPIC Alert 1.01 ----------------------------------------------------------------------- [1] Federal Electronic Surveillance Increased in 1993 ----------------------------------------------------------------------- Fueled by an increased use of electronic surveillance by federal officials in drug cases, the number of wiretaps and microphones installed by federal, state and local law enforcement officials increased by six percent in 1993 over the previous year. There were also substantial increases in the total number of days in operation, extensions granted and in the cost of each order. However, the efficiency of wiretaps continues to decline as the percentage of relevant communications intercepted has dipped below 20 percent for federal investigations Federal and state courts approved a total of 979 requests, the highest number since electronic surveillance was legalized in 1968. Federal orders increased by 33 percent from 1992, while state investigations decreased by nine percent. No surveillance requests were rejected or amended. In 25 years, only 27 requests have ever been rejected, two most recently in 1988. Narcotics Main Offense Cited The vast majority of cases investigated involved narcotics. Seventy-four percent of the federal investigations and 69 percent of all investigations were for narcotics related offenses. These figures continue long-standing trends. Use of electronic surveillance in narcotics cases has increased 240 percent since 1980 and over 500 percent since the legalization of electronic surveillance in 1968. Use of the technique in investigations of other offenses has decreased or remained at similar levels. Federal Use Increases Federal investigations accounted for nearly half of all requests for electronic surveillance in 1993. Federal judges approved 450 requests, a 30 percent increase in requests over 1992. The 450 requests approved by federal judges represent a 30 percent increase over the previous year. Federal use of electronic surveillance has increased nearly 450% since 1980. Fifty-one federal judicial districts utilized electronic surveillance in 1993. The Southern District of New York, which includes New York City, and the Eastern District of Michigan, which includes Detroit were the areas with the highest number of orders. State Use of Electronic Surveillance Declines State use of electronic surveillance declined by nine percent from 1992. State use was at its peak in 1973, when 734 orders were approved. Since the mid-1970s, the average number of state orders has fluctuated between 450 and 550 per year. In 1993, only 23 states used electronic surveillance. New York had the highest number of orders - 204. New York, New Jersey and Pennsylvania accounted for 73 percent of the state surveillance orders. Efficiency Declines As the use of electronic surveillance has increased, its efficiency as a law enforcement tool has substantially declined. The majority of conversations overhead are determined by prosecutors to be irrelevant to any investigation. In 1993, prosecutors determined that only 20 percent of all conversations were relevant. For federal investigations, only 17 percent were relevant. These percentages have decreased significantly since the 1970s when prosecutors reported that, on average, over half of all conversations were relevant to an investigation. ======================================================================= To subscribe to the EPIC Alert, send the message: "subscribe cpsr-announce " (without quotes or brackets) to listserv at cpsr.org. You may also receive the Alert by reading the USENET newsgroup comp.org.cpsr.announce ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues relating to the National Information Infrastructure, such as the Clipper Chip, the Digital Telephony proposal, medical record privacy, and the sale of consumer data. EPIC is sponsored by the Fund for Constitutional Government and Computer Professionals for Social Responsibility. EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of Information Act litigation, and conducts policy research on emerging privacy issues. For more information email info at epic.org, or write EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC 20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax). The Fund for Constitution Government is a non-profit organization established in 1974 to protect civil liberties and constitutional rights. Computer Professionals for Social Responsibility is a national membership organization. For information contact: cpsr at cpsr.org From beker at netcom.com Wed May 25 14:17:48 1994 From: beker at netcom.com (Brian Beker) Date: Wed, 25 May 94 14:17:48 PDT Subject: My 2.3a Key is listed as a 2.6 on MIT Message-ID: On the WWW I went over to Brian LaMacchia's announced new keyserver and looked myself up. I was amazed to see that my 2.3a key now carries a 2.6 version number and lists an 8-bit key ID. The key ID is identical to the old one with two new characters up front. I have never ordered 2.6 because I'm satisfied with 2.3a and rely on it for communications with people outside the US. Does this bizarre "upgrading" mean that my key, as downloaded from that server, will function as a 2.6 key and become incompatible with 2.3n versions after the September 1st deadline? And what are the other implications of the keyserver evidently automatically changing version numbers and ID's on public keys previously resident on the list? I am bothered by seeing my key differ in any way from the way I originally generated it. Brian Beker From danisch at ira.uka.de Wed May 25 14:39:53 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Wed, 25 May 94 14:39:53 PDT Subject: My 2.3a Key is listed as a 2.6 (Aaargh!) Message-ID: <9405252138.AA24321@tartarus.ira.uka.de> Haa, *my* key was also converted to a 2.6 key (certainly just s/2.3a/2.6/g; , but it _is_ a 2.6-Key now). Now my public key is a 2.6 key and I am not allowed to have or use 2.6, because I'm german. Isn't it lovely? Hadmut From nelson at crynwr Wed May 25 14:53:50 1994 From: nelson at crynwr (Russell Nelson) Date: Wed, 25 May 94 14:53:50 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: <9405251725.AA19292@ah.com> Message-ID: Date: Wed, 25 May 94 10:25:30 -0700 From: hughes at ah.com (Eric Hughes) You have to assume that RSA isn't being run by idiots. Either they're looking at closing their doors in seven years, or they've got a plan. I asked Jim Bidzos about this last year. He told me they're planning on becoming a supplier of cryptography code and expertise. If they had expertise, they wouldn't need patents. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From hughes at ah.com Wed May 25 15:22:18 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 25 May 94 15:22:18 PDT Subject: My 2.3a Key is listed as a 2.6 on MIT In-Reply-To: Message-ID: <9405252227.AA19848@ah.com> I was amazed to see that my 2.3a key now carries a 2.6 version number and lists an 8-bit key ID. The key ID is identical to the old one with two new characters up front. You mean--gasp!--that someone downloaded the whole keyring shortly before the server was due to go down? And then uploaded all the keys with new version numbers, since nothing else needed to change? I'm shocked. Simply shocked. Does this bizarre "upgrading" mean that my key, as downloaded from that server, will function as a 2.6 key and become incompatible with 2.3n versions after the September 1st deadline? No, it means the keyring format didn't change in the new version, and that 2.6 prints out more of the last digits of your key, which hasn't actually changed. Eric From chughes at maths.tcd.ie Wed May 25 15:35:46 1994 From: chughes at maths.tcd.ie (Conrad Hughes) Date: Wed, 25 May 94 15:35:46 PDT Subject: PGP 2.6 is dangerous in the long term ? Message-ID: <9405252335.aa01336@salmon.maths.tcd.ie> Russell Nelson writes: [quoting someone:] > I asked Jim Bidzos about this last year. He told me they're planning > on becoming a supplier of cryptography code and expertise. >If they had expertise, they wouldn't need patents. Come on - fine, I don't like that patent (not that it affects me very badly), but where do you think they got the name RSADSI from? Conrad From mgream at acacia.itd.uts.edu.au Wed May 25 15:53:36 1994 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Wed, 25 May 94 15:53:36 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: Message-ID: <9405252255.AA09419@acacia.itd.uts.EDU.AU> Earlier, Robert A. Hayden wrote: > > Bizdos and gang will _still_ hold the patent on RSA-style public key > > encryption. What you're suggesting is, in essence, exactly what Phil > > Zimmerman did with PGP 1.0. > > Ah, ok. I wasn't sure if the patent covered just the use of the > algorithm or also the use of public-key-like systems. As I said, I am > most likely completely wrong :-) Not if you're referring to some form of "PGP:ng" or otherwise similar software that can interrogate and support several possible public key algorithms. The ASN.1 encoded PKCS packets are deliberately designed with algorithmic identifiers so that "smart" software can entertain not just RSA, but say El-Gamal or DSA algorithms -- in fact, anything you car to devise. The same applies to symmetric encryption and signature packets. One could piss off RSA entirely and go with DSA, whose only disadvantage being ciphertext doubling is so trivial it doesn't warrant a mention. Matthew. -- Matthew Gream Consent Technologies Sydney, (02) 821-2043 M.Gream at uts.edu.au From fnerd at smds.com Wed May 25 16:03:00 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 25 May 94 16:03:00 PDT Subject: Another AOL Message-ID: <9405252104.AA16668@smds.com> CDMA -- Carrier (Collision?) Detect Multiple Access, Code Division Multiple Access. Grr. Tim has me started. -fnerd - - - - - - - - - - - - - - - To auditors without the code, calls seem indistinguishable from noise. --George Gilder -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From gtoal at an-teallach.com Wed May 25 16:58:33 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 25 May 94 16:58:33 PDT Subject: removed from list.... Message-ID: <199405252358.AAA05623@an-teallach.com> From: joshua geller there was a mass unsubscribing, probably from nalbandian. so it is very likely that you did nothing whatever and that no one is pissed off at you. eric wouldn't unsubscribe you without telling you why it was happening and asking you to stop whatever it was that was causing to be frustrated. Actually I was speaking to lile recently and she said that she was removed from the list *after* resubscribing successfully after the mass removal. Something funny is going on. Anyway, if she wasn't taken off by eric, maybe you could resub her? I think she's sloped off in a huff assuming she was thrown out deliberately :-( G From rishab at dxm.ernet.in Wed May 25 18:09:36 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 25 May 94 18:09:36 PDT Subject: Patenting graph-based PK Message-ID: jpp at jpplap.markv.com (Jay Prime Positive): > It would be cool to hear about your graph isomorphism based system in > any case. > > I only worry that if I publish, it could be patented. And I don't > want the algorithm to end up in the hands of the software patent > folks. Especially if they will be making money off it, and I wont. > > Solutions? Patent it yourself. Or publish extensively, with source code, etc. In the US, where patents are still invent-first rather than file-first, this will make it harder for someone else to patent it. If you publish it, it can be taken as prior art, in which case claims on it will be rejected. I'm not a patent lawyer, consult one. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Wed May 25 18:09:36 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 25 May 94 18:09:36 PDT Subject: PGP 2.5 in Europe Message-ID: > Adam Shostack : > >As I said in my first message, I've heard 2.5 has already found its way So has 2.6, actually ;^) The ITAR is really not workable; we fight it to make legitimate what happens anyway - whenever any new 'munition' is released, it appears magically on the major crypto sites in Finland and Italy. As no one would dare risk the wrath of the National Surveillance Agency by fsp upload, how do they do it? Telepathy? Does export by telepathy violate ITAR? -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From sidney at apple.com Wed May 25 18:16:02 1994 From: sidney at apple.com (Sidney Markowitz) Date: Wed, 25 May 94 18:16:02 PDT Subject: MacPGP interface project Message-ID: <9405252256.AA01732@federal-excess.apple.com> On May 13, Richard.Johnson at Colorado.EDU wrote: > From the keyboard of: Black Unicorn > >> I would design around MacPGP2.3 v.1.0.5 (or whatever) >> The V1.1 source code doesn't look like it will be around real soon. > >Can someone fill the rest of us in on the true story behind this? Why >is the (copylefted) source code to 2.3a V1.1 not available? I saw the question, but no reply. I did have some problems that caused me to miss cypherpunks mail for a few days after that. Was there a reply on the list? In any case, I too would like to know what is the story with source code for MacPGP. In fact, the latest version executable I've seen is 2.3v1.0.5. From Black Unicorn's quote, it seems that there are sources available for that version and executables for 2.3a v1.1. If that's true, where can I find them? Is anyone applying the patches for 2.6 compatibility? -- sidney markowitz From norm at netcom.com Wed May 25 19:53:59 1994 From: norm at netcom.com (Norman Hardy) Date: Wed, 25 May 94 19:53:59 PDT Subject: Graph isomorphism based PK cryptosystems? Message-ID: <199405260253.TAA15237@netcom.netcom.com> At 15:42 5/25/94 -0400, smb at research.att.com wrote: > This is one of the main > reasons behind such publications as the IBM Technical Journal--the > publication of results not worth patenting themselves, but definitely > worth preventing others from patenting. > >Actually, no. IBM has a separate publication for just that purpose. >The Technicnal Journal (and others like it) are intended as PR vehicles >and as gold stars for researchers -- that's an important part of our >salary, as it were. I think that you are refering to IBM's "Technical Disclosures" publication. Its entries are in the form of patents, presumably in less finished form. They carry thru the process of writing up the patent, at least in rough form, and then decide whether to go to the greater expense of patenting it. If they decide not to patent it they publish it in Technical Disclosures. From ddt at lsd.com Wed May 25 21:13:49 1994 From: ddt at lsd.com (Dave Del Torto) Date: Wed, 25 May 94 21:13:49 PDT Subject: Response to Uni's "Lawsuit" Message Message-ID: <199405260413.VAA27583@netcom.netcom.com> At 8:07 am 5/24/94 -0700, Sandy Sandfort wrote: >How about this, instead: A company called "ID Anonymous, Ltd." sets up in >a business secrecy jurisdiction. It buys Internet access accounts in bulk >from DGS, Netcom, etc. (ID1, ID2, ID3, . . .). It then resells them to >people living in the service territories of the various access providers. >ID Anonymous, Ltd. collects monthly fees from all of its sub-users. It >pays the Internet provider a single check each month for the monthly fees >of all its anonymous account. Under such a system, there is no weak >link. If a user misbehaves, DGS or Netcom can cut off the offending >account, but nobody can reveal the identity of the underlying user. By >being located in an offshore jurisdiction, ID Anonymous, Ltd. is not >susceptible to lawsuits or rubber hose techniques. QED. I like it. I'd be willing to participate and refer users to the service. dave From rarachel at prism.poly.edu Wed May 25 21:19:02 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Wed, 25 May 94 21:19:02 PDT Subject: WNSTORM on wuarchive.wustl.edu Message-ID: <9405260406.AA07025@prism.poly.edu> I've just uploaded wnstorm to wuarchive.wustl.edu in the /pub/wns directory. I don't know if others can see it yet, but give it a try. From studly at uclink2.berkeley.edu Wed May 25 22:44:50 1994 From: studly at uclink2.berkeley.edu (Adam Michael Becker) Date: Wed, 25 May 94 22:44:50 PDT Subject: removed from list.... In-Reply-To: <199405252358.AAA05623@an-teallach.com> Message-ID: NO! I want to be taken off the list! I don't understand any of this jargon! please let me go!!!! Stud. On Thu, 26 May 1994, Graham Toal wrote: > From: joshua geller > > there was a mass unsubscribing, probably from nalbandian. > > so it is very likely that you did nothing whatever and > that no one is pissed off at you. > > eric wouldn't unsubscribe you without telling you why it > was happening and asking you to stop whatever it was that > was causing to be frustrated. > > Actually I was speaking to lile recently and she said that she was > removed from the list *after* resubscribing successfully after > the mass removal. Something funny is going on. Anyway, if she wasn't > taken off by eric, maybe you could resub her? I think she's sloped > off in a huff assuming she was thrown out deliberately :-( > > G > > From mgream at acacia.itd.uts.edu.au Thu May 26 00:20:02 1994 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Thu, 26 May 94 00:20:02 PDT Subject: ABC Lateline tonight: `The Clipper Debate' Message-ID: <9405260719.AA22040@acacia.itd.uts.EDU.AU> For those of interest, /This is primarily for an Australian audience, but as the Australian /Broadcasting Corporation (ABC) now broadcasts to Asia, this program /_may_ go out to the wider South Pacific. ABC Television's `lateline' current affairs program, tonight (Thursday 26th) at approx 10:30pm is /reportedly/ dealing with that insidious Clipper device. I haven't (and can't at the moment) verify it first hand. The format of this show is typically a video conferenced debate between the host and two or three noted commentators on the topic of interest. This debate goes for about half an hour, it is not generally just a replay of a report from somewhere else. If you've missed the above; Lateline is repeated the following day at about 1:30pm. Matthew. -- Matthew Gream Consent Technologies Sydney, (02) 821-2043 M.Gream at uts.edu.au From wcs at anchor.ho.att.com Thu May 26 00:35:31 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 26 May 94 00:35:31 PDT Subject: PGP 2.6 is dangerous in the long term ? Message-ID: <9405260734.AA20737@anchor.ho.att.com> > >What if (the cypherpunk community) comes out with a secure program that > >doesn't rely on RSAREF? Can it be done? > > Bizdos and gang will _still_ hold the patent on RSA-style public key > encryption. What you're suggesting is, in essence, exactly what Phil > Zimmerman did with PGP 1.0. There are three different problems here: - Doing secure programs without the RSAREF implementation of RSA; this has US patent license difficulties unless you buy their stuff. - Doing secure programs without the RSA algorithm - other public-key methods are available, such as Diffie-Hellman, though RSA has a lot of technical advantages for many applications. PKP/RSADSI own patents that expire in 1997 that they claim cover the whole field of public-key crypto, and nobody's challenged the breadth of those claims in court. - Doing secure programs without public-key algorithms at all - you *can* use secret-key algorithms to do security, as long as you're willing to do key distribution by some usable but inconvenient method, and security systems like Kerberos can do this. But Public-Key variants solve a lot of the technical difficulties and make implementations much easier. From wcs at anchor.ho.att.com Thu May 26 00:45:03 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Thu, 26 May 94 00:45:03 PDT Subject: SUE - the legal morass (fwd) Message-ID: <9405260743.AA20823@anchor.ho.att.com> > Was the dinosaur encrypted? Yes, but the key diddn't have enough bits to protect it for more than 50 million years under attack by the Feds :-) From Tomaz.Borstnar at arnes.si Thu May 26 01:35:26 1994 From: Tomaz.Borstnar at arnes.si (Tomaz Borstnar) Date: Thu, 26 May 94 01:35:26 PDT Subject: My 2.3a Key is listed as a 2.6 (Aaargh!) In-Reply-To: <9405252138.AA24321@tartarus.ira.uka.de> Message-ID: <9405260835.AA24935@toad.com> In-reply-to: Your message dated: Wed, 25 May 1994 23:38:17 > *my* key was also converted to a 2.6 key > (certainly just s/2.3a/2.6/g; , but it _is_ a 2.6-Key now). > > > Now my public key is a 2.6 key and I am not allowed > to have or use 2.6, because I'm german. Isn't it lovely? Maybe we should request to remove our keys? Tomaz From bart at netcom.com Thu May 26 03:42:49 1994 From: bart at netcom.com (Harry Bartholomew) Date: Thu, 26 May 94 03:42:49 PDT Subject: (fwd) FBI Digital Telephony Wiretapping a Done Deal?? Message-ID: <199405261042.DAA06740@netcom.com> From alt.politics.crypto, several forwards deleted: >US NEWS & WORLD REPORT, May 30, l994 >THE FREEH LOBBY. Thanks to intense personal lobbying by FBI >Director Louis Freeh, there are now sufficient votes on Capitol Hill to >assure passage of legislation that would make it far easier for law >enforcement officials to wiretap the nation's telephone system. The >snoop-friendly measure, which may be introduced this week, would >require manufacturers of telephone, computer and cable >communications equipment to design and build their machines so >that they could be readily accessed by wiretap and other types of >eaves-dropping devices used my US law enforcement agencies. The >legislation would cover communications equipment now in use as well >as items not yet on the drawing board. From jpp at jpplap.markv.com Thu May 26 03:53:49 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Thu, 26 May 94 03:53:49 PDT Subject: (fwd) FBI Digital Telephony Wiretapping a Done Deal?? In-Reply-To: <199405261042.DAA06740@netcom.com> Message-ID: > From: bart at netcom.com (Harry Bartholomew) > Date: Thu, 26 May 1994 03:42:37 -0700 > > >US NEWS & WORLD REPORT, May 30, l994 > > >[...blah blah blah...] A little early with this report aren't you? I though today, 26 May 1994, was before May 30 1994. What is you source? Could you get me a copy of the financial pages too? j' From jpp at jpplap.markv.com Thu May 26 04:05:14 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Thu, 26 May 94 04:05:14 PDT Subject: Magazines commonly predate issues, e.g. June Byte at hand In-Reply-To: <199405261059.DAA07223@netcom.com> Message-ID: Oops. Boy, that was sure a snide, surly thing for me to say. Let me publicly apologise to you Harry, and to the readers of Cypherpunks. I though US News & World Report was a news paper, but that doesn't really excuse my tone. Sorry again. j' From sidney at apple.com Thu May 26 04:53:32 1994 From: sidney at apple.com (Sidney Markowitz) Date: Thu, 26 May 94 04:53:32 PDT Subject: (fwd) FBI Digital Telephony Wiretapping a Done Deal?? Message-ID: <9405261117.AA18053@federal-excess.apple.com> jpp at jpplap.markv.com (Jay Prime Positive) said: >> >US NEWS & WORLD REPORT, May 30, l994 >A little early with this report aren't you? Weekly magazines are displayed on newstands for more than one day and are labeled with the end of their expected display period so that potential customers will not think that they are out of date. Similarly, people who have subscriptions should receive the magazine before the date on the cover. I guess news is like milk: You get it before the expiration date that's printed on the label. -- sidney markowitz From perry at imsi.com Thu May 26 05:11:41 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 26 May 94 05:11:41 PDT Subject: PGP 2.6 is dangerous in the long term ? In-Reply-To: Message-ID: <9405261211.AA05646@snark.imsi.com> Russell Nelson says: > Date: Wed, 25 May 94 10:25:30 -0700 > From: hughes at ah.com (Eric Hughes) > > You have to assume that RSA isn't being run by idiots. Either they're > looking at closing their doors in seven years, or they've got a plan. > > I asked Jim Bidzos about this last year. He told me they're planning > on becoming a supplier of cryptography code and expertise. > > If they had expertise, they wouldn't need patents. Make no mistake, they have expertise. As much as we like to denegrate them, they are responsible for several algorithms we all use every day, like MD5. That said, I agree that the patents are unsavory. However, none of us thus far have shown the testicular fortitude to challenge any of them. Perry From habs at warwick.com Thu May 26 06:45:07 1994 From: habs at warwick.com (Harry S. Hawk) Date: Thu, 26 May 94 06:45:07 PDT Subject: IBM's NetSP In-Reply-To: <9405251932.AA23126@bilbo.suite.com> Message-ID: <9405261621.AA19774@cmyk.warwick.com> > > e.g., not very secure from a serious peeping tom.... > > /hawk > And people say the export laws have no effect on U.S. domestic crypto > software... > Jim_Miller at suite.com Agreed... 40 bit key feels like (to me) one of those locks that comes on suitcases that you could probally break open with a small hammer.. /hawk From perry at imsi.com Thu May 26 07:07:27 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 26 May 94 07:07:27 PDT Subject: IBM's NetSP In-Reply-To: <9405261621.AA19774@cmyk.warwick.com> Message-ID: <9405261407.AA05816@snark.imsi.com> Harry S. Hawk says: > Agreed... 40 bit key feels like (to me) one of those locks that > comes on suitcases that you could probally break open with a small > hammer.. A screwdriver is a far more effective tool. Perry From dct at python.cs.byu.edu Thu May 26 07:38:26 1994 From: dct at python.cs.byu.edu (David C. Taylor) Date: Thu, 26 May 94 07:38:26 PDT Subject: dispersed DES Message-ID: <9405261438.AA00944@toad.com> I have come up with (and implemented) a version of triple DES for true paranoids, which I call dispersed DES. All I do is append four bytes to the beginning of the output files for each cycle of triple DES. It seems like this should provide even more security than triple DES, but I am no expert. Any comments? Please include "dct at newt.cs.byu.edu" in your replies, as I am unable to maintain access to the mailing list because of volume. Thanks. David C. Taylor dct at newt.cs.byu.edu From hughes at ah.com Thu May 26 08:00:08 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 26 May 94 08:00:08 PDT Subject: My 2.3a Key is listed as a 2.6 (Aaargh!) In-Reply-To: <9405260835.AA24935@toad.com> Message-ID: <9405261505.AA21318@ah.com> Maybe we should request to remove our keys? Unfortunately, it wouldn't do much good. The keyservers have no exclude list, so even if they removed it, someone could reload it back onto the keyserver and it would reappear. This flaw is not, at root, a flaw with the keyservers but a flaw with the key distribution in PGP. You can't have a public key be anything other than completely public, that is, you can't restrict the distribution of a key in any way. Why might not a key be made public? The publication of a key sends a message, and the message is this: "An identity of this name exists". If you're worried about traffic analysis, you might well also be concerned that there is knowledge that a particular key is being used at all. If you don't want everybody to be able to verify your signatures, but wish to select those who may, PGP offers facility for this. There is no way to represent this desire syntactically and no way to enforce the desire. Why might not one want a key distributed? It indicates use of cryptography, for one, and, perhaps, the use of patent-infringing cryptography. Eric From mab at crypto.com Thu May 26 08:11:22 1994 From: mab at crypto.com (Matt Blaze) Date: Thu, 26 May 94 08:11:22 PDT Subject: dispersed DES In-Reply-To: <1994May26.144642.22363@crypto.com> Message-ID: <9405261503.AA23050@crypto.com> In local.cypherpunks you write: >I have come up with (and implemented) a version of triple DES for true >paranoids, which I call dispersed DES. All I do is append four bytes to >the beginning of the output files for each cycle of triple DES. It seems >like this should provide even more security than triple DES, but I am no >expert. Any comments? Please include "dct at newt.cs.byu.edu" in your replies, >as I am unable to maintain access to the mailing list because of volume. >Thanks. >David C. Taylor >dct at newt.cs.byu.edu You have to be really careful when you invent new cipher modes, almost as much as when you invent an entire new cipher. It sounds like you have weakend 3-DES. Where do you get these 4 bytes? If they are fixed or deterministically generated, you will have made it possible for an attacker who can brute-force 1-DES (e.g., with a Weiner machine) to "peel off" each single DES key. Instead of a 112 (or 168) bit work factor (as with 3-DES), you'd end up with a 57 or 58 bit work factor. If you randomly generate the 4 bytes, you have to carefully evaluate your random number method. In any case it sounds like your mode is the weaker of 3-des and 1-des*(the complexity of your random bit generator). Perhaps I don't understand how your scheme works. Also, what intuition makes you think that it's stronger than plain old 3-DES? -matt From sandfort at crl.com Thu May 26 08:17:59 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 26 May 94 08:17:59 PDT Subject: Response to Uni's "Lawsuit" Message In-Reply-To: <199405260413.VAA27583@netcom.netcom.com> Message-ID: C'punks, On Wed, 25 May 1994, Dave Del Torto wrote: > At 8:07 am 5/24/94 -0700, Sandy Sandfort wrote: > >How about this, instead: A company called "ID Anonymous, Ltd." sets up in > >a business secrecy jurisdiction. It buys Internet access accounts in bulk > >from DGS, Netcom, etc. (ID1, ID2, ID3, . . .). It then resells them to > >people living in the service territories of the various access providers. > >. . . > > I like it. I'd be willing to participate and refer users to the service. > > dave When I wrote my original message, I was doing it more as an academic exercise than anything else. However, I will be moving to Hongkong sometime in July or August. I'll look into the possibility of starting such an anonymity service. In the meantime, though, anyone living in an appropriate jurisdiction should feel free to do something like this for themselves. Basically, it's just a mailbox operation. If you get your monthly charges paid up-front, your risk is very low. Go for it. S a n d y From dct at python.cs.byu.edu Thu May 26 08:19:37 1994 From: dct at python.cs.byu.edu (David C. Taylor) Date: Thu, 26 May 94 08:19:37 PDT Subject: dispersed DES In-Reply-To: <9405261503.AA23050@crypto.com> Message-ID: <9405261519.AA01739@toad.com> Good point about the source of the appended bytes. The reason I think it might be more secure is that the length of the appended segment is less than the length of the key on each pass, so it would seem to be the equivalent of a one-time pad for those relying on the appended bytes to get the key. That is my only basis for not worrying about wekening effects. Any holes? dct at newt.cs.byu.edu From cyber1 at io.org Thu May 26 08:21:19 1994 From: cyber1 at io.org (Cyber City) Date: Thu, 26 May 94 08:21:19 PDT Subject: Unicorn vs. tmp@netcom Message-ID: Recently Black Unicorn posted that he had sued tmp at netcom, and settled out of court. A couple of messages followed which were supportive of his action. The text below is a rebuke to Unicorn. I post it in the hope that it will provide dimension to the debate. To Black Unicorn: Once upon a time, two strangers found a dog. Alice said, "That's my dog: I can clearly tell by its markings". Bob said, "No, I'm afraid you're mistaken. See his ears pick up when I call his name". And so the debate continued, until a third person, Sol, arrived. On hearing the pleadings of Bob and Alice, Sol told them, "Stand 10 meters apart and put the dog between you". Sol the scared the dog with a quick movement and a shout, and the dog ran to its true master. Likewise, when you were tested recently by net abuse, you went for relief to your master, the government. This is what distinguishes you from the rest of us. We might react against the abuse (or we might not), but I think that none of us - or at least a very few - would have gone to court for relief. "I spoke to a Federal Court of Appeals Judge who I have known for a number of years to try and poke some holes in the suit on substantive merits." Despite your protestation, "I also don't like to be a bully", it seems to me that your pursuit of this case was predicated on your ability to be a bully and an insider. Like your colleagues Cantor and Seigel, you emitted flamebait and then pretended offense at the inevitable flames. You taunted tmp at netcom about his illness, reminding him at least three times in one message to take his medicine. Nice behaviour for a person who supposedly believes in privacy. It seems to me that you sized up tmp at netcom as a person who could not fight back due to his illness, and then you provoked him in order to establish grounds for your suit. I believe that your case, which is apparently based upon testimony from your friends, could not have succeeded in court. But it didn't have to, did it? You only had to find someone who was ill, and then kick him while he was down. Was it Rousseau who said, "First, we kill all the lawyers"? The cost of a lawsuit in the U.S. today can easily be over $100,000. The cost of a contract murder is said to be $10,000-$50,000. Consider the economics. I think there is a role to be played by lawyers in the future of the net. The net does not like litigation, because it interferes with the free flow of information. But it does like protocols, which are seen to enhance the flow of information. Lawyers, by their training and practice, are especially good at formulating workable protocols. If we had a protocol governing the use of network resources by sick or abusive users, your conflict with tmp at netcom might not have transpired, or else a solution might have been easily achieved. Conflicts like this are resulting in conversion of newsgroups on Usenet to moderated groups - a very unfortunate trend in my opinion, as Usenet does not provide for the removal of moderators. Here is a proper outlet for legal talent, not in self-serving time-wasting resource-absorbing litigation. -- Alex Brock From lstanton at sten.lehman.com Thu May 26 08:30:00 1994 From: lstanton at sten.lehman.com (Linn Stanton) Date: Thu, 26 May 94 08:30:00 PDT Subject: IBM's NetSP In-Reply-To: <9405261621.AA19774@cmyk.warwick.com> Message-ID: <9405261530.AA04024@sten.lehman.com> In message <9405261621.AA19774 at cmyk.warwick.com>you write: > Agreed... 40 bit key feels like (to me) one of those locks that > comes on suitcases that you could probally break open with a small > hammer.. Absolutly true, but even week security can have its uses. One of the most useful things we can do is get people used to, and routinely using, encryption. There are still too many people who think that using encryption is proof of wrongdoing. From perry at imsi.com Thu May 26 08:36:34 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 26 May 94 08:36:34 PDT Subject: Unicorn vs. tmp@netcom In-Reply-To: Message-ID: <9405261536.AA06013@snark.imsi.com> Cyber City says: > Likewise, when you were tested recently by net abuse, you went for > relief to your master, the government. This is what distinguishes you > from the rest of us. I would say that this is foolish. He went to the legal system rather than engaging in vigilatism. I myself am an anarchist. However, absent privately operated courts and private enforcement systems for me to bring suit under, I conduct my legal affairs via the only available court system. (To the extent that is possible I include language about arbitration in my contracts so that problems can be handled in what passes for a private court system today -- binding arbitration -- but this is not always feasable.) > We might react against the abuse (or we might not), but I think that > none of us - or at least a very few - would have gone to court for > relief. Thats because few of us would have a large amount at stake. "Black Unicorn" claimed to have a large sum of money at risk because of the stupidity in question. If one has a lot of money at risk one becomes defensive of it. Thats the only way one ends up keeping one's money. People who don't defend their money soon lose all of it. There is nothing dishonorable about going to court to defend one's property and capital. I might have found "Black Unicorn"s actions distasteful had he been going to court claiming something I find distasteful, but I see nothing wrong with suits such as the one he threatened. > Was it Rousseau who said, "First, we kill all the lawyers"? No, my ignorant friend, it was Shakespeare. > The cost of a lawsuit in the U.S. today can easily be over $100,000. > The cost of a contract murder is said to be $10,000-$50,000. > Consider the economics. The cost of a lawsuit can be anything from $20 to millions of dollars. It all depends on what the lawsuit is about and who is running it, doesn't it? The cost of a murder is irrelevant to the discussion. Indeed, so is the cost of a lawsuit. "Black Unicorn" was not in a position to produce a less expensive court system to sue in. Should he have censored himself to avoid being illegitimately attacked by Detweiler? Should he have permitted his livelyhood to be threatened on the premise that Detweiler can't afford a lawyer? "Black Unicorn" had few reasonable choices in the matter and took what appears, to me, to be a quite reasonable approach. Perry From joshua at cae.retix.com Thu May 26 08:42:04 1994 From: joshua at cae.retix.com (joshua geller) Date: Thu, 26 May 94 08:42:04 PDT Subject: Unicorn vs. tmp@netcom Message-ID: <199405261541.IAA04274@sleepy.retix.com> > To Black Unicorn: > Despite your protestation, "I also don't like to be a bully", it seems > to me that your pursuit of this case was predicated on your ability to > be a bully and an insider. Like your colleagues Cantor and Seigel, you > emitted flamebait and then pretended offense at the inevitable flames. > You taunted tmp at netcom about his illness, reminding him at least three > times in one message to take his medicine. did uni do this too? I thought that was me. of course, it very commonly occurs that things that I think I he done turn out to actually been done by someone else. josh From jpp at jpplap.markv.com Thu May 26 08:45:14 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Thu, 26 May 94 08:45:14 PDT Subject: Unicorn vs. tmp@netcom In-Reply-To: Message-ID: Well there is a distinction to be made between the law, and the government. Today, the government claims a (virtual) monopoly on the law*. Thus resort to the law today must almost always also be a resort to governemt. So, we cannot tell from outside if Unicorn's 'master' is government, or law. Perhaps we should ask him? On the other hand, I certainly agree that 'kicking folks when they are down' is not nice. Especially if it is done in a premeditated manner. But you didn't sugest that -- did you? Btw, is cyber1 at io.org by any chance another nym for tmp at netcom.com? * Footnote: Arbitration services are almost a seperate law, but generaly their 'teeth' come ultimately from government monopoly on force. It is posible to imagin arbitration services with shaper teeth. I supose that criminal organizations which chalange the government's monopoly on force could provide an example of alternative law. Hmm. Didn't you mention something about that kind of law being cheaper to access? j' From remailer at jpunix.com Thu May 26 09:14:03 1994 From: remailer at jpunix.com (remailer at jpunix.com) Date: Thu, 26 May 94 09:14:03 PDT Subject: compatibility with future PGP Message-ID: <199405261558.AA03755@UUCP-GW.CC.UH.EDU> ebrandt at jarthur.cs.hmc.edu (Eli Brandt) once said: EB> > From: "Perry E. Metzger" EB> > People overseas want to be able to use this program, too. There are EB> > 250 million people in the U.S., which constitutes under 1/20th of the EB> > Earth's population. EB> EB> You dropped the part of his message where he said that he believed EB> v2.5 was available abroad. If it's not, I don't think it will take EB> long. And once it's escaped from this little prison state of ours, EB> overseas users incur no risk in using it: they can't even be EB> Noriega'd, since they've broken no law in any country. It can be obtained from IRC, /msg pgpserv help. Patrick  From remailer at jpunix.com Thu May 26 09:15:02 1994 From: remailer at jpunix.com (remailer at jpunix.com) Date: Thu, 26 May 94 09:15:02 PDT Subject: Email firewall etc Message-ID: <199405261559.AA03759@UUCP-GW.CC.UH.EDU> rishab at dxm.ernet.in once said: RI> Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU: RI> > Companies like the idea of firewall machines to protect the security of RI> > their internal nets. I bet they would also like something called an RI> > "email-firewall". Names are important. :-) I think of the RI> > email-firewall as a slightly modified anonymous-remailer. RI> RI> I haven't delved into the wide world of remailers out there, but I'd like a RI> remailer that encrypted, though did not necessarily anonymize, incoming mail. RI> RI> I'm not really bothered about the NSA reading my mail. In fact, I'm not usually RI> concerned whether someone in New York, for instance read my mail. But I might RI> not want people closer to home (local sysadmins, etc) to read it. I'm sure many RI> others share this position. RI> RI> The problem is that I can't ensure that people encrypt their mail to me. They RI> may not bother, or be unable. An alternative would be for them to send it to RI> a remailer, which, knowing my public key, would encrypt and forward it to me. Version 1.99 of my Remail for Waffle actually does this: it checks if the recipient of the remailed message has a PGP public key, and if so, it encrypts the outgoing message, if it is not encrypted already. The remailers remail at vox.hacktic.nl and remailer at jpunix.com use this program. For testing you can also use remail at desert.hacktic.nl, or remailer at desert.hacktic.nl PAtrick  From mab at crypto.com Thu May 26 09:19:11 1994 From: mab at crypto.com (Matt Blaze) Date: Thu, 26 May 94 09:19:11 PDT Subject: dispersed DES In-Reply-To: <9405261520.AA23568@uu6.psi.com> Message-ID: <9405261559.AA25189@crypto.com> >Good point about the source of the appended bytes. The reason I think it might >be more secure is that the length of the appended segment is less than the >length of the key on each pass, so it would seem to be the equivalent of a >one-time pad for those relying on the appended bytes to get the key. That is my >only basis for not worrying about wekening effects. Any holes? > >dct at newt.cs.byu.edu Let me see if I understand your scheme: you prepend 4 unpredictable bytes to the data before running through each single des cycle. What do you do with the 4 bytes from each cycle that are shifted into the end of the datastream? Is the datastram vulnerable to independent search there, too? Assuming the 4 bytes really are unpredictable, and assuming you deal with both "ends" of the stream, there doesn't seem to be an *obvious* attack that allows independent search for each of the 2 or 3 des keys. There was a paper in Eurocrypt this year (that I haven't seen yet) that discusses some not-so-obvious properties of multi-cipher modes that may reveal another attack, however. If you don't think you've weakened 3-des, now the question is whether you've strengthened it (or otherwise improved it). Your method doesn't seem to increase the complexity of a brute force attack on the 112 (or 168) bits of 3-des key material. In fact, you may have actually increased the number of bits of key material (if the decryptor has to know extra secret bytes in order to recover the ends of messages) that the good guy has to manage without increasing the work factor for the bad guy. 3 des is plenty strong, and if you don't trust or otherwise don't want to use 3-des, it's not clear that this offers an improvement. -matt From unicorn at access.digex.net Thu May 26 09:38:31 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 26 May 94 09:38:31 PDT Subject: Unicorn vs. tmp@netcom In-Reply-To: Message-ID: <199405261638.AA23173@access3.digex.net> Cyber City scripsit > > Recently Black Unicorn posted that he had sued tmp at netcom, and settled > out of court. A couple of messages followed which were supportive of > his action. The text below is a rebuke to Unicorn. I post it in the > hope that it will provide dimension to the debate. > > To Black Unicorn: > [Dog story clipped] > > Likewise, when you were tested recently by net abuse, you went for > relief to your master, the government. This is what distinguishes you > from the rest of us. I find it interesting that your rebuke is based mostly on your own personal reluctance to use the courts. Who exactly do you speak of to when you refer to "the rest of us." You propose that I resort next time to what.... arbitration? > We might react against the abuse (or we might > not), but I think that none of us - or at least a very few - would have > gone to court for relief. You seem to think it was merely the post that caused me to resort to the courts. It was not. Had it remained in Usenet I never would have cared much. > "I spoke to a Federal Court of Appeals Judge who I have known for > a number of years to try and poke some holes in the suit on > substantive merits." > > Despite your protestation, "I also don't like to be a bully", it seems > to me that your pursuit of this case was predicated on your ability to > be a bully and an insider. This is often the case with lawsuit and any human endeavor. I'm sorry everyone isn't on equal ground in the world. I personally prefer the ability to resort to a civil system of litigation than to have some highly institutionalized, standardized, process that could only be provided by big government. At what price equality? > Like your colleagues Cantor and Seigel, you > emitted flamebait and then pretended offense at the inevitable flames. Cantor and Seigel? Please. Again, even if one asks to be rebuked, this is no excuse for defamation. > You taunted tmp at netcom about his illness, reminding him at least three > times in one message to take his medicine. Nice behaviour for a person > who supposedly believes in privacy. It seems to me that you sized up > tmp at netcom as a person who could not fight back due to his illness, and > then you provoked him in order to establish grounds for your suit. I never knew him to be truly ill. The "please keep up with your medication" comments are common in Usenet and hardly indictive of any factual belief. If indeed he is on medication it is news to me, and you are the individual who has compromised his privacy. It would be an easy matter for me to expose his identity, his work, his finances, I have and will not. > I > believe that your case, which is apparently based upon testimony from > your friends, could not have succeeded in court. But it didn't have to, > did it? You only had to find someone who was ill, and then kick him > while he was down. Your wrong on the first count, right on the second, and as I said before, I never had a basis to make the judgement that you outline in the third. > Was it Rousseau who said, "First, we kill all the lawyers"? No, it is a Shakesphere quote from Henry VI, (Part 2). This oft misquoted tidbit is taken out of context to be a serious suggestion. In fact the character who utters it is a Nilhilist intended to be laughed at for his impractical and poorly thought out theories. Note that this quote comes right after a similar humor: "I will make it a felony to drink small beer." > The cost of > a lawsuit in the U.S. today can easily be over $100,000. The cost of a > contract murder is said to be $10,000-$50,000. Consider the economics. What does this have to do with my suit? > I think there is a role to be played by lawyers in the future of the > net. The net does not like litigation, because it interferes with the > free flow of information. Where the free flow of information damages, it is an easy policy to insure ones self with flawless, no cost, total liability insurance. It's called a secure anonymous remailer. > But it does like protocols, which are seen to > enhance the flow of information. Lawyers, by their training and > practice, are especially good at formulating workable protocols. If we > had a protocol governing the use of network resources by sick or abusive > users, your conflict with tmp at netcom might not have transpired, or else > a solution might have been easily achieved. I concur, and I outlined said protocol. I pointed to Julf. In the absence of such protocol I will act to protect my interests by what means are available. [Time wasteing litigation comment deleted] I don't find it was a waste of my time or my effort. > > -- > Alex Brock > -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From m5 at vail.tivoli.com Thu May 26 09:43:33 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 26 May 94 09:43:33 PDT Subject: Unicorn vs. tmp@netcom In-Reply-To: Message-ID: <9405261643.AA08686@vail.tivoli.com> Cyber City writes: > To Black Unicorn: > > Once upon a time, two strangers found a dog... > > Likewise, when you were tested recently by net abuse, you went for > relief to your master, the government. I find this analogy pretty thin... > This is what distinguishes you from the rest of us. "Us"? > We might react against the abuse (or we might not), but I think > that none of us - or at least a very few - would have gone to court > for relief. I appreciate your input, but please do not presume to speak for me. > Despite your protestation, "I also don't like to be a bully", it seems > to me that your pursuit of this case was predicated on your ability to > be a bully and an insider. An "insider", because he happens to know a judge? Sorry, but knowledge of the law is not some sort of exclusive privilege. > Like your colleagues Cantor and Seigel !!! > You only had to find someone who was ill, and then kick him > while he was down. It has never been demonstrated to my satisfaction that tmp at netcom.com is ill, and while the suggestion has been made frequently I don't think we can use the supposition to accuse Mr. Unicorn of "kicking" a sick person. This is a serious twisting of the facts. > Was it Rousseau who said, "First, we kill all the lawyers"? No; that's the most bizarre misattribution I've seen in a while... > The cost of a lawsuit in the U.S. today can easily be over > $100,000. Indeed; it might be $10,000,000!!! Or, of course, it might be nothing, and it might be that someone victimized by a frivolous lawsuit can sue to recover costs. > The cost of a contract murder is said to be $10,000-$50,000. > Consider the economics. I'm pretty quickly losing track of this train of thought. Are you suggesting that Mr. Unicorn should have consulted a mafioso instead of a judge? > I think there is a role to be played by lawyers in the future of the > net. The net does not like litigation, because it interferes with the > free flow of information. This statement makes no sense. Is it not obvious that litigation need have nothing whatsoever to do with the free flow of information? -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From mmarkley at microsoft.com Thu May 26 09:48:14 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Thu, 26 May 94 09:48:14 PDT Subject: Unicorn vs. tmp@netcom Message-ID: <9405261549.AA06512@netmail2.microsoft.com> | From: Cyber City | << partial quote removed >> | Likewise, when you were tested recently by net abuse, you went for | relief to your master, the government. This is what distinguishes you | from the rest of us. We might react against the abuse (or we might | not), but I think that none of us - or at least a very few - would have | gone to court for relief. I would have no problems at all going to court as a solution. Posting so called 'flamebait' does not make it right for someone to respond with attacks on the character of the original poster. If you must post responses to flamebait then attack the content of the article. As to the comments about contract murder, If you chose this route based on the economy of it, what are you going to do when you are arrested for the murder? I don't think the courts are going to buy a plea of "It was cheaper to deal with the problem this way." I don't think that this type of litigation is going to impact the free flow of information. Attacks on the character of the poster of the information are more likely to limit the flow than anything else. I'm not trying to sound PC here because I personally find the PC movement very offensive, but if you have a problem with someone deal with it privately and don't air your dirty laundry in public. Mike << rest of quote removed >> ===================================================== Mike Markley I'm not a Microsoft spokesperson. All opinions expressed here are mine. ===================================================== From info at DigiCash.nl Thu May 26 09:49:59 1994 From: info at DigiCash.nl (DigiCash Information) Date: Thu, 26 May 1994 09:49:59 -0700 Subject: ecash Press Release Message-ID: <2de4dd31.herman@DigiCash.nl> DIGICASH PRESS RELEASE World's first electronic cash payment over computer networks. ============================================================= FOR IMMEDIATE RELEASE (Release Date: May 27, 1994) ---------------------------------------------------------------------- Payment from any personal computer to any other workstation, over email or Internet, has been demonstrated for the first time, using electronic cash technology. "You can pay for access to a database, buy software or a newsletter by email, play a computer game over the net, receive $5 owed you by a friend, or just order a pizza. The possibilities are truly unlimited" according to David Chaum, Managing Director of DigiCash TM, who announced and demonstrated the product during his keynote address at the first conference on the World Wide Web, in Geneva this week. Electronic cash has the privacy of paper cash, while achieving the high security required for electronic network environments exclusively through innovations in public key cryptography. "It's the first software only solution. In the past we've pioneered such cash for chip cards and electronic wallets, always with a tamper-resistant chip for storing the value--now all you have to do is download the software and you're up and running" continues Dr. Chaum. The product works with Microsoft(R) Windows TM, Macintosh TM, and most UNIX TM platforms. It was shown integrated with Mosaic, the most popular software for people accessing databases, email, or other services on the Internet and World Wide Web. The graphic user interface allows intuitive "dragging and dropping" of icons representing stacks of coins, receipts, record books, etc. The company will be supplying the technology through other firms who will release the products, under various cooperation and trial programs. The user software, which allows both paying and receiving payment, will be distributed free of charge. The product was developed by DigiCash TM Corporation's wholly owned Dutch subsidiary, DigiCash TM BV. It is related to the firm's earlier released product for road pricing, which has been licensed to Amtech TM Corporation, of Dallas, Texas, worldwide leader in automatic road toll collection. This system allows privacy protected payments for road use at full highway speed from a smart card reader affixed to the inside of a vehicle. Also related is the approach of the EU supported CAFE project, of which Dr. Chaum is Chairman, which uses tamper-resistant chips inserted into electronic wallets. The underlying 'blind signature' technology was described in the article "Achieving Electronic Privacy," by David Chaum, Scientific American, August 1992. ---------------------------------------------------------------------- For more information contact: DigiCash bv info at digicash.nl Kruislaan 419 tel +31 20 665 2611 1098 VA Amsterdam fax +31 20 668 5486 The Netherlands ---------------------------------------------------------------------- From info at DigiCash.nl Thu May 26 09:57:24 1994 From: info at DigiCash.nl (DigiCash Information) Date: Thu, 26 May 94 09:57:24 PDT Subject: ecash Press Release Message-ID: <2de4e223.herman@DigiCash.nl> DIGICASH PRESS RELEASE World's first electronic cash payment over computer networks. ============================================================= FOR IMMEDIATE RELEASE (Release Date: May 27, 1994) ---------------------------------------------------------------------- Payment from any personal computer to any other workstation, over email or Internet, has been demonstrated for the first time, using electronic cash technology. "You can pay for access to a database, buy software or a newsletter by email, play a computer game over the net, receive $5 owed you by a friend, or just order a pizza. The possibilities are truly unlimited" according to David Chaum, Managing Director of DigiCash TM, who announced and demonstrated the product during his keynote address at the first conference on the World Wide Web, in Geneva this week. Electronic cash has the privacy of paper cash, while achieving the high security required for electronic network environments exclusively through innovations in public key cryptography. "It's the first software only solution. In the past we've pioneered such cash for chip cards and electronic wallets, always with a tamper-resistant chip for storing the value--now all you have to do is download the software and you're up and running" continues Dr. Chaum. The product works with Microsoft(R) Windows TM, Macintosh TM, and most UNIX TM platforms. It was shown integrated with Mosaic, the most popular software for people accessing databases, email, or other services on the Internet and World Wide Web. The graphic user interface allows intuitive "dragging and dropping" of icons representing stacks of coins, receipts, record books, etc. The company will be supplying the technology through other firms who will release the products, under various cooperation and trial programs. The user software, which allows both paying and receiving payment, will be distributed free of charge. The product was developed by DigiCash TM Corporation's wholly owned Dutch subsidiary, DigiCash TM BV. It is related to the firm's earlier released product for road pricing, which has been licensed to Amtech TM Corporation, of Dallas, Texas, worldwide leader in automatic road toll collection. This system allows privacy protected payments for road use at full highway speed from a smart card reader affixed to the inside of a vehicle. Also related is the approach of the EU supported CAFE project, of which Dr. Chaum is Chairman, which uses tamper-resistant chips inserted into electronic wallets. The underlying 'blind signature' technology was described in the article "Achieving Electronic Privacy," by David Chaum, Scientific American, August 1992. ---------------------------------------------------------------------- For more information contact: DigiCash bv info at digicash.nl Kruislaan 419 tel +31 20 665 2611 1098 VA Amsterdam fax +31 20 668 5486 The Netherlands ---------------------------------------------------------------------- From jp at jep.pld.ttu.ee Thu May 26 09:58:24 1994 From: jp at jep.pld.ttu.ee (Jyri Poldre) Date: Thu, 26 May 94 09:58:24 PDT Subject: Learning to divide ( again ) In-Reply-To: <9405261517.AA01689@toad.com> Message-ID: RE every1. Recently i became involved in project of designing semi-custom VLSI device for endecryption. The device uses variable length RSA for key exchange and IDEA for data encryption. For pipelinig IDEA block we have to use 6 multipliers 16 bit ant that leaves us with 96 bit adder for RSA calculations. ( The chip should be reasonably cheap ). Otherwise the RSA speed would not be so cruicial but we have to generate both keys in chip ( involves physically random generator based on variable frequency being samled with constant clock, VF generator is inside chip ) to guarantee absolute secrecy - you cannot tell Secret component if you do not know it. To generate keys we have to use Fermat test for primality and that takes time. Although the RSA keys need not to be changed so very often it is still important to keep the process running in 'normal' time limits. So - I can use multiple operand adders ( meaning a+b+c+d with one carry-propagation time ) For RSA basic operation a*b mod Z i have decided to use radix4 modified Booth algoritm for multiply , but i am still not sure about divide. Has any1 encountered similar problems? I would greatly appreciate Feedback, cause i have to make up my mind in some weeks. If you are interested in more details about the design, let me know. I would like it to be good product for use in different applications. JP from PLDesign lab of Tallinn Technical University. From jamiel at sybase.com Thu May 26 10:16:50 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 26 May 94 10:16:50 PDT Subject: No Mail for last night... Message-ID: <9405261714.AA26201@ralph.sybgate.sybase.com> I had disk problems last night, and lost all mail that was sent between 5 and 9 this morning. If anyone sent anything important, send it again. Sorry- -j From dwomack at runner.utsa.edu Thu May 26 10:16:55 1994 From: dwomack at runner.utsa.edu (David L Womack) Date: Thu, 26 May 94 10:16:55 PDT Subject: Unicorn vs.... Message-ID: <9405261716.AA28738@runner.utsa.edu> I have to support Black Unicorn's use of the courts. Really, what choices were available? a) Do nothing. Eat the losses. Suffer destruction of his reputation. Does anyone really advocate this? Even the religiously inclined don't advocate turning the other cheek ad inifinitum... b) Mail bombs or other amusements. Not only does one join the target in the same figurative gutter, there are real questions of efficacy and legality. Simply because one side foreswears the legal system, there is no guarantee both sides will. And, there is absolutely no guarantee that a sys. admin. won't seek criminal prosecution under a tampering with the computer theory. c) Hire some fool(s) to break the target's hands. Not only do you risk prosecution, ala T. Harding, but I rather doubt we want to enter this still lower gutter. d) Pursue a criminal indictment. Nice in that it really gets the target's attention, but it can be difficult to do. And if people object to civil litigaton, I suppose criminal charges would be even more objectionable. e) Sue the guy. It's legal, it's easy, and it get's people's attention. So, I, for one, think Black Unicorn took the best and most reasonable approach. I'd be very interested in which course (or some other undefined course I didn't think of) that the anarchists feel would be reasonable... Regards, Dave From jims at Central.KeyWest.MPGN.COM Thu May 26 10:22:54 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 26 May 94 10:22:54 PDT Subject: Unicorn vs. tmp@netcom In-Reply-To: <199405261638.AA23173@access3.digex.net> Message-ID: <9405261722.AA13675@Central.KeyWest.MPGN.COM> > It would be an easy matter for me to expose his identity, his work, his > finances, I have and will not. Not that I would suggest anyone to do this, but I do wonder if the information obtained for the court case is public knowlege or is it in a 'sealed' file? Knowing nothing of law I haven't a clue, but if it is public information then another cypherpunk might find it an equally easy matter to expose the id, work, finances, etc of the tmp at netcom.com person. Not that I would suggest doing this. Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From hal at martigny.ai.mit.edu Thu May 26 10:31:21 1994 From: hal at martigny.ai.mit.edu (Hal Abelson) Date: Thu, 26 May 94 10:31:21 PDT Subject: MIT Statement on PGP Message-ID: <9405261731.AA02933@toad.com> FOR IMMEDIATE RELEASE, May 26, 1994 Contact: Ken Campbell, Director, MIT News Office (617 253-2703 or 2700 NON-COMMERCIAL USE MIT Issues Software Codes To Promote Internet Privacy The Massachusetts Institute of Technology has issued--for non-commercial use--a free public software package that will allow people to send private coded messages on electronic networks in the United States. The release provides non-commercial U.S. users of the Internet with the ability to obtain secure communication and data protection. Commercial versions have been licensed to over four million users. The software, known as PGP Version 2.6 (for "pretty good privacy") uses the RSAREF(TM) Cryptographic Toolkit, supplied by RSA Data Security, Inc. of Redwood City, Calif. It is being released by MIT with the agreement of RSADSI. PGP 2.6 is fully licensed, for U.S. non-commercial users, to use public-key technology that has been licensed by MIT and Stanford University to RSA Data Security and Public Key Partners. Public-key technology gives users of electronic mail the ability to sign messages in an unforgeable way, as well as the ability to send confidential messages that can be read only by the intended recipients, without any prior need to exchange secret keys. "This agreement solves the problem of software being distributed on the Internet which potentially infringed the intellectual property of MIT and the licensee, RSA, " said Professor James D. Bruce, vice president for information systems. Although prior versions of PGP have been available on the Internet, the potential infringement of MIT and Stanford University patents has prevented it from coming into widespread adoption. END From m5 at vail.tivoli.com Thu May 26 10:36:49 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 26 May 94 10:36:49 PDT Subject: MIT Statement on PGP In-Reply-To: <9405261731.AA02933@toad.com> Message-ID: <9405261736.AA08960@vail.tivoli.com> What exactly does "non-commercial uses" mean? I read mail through my account here at work; if I get PGP2.6 running and send mail from Tivoli to a friend on netcom, is that a commercial or non-commercial use? What if I send encrypted mail to a friend at Tivoli? Clearly, this precludes my bundling the release with a Tivoli product, but I don't understand how the commercial/non-commercial distinction is formally made. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From jamiel at sybase.com Thu May 26 10:49:34 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 26 May 94 10:49:34 PDT Subject: No Mail for last night... (one more try) Message-ID: <9405261744.AA09664@ralph.sybgate.sybase.com> That last message must have been somewhat confusing. I meant mail sent between 5PM and 9AM. -j >I had disk problems last night, and lost all mail that was >sent between 5 and 9 this morning. If anyone sent anything >important, send it again. > >Sorry- >-j From ritter at indial1.io.com Thu May 26 11:15:23 1994 From: ritter at indial1.io.com (Terry Ritter) Date: Thu, 26 May 94 11:15:23 PDT Subject: Toward Axiomatic Fenced DES (long!) Message-ID: <199405261812.NAA23877@indial1.io.com> Ritter Software Engineering 2609 Choctaw Trail Austin, Texas 78745 (512) 892-0494, ritter at io.com Toward Axiomatic Fenced DES Terry Ritter May 26, 1994 Introduction This article continues the development of a block cipher which I have been calling "Fenced DES." This unique construct uses the U.S. Data Encryption Standard (DES) as a component in a strength- enhanced cipher. Even though DES is slow and is now becoming vulnerable to advancing attack technology, DES is also well-known and trusted, and industry would be grateful to continue to use it if only it were stronger. The time has come to replace ordinary DES. One alternative is the complete certification of a totally new cipher at tremendous cost in both treasure and time. Another alternative is "triple- DES," at three times the computation of ordinary DES. But if a strength-enhancing construction can be found which is sufficiently clear and elegant, we may hope for a "derivative certification," based only assumptions about the strength of DES itself. In this article I start the process of proving some things about the Fenced DES cipher. In particular, I prove that the resulting cipher is invertible and has the avalanche property, two admittedly modest characteristics, but ones we do associate with a good block cipher. I claim that the construct is certainly guaranteed to be no weaker than DES. I also argue--with some theoretical support-- that the construct should be expected to be much stronger, at least 120 bits. In other words, it should be "strong enough" for the next couple of decades. The system of definitions, proofs and arguments which takes up the major part of this article is by no means finished, and is known to be casual and inconsistent in places. (Some of these problems could be fixed by expanding the mathematical base, which I avoid for now.) In spite of this, I believe it to be an interesting approach, even if it is an approach to which others are probably far better suited than myself. Therefore, let us just agree to accept it for what it is, and see how close it gets to what we need. The definitions apply to this particular construction. Those generally familiar with combinatorics might start with section 7, "Block Mixing Transforms." Fenced DES Here is the current 4x Fenced DES construct: S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ------------------------------mix------------------------------ --------------mix-------------- --------------mix-------------- ------DES------ ------DES------ ------DES------ ------DES------ --------------mix-------------- --------------mix-------------- ------------------------------mix------------------------------ S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S Each "S" represents a separately-shuffled and independent 8-bit substitution table (which also implies the presence of a keyed cryptographic RNG to shuffle the tables). We have 32 input substitutions and 32 output substitutions, for an overall block size of 256 bits. This is only 32 bytes, which should be much smaller than the typical message. Trailing 2x and 1x blocks would reduce data expansion to only that needed by DES itself. Each "---DES---" represents an ordinary 64-bit-block DES operation. Each "---mix---" represents the mixing of the covered data blocks using "block mixing transform" technology. There are two levels of mixing on each side of the DES operations: The innermost levels each have two mixings which combine two 64-bit blocks; the outermost levels each have just a single mixing which combines two 128-bit blocks, a substantial mixing operation. This entire construct requires about 4.8 times the computation to cipher 4 times the data. In contrast, triple-DES would of course need 12 times the computation to cipher 4 times the data. The Proofs 1. SETS ======= 1.1 DEFINITION: A SET is a collection of objects in which any object either is or is not a part of the set. A set S can be described by a list of the elements in the set, viz. S = { a1, a2, ..., an }. 1.2 DEFINITION: The SIZE OF SET S is the number of elements in S, and is denoted |S|. 2. CODES ======== 2.1 DEFINITION: A CODE is a string of symbols in which the symbol in each position is taken from some common set S. When S consists of numeric values, a code can be seen as a polynomial with coefficients in S. 2.2 DEFINITION: An N-POSITION code is a code which has n positions for symbols, and can be denoted by S**n. 2.3 DEFINITION: A BINARY code is a code in which the common set is the set {0,1}. 2.4 DEFINITION: An N-BIT binary code is a binary code with n positions and can be denoted by {0,1}**n or by S**n with S = {0,1}. 2.5 THEOREM: (Size of code.) There are |S|**n distinct code values in an n-position code. (Proof: Each position in a code string can be any possible symbol, there are |S| possible symbols and n positions in each code string, so there are |S|**n possible code values of length n.) 2.6 THEOREM: (No special positions.) Taken over all possible code values, each string position has exactly the same number of occurrences of each symbol. (Proof: Each position in a code string can be any possible symbol. For any particular combination of symbols in other positions, in the selected position each possible symbol occurs once. So for every possible combination of symbols in other positions, in the selected position each possible symbol occurs the same number of times.) 2.7 THEOREM: (Position difference counts.) The number of n-position code values which differ in exactly m positions is (n) m (m) * (|S|-1) . (n) (Proof: There are (m) combinations of m positions out of n possible positions, and in any particular combination of m positions each position can take on |S|-1 other symbols producing (|S|-1)**m other code values for each combination.) 2.8 EXAMPLE: The number of 8-bit binary codes which differ in m bits is: distance count 0 1 1 8 2 28 3 56 4 70 5 56 6 28 7 8 8 1 --- 256 = 2**8 (Comment: There are 256 8-bit binary code values, and 255 values which differ in at least one position from any particular code value.) 2.9 THEOREM: (Average distance and distribution.) The expected number of elements which differ between two n-position code values is n * (1 - 1/|S|), and the distribution is binomial. (Proof: Assume the number of code differences is the binomial (n) m n-m probability of a difference B(m;n,p) = (m) p q , where where p = 1 - 1/|S| and q = 1-p, times the total number of n code values (1/q) : (n) m (n) m n-m -n (m) * (|S|-1) = (m) p q q (n) m = (m) (p / (1-p)) which is correct, so the expected number of different elements is the binomial expectation np.) 2.10 EXAMPLE: The expected number of elements which differ between two 8-bit binary code values is: 8 * (1 - 0.5) = 4. 2.11 EXAMPLE: The probability of having two 8-bit binary code values which differ in exactly two elements is: (8) 2 6 (2) (0.5) (0.5) = 0.109 = 28 / 256. 2.12 EXAMPLE: The expected number of elements which differ between two 64-bit binary code values is: 64 * (1 - 0.5) = 32. 2.13 EXAMPLE: The probability of getting a 64-bit binary code value which differs in exactly m bits from some other value is: difference probability 16 0.000026 28 0.061 29 0.075 30 0.088 31 0.096 32 0.099 (Comment: The 9 difference values 28..36 account for about 74 percent of all possible difference counts, even though they are only about 14 percent of all 65 possibilities.) 3. DISCRETE FUNCTIONS ===================== 3.1 DEFINITION: A DISCRETE FUNCTION takes an input code value to an output code value for a finite number of input code values. 3.2 DEFINITION: A RANDOM discrete function allows each output code value to be selected independently for each possible input condition. 3.3 THEOREM: (Number of random functions.) There are 2**2n possible random functions with an n-bit binary input code and an n-bit binary output code. (Proof: An n-bit binary code can make 2**n possible selections, each of which can be 2**n possible values, and (2**n)*(2**n) = 2**2n.) 4. SUBSTITUTION =============== 4.1 DEFINITION: A SUBSTITUTION is a mapping from input values or positions to output values. (Comment: A SUBSTITUTION can be seen as an indexable vector of substitute values. A SUBSTITUTION can also be seen as a "codebook" with an entry for every possible input code, and storage for each corresponding output code. A SUBSTITUTION can also be seen as an "arbitrary" discrete function, since any possible discrete function can be described by using a separate output code for each possible input condition. A SUBSTITUTION can also be seen as the relation joining substitute values with the position of each value.) 4.2 DEFINITION: SIMPLE substitution is the operation of using a substitution table or codebook to "encode" a string of input values by replacing each value in the string with its associated substitute value. (Comment: If the substitution is invertible, we can use an inverse substitution to "decode" the resulting encoded values and recover the original values.) 4.3 THEOREM: (Unique substitute values.) An invertible substitution can contain any particular output code at most once. (Proof: Suppose not: Then two different values into a substitution will produce the same output value. But that output value can inverse-substitute to only one inverse value, making the other input value unreachable, which contradicts invertibility, so this is false.) 4.4 THEOREM: (Number of invertible substitutions.) There are (2**n)! possible invertible substitutions for an n-bit binary input code. (Proof: The first substitution element can be any one of 2**n elements, the second element can be any except the first element, or (2**n)-1 elements, the third can be any except the first and second, for (2**n)-2 elements, and so on.) 4.5 THEOREM: (Guaranteed change propagation.) A change of even one input bit to an invertible substitution is guaranteed to produce a change in at least one output bit from the substitution. (Proof: Each input bit can select between two different input code values, which will select two different output code values, since an invertible substitution contains no duplicate values. Since any two different codes must be different in at least one bit, any input bit-change will produce at least one output bit-change.) 4.6 DEFINITION: A COMPLETE substitution contains every value of an n-position code, for some n. 4.7 THEOREM: (Probable change propagation.) Any change whatsoever to the input value to a complete invertible substitution is likely to change about half the bits in the output value. (Proof: Changing the input value selects among all remaining output code values. If the output is considered to be binary bits, we expect about half those bits to change (2.9).) 4.8 DEFINITION: AVALANCHE is a statistical property of a discrete function in which any change whatsoever on the input is expected to produce a change in about half the bits in the output value. 4.9 THEOREM: (Avalanche is automatic.) Avalanche is an inherent property of complete invertible substitution. (Proof: See 4.5, 4.7, and 2.9.) 4.10 THEOREM: (No special input bits.) Each input bit to an invertible substitution has exactly the same power to produce the same expected change in output bits. (Proof: Consider any possible change to any possible input value: from all possible input values any particular bit-change will produce all possible input values. Thus, any possible bit-change must produce the same overall expectation.) 4.11 THEOREM: (No special output bits.) Each output bit from a complete invertible substitution has exactly the same change expectation as any other output bit. (Proof: See 2.6.) 4.12 THEOREM: (Not a random function.) An invertible substitution cannot be a random function. (Proof: Suppose a value is selected for placement somewhere in a substitution. Since an invertible substitution cannot allow another occurrence of that same value, other values cannot be selected independently.) 4.13 DEFINITION: In a KEYED substitution the substitute element values have been permuted or re-arranged as a function of some key value or function. 4.14 THEOREM: (Reconstruction requires information linking output values to input values.) An unknown invertible substitution cannot be resolved without simultaneous information about both the input value or position and the output value. (Proof: To the extent that a particular substitution can be said to have an identity, that identity is the relation between substitute values and their position. This relation is both necessary and sufficient to define the substitution.) 5. BIT MIXERS ============= 5.1 DEFINITION: A BIT-MIXER combines multiple input bits such that each output value is defined by each and every input bit. 5.2 THEOREM: An invertible substitution is a bit-mixer. (Proof: Each and every input bit can select between two different input code values. Any input value change into an invertible substitution must necessarily select a different output value. Thus, the output value, and every bit in the output value, inherently depends upon each and every bit of the input value.) 6. BLOCK CIPHERS ================ 6.1 DEFINITION: A CIPHER is a keyed invertible translation from a plaintext element to a ciphertext element. 6.2 THEOREM: A CIPHER is a keyed invertible substitution. (Proof: For "translation" read "substitution.") 6.3 DEFINITION: A BLOCK cipher is a cipher in which the size of the code element is prohibitively large to be exhaustively explored. 6.4 THEOREM: (Not a random function.) No static block cipher can be a random function. (Proof: A cipher must be an invertible function, and no invertible function can have elements which are independent.) 6.5 ASSERTION: (Just a large substitution.) There is no property of a block cipher which is not ideally modelled by a substitution table of appropriate size containing a key-selected permutation of the possible output values. (Invertibility argument: A permutation of the possible output values is just a re-arrangement of values, without duplication. As long as there are no duplicate output values, the substitution is invertible.) (Avalanche argument: Avalanche is an expected property of an invertible substitution (4.9).) 7. BLOCK MIXING TRANSFORMS ========================= 7.1 DEFINITION: A BLOCK MIXING TRANSFORM is a mapping from multiple input code values to the same number of output code values, in which: 1. (Invertible.) The mapping is invertible. (Every possible input will imply a different output, and every possible output will imply a different input.) 2. (Each Output a Function of All Inputs.) Every output code value is a function of all input code values. 3. (Changes Propagate to All Outputs.) Any change to any one of the input code values will change all of the output code values. 4. (Balance and Input Independence.) Stepping any input through all possible values (with the other inputs held fixed) will step every output through all possible values. 7.2 ASSERTION: (We have a finite field.) Mod-2 polynomials modulo some irreducible polynomial p generate a finite field. (Comment: Proofs can use algebra.) 7.3 THEOREM: (Example block mixing transform.) The equations X = 3A + 2B = A + 2(A + B) Y = 2A + 3B = B + 2(A + B) and the inverse A = X + 2(X + Y) B = Y + 2(X + Y) mod 2 and mod p, where p is some mod 2 irreducible polynomial, represent a block mixing transform. (Inverse Proof: assume true, thus A = A + 2(A + B) + 2(A + 2(A + B) + B + 2(A + B)) = A + 2(A + B) + 2(A + B) = A and B = B + 2(A + B) + 2(A + 2(A + B) + B + 2(A + B)) = B + 2(A + B) + 2(A + B) = B which are both correct, so the inverse does exist for any polynomials X and Y.) (Function Proof: the equations for output code X includes both input code values A and B, so X is a function of both input codes. Y reasons similarly.) (Change Propagation Proof: First consider one term of one output block equation: Suppose some change C is added to A: X = 3A + 2B (mod 2, mod p) X' = 3(A+C) + 2B X' = 3A + 3C + 2B dX = X' - X = 3C So, for any non-zero change, X has changed. Similar reasoning covers the other term, and the other equation.) (Balance Proof: Suppose not. Assuming A is fixed, then there must be two different values, B and B', which produce the same X: X = 3A + 2B = 3A + 2B' so X + 3A = 2B = 2B' which implies that B = B' a contradiction. Fixing B or working on the other block reason similarly.) 7.4 THEOREM: It is easy to manipulate both input blocks to a block mixing transform so as to fix one of the output blocks at a constant value. (Proof: Just inverse-transform the desired output blocks.) 7.5 ASSERTION: A block cipher can be used as a block mixing transform. (Method: Just divide the input block and output block into smaller "sub-blocks.") (Inverse Proof: A block cipher is invertible (6.1) and (6.3).) (Function Proof: To the extent that the block cipher can be considered an invertible substitution, each output bit is a function of each input bit (4.5), so each sub-block result is certainly a function of all sub-block input values.) (Change Propagation Argument: In a statistical sense, assuming substantial sub-blocks, each sub-block is extremely likely to change for any input change whatsoever (2.9).) (Balance Argument: In a statistical sense, over all possible inputs and all possible keys, any output value is equally likely, so any set of input changes is likely to produce a statistically-balanced result.) 8. 1X FENCED DES STRUCTURES ========================= 8.1 DEFINITION: A 1X INPUT-FENCED DES STRUCTURE is a 64-bit- wide construct consisting of eight keyed invertible byte- substitutions feeding a single DES ciphering: S S S S S S S S ------DES------ 8.2 THEOREM: Any data change whatsoever into a 1x input-fenced DES structure will produce a different result, and is expected to change about half of the output bits. (Proof: Every bit in the input block enters some small substitution which selects a keyed or arbitrary value from its set of output codes. Any input-change into an invertible substitution is is guaranteed to produce a change to at least one output bit (4.5). We model the DES ciphering as a large invertible substitution (6.5), and so expect that any change to the input will select a different output code value, which is likely to change about half of the output bits (4.7).) 8.3 DEFINITION: A 1X OUTPUT-FENCED DES STRUCTURE is a 64-bit-wide construct consisting of a single DES ciphering and eight keyed invertible byte-substitutions on the output: ------DES------ S S S S S S S S 8.4 THEOREM: Any data change whatsoever into a 1x output-fenced DES structure is expected to change about half of the output bits. (Proof: We model the DES ciphering as a large invertible substitution (6.5) and expect that any change to the input will change about half the bits in the output value (4.7). Since every possible DES result may occur, there are no special bits or bit subsets (2.6). Each of the output substitutions samples a bit subset in which about half of the bits are expected to change. Any change into an output substitution will select a different output code value, thus changing about half of the output bits (4.7) in every output substitution, and, thus, the overall output.) (Comment: One time in 255 there is no change to an output substitution, which is exactly what is required for an even output distribution. ) 8.5 DEFINITION: A 1X FENCED DES CIPHER is a 64-bit-wide construct consisting of eight keyed invertible byte-substitutions on the input, a single DES ciphering, and eight keyed invertible byte-substitutions on the output: S S S S S S S S ------DES------ S S S S S S S S 8.6 THEOREM: (Avalanche.) In 1x Fenced DES, any change of even a single bit in the large input block can be expected to change about half the bits in the large output block. (Proof: See 8.2 and 8.4.) 8.7 THEOREM: (Invertibility.) A 1x Fenced DES cipher is invertible. (Proof: From the construction of 1x Fenced DES, the small input substitutions are invertible, as are the small output substitutions. DES is assumed to be invertible. Since all elements in sequence from input to output are separately invertible, the sequential combination of these elements must also be invertible.) 9. 2X FENCED DES STRUCTURES ============================ 9.1 DEFINITION: A 2X INPUT-FENCED DES STRUCTURE is a 128-bit- wide construct consisting of 16 keyed invertible byte-substitutions feeding a block mixing transform, which feeds two DES cipherings: S S S S S S S S S S S S S S S S --------------mix-------------- ------DES------ ------DES------ 9.2 THEOREM: Any data change whatsoever into a 2x input-fenced DES structure will produce a different result, and is expected to change about half of the output bits. (Proof: Any change into an invertible substitution is guaranteed to produce a change to at least one output bit (4.5). Any change to either input block of a two-block block mixing transform is guaranteed to produce a change to both output blocks (7.1.3). We model the DES cipherings as large invertible substitutions (6.5) and so expect that any change to the input will select a different output code value, which is likely to change about half of the output bits (4.7).) 9.3 DEFINITION: A 2X OUTPUT-FENCED DES STRUCTURE is a 128-bit- wide construct consisting of two DES cipherings which feed a two- block block mixing transform, which feeds 16 keyed invertible byte- substitutions. ------DES------ ------DES------ --------------mix-------------- S S S S S S S S S S S S S S S S 9.4 THEOREM: Any data change whatsoever into a 2x output-fenced DES structure is expected to change about half of the output bits. (Proof: We model the DES cipherings as large invertible substitutions (6.5) and expect that any change to their inputs will select a different output value from all possible output values (4.5). Since any DES result is possible, any value is possible from both block mixing transform outputs (7.1.4), so we expect about half of the output bits to change (4.7). Since any block mixing result value is possible, there are no special bits (2.6), and each of the output substitutions samples a bit subset in which about half of the bits are expected to change. Any change into an output substitution will select a different output code value, thus changing about half of the output bits (4.7) in every output substitution, and, thus, the overall output.) 9.5 DEFINITION: A 2X FENCED DES STRUCTURE is a 128-bit-wide construct consisting of 16 keyed invertible byte-substitutions which feed a block mixing transform which feeds two DES cipherings which feed another two-block block mixing transform, which feeds another 16 keyed invertible byte-substitutions: S S S S S S S S S S S S S S S S --------------mix-------------- ------DES------ ------DES------ --------------mix-------------- S S S S S S S S S S S S S S S S 9.6 THEOREM: (Avalanche.) In a 2x Fenced DES cipher, any change of even a single bit in the large input block can be expected to change about half the bits in the large output block. (Proof: See 9.2 and 9.4.) 9.7 THEOREM: (Invertibility.) A 2x Fenced DES cipher is invertible. (Proof: From the construction of 2x Fenced DES, the small input substitutions are invertible, as are the small output substitutions. The block mixing transform is invertible (7.1.1). DES is assumed to be invertible. Since all elements in sequence from input to output are separately invertible, the sequential combination of these elements must also be invertible.) 10. 4X FENCED DES STRUCTURES ============================ 10.1 DEFINITION: A 4X FENCED DES CIPHER is a 256-bit-wide construct consisting of 32 keyed invertible byte-substitutions feeding a block mixing transform with two 128-bit blocks, which then feeds two block mixing transforms each with two 64-bit blocks, which feed four DES cipherings. The DES results feed two block mixing transforms each with two 64-bit blocks, which feed a block mixing transform with 128-bit blocks, which feeds 32 more keyed invertible byte-substitutions. S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ------------------------------mix------------------------------ --------------mix-------------- --------------mix-------------- ------DES------ ------DES------ ------DES------ ------DES------ --------------mix-------------- --------------mix-------------- ------------------------------mix------------------------------ S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S 10.2 THEOREM: (Every input bit affects every DES ciphering.) In 4x Fenced DES, every bit in the large input block will affect at least one bit of the input to each of the DES cipherings. (Proof: Every bit in the large block enters some small substitution. Any input-change into a substitution is guaranteed to produce a change to at least one output bit (4.5). Any change into either side of the first-level block mixing transform is guaranteed to change both sides of the output (7.1.3), so some change is guaranteed to be present in the input of both next-level block mixing transforms. Again, any change anywhere on those inputs is guaranteed to be present in both sides of both outputs, which are the inputs to each DES ciphering.) 10.3 THEOREM: (Each output bit is affected by every DES ciphering.) In 4x Fenced DES, any data change whatsoever into any of the four DES cipherings is expected to change about half of the output bits. (Proof: We model the DES cipherings as large invertible substitutions (6.5) and expect that any change to their inputs will select a different output value from all possible output values (4.5). Since any DES result is possible, any value is possible on both outputs of the first-level output block mixing transform (7.1.4). Any possible block mixing transform result can be produced by some BMT input, so any possible value can occur as the input to the second-level output block mixing transform. With any possible BMT input, every output will occur, so there are no special bits (2.6), and each of the output substitutions samples a bit subset in which about half of the bits are expected to change. Any change into an output substitution will select a different output code value, thus changing about half of the output bits (4.7) in every substitution, and, thus, the overall output.) 10.4 THEOREM: (Avalanche.) In 4x Fenced DES, any change of even a single bit in the large input block can be expected to change about half the bits in the large output block. (Proof: See 10.2 and 10.3.) 10.5 THEOREM: (Invertibility.) 4x Fenced DES is invertible. (Proof: From the construction of 4x Fenced DES, the small input substitutions are invertible, as are the small output substitutions. The block mixing transform is invertible (7.3.1). DES is assumed to be invertible. Since all elements in sequence from input to output are separately invertible, the sequential combination of these elements must also be invertible.) 11. 4X FENCED DES STRENGTH CHARACTERISTICS ========================================== 11.1 ASSERTION: (DES cipherings cannot be separated.) In 4x Fenced DES, it is not possible to isolate and work on a single DES ciphering unless the small input substitutions have first been resolved. (Argument: In order to key-search a single DES ciphering, it is necessary to develop the input and output value for that particular ciphering. The large input and output blocks are known, but the values sent to the internal cipherings are hidden by the input and output substitutions.) 11.2 ASSERTION: (Input substitutions cannot be separated.) In 4x Fenced DES, it is not possible to isolate and work on any one small input substitution unless all four of the DES keys and at least one element in each of the 32 small output substitutions have first been resolved. (Argument: Even though their input values are known, resolving the content of the small input substitutions requires some information about their output values. Since these values flow through the internal DES cipherings, if DES is effective, these values cannot be known without the DES keys. Further, each of the DES keys is required, since all of the DES cipherings combined produce the known output. There can be no statistical effects which identify particular values from the input substitutions, because any change of any number of bits whatsoever affects the large output block similarly. There can be no statistical effects which isolate individual input substitutions because each input substitution has the same effect on the large output block. Any change whatsoever from any input substitution changes about half the bits in the output block, making statistical issues about the content of the substitutions completely irrelevant.) 11.3 ASSERTION: (Output substitutions cannot be separated.) In 4x Fenced DES, it is not possible to isolate and work on any one small output substitution unless all four of the DES keys and at least one element in each of the 32 small input substitutions have first been resolved. (Argument: Even though their output values are known, resolving the content of the small output substitutions requires some information about their input values. Since the input values flow from the internal DES cipherings, if DES is effective, these values cannot be known without the DES keys. Further, each of the DES keys is required, since each DES ciphering affects all of the output substitutions. There can be no statistical effects which identify particular input values to the output substitutions, because any change of any number of bits whatsoever affects the output from the substitution similarly. There can be no statistical effects which isolate individual output substitutions, because each of their input values come from the the output of the DES cipherings, and these values are "random like." So there can be no statistic to use for attack.) 12. FENCED DES EXPECTED STRENGTH ================================ 12.1 THEOREM: (Absolute minimum strength of 1x Fenced DES.) Assuming a known-plaintext attack, further assuming that all the input and output substitutions are known, if DES has a strength of 56 bits, the 1x Fenced DES construct has a keyspace of 56 bits. (Proof: All data flows through each layer; if the input and output substitutions are known, they do not confuse the data, but they also do not undo whatever confusion DES provides.) 12.2 ASSERTION: (Expected strength of the substitution layers in 1x Fenced DES.) Assuming a known-plaintext attack, and further assuming that the DES key is known, the 1x Fenced DES construct has a keyspace exceeding 64 bits. (Argument: The overall input is known, so the small input substitution _positions_ are all known; the uncertainty lies wholly in the _values_ at those positions. There are 256 possible values at the known position for each of eight input substitutions, for 256**8, or 2**64 possibilities. (A 63-bit expectation.) The uncertainty in the output substitution positions is the same, but the input and output substitutions are not independent: Since the DES key is known, defining the input substitutions implies what the output substitutions must be (or vise versa), so only one substitution level contributes to the keyspace. When working on the small input substitutions, the individual substitutions are independent: If even one of the input substitute values is wrong, we expect that half of the DES result bits will be wrong, which will imply wrong positions for most output substitutions. The process is similar if we choose to work on the output substitutions instead. A 64-bit keysearch is guaranteed to identify one element in each of the eight small input substitutions (for example). Then, assuming infinite known-plaintext, we just look for data blocks which are the same as the solved block in seven of the eight bytes. For each possible value of the eighth byte we can easily try each of the 254, 253,..., 2 remaining values (which will implicitly define many of the output substitutions) at almost no cost beyond holding and finding appropriate messages. With only a limited amount of known-plaintext there will be fewer if any messages which differ in just one byte, few if any quick byte searches, and many more-substantial searches until the input substitutions are filled in.) (Comment: DES with a known key is an example of a block mixing transform with absolutely no strength at all by itself, which nevertheless adds strength through bit mixing.) 12.3 ASSERTION: (Expected strength of 1x Fenced DES.) Assuming a known-plaintext attack, the 1x Fenced DES construct has a keyspace exceeding 120 bits. (Argument: When the DES key is known, the strength is 64 bits; the unknown DES key adds 56 bits more, for a total of 120 bits. (This is 2**64 times the complexity of DES.) It is not possible to separate the substitution layers from the cipher layer and so work on either independently, because the data flows through both. In addition, each DES operation is a function of every input bit (8.2) and each output bit is a function of every DES output (8.4), so individual DES operations cannot be isolated by particular input or output bits. A 120-bit keysearch will identify the DES key and one element in each of the eight small substitutions, and then we need to fill out the rest of each substitution as above.) 12.4 THEOREM: (Absolute minimum strength of 4x Fenced DES.) Assuming a known-plaintext attack, further assuming that all the input and output substitutions are known, if DES has a strength of 56 bits, the 4x Fenced DES construct has a keyspace exceeding 56 bits. (Proof: All data flows through each layer. The information content of the data is 256 bits; to recover that data, all four DES operations must be solved. Even if we assume that some aspect of the construction allows the DES operations to be solved separately, the resulting strength is still somewhat more than a single DES cipher.) 12.5 ASSERTION: (Expected strength of separated 4x Fenced DES.) Assuming a known-plaintext attack, and assuming that the internal ciphers _can_ be isolated and worked on separately, the 4x Fenced DES construct has an overall keyspace of not less than 120 bits. (Argument: The substitution and ciphering occur in series, consequently, at least one eight-byte substitution (input or output) and one DES ciphering must be solved simultaneously, even if the block mixing transform fails.) 12.6 ASSERTION: (Expected strength of 4x Fenced DES.) Assuming a known-plaintext attack, and assuming that the internal ciphers _cannot_ be isolated and worked on separately, the 4x Fenced DES construct has an overall keyspace exceeding 480 bits. (Argument: The small substitutions (input or output) jointly contribute 256 bits, and the four DES keys contribute 224 bits for a total of 480 bits. That is, searching a 480-bit keyspace will solve the system for a particular input (or output) block. This identifies the DES keys, but only solves 1/256th of each of 32 substitutions. Once the system is solved for a particular block, the 255 other entries in each of 32 substitutions must be filled in to completely solve the cipher.) Results It appears that Fenced DES can reasonably be proven to be an invertible block cipher which has the avalanche property (provided, of course, that DES has that property) with a strength at least that of DES itself. Reasonable-sounding arguments suggest that the internal ciphers cannot be separated and worked on independently, and that the resulting cipher has substantial strength. It would be nice to tighten this up; any and all suggestions are welcome. Appendix Some Fenced DES constructions: 1x Fenced DES S S S S S S S S ------DES------ S S S S S S S S 2x Fenced DES S S S S S S S S S S S S S S S S --------------mix-------------- ------DES------ ------DES------ --------------mix-------------- S S S S S S S S S S S S S S S S 4x Construct with 1x Strength S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ------DES------ ------DES------ ------DES------ ------DES------ S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S Original 4x Fenced DES S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S --------------mix-------------- --------------mix-------------- ------------------------------mix------------------------------ ------DES------ ------DES------ ------DES------ ------DES------ ------------------------------mix------------------------------ --------------mix-------------- --------------mix-------------- S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S Current 4x Fenced DES S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S ------------------------------mix------------------------------ --------------mix-------------- --------------mix-------------- ------DES------ ------DES------ ------DES------ ------DES------ --------------mix-------------- --------------mix-------------- ------------------------------mix------------------------------ S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S 4x Fenced DES with Less Storage and Strength (A..H and S..Z represent 16 keyed byte-substitutions, each used four times.) A B C D E F G H A B C D E F G H A B C D E F G H A B C D E F G H ------------------------------mix------------------------------ --------------mix-------------- --------------mix-------------- ------DES------ ------DES------ ------DES------ ------DES------ --------------mix-------------- --------------mix-------------- ------------------------------mix------------------------------ S T U V W X Y Z S T U V W X Y Z S T U V W X Y Z S T U V W X Y Z --- Terry Ritter ritter at io.com From bart at netcom.com Thu May 26 11:23:14 1994 From: bart at netcom.com (Harry Bartholomew) Date: Thu, 26 May 94 11:23:14 PDT Subject: WNSTORM on wuarchive.wustl.edu In-Reply-To: <9405260406.AA07025@prism.poly.edu> Message-ID: <199405261823.LAA11342@netcom.com> > > I've just uploaded wnstorm to wuarchive.wustl.edu in the /pub/wns directory. > I don't know if others can see it yet, but give it a try. > > I've been getting the following reply from wuarchive since 2 A.M. >ncftp wuarchive.wustl.edu:pub/wns Sorry, there are too many anonymous FTP users using the system at this time. Please try again in a few minutes. There is currently a limit of 175 anonymous users. Yes, there REALLY are that many users on wuarchive -- this message is not the result of a bug. User anonymous access denied. Login failed. and I don't believe it. I would suggest, where I got it, ncftp soda.berkeley.edu:pub/cypherpunks/crypto From banisar at washofc.epic.org Thu May 26 11:46:34 1994 From: banisar at washofc.epic.org (Dave Banisar) Date: Thu, 26 May 94 11:46:34 PDT Subject: Digicash PR Message-ID: <00541.2852807796.6017@washofc.epic.org> Date 5/26/94 Subject Digicash PR From Dave Banisar To Cypherpunks List Digicash PR Thought this might be of some interest. dave --------------------------------------------------------------- DIGICASH PRESS RELEASE World's first electronic cash payment over computer networks. ============================================================= FOR IMMEDIATE RELEASE (Release Date: May 27, 1994) ---------------------------------------------------------------------- Payment from any personal computer to any other workstation, over email or Internet, has been demonstrated for the first time, using electronic cash technology. "You can pay for access to a database, buy software or a newsletter by email, play a computer game over the net, receive $5 owed you by a friend, or just order a pizza. The possibilities are truly unlimited" according to David Chaum, Managing Director of DigiCash TM, who announced and demonstrated the product during his keynote address at the first conference on the World Wide Web, in Geneva this week. Electronic cash has the privacy of paper cash, while achieving the high security required for electronic network environments exclusively through innovations in public key cryptography. "It's the first software only solution. In the past we've pioneered such cash for chip cards and electronic wallets, always with a tamper-resistant chip for storing the value--now all you have to do is download the software and you're up and running" continues Dr. Chaum. The product works with Microsoft(R) Windows TM, Macintosh TM, and most UNIX TM platforms. It was shown integrated with Mosaic, the most popular software for people accessing databases, email, or other services on the Internet and World Wide Web. The graphic user interface allows intuitive "dragging and dropping" of icons representing stacks of coins, receipts, record books, etc. The company will be supplying the technology through other firms who will release the products, under various cooperation and trial programs. The user software, which allows both paying and receiving payment, will be distributed free of charge. The product was developed by DigiCash TM Corporation's wholly owned Dutch subsidiary, DigiCash TM BV. It is related to the firm's earlier released product for road pricing, which has been licensed to Amtech TM Corporation, of Dallas, Texas, worldwide leader in automatic road toll collection. This system allows privacy protected payments for road use at full highway speed from a smart card reader affixed to the inside of a vehicle. Also related is the approach of the EU supported CAFE project, of which Dr. Chaum is Chairman, which uses tamper-resistant chips inserted into electronic wallets. The underlying 'blind signature' technology was described in the article "Achieving Electronic Privacy," by David Chaum, Scientific American, August 1992. ---------------------------------------------------------------------- For more information contact: DigiCash bv info at digicash.nl Kruislaan 419 tel +31 20 665 2611 1098 VA Amsterdam fax +31 20 668 5486 The Netherlands ---------------------------------------------------------------------- From lile at netcom.com Thu May 26 12:09:43 1994 From: lile at netcom.com (Lile Elam) Date: Thu, 26 May 94 12:09:43 PDT Subject: PGP 2.6 is dangerous in the long term ? Message-ID: <199405261909.MAA18622@netcom.com> >Russell Nelson says: >> Date: Wed, 25 May 94 10:25:30 -0700 >> From: hughes at ah.com (Eric Hughes) >> >> You have to assume that RSA isn't being run by idiots. Either they're >> looking at closing their doors in seven years, or they've got a plan. >> >> I asked Jim Bidzos about this last year. He told me they're planning >> on becoming a supplier of cryptography code and expertise. >> >> If they had expertise, they wouldn't need patents. > >Make no mistake, they have expertise. As much as we like to denegrate >them, they are responsible for several algorithms we all use every >day, like MD5. > >That said, I agree that the patents are unsavory. However, none of us >thus far have shown the testicular fortitude to challenge any of them. > >Perry > Such software patents really need to be challenged, If you are interested in helping, please contact the LPF (League for Programming Freedom). I'll send their addr shortly.... By the way, I re-subscribed myself to this list last night. Thanks for all the great notes. :) -lile ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lile Elam | "Remember... No matter where you go, there you are." lile at netcom.com | Un*x Admin / Artist | Buckaroo Banzai ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From rjc at gnu.ai.mit.edu Thu May 26 12:17:29 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Thu, 26 May 94 12:17:29 PDT Subject: Factoring with a quantum computer (Citation) Message-ID: <9405261916.AA03666@geech.gnu.ai.mit.edu> James A. Donald (jamesd at netcom.com) writes: > persuasion to get him to put up the pot. Alas, Michael was > not willing to let the pot for the bet go outside the > control of him or these dubious people. Eventually I > resorted to a vigorous attempt to shame him into putting up > the money. > > My unkind comments concerning Michael and his pals > eventually resulted in me being expelled from the > Extropians list, for flaming Michael and defaming the Exi > board. First let me explain something to people who don't know. The extropians list has a legal arbitration system to help keep down flames. We have rules against bringing verbal assaults into heated debates so that if you feel someone is insulting you, you may 'press charges'. If evidence is presented, the person usually gets a warning. 3 warnings and your posting privileges get revoked for a period between 24-72 hours to allow a 'cool down' period on the list. This was implemented out of neccessity because the list was averaging between 150 to 300 messages a day with most of those coming from only a handful of people. A common way of resolving a standoff debate on the Extropians list is to put your money where your mouth is -- a bet. This causes someone to get off their lazy ass and go look up the citation and present it to the list for judgement of the bet. Michael suggested having the bet held by the treasury of Extropy, Inc, the non-profit which runs the list. Extropy, Inc. has *never* been accused of financial impropriety with people's funds. They run an honest operation with far more altruism than libertarians should bear (e.g. the board members go into debt to maintain service to extropians even when revenues are low) James Donald insinuated that some board members were dishonest, *BUT*, he was not kicked off for this. Michael and one of the board members pressed charges under our flaming/insult rule and James had his posting suspended for some period (a few days, 72 hours I think) Usually, we rely on an honor code to enforce posting priveleges. We do not software block punished people from posting, but rely on their honor and fairness to commit themselves to arbitration. Donald didn't stop posting, so he had his priveleges turned off in software. He still wasn't "deleted' (kicked off from the list) The final act which led to his removal was that he circumvented the list security system by forging the headers of his message so as to appear to be Perry Metzger. This is a serious offense on the list software we run because each user has database information associated with their account, and our software is pay-for-use. Posting under someone else's account corrupts the list statistics, deducts list credits from their account, and could, depending on software limits set, use up their daily posting quota. For the act of forgery, James Donald was deleted and for no other reason. Extropy, Inc. has given Harry S. Hawk full autonomy in managing the list. The board can not kick off people just because they hate them, which the board didn't hate James Donald anyway. He started and esclated innuendo for no reason whatsoever. The legal system has been used rarely since and things are relatively calm now. If James Donald thinks he was kicked off because the list owners hated him, he is sadly mistaken. He should have honored the legal judgement and restrained himself from posting/flaming for the time limit set. Furthermore, he shouldn't have forged headers especially since it wastes my time when I have to go manually correct people's accounts. disclaimer: I hold no animosity towards James Donald, I hardly know him. I am merely stating what I recall as the historical record since I am the one who manages the software engineering side of the list. -Ray From sandfort at crl.com Thu May 26 12:41:56 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 26 May 94 12:41:56 PDT Subject: Unicorn vs.... In-Reply-To: <9405261716.AA28738@runner.utsa.edu> Message-ID: C'punks, On Thu, 26 May 1994, David L Womack wrote: > I have to support Black Unicorn's use of the courts. > Really, what choices were available? > . . . > e) Sue the guy. It's legal, it's easy, and it get's people's > attention. > > So, I, for one, think Black Unicorn took the best and most > reasonable approach. I'd be very interested in which course > (or some other undefined course I didn't think of) that > the anarchists feel would be reasonable... > . . . Well, I'm an anarchist and I would have no *philosophical* problem with pursuing redress in the king's court. It is because I am an anarchist that I don't impute any special status to "government." "Government" is just the term we use for one particular form of collective force. I would use it in the same way I would use an oncoming truck; if someone were trying to mug me, I would consider pushing them in front of the truck. It would just be a handy tool to be employed for self-defense. So to the government often is useful as a handy blunt instrument to keep other forms of muggers at bay. Now in actuality, I have grave *practical* reservations about using the government in this way. It is hard not to get entangled once one begins to dance with the devil. Now ask me if I would have any philosophical objection to taking welfare. S a n d y From jim at bilbo.suite.com Thu May 26 12:49:50 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 26 May 94 12:49:50 PDT Subject: RSA's "Sink Clipper" poster Message-ID: <9405261948.AA16631@bilbo.suite.com> On May 20th, Bob Snyder mentioned he got a free anti-Clipper poster from RSA. Interested, I sent an e-mail to info at rsa.com asking how I could get one of the posters (I included my business mailing address). Kurt Stammberger from RSA replied "We'll send you one!" A tube with three of the posters arrived today. If anyone else want a poster, all you need to do is ask RSA. Jim_Miller at suite.com From tcmay at netcom.com Thu May 26 13:16:24 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 26 May 94 13:16:24 PDT Subject: Extropians Justice--some comments In-Reply-To: <9405261916.AA03666@geech.gnu.ai.mit.edu> Message-ID: <199405262016.NAA27043@netcom.com> What the hell does the Extropians list justice system have to do with the Cyperpunks list?, I hear many of you asking. It has to do with alternative (to government) justice, reputations, the handling of flames, and other issues related to crypto anarchich systems that are by nature outside the scope of conventional governmental systems. Flames on this list are (fortunately) rare, but still occur. And the recent Black Unicorn vs. Detweiler dispute shows that the conventional legal system can come into play. In any case, I spent 19 months on the Extropians list and was an active poster, so I have some direct observations to make. I hope they have some relevance to our own list. Most of my comments will be based on the material Ram Cromwell writes: > First let me explain something to people who don't know. The extropians > list has a legal arbitration system to help keep down flames. We have > rules against bringing verbal assaults into heated debates so that > if you feel someone is insulting you, you may 'press charges'. If > evidence is presented, the person usually gets a warning. 3 warnings > and your posting privileges get revoked for a period between 24-72 hours > to allow a 'cool down' period on the list. This was implemented out > of neccessity because the list was averaging between 150 to 300 > messages a day with most of those coming from only a handful of > people. Ironically, I found that the legal code *caused* many flames, for various reasons. This is my interpretation, and I "assign credit" (in genetic programming terms) for dozens of flames between various parties to the existence of a legal code that encouraged/facillitated the filing of charges and countercharges, the issuance of warnings and other judgements, and the seemingly endless debate about all of these issues, as well as of the charges. In my view, the Extropians justice system, especially as I saw it in the last several months on the list (I left in January, 1994), was an interesting experiment, but ultimately flawed, causing many times more problems as it solved. (Sort of like the real world court system, eh?) > A common way of resolving a standoff debate on the Extropians list > is to put your money where your mouth is -- a bet. This causes someone > to get off their lazy ass and go look up the citation and present it With due respect for Ray here, this worked better in theory than in practice. The issuance of a challenge typically resulted in each side firing new volleys of charges, of clarifications, and of boring public debate about the terms, judgement criteria, who would hold the money, etc. Ad nauseum. I recall only one fairly positive example: some bet whose details I have mercifully forgotten that involved Robin Hanson (sometimes of this list). I recall that whoever lost made a statement of this, and may have even paid up. (But maybe not.) In all the other cases I saw, the "challenge" floated around for a while, got interpreted and reinterpreted over and over again, caused others to choose sides, and ultimately just kind of fizzled out. I was once asked to be a judge in one of these stupid, unresolvable debates about quantum computers (like we're gonna see one built, right?). I declined. No interest, and pointless. (Quantum computers are an interesting conceptual topic, but of zero practical interest in this century or the next. My "Russians Break RSA" satire is about all the sue I see for this stuff.) Consider this experience a data point. I'd be interesting in hearing about more recent experiences, espeically positive ones, but my observations lead me to suspect there are few. Just because the "theory" says these bets should uncover Truth and Fairness doesn't make it so. Decision Duels and Fact Forums are not with us yet. The best way to dismiss bogus claims is to ignore them. > The final act which led to his removal was that he circumvented > the list security system by forging the headers of his message > so as to appear to be Perry Metzger. This is a serious offense > on the list software we run because each user has database information > associated with their account, and our software is pay-for-use. > Posting under someone else's account corrupts the list statistics, > deducts list credits from their account, and could, depending on software > limits set, use up their daily posting quota. Yep, I saw this and was pretty surprised to see such forgery, I can't say who it was who did, as I didn't follow the details. > For the act of forgery, James Donald was deleted and for no other > reason. Extropy, Inc. has given Harry S. Hawk full autonomy in managing By the way, so far as I am aware, *nobody* has ever been kicked off the Cypherpunks list. Not even Detweiler, who asked to be removed last Novemeber or so, as he was entering his terminal phase. > The legal system has been used rarely since and things are relatively > calm now. There may be a lesson here. A formal legal code encourages "law hacking" by those with an axe to grind. A formal system which attempts to cover all possibilities encourages incompleteness, loopholes. (This is often analyzed as being the result of Goedel's Theorem, which I suppose it is in an informal sense :-}.) I like the Cypherpunks system a lot better. Instead of bogging down in claims, charges, formal bets, adjudication, appeals, etc., there are relatively few if any rules. Somehow the turkeys end up leaving. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mpd at netcom.com Thu May 26 13:28:27 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 26 May 94 13:28:27 PDT Subject: Unicorn vs.... In-Reply-To: <9405261716.AA28738@runner.utsa.edu> Message-ID: <199405262028.NAA05462@netcom.com> > I have to support Black Unicorn's use of the courts. > Really, what choices were available? > So, I, for one, think Black Unicorn took the best and most > reasonable approach. I'd be very interested in which course > (or some other undefined course I didn't think of) that > the anarchists feel would be reasonable... Let's see. I didn't read the thread in question but am reasonably familiar with the unsavory debating tactics of Mr. Tmp from other discussions. As I understand it, Mr. Unicorn and Mr. Tmp, their true identities safely concealed behind their respective handles, engaged in a minor flame war and major ass-kicking contest related to the topics of crypto, privacy, and nasty authoritarian governments. Mr. Tmp, following his usual modus operandi, engaged in some reasonably clever hand-waving, out-of-context quoting, misdirection, and misrepresentation at the expense of a number of people, including Mr. Unicorn. All this would have been water under the bridge were it not for the fact that Mr. Unicorn, who is wont to travel in circles considerably more conservative than most of his political writings, inadvertantly disclosed his identity in the thread while showing a friend how to use Usenet. Certainly this blunder was no fault of Mr. Tmp. Ultimately, as a consequence of this leak, certain business associates of Mr. Unicorn, with no knowlege of Usenet or the context of the discussion, were exposed to portions of it and the identity of Mr. Unicorn was disclosed. Again no fault of Mr. Tmp. Said business associates, being relatively anal upper-class European types with a great respect for authority, were singularly unamused by Mr. Unicorn's political views and the even worse things falsely attributed to him by Mr. Tmp in the heat of discussion. Mr. Unicorn became worried that his business might suffer as a consequence. Since I personally believe that one should not discriminate in doing business based on someones political beliefs, I would certainly characterize this as a moral failure on the part of Mr. Unicorn's business associates, and not the fault of Mr. Tmp. Finally, Mr. Unicorn, mustering all the legal and financial resources at his disposal, threatens to skewer Mr. Tmp for alleged libel, and Mr. Tmp, lacking similar resources and unable to risk a courtroom defeat, is forced to go on Usenet and publicly eat you-know-what with a large wooden spoon. Since Mr. Tmp is not well-liked in the Cypherpunk community, response to this sorted tale consists mostly of praise for Mr. Unicorn, and silence by those who might have been critical, but who don't want Mr. Unicorn to treat them the same way. I don't think there are any heros in this story. I think it is a dark day for freedom of expression in general and Usenet in particular. In the past, I have engaged in lots of heated discussions on many hot-button topics, on Usenet and in many other forums, sometimes under my own name, and occasionally under a pseudonym. I have been called many vile things along the way, and have had my views on occasion misrepresented far more cleverly than Mr. Tmp could imagine or articulate. Nonetheless, if I found myself losing work because an unpopular view of mine came to light, filing a lawsuit against another Usenet poster would be just about the last thing I would think of doing. Particularly if the discussion took place under a pseudonym and I was the person who had broken my own anonymity. Antics like this threaten the entire concept of Usenet as a reputation-based cooperative anarchy. The solution to Mr. Tmp is to put him in your killfile, not sue him into submission. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From wex at media.mit.edu Thu May 26 13:29:47 1994 From: wex at media.mit.edu (Alan Wexelblat) Date: Thu, 26 May 94 13:29:47 PDT Subject: MIT TOC SEMINAR-MORRIS/UNKENHOLZ, NSA--Thursday-June 2--2:30pm Message-ID: <9405262029.AA11882@spike.media.mit.edu> [I'm going to be out of the country for this talk -- would someone who attends please email me a summary if anything is posted to the list? I'm still not on the list. --AW] > MIT TOC SEMINAR > > Thursday, June 2, 1994 > > Refreshments at 2:15pm, Talk at 2:30pm in NE43-518 > > Title: ``ESCROW ENCRYPTION'' > > by S. Brent Morris and Mark Unkenholz > National Security Agency > > ABSTRACT > >The Escrow Encryption Standard is the new federal standard for >securing sensitive but unclassified information. It could possibly >replace the Data Encryption Standard (DES). This talk will provide a >technical overview of the Escrow Encryption Standard, the external >features of the Skipjack algorithm, and its two current >implementations, the Clipper and Capstone chips. > >Host: Silvio Micali From pauls at dcs.rhbnc.ac.uk Thu May 26 13:35:26 1994 From: pauls at dcs.rhbnc.ac.uk (Paul K. Strong) Date: Thu, 26 May 94 13:35:26 PDT Subject: creating a v2.6 of PGP for the REST of us! Message-ID: <24363.9405262031@lt1.cs.rhbnc.ac.uk.> If patches are going to be produced for PGP 2.3a for those of us outside the USA who wish to send PGP encrypted data to USA users of v2.6, will the patches also enable a key from a patched 2.3a to be put onto a USA key-server that only accepts v2.6 keys - will the keys be labelled as v2.6? I take it Pr0duct Cypher's patch doesn't include this? Maybe instead of many people producing different patches (some of which will be good and some bad) a new version (labelled as v2.6euro?) should be released from outside the USA that is derived from 2.3a code; therefore producing a version that is no different in _appearance_ to MIT's v2.6. The point being that an 'ALL-NEW-SUPER-DUPER' version may attract more attention outside the USA than, as some may view it, 'just a pointless patch' would do. Also, some ftp sites and bulletin boards outside the USA don't like carrying software that was illegally exported. A special non-USA version of 2.6 would allow everyone to be happy and compatible. Wouldn't this create a unified world of compatible PGP users? *************************************************************************** * Paul Strong Witty one-liner coming soon! * * * * pauls at dcs.rhbnc.ac.uk Finger for PGP v2.3a public key * *************************************************************************** From stjude at well.sf.ca.us Thu May 26 13:47:54 1994 From: stjude at well.sf.ca.us (Judith Milhon) Date: Thu, 26 May 94 13:47:54 PDT Subject: fwd from digicash... Message-ID: <199405262047.NAA00035@well.sf.ca.us> From jpp at jpplap.markv.com Thu May 26 14:11:30 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Thu, 26 May 94 14:11:30 PDT Subject: Graph isomorphism based PK cryptosystems? In-Reply-To: <9405250008.AA01719@toad.com> Message-ID: > Date: Tue, 24 May 94 17:08:05 PDT > From: Eli Brandt > > Interesting. Have you tested it against the known methods for the > isomorphism problem? Van Leeuwen* references an O(n log n) > average-case algorithm, and ones that are pseudopolynomial w.r.t. > degree, genus, and treewidth. There are also methods based on > "signatures" (hash functions on graphs, basically); there's an O(n^2) > expected-time perfect signature, and an O(n) (worst-case?) one with > exponentially small failure rate. These might provide attacks, > though none solve the general problem. > * (in Handbook of Theo. Comp. Sci., Vol. A) No I haven't tested it against any known GI algorithm. Your references are all very interesting and I will investigate them. If you had a publisher handy, along with the city the publisher is in, I would happily phone them up and get a copy. But if not, I can operate a card catalog. > BTW, the graph isomorphism problem is not known to be NP-complete, > and van Leeuwen comments that there is some theoretical basis > for expecting it not to be. No, I didn't expect GI to be NP-complete at all. I expect rather that P < GI < NP. That is one of the reasons that GI is an interesting problem. Especialy because (as you point out) GI is amost always in P. In any case, my PK cryptosystem is not interesting except for the new complexity point. (Although, the general construction may be interesting.) I can prove that my cryptosystem has a level of security which is reduceable to GI, and GI to it. (The reduction is only in polynomial time. I will try to see about getting the slow parts down to O(n) time.) PGP will almost certainly never include my PK system as an alternative to RSA. For one thing it needs a k^3 to 1 expantion in communication costs for a security parameter of k. For another the 'fast' decrypt routine requires O(n^3) in the number of nodes in the graphs. But there is no known GI algorithm which is O(n^3) in general. (And if there is one for *my* graphs, then I will give you a polynomial time algorithm for all of GI.) > Eli ebrandt at hmc.edu From warlord at MIT.EDU Thu May 26 14:14:14 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 26 May 94 14:14:14 PDT Subject: Keyserver at pgp.mit.edu back in operation Message-ID: <9405262114.AA01997@toxicwaste.media.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- I am happy to announce that the keyserver at pgp.mit.edu is back in operation, due to the release of PGP 2.6. This server can be accessed by sending mail to the address pgp-public-keys at pgp.mit.edu. It will not accept keys labeled as coming from PGP versions less than 2.4. If you have any questions, send mail to the server with a subject of "help", and it will respond with the list of commands that it accepts. Enjoy! - -derek -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBuAgUBLeURuDh0K1zBsGrxAQFAgQLFEqT6ZPreM+dDkFjUaEdFVhKT2iE1cpF9 IPzvH/Sk8IFFJJOWGlbdAbvu+xPM4mljsLTJX1ireagGGmQC5qYXYTB6/CKbBF7E uB2jMHqwDM23uuMsBZNKoXQ= =VJYE -----END PGP SIGNATURE----- From jims at Central.KeyWest.MPGN.COM Thu May 26 14:16:20 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Thu, 26 May 94 14:16:20 PDT Subject: Unicorn vs.... In-Reply-To: <199405262028.NAA05462@netcom.com> Message-ID: <9405262115.AA15425@Central.KeyWest.MPGN.COM> > Said business associates, being relatively anal upper-class European > types with a great respect for authority, were singularly unamused by > Mr. Unicorn's political views and the even worse things falsely > attributed to him by Mr. Tmp in the heat of discussion. Mr. Unicorn The key is falsely attributed to him by tmp at netcom.com. > became worried that his business might suffer as a consequence. Since I > personally believe that one should not discriminate in doing business > based on someones political beliefs, I would certainly characterize this > as a moral failure on the part of Mr. Unicorn's business associates, and > not the fault of Mr. Tmp. Granted, tmp is not responsible for so called moral failures on the part of European business associates of Uni's BUT tmp IS responsible for damaging Uni's reputation by making it look as if he said things that tmp couldn't prove he had said. If Uni lost a 7 figure business deal because tmp attributed a comment to Uni that Uni didn't make then tmp is definitely guilty of damaging Uni's character and SHOULD be sued... The bottom line is that when you play on the net and flame each other that is one thing, but when your games cause someone's business and real-life character to be damaged then you are playing in the real world and the name of the game there is SUE, RESPONSIBILITY FOR YOUR ACTIONS, and TAKE THE CONSEQUENCES FOR YOUR ACTIONS. > Antics like this threaten the entire concept of Usenet as a > reputation-based cooperative anarchy. The solution to Mr. Tmp is to put > him in your killfile, not sue him into submission. Who defined the concept? I think of Usenet as a cooperative anarchy on the technological level of how it works, but as far as what people say I consider it to be a means of communication no different than speaking in public or on the telephone. If I say terrible things about you on a mail list message it should be no different than if I say it in a crowded room of your business associates. Putting tmp at netcom.com in a kill file will be fine if his influence on your world is confined to the screen, but when he starts costing you potentially millions of dollars it is an entirely different situation. I don't think that kill file of yours will pay Uni's house mortgage or food bill! I suppose we all could use this as an opportunity to see how well our anarchist, freedom of speech, privacy, encryption ideas mesh with the 'real world'. Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From barrett at daisy.ee.und.ac.za Thu May 26 14:25:30 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Thu, 26 May 94 14:25:30 PDT Subject: creating a v2.6 of PGP for the REST of us! In-Reply-To: <24363.9405262031@lt1.cs.rhbnc.ac.uk.> Message-ID: > If patches are going to be produced for PGP 2.3a for those of us > outside the USA who wish to send PGP encrypted data to USA users of > v2.6, will the patches also enable a key from a patched 2.3a to be put > onto a USA key-server that only accepts v2.6 keys - will the keys be > labelled as v2.6? I posted a patch to cypherpunks yesterday that does that. > I take it Pr0duct Cypher's patch doesn't include this? I don't think it does. > Maybe instead of many people producing different patches (some > of which will be good and some bad) a new version (labelled as > v2.6euro?) should be released from outside the USA that is derived > from 2.3a code; therefore producing a version that is no different in > _appearance_ to MIT's v2.6. mathew at mantis.co.uk is working my patch plus some other stuff into a brand new version to be called 2.6ui (where the "ui" stands for "unofficial international"). It will be packaged as a complete release, with .tar files and .zip files and .sig files etc. The raw patch file will also be there. --apb (Alan Barrett) From blancw at microsoft.com Thu May 26 14:34:15 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 26 May 94 14:34:15 PDT Subject: Unicorn vs.... Message-ID: <9405262035.AA20099@netmail2.microsoft.com> "I'd be very interested in which course (or some other undefined course I didn't think of) that the anarchists feel would be reasonable..." I would have considered the nature of the situation - of what it means to have one's words/pseudonymous email image reconfigured by someone whom everyone else on the net pretty much ignores, whose attacks increasingly deteriorate, whose rants are laughable, who argues in circles, and who replies to himself in public email. I would have addressed the circumstance in psychological, rather than legal, terms. Gingerly & carefully, as to a wild beast in the jungle, or to a fool on the highway. Blanc From rjc at gnu.ai.mit.edu Thu May 26 14:35:21 1994 From: rjc at gnu.ai.mit.edu (Ray) Date: Thu, 26 May 94 14:35:21 PDT Subject: Extropian Justice In-Reply-To: <199405262104.RAA25305@umbc9.umbc.edu> Message-ID: <9405262135.AA05871@geech.gnu.ai.mit.edu> Tim writes: > Most of my comments will be based on the material Ram Cromwell writes: > > > First let me explain something to people who don't know. The extropians > > list has a legal arbitration system to help keep down flames. We have > > rules against bringing verbal assaults into heated debates so that > > if you feel someone is insulting you, you may 'press charges'. If > > evidence is presented, the person usually gets a warning. 3 warnings > > and your posting privileges get revoked for a period between 24-72 hours > > to allow a 'cool down' period on the list. This was implemented out > > of neccessity because the list was averaging between 150 to 300 > > messages a day with most of those coming from only a handful of > > people. > > Ironically, I found that the legal code *caused* many flames, for > various reasons. This is my interpretation, and I "assign credit" (in > genetic programming terms) for dozens of flames between various > parties to the existence of a legal code that encouraged/facillitated > the filing of charges and countercharges, the issuance of warnings and > other judgements, and the seemingly endless debate about all of these > issues, as well as of the charges. All true, there was a "shakeout" in the legal system which caused huge debates over the fairness and objectivity of it. Everything has settled down since the commercialization of the list and since the big players have left. > > A common way of resolving a standoff debate on the Extropians list > > is to put your money where your mouth is -- a bet. This causes someone > > to get off their lazy ass and go look up the citation and present it > > With due respect for Ray here, this worked better in theory than in > practice. The issuance of a challenge typically resulted in each side > firing new volleys of charges, of clarifications, and of boring public > debate about the terms, judgement criteria, who would hold the money, > etc. Ad nauseum. I recall only one fairly positive example: some bet I agree that it worked better in theory than in practice, but it did seem to have the effect of shutting down a 'is so, is not, is so!, is not!' flame. For instance, Perry would often get involved in a discussion where each side was claiming a statistic and firmly standing by it without offering a reference. Perry would often end a thread like this by betting a huge sum of money that he was right. It seemed to me, that it often quieted the other person down. The claims might not have been resolved (because no one took up the bet), but the endless standoff of counter claims would end. Besides bets, there was Derek Zahn's accountability society which had one positive result and almost none of the negative flamage that bets had. > By the way, so far as I am aware, *nobody* has ever been kicked off > the Cypherpunks list. Not even Detweiler, who asked to be removed last > Novemeber or so, as he was entering his terminal phase. The disadvantage of this is that since your list software has no filtering capability, I must deal with a huge flood of messages everyday that Detweiler generates. For a simple list like majordomo, I think deleting trouble makers is a good short term solution. > There may be a lesson here. A formal legal code encourages "law > hacking" by those with an axe to grind. A formal system which attempts > to cover all possibilities encourages incompleteness, loopholes. (This > is often analyzed as being the result of Goedel's Theorem, which I > suppose it is in an informal sense :-}.) An interesting speculation. Legal systems are, after all, pretty close to being 'formal systems' Nobody ever said a legal system had to be consistent though. ;-) > I like the Cypherpunks system a lot better. Instead of bogging down in > claims, charges, formal bets, adjudication, appeals, etc., there are > relatively few if any rules. Somehow the turkeys end up leaving. With much heat and light generated in the meantime which is fine for some people, but irritating to others. Keeping in mind Coase's Theorem and Spontaneous Order, Harry and I are going beyond the idea of PPLs by attempting to create list software which allows 'personal justice', filtering, reputations, etc. We personally believe that the whitewater of noise which is out there now will become a tsunami when Joe Sixpack gets his 'entitled' account. The only way to defend yourself from this assault in cyberspace will be intelligent communications software. -Ray From loofbour at cis.ohio-state.edu Thu May 26 14:52:37 1994 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Thu, 26 May 94 14:52:37 PDT Subject: Extropian Justice In-Reply-To: <9405262135.AA05871@geech.gnu.ai.mit.edu> Message-ID: <199405262152.RAA02937@styracosaur.cis.ohio-state.edu> Ray writes: > Tim writes: > > Ironically, I found that the legal code *caused* many flames, for > > various reasons. This is my interpretation, and I "assign credit" (in > > genetic programming terms) for dozens of flames between various > > parties to the existence of a legal code that encouraged/facillitated > > the filing of charges and countercharges, the issuance of warnings and > > other judgements, and the seemingly endless debate about all of these > > issues, as well as of the charges. > > All true, there was a "shakeout" in the legal system which caused > huge debates over the fairness and objectivity of it. Everything > has settled down since the commercialization of the list and > since the big players have left. Well, gee, perhaps the commercialization of the Ext list is as much responsible for the end of the shakeout period than the use of clever list software. Since it's traditional to push the analogy to ridicule: I'd be more than happy to run a "$10,000 or 100 Tacky Tokens per year" mailing list. I'm guessing that I'll see very few debates on my list about the fairness of the system. > With much heat and light generated in the meantime which is fine > for some people, but irritating to others. Keeping in mind Coase's > Theorem and Spontaneous Order, Harry and I are going beyond the > idea of PPLs by attempting to create list software which allows > 'personal justice', filtering, reputations, etc. We personally > believe that the whitewater of noise which is out there now will > become a tsunami when Joe Sixpack gets his 'entitled' account. The > only way to defend yourself from this assault in cyberspace will be > intelligent communications software. Is intelligence alone a panacea? or is harsh economic reality really the motivating factor on the Ext list? I've seen a hundred posts in the last few days about the awful, horrible pay-per-byte services that doom the free Internet, but it doesn't change the fact that I'll think twice about paying two cents for the privilege of saying my two cents. nathan From mpd at netcom.com Thu May 26 14:56:58 1994 From: mpd at netcom.com (Mike Duvos) Date: Thu, 26 May 94 14:56:58 PDT Subject: Unicorn vs.... Message-ID: <199405262156.OAA29868@netcom.com> Jim Sewell writes: > Granted, tmp is not responsible for so called moral > failures on the part of European business associates of > Uni's BUT tmp IS responsible for damaging Uni's reputation > by making it look as if he said things that tmp couldn't > prove he had said. If Uni lost a 7 figure business deal > because tmp attributed a comment to Uni that Uni didn't > make then tmp is definitely guilty of damaging Uni's > character and SHOULD be sued... But tmp is only responsible for damaging the reputation of the pseudonym "Black Unicorn". This is not the same as damaging an actual person by name. If I am in a frivilous mood someday and post a tongue-in-cheek article on alt.hamsters.duct-tape under the pseudonym "Rodent Ravisher", I have little cause to complain that my real-life reputation has been ruined if someone misrepresents my views. If I am dense enough to publicly associate myself with the post, then perhaps I shouldn't complain when the Good Christians begin avoiding me and perhaps even hiding their hamsters when they see me passing by. In any case, it is certainly not the fault of the other flamers if my career goes down the tubes. > The bottom line is that when you play on the net and flame > each other that is one thing, but when your games cause > someone's business and real-life character to be damaged > then you are playing in the real world and the name of the > game there is SUE, RESPONSIBILITY FOR YOUR ACTIONS, and TAKE > THE CONSEQUENCES FOR YOUR ACTIONS. But flaming an anonymous identity is not the same as flaming a real-life person. Anonymous identities allow one a little vacation from having to be deadly serious all the time. And an opportunity to play Devil's Advocate with ideas that may not necessarily be ones own. Let's lighten up a little here. > I suppose we all could use this as an opportunity to see > how well our anarchist, freedom of speech, privacy, > encryption ideas mesh with the 'real world'. This IS the 'real world'. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From unicorn at access.digex.net Thu May 26 14:57:55 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 26 May 94 14:57:55 PDT Subject: Unicorn vs.... In-Reply-To: <199405262028.NAA05462@netcom.com> Message-ID: <199405262156.AA12407@access3.digex.net> Mike Duvos scripsit > > > I have to support Black Unicorn's use of the courts. > > Really, what choices were available? > > > So, I, for one, think Black Unicorn took the best and most > > reasonable approach. I'd be very interested in which course > > (or some other undefined course I didn't think of) that > > the anarchists feel would be reasonable... > > Let's see. I didn't read the thread in question but am reasonably > familiar with the unsavory debating tactics of Mr. Tmp from other > discussions. > > As I understand it, Mr. Unicorn and Mr. Tmp, their true identities safely > concealed behind their respective handles, engaged in a minor flame war > and major ass-kicking contest related to the topics of crypto, privacy, > and nasty authoritarian governments. Mr. Tmp, following his usual modus > operandi, engaged in some reasonably clever hand-waving, out-of-context > quoting, misdirection, and misrepresentation at the expense of a number > of people, including Mr. Unicorn. > > All this would have been water under the bridge were it not for the fact > that Mr. Unicorn, who is wont to travel in circles considerably more > conservative than most of his political writings, inadvertantly disclosed > his identity in the thread while showing a friend how to use Usenet. > Certainly this blunder was no fault of Mr. Tmp. > > Ultimately, as a consequence of this leak, certain business associates of > Mr. Unicorn, with no knowlege of Usenet or the context of the discussion, > were exposed to portions of it and the identity of Mr. Unicorn was > disclosed. Again no fault of Mr. Tmp. > > Said business associates, being relatively anal upper-class European > types with a great respect for authority, were singularly unamused by > Mr. Unicorn's political views and the even worse things falsely > attributed to him by Mr. Tmp in the heat of discussion. Mr. Unicorn > became worried that his business might suffer as a consequence. Since I > personally believe that one should not discriminate in doing business > based on someones political beliefs, I would certainly characterize this > as a moral failure on the part of Mr. Unicorn's business associates, and > not the fault of Mr. Tmp. > > Finally, Mr. Unicorn, mustering all the legal and financial resources at > his disposal, threatens to skewer Mr. Tmp for alleged libel, and Mr. Tmp, > lacking similar resources and unable to risk a courtroom defeat, is forced > to go on Usenet and publicly eat you-know-what with a large wooden spoon. > > Since Mr. Tmp is not well-liked in the Cypherpunk community, response to > this sorted tale consists mostly of praise for Mr. Unicorn, and silence > by those who might have been critical, but who don't want Mr. Unicorn to > treat them the same way. > > I don't think there are any heros in this story. I think it is a dark > day for freedom of expression in general and Usenet in particular. > > In the past, I have engaged in lots of heated discussions on many > hot-button topics, on Usenet and in many other forums, sometimes under my > own name, and occasionally under a pseudonym. I have been called many > vile things along the way, and have had my views on occasion > misrepresented far more cleverly than Mr. Tmp could imagine or articulate. > > Nonetheless, if I found myself losing work because an unpopular view of > mine came to light, filing a lawsuit against another Usenet poster would > be just about the last thing I would think of doing. Particularly if the > discussion took place under a pseudonym and I was the person who had > broken my own anonymity. > > Antics like this threaten the entire concept of Usenet as a > reputation-based cooperative anarchy. The solution to Mr. Tmp is to put > him in your killfile, not sue him into submission. > > -- > Mike Duvos $ PGP 2.6 Public Key available $ > mpd at netcom.com $ via Finger. $ > > -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From edgar at spectrx.sbay.org Thu May 26 15:24:53 1994 From: edgar at spectrx.sbay.org (Edgar W. Swank) Date: Thu, 26 May 94 15:24:53 PDT Subject: MIT has released PGP 2.6 Message-ID: To: Jeffrey I. Schiller CC: cypherpunks at toad.com Jeffrey, I received your announcement of PGP 2.6 on Cypherpunks. I have one question I hope you will address. You said, In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 is designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. ... Because earlier versions of PGP (including MIT's Beta test PGP 2.5 release) will not be able to read messages created by PGP 2.6 after September 1, 1994, MIT strongly urges all PGP users to upgrade to the new format. The intent of the format change is to discourage continued use of earlier infringing software in the U.S., and to give people adequate time to upgrade. As part of the release process, MIT commissioned an independent legal review of the intellectual property issues surrounding earlier releases of PGP and PGP keyservers. This review determined that use of PGP 2.3 within the United States infringes a patent licensed by MIT to RSADSI, and that keyservers that primarily accept 2.3 keys are mostly likely contributing to this infringement. ... The problem is that messages generated by PGP 2.6 after 9/1/94 will also be unreadable by PGP 2.4 (VIACRYPT PGP) which is completely legal for both private and commercial use in the USA because it has a license issued by RSADSI. This is the -only- version of PGP which may be legally used commercially. They will also be unreadable to users of PGP 2.3 who reside overseas. These persons are not violating RSA's patents because those patents are not valid overseas. I will not willingly give up my current ability to exchange encrypted e-mail with commercial entities, or with users outside the USA/Canada. What is the legal status of PGP 2.5, which does not have this delayed action crippling "feature"? Is the 2.5 license valid? If so, why would anyone in their right mind switch from 2.5 to 2.6? Why is RSADSI and MIT acting against the interests of their own licensee, ViaCrypt? (And shooting themselves in the foot by reducing their ViaCrypt royalty income)? Enquiring minds want to know! -- edgar at spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From unicorn at access.digex.net Thu May 26 15:39:19 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 26 May 94 15:39:19 PDT Subject: Unicorn vs.... In-Reply-To: <199405262156.OAA29868@netcom.com> Message-ID: <199405262237.AA14430@access3.digex.net> Mike Duvos scripsit > > Jim Sewell writes: > > > Granted, tmp is not responsible for so called moral > > failures on the part of European business associates of > > Uni's BUT tmp IS responsible for damaging Uni's reputation > > by making it look as if he said things that tmp couldn't > > prove he had said. If Uni lost a 7 figure business deal > > because tmp attributed a comment to Uni that Uni didn't > > make then tmp is definitely guilty of damaging Uni's > > character and SHOULD be sued... > > But tmp is only responsible for damaging the reputation of the > pseudonym "Black Unicorn". This is not the same as damaging an > actual person by name. It is in so far as the two are connected. > If I am in a frivilous mood someday and post a tongue-in-cheek > article on alt.hamsters.duct-tape under the pseudonym "Rodent > Ravisher", I have little cause to complain that my real-life > reputation has been ruined if someone misrepresents my views. This must be a personal view, it has no basis in law. In fact you might have a stronger case in that you tried to prevent misrepresentation of your view with the anonymous post, took additional care to guard yourself in effect. > If I am dense enough to publicly associate myself with the post, > then perhaps I shouldn't complain when the Good Christians begin > avoiding me and perhaps even hiding their hamsters when they see > me passing by. In any case, it is certainly not the fault of the > other flamers if my career goes down the tubes. Again, you seem to want to make posting a strict liability operation. "Post and you are going to eat it," in effect. Your are the free speech advocate, what will THIS do to freedom of expression if posting non-anonymously per se opens you to whatever defamation might be out there? I don't mind be associated with discussion on cryptography. I do mind if I am defamed as a radical anarchist with my goal as the destruction of nations. > > The bottom line is that when you play on the net and flame > > each other that is one thing, but when your games cause > > someone's business and real-life character to be damaged > > then you are playing in the real world and the name of the > > game there is SUE, RESPONSIBILITY FOR YOUR ACTIONS, and TAKE > > THE CONSEQUENCES FOR YOUR ACTIONS. > > But flaming an anonymous identity is not the same as flaming a > real-life person. Anonymous identities allow one a little > vacation from having to be deadly serious all the time. And an > opportunity to play Devil's Advocate with ideas that may not > necessarily be ones own. Again, only in so far as the identity remains anonymous. I only wish the entire world was as peachy as you seem to think it is. It would be nice if everyone understood sarcasm, respected Devil's Advocate positions and imputed no motives. The fact is, however, that Joan Rivers is still on T.V. If I say : "The moron who bought RJR Nabisco is a Nazi," I have refered to no specific person, but the meaning is clear. Similarly if I refer to the "dolt who posts as tom jones is a Nazi" I am liable. > Let's lighten up a little here. Easy for you to say, what did you have to lose? > > I suppose we all could use this as an opportunity to see > > how well our anarchist, freedom of speech, privacy, > > encryption ideas mesh with the 'real world'. > > This IS the 'real world'. Exactly. A real world with a real legal system. > -- > Mike Duvos $ PGP 2.6 Public Key available $ > mpd at netcom.com $ via Finger. $ > -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From dave at marvin.jta.edd.ca.gov Thu May 26 15:41:21 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto) Date: Thu, 26 May 94 15:41:21 PDT Subject: Unicorn vs.... In-Reply-To: <199405262156.OAA29868@netcom.com> Message-ID: <9405262238.AA03955@marvin.jta.edd.ca.gov> on Thu, 26 May 1994 14:56:56 -0700 (PDT) mpd at netcom.com wrote: > But tmp is only responsible for damaging the reputation of the > pseudonym "Black Unicorn". This is not the same as damaging an > actual person by name. > I disagree. Your name is a pseudonym for "you." Your identity has been crafted by your actions and associated with your "name." Authors routinely use multiple names under which to publish their works. Each pseudonym may generate a different impression in the public, but damage to that pseudonym/persona is no less real. Ann Rice choices to publish S&M novels under a different name but chooses not to conceal this relationship between her "real" name and the pseudonym. Black Unicorn choose otherwise. Once the relationship has been established, the pseudonym becomes the person. > If I am dense enough to publicly associate myself with the post, > then perhaps I shouldn't complain when the Good Christians begin The association (as I understand it) was accidental. I am sure Black Unicorn regrets the disclosure, but it happened :-( Flaming on the net is the same as flaming in person. You have to know when it's time to cool down. If you don't, you better be willing to accept the results. This lesson is one with which every parent should be familiar. You start gentle and work your way towards tough until they get it. If Black Unicorn had blown his horn at a social event, then he would be expected to live with the results. Instead, you would have him live with the results of another's words. It is unfortunate that it took legal action to resolve the issue, but some people's attention is harder to get than others. Dave Otto -- dave at gershwin.jta.edd.ca.gov -- daveotto at acm.org "Pay no attention to the man behind the curtain!" [the Great Oz] From unicorn at access.digex.net Thu May 26 15:43:17 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 26 May 94 15:43:17 PDT Subject: Liability and Anonymous Systems Message-ID: <199405262242.AA14725@access3.digex.net> Sorry about the blank post before this one.... Mike Duvos scripsit > > > As I understand it, Mr. Unicorn and Mr. Tmp, their true identities safely > concealed behind their respective handles, engaged in a minor flame war > and major ass-kicking contest related to the topics of crypto, privacy, > and nasty authoritarian governments. Mr. Tmp, following his usual modus > operandi, engaged in some reasonably clever hand-waving, out-of-context > quoting, misdirection, and misrepresentation at the expense of a number > of people, including Mr. Unicorn. Basically correct. > All this would have been water under the bridge were it not for the fact > that Mr. Unicorn, who is wont to travel in circles considerably more > conservative than most of his political writings, inadvertantly disclosed > his identity in the thread while showing a friend how to use Usenet. > Certainly this blunder was no fault of Mr. Tmp. Basically correct. Inadvertent disclosure is perhaps inaccurate. Said friend was privy to my identity by choice. You seem to want to dismiss tmp's liability because he assumed that my identity was secure. > Ultimately, as a consequence of this leak, certain business associates of > Mr. Unicorn, with no knowlege of Usenet or the context of the discussion, > were exposed to portions of it and the identity of Mr. Unicorn was > disclosed. Again no fault of Mr. Tmp. Not sure I quite agree with your assessment here. It was indeed tmp's fault that my business associates were exposed to tmp's statements. He released them to the world at large. The net is not the end of the story. It interacts with the outside world actively. To assert that tmp could not have known that associates of mine might have gotten a hold of his statements is just to ignore the facts. He is directly at fault for anything he releases to the general public. Just because someone else did some forwarding of what appeared to be a published characterization does not lift liability from the origin of the statements. To hold otherwise would eliminate accountability of the press because the newspaper stand was the last distributor. > Said business associates, being relatively anal upper-class European > types with a great respect for authority, were singularly unamused by > Mr. Unicorn's political views and the even worse things falsely > attributed to him by Mr. Tmp in the heat of discussion. Basically correct. Your emotional appeal to "the heat of discussion" really does not do much to reduce liability. > Mr. Unicorn > became worried that his business might suffer as a consequence. Since I > personally believe that one should not discriminate in doing business > based on someones political beliefs, I would certainly characterize this > as a moral failure on the part of Mr. Unicorn's business associates, and > not the fault of Mr. Tmp. True. Why the basic narrowness of the rest of the world should stand for some bar to my suit is somehow beyond me however. It is precisely because people are prone to be swayed by rumor and hearsay that protection against defamation is required. Had tmp no reason to believe that anyone would attribute a negative meaning to his characterizations, I might agree with you. Are you going to assert that he thought he was complimenting me? How I wish the rumor that a dentist had AIDS would never affect said practitioners business. How realistic is this in practice however? Do you really assert that it is the stupidity of the public that limits the liability of the individual wrongly spreading the rumor? I should be able to do business unimpaired with whoever I like, whenever I like, and with whatever reputation I have earned. This includes stuffy, uptight, anal Europeans, who happen to have the money right now I might add. > Finally, Mr. Unicorn, mustering all the legal and financial resources at > his disposal, threatens to skewer Mr. Tmp for alleged libel, and Mr. Tmp, > lacking similar resources and unable to risk a courtroom defeat, is forced > to go on Usenet and publicly eat you-know-what with a large wooden spoon. Basically correct, with the departure that he was free to seek pro-bono representation or perhaps assistance from the ACLU or EFF. Those without the ability to defend themselves with a money-is-no-object approach probably should not be so quick to defame either. > Since Mr. Tmp is not well-liked in the Cypherpunk community, response to > this sorted tale consists mostly of praise for Mr. Unicorn, and silence > by those who might have been critical, but who don't want Mr. Unicorn to > treat them the same way. tmp is disliked in the Cypherpunk community because of his often slanderous conduct. This is hardly my fault or anyone else's. I don't think you can attribute the response to my news simply to this in any event. Are you asserting that because I sued someone, others are too stunned into silence to be critical of my suit? I think this is silly. If it deters anyone from defaming, it was a positive thing. How it would curb reasoned debate (like your post for example) is beyond me. Part of the purpose of a legal system in any form is predictability. If you hurt Alice so, you will be punished so. If you resort to defamation, you should expect to be held accountable at one point or another. This is the incentive to instead conduct reasoned debate. > I don't think there are any heros in this story. I think it is a dark > day for freedom of expression in general and Usenet in particular. So your position will be that the laws of defamation and libel are an infringement on the first amendement? I'm not interested in anyone calling anyone else a hero. There are two sides to every dispute, the winner is merely a reflection on the moral makeup of the day. > In the past, I have engaged in lots of heated discussions on many > hot-button topics, on Usenet and in many other forums, sometimes under my > own name, and occasionally under a pseudonym. I have been called many > vile things along the way, and have had my views on occasion > misrepresented far more cleverly than Mr. Tmp could imagine or articulate. > > Nonetheless, if I found myself losing work because an unpopular view of > mine came to light, filing a lawsuit against another Usenet poster would > be just about the last thing I would think of doing. Particularly if the > discussion took place under a pseudonym and I was the person who had > broken my own anonymity. I think you confuse the issue here. It was not my unpopular view that caused the damage, but an incorrect characterization of my view. Truth is an absolute defense to libel. Had tmp been correct in characterizing my political views, he would have been vindicated. Instead he leveled baseless accusations which also happened to be false. Such being the case, your statement to the effect that I was merely "losing work because of an unpopular view of mine" is poorly worded, and misleading. You seem to allege here that it is my responsibility to post anonymously to the internet to guard against defamation and false accusation? Is it strict liability here? If you post, you are engaging in a hazardous activity and thus you bear the risk that someone might defame you? Is it the poster's responsibility to assure anonymous postings? Such would be a very curious legal standard. Should I have wanted to insure myself flawlessly, I should have posted entirely through an anonymous remailer. The reverse is not necessarily true, that unless I post anonymously I deserve what I get. Utility of anonymous posting v. Requirement of anonymous posting seems to be the distinction you are blurring. > Antics like this threaten the entire concept of Usenet as a > reputation-based cooperative anarchy. The solution to Mr. Tmp is to put > him in your killfile, not sue him into submission. A kill file would be most effective if it stopped the spread of damaging rumor or somehow proved it false. It does not do so. > -- > Mike Duvos $ PGP 2.6 Public Key available $ > mpd at netcom.com $ via Finger. $ > > Some Reflections on Anonymous Posting and Legal Systems: How does one construct protections to the individual who conducts business in an environment of absolute anonymous potential? If I am to be able to do business with who I like, be they upper-crusted Europeans with anal political bents or what, there must be some protections. I have worked hard to cultivate a reputation of what passes for "respectability" in my business circles. The potential to post with total and untraceable anonymous attributation is a dangerous one in this context. It would be nice if completely reputation barren anonymous posters were given no sway in the scheme of things, other than what could be verified from their posts. This is unfortunately not the case. It would also be nice if one could conduct business with zero knowledge reputations and zero transaction costs. This is also, unfortunately, not the case. (I'm hoping however). It seem to me that this technological advance accomplishes what decades of civil rights legislation could not. A truly color blind world. This is why I will assert that total anonyminity, when costless, or nearly so, is a GOOD THING. Currently there are no provisions for this sort of transaction. My postings, were they made through difficult to operate and not highly reliable encrypted remailers, would probably not be able to gain the reputation that this account has. So what of libel in a true anonymous world? How can it exist? tmp may make accusations as he likes against a reputed anonymous poster known only as "Reputation rating: 65." I suffer no harm, he incurs no liability, and each is welcome to judge who's points are more reliable based merely on message content, and some idea of each posters reliability and history. I may conduct business with stuffy Europeans as I like, and not even have to worry about, or know, what their political hang ups are, or what tmp might say about me publically. The danger lies instead, not in a totally anonymous world, but in a partially anonymous one. It is in this hybrid world that I cannot rationalize putting the burden of anonymous assurance on the poster, as Mr. Duvos would have. Where some users are more anonymous than others there exists a powerful potential for harm. My hope is that eventually this will create a market for anonymous transactions, black market transactions in the eyes of some, with little or transaction cost. As suits like mine become difficult to conduct because of the use of strong anonymous remailers by defamers or posters or what not, parties will begin to defend themselves with anonymous accounts as well. Of course the catch, or the feature, is that taxation and regulation becomes, not curtailed, but almost impossible. You will not hear me assert that no-taxation is a good thing per se, but rather that an authority could be beneficial to subsidize market failures. I note that this does NOT include today's concept of "market failure" nor fabricated externalities like "national security" or "the health care crisis." I also note that such an "authority" would be much curtailed from today's concept of "government." It is my experience that those who tend to the "law and order" mentality are really looking for a means to provide for ease of transactions, not the over regulation that results instead. In my book ease of transactions is what it's all about. On the other side of the political spectrum, the utilitarian / redistribution of wealth types always seem to me to be struggling in a hopelessly circular effort to make up for the failure of markets by regulating them further and further into collectivism, instead of giving them the means to expand and bud into privatization. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From tcmay at netcom.com Thu May 26 15:46:01 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 26 May 94 15:46:01 PDT Subject: Proposal to Use the Extropians List Software In-Reply-To: <9405262135.AA05871@geech.gnu.ai.mit.edu> Message-ID: <199405262245.PAA18850@netcom.com> Ray Cromwell writes, quoting me: > > By the way, so far as I am aware, *nobody* has ever been kicked off > > the Cypherpunks list. Not even Detweiler, who asked to be removed last > > Novemeber or so, as he was entering his terminal phase. > > The disadvantage of this is that since your list software has no > filtering capability, I must deal with a huge flood of messages > everyday that Detweiler generates. For a simple list like > majordomo, I think deleting trouble makers is a good short term solution. Ah, yes, the Extropians filtering software. As Ray of course knows, the Cypherpunks list offered to use this software, and discussions were ongoing for a while. This started about a year or so ago, and fizzled out last fall. (I now assume some fo the fizzling out had to do with plans to ultimately commercialize the software, via the "Weir" thing.) Ray and Harry are of course free to choose their strategy as they see fit. Here's one suggestion: Suggestion: Offer a subscription-based list remailer which gateways the Cypherpunks list through the "Weir" software. This could be handled by Ray & Harry, Inc., or via some customer who bought their list software to provide such a service. This is consistent with what Eric has said is OK: subcontractors can distribue the list with all messages encrypted (as Hal Finney does), or with naughty words censored, or with only messages containing the word "Detweiler" blocked (or passed, for the masochists). Solves the "moderation" problem some people keep saying needs a centralized solution. It also gives the Ray & Harry Corporation a chance to debug the software on another list, a list very interested (as Extropians are) in reputation filters and related ideas. > > I like the Cypherpunks system a lot better. Instead of bogging down in > > claims, charges, formal bets, adjudication, appeals, etc., there are > > relatively few if any rules. Somehow the turkeys end up leaving. > > With much heat and light generated in the meantime which is fine for > some people, but irritating to others. Keeping in mind Coase's Theorem > and Spontaneous Order, Harry and I are going beyond the idea of > PPLs by attempting to create list software which allows 'personal > justice', filtering, reputations, etc. We personally believe that > the whitewater of noise which is out there now will become a tsunami > when Joe Sixpack gets his 'entitled' account. The only way to defend > yourself from this assault in cyberspace will be intelligent communications > software. So then let's see it. I will pay around $20-30 a year for such filtering capabilities as I had when I was on the Extropians list. (I'm not sure much more is needed with the present volume of mail. This may change in the future, possibly as a result of this kind of software making mailing lists more tolerable, but for now I'll settle for the simple ::exclude capabilities.) I suspect 50 of us might pay the same amount. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jim at bilbo.suite.com Thu May 26 15:49:35 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 26 May 94 15:49:35 PDT Subject: ecash Press Release Message-ID: <9405262247.AA19880@bilbo.suite.com> > DIGICASH PRESS RELEASE I have a gut feel that this DigiCash(TM) system is going to become a *really big deal*. Real electronic cash, portable software-only solution, free client-side software: sounds like a winning combination. I'm excited. Jim_Miller at suite.com From mgream at acacia.itd.uts.edu.au Thu May 26 15:53:31 1994 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Thu, 26 May 94 15:53:31 PDT Subject: ABC Lateline tonight: `The Clipper Debate' In-Reply-To: <9405260719.AA22040@acacia.itd.uts.EDU.AU> Message-ID: <9405262253.AA12887@acacia.itd.uts.EDU.AU> Earlier, Matthew Gream wrote: > ABC Television's `lateline' current affairs program, tonight (Thursday > 26th) at approx 10:30pm is /reportedly/ dealing with that insidious > Clipper device. I haven't (and can't at the moment) verify it first > hand. Sorry about that, it turns out that Lateline did not cover Clipper, my source was incorrect. regards, Matthew. -- Matthew Gream Consent Technologies Sydney, (02) 821-2043 M.Gream at uts.edu.au From mgream at acacia.itd.uts.edu.au Thu May 26 15:55:52 1994 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Thu, 26 May 94 15:55:52 PDT Subject: ecash Press Release (fwd) Message-ID: <9405262258.AA12976@acacia.itd.uts.EDU.AU> From rel at lipo.st.co.at Thu May 26 16:01:42 1994 From: rel at lipo.st.co.at (Roland E. Lipovits) Date: Thu, 26 May 94 16:01:42 PDT Subject: Patches to make PGP2.3a compatible with 2.6 In-Reply-To: Message-ID: <5PbBKl1bwfB@lipo.st.co.at> -----BEGIN PGP SIGNED MESSAGE----- Hello Alan! You wrote at 25.05., Topic "Patches to make PGP2.3a compatible with 2.6": > Here's a set of patches relative to PGP 2.3a to make it do the following: > > * Display and accept hexadecimal key IDs with 8 digits. To avoid crippled output because of 8 digit key-IDs you have to change some more lines in source of v2.3a. Here the necessary changes I found, line numbers are of the original unpatched source. (Sorry for the format, I have no diff-utility therfore it's made by hand.) mfg Lipo - ---------------8<---------------8<---------------8<---------------8<------- ***** KEYMAINT.C ***** 425,427 if (pk->pk_userids) /* more than one user ID */ - - fprintf(pgpout, " "); + fprintf(pgpout, " "); fprintf(pgpout, " %s\n", LOCAL_CHARSET(userid)); ***** 783,785 } else - - fprintf(pgpout, " %*s ", trustlst_len, ""); + fprintf(pgpout, " %*s ", trustlst_len, ""); fprintf(pgpout, " %-*s", legitlst_len, legit_lst[kc&KC_LEGIT_MASK]); ***** 795,797 } - - fprintf(pgpout, "%c ", (kc & KC_CONTIG) ? 'c' : ' '); + fprintf(pgpout, "%c ", (kc & KC_CONTIG) ? 'c' : ' '); fprintf(pgpout, " %-*s", trustlst_len, trust_lst[TRUST_LEV(kc)]); ***** ***** KEYMGMT.C ***** 1230,1232 } - - fprintf(pgpout,PSTR("\nType bits/keyID Date User ID\n")); + fprintf(pgpout,PSTR("\nType bits/keyID Date User ID\n")); for ( ; ; ) ***** 1300,1305 else - - fprintf(pgpout," "); + fprintf(pgpout," "); if (compromised && firstuser) { fprintf(pgpout, PSTR("*** KEY REVOKED ***\n")); - - fprintf(pgpout," "); + fprintf(pgpout," "); } ***** 1390,1395 /* Here's a good format for display of key or signature certificates: - -Type bits/keyID Date User ID - -pub 1024/xxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - -sec 512/xxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa - -sig 384/xxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +Type bits/keyID Date User ID +pub 1024/xxxxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +sec 512/xxxxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +sig 384/xxxxxxxx yyyy-mm-dd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa */ ***** 1497,1502 else - - fprintf(pgpout," "); + fprintf(pgpout," "); if (compromised && firstuser) { fprintf(pgpout, PSTR("*** KEY REVOKED ***\n")); - - fprintf(pgpout," "); + fprintf(pgpout," "); } ***** 1541,1543 else - - { fprintf(pgpout," "); + { fprintf(pgpout," "); fprintf(pgpout,PSTR("\007***** BAD SIGNATURE! *****\n")); ***** - ---------------8<---------------8<---------------8<---------------8<------- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeP45MRGkei8OaXNAQGXMAP9G/OV1OGTa2g75W9UuAKM3ugzb3Recaxb diF6FBu/OjEgTjEbTZiFe+zLwFdYBnqqWZCsxYHx3iJL7mb9AW8+RBMxEyuy4UJp 80yUyZGiUFP+w7WnzcK/7CAPrMbellhT5k3gDi+TunXIg5noggL46CPpyHcdAie0 wfJca9gNlAc= =gQI0 -----END PGP SIGNATURE----- ## CrossPoint v3.02 ## From blancw at microsoft.com Thu May 26 16:03:19 1994 From: blancw at microsoft.com (Blanc Weber) Date: Thu, 26 May 94 16:03:19 PDT Subject: Unicorn vs.... Message-ID: <9405262204.AA23847@netmail2.microsoft.com> >From Black Unicorn: If I say : "The moron who bought RJR Nabisco is a Nazi," I have refered to no specific person, but the meaning is clear. Similarly if I refer to the "dolt who posts as tom jones is a Nazi" I am liable. ...................................... This means that there are a lot of credulous people out there. I wonder what would happen if I was to say: "Santa Claus is coming to town." The consequences are predictable. Blanc From mimir at illuminati.io.com Thu May 26 16:32:40 1994 From: mimir at illuminati.io.com (Al Billings) Date: Thu, 26 May 94 16:32:40 PDT Subject: ecash Press Release (fwd) In-Reply-To: <9405262258.AA12976@acacia.itd.uts.EDU.AU> Message-ID: On Fri, 27 May 1994, Matthew Gream wrote: > > >From info at digicash.nl Fri May 27 01:05:02 1994 > Date: Thu, 26 May 1994 16:51:20 CET > From: "DigiCash Information" > Message-Id: <2de4c578.herman at DigiCash.nl> > To: m.gream at uts.edu.au > Subject: ecash Press Release > > DIGICASH PRESS RELEASE Can people please quit posting this to Cypherpunks? I think we all know about it by now. This is something like the eighth or ninth copy today. From rah at shipwright.com Thu May 26 16:35:42 1994 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 26 May 94 16:35:42 PDT Subject: ecash Press Release Message-ID: <199405262334.TAA23164@zork.tiac.net> >> DIGICASH PRESS RELEASE > > >I have a gut feel that this DigiCash(TM) system is going to become a >*really big deal*. Real electronic cash, portable software-only solution, >free client-side software: sounds like a winning combination. I'm >excited. > >Jim_Miller at suite.com Yeah. What he said. I'm not sure, but does this mean we now have the once-mythical Internet Mercantile Protocol??? cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From info at digicash.nl Thu May 26 16:51:20 1994 From: info at digicash.nl (DigiCash Information) Date: Thu, 26 May 1994 16:51:20 CET Subject: ecash Press Release Message-ID: <2de4c578.herman@DigiCash.nl> DIGICASH PRESS RELEASE World's first electronic cash payment over computer networks. ============================================================= FOR IMMEDIATE RELEASE (Release Date: May 27, 1994) ---------------------------------------------------------------------- Payment from any personal computer to any other workstation, over email or Internet, has been demonstrated for the first time, using electronic cash technology. "You can pay for access to a database, buy software or a newsletter by email, play a computer game over the net, receive $5 owed you by a friend, or just order a pizza. The possibilities are truly unlimited" according to David Chaum, Managing Director of DigiCash TM, who announced and demonstrated the product during his keynote address at the first conference on the World Wide Web, in Geneva this week. Electronic cash has the privacy of paper cash, while achieving the high security required for electronic network environments exclusively through innovations in public key cryptography. "It's the first software only solution. In the past we've pioneered such cash for chip cards and electronic wallets, always with a tamper-resistant chip for storing the value--now all you have to do is download the software and you're up and running" continues Dr. Chaum. The product works with Microsoft(R) Windows TM, Macintosh TM, and most UNIX TM platforms. It was shown integrated with Mosaic, the most popular software for people accessing databases, email, or other services on the Internet and World Wide Web. The graphic user interface allows intuitive "dragging and dropping" of icons representing stacks of coins, receipts, record books, etc. The company will be supplying the technology through other firms who will release the products, under various cooperation and trial programs. The user software, which allows both paying and receiving payment, will be distributed free of charge. The product was developed by DigiCash TM Corporation's wholly owned Dutch subsidiary, DigiCash TM BV. It is related to the firm's earlier released product for road pricing, which has been licensed to Amtech TM Corporation, of Dallas, Texas, worldwide leader in automatic road toll collection. This system allows privacy protected payments for road use at full highway speed from a smart card reader affixed to the inside of a vehicle. Also related is the approach of the EU supported CAFE project, of which Dr. Chaum is Chairman, which uses tamper-resistant chips inserted into electronic wallets. The underlying 'blind signature' technology was described in the article "Achieving Electronic Privacy," by David Chaum, Scientific American, August 1992. ---------------------------------------------------------------------- For more information contact: DigiCash bv info at digicash.nl Kruislaan 419 tel +31 20 665 2611 1098 VA Amsterdam fax +31 20 668 5486 The Netherlands ---------------------------------------------------------------------- -- Matthew Gream Consent Technologies Sydney, (02) 821-2043 M.Gream at uts.edu.au From CCGARY at MIZZOU1.missouri.edu Thu May 26 16:59:00 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Thu, 26 May 94 16:59:00 PDT Subject: ECASH HOLY GRAIL? Message-ID: <9405262358.AA08860@toad.com> Say, isn't this the electronic privacy HOLY GRAIL? - The STATE KILLER? - The POWER GIVER TO THE INDIVIDUAL? Here's to hoping that its everything that Chaum was looking for & congratulations to David Chaum & company. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKK! BBBEEEAAATTTT STATE! From gtoal at an-teallach.com Thu May 26 17:00:29 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 26 May 94 17:00:29 PDT Subject: Unicorn vs. tmp@netcom Message-ID: <199405270000.BAA11641@an-teallach.com> Of course, no-one has considered the possibility that the tmp at netcom persona was manufactured and played out over time solely in order to boost the credibility of the 'uni' persona :-) [does anyone have any proof that *either* of these people exist in real life or that all this flurry of pseudo-legal action ever took place???] G(in the spirit of Detweiler, since LD isn't around to suggest it himself :-) ) From paul at hawksbill.sprintmrn.com Thu May 26 17:24:10 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Thu, 26 May 94 17:24:10 PDT Subject: Unicorn vs. tmp@netcom In-Reply-To: <199405270000.BAA11641@an-teallach.com> Message-ID: <9405270126.AA05354@hawksbill.sprintmrn.com> gtoal writes - > > Of course, no-one has considered the possibility that the tmp at netcom persona > was manufactured and played out over time solely in order to boost the > credibility of the 'uni' persona :-) [does anyone have any proof that > *either* of these people exist in real life or that all this flurry of > pseudo-legal action ever took place???] > > G(in the spirit of Detweiler, since LD isn't around to suggest it himself :-) ) > Actually, I find it hard to lend credence to any soap-opera-type-scenarios of this caliber played out by anonymous personas. And I am a staunch supporter of anonymous-based systems, to say the least. It does, however, give me my recommended daily allowance of chuckles in the newsgroups. ,-) - paul From nelson at crynwr.com Thu May 26 17:50:31 1994 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 26 May 94 17:50:31 PDT Subject: Unicorn vs.... In-Reply-To: <9405261716.AA28738@runner.utsa.edu> Message-ID: From: dwomack at runner.jpl.utsa.edu (David L Womack) Date: Thu, 26 May 1994 12:16:44 -0500 (CDT) Even the religiously inclined don't advocate turning the other cheek ad inifinitum... Oh? Methinks you don't know the context of what Jesus said. At that time, only citizens hit each other with their fists. Slaves were hit with the back of the hand. The penalty for hitting someone with a fist was much greater than backhanding them. In a predominantly right-handed society, slaves got backhanded on the right cheek. Now how do you backhand someone after they've turned the other cheek? You can't -- you can only strike them like a citizen. And in the same context, Jesus told his followers to carry a soldier's pack for two miles if they were asked to carry it for one. The Roman soldiers were allowed to impress citizens to carry their packs for no more than a mile. Any more and they were fined. So Jesus was telling his followers to cause trouble for soldiers by making them beg for their packs back. And in the same context, poor people had no collateral to borrow money except the clothes on their back, that is, inner and outer robes. A person could borrow against the value of their outer robes. And of course, if they didn't pay back their debt, they had their outer robe taken from them. Now, the outer robe was necessary to keep from freezing at night, so this was a problem! So Jesus told his followers that, when someone sued them for their outer robe, to give them their inner robe as well. At the time, nudity was shameful to the *viewer*, so this caused great consternation. Jesus didn't expect his followers to suffer fools gladly, but neither did he ask them to use violence against them. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From paul at hawksbill.sprintmrn.com Thu May 26 18:28:03 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Thu, 26 May 94 18:28:03 PDT Subject: Malformed Signatures? Message-ID: <9405270230.AA05721@hawksbill.sprintmrn.com> Reason Number 7 why I knew i wouldn't cozy to PGP 2.6 - After tinkering around, I decided to see what would happen if I implemented PGP 2.6 using my existing 2.3a keyrings. After performimg a "pgp -kc paul" PGP 2.6 declares my signatories: (Malformed or obsolete signature format) and asks if I would like it to: Remove bad signatures (Y/n)? Does this mean what I think it means? - paul just a tad miffed From jkreznar at ininx.com Thu May 26 18:36:10 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Thu, 26 May 94 18:36:10 PDT Subject: Unicorn vs.... In-Reply-To: Message-ID: <9405270135.AA28070@ininx> -----BEGIN PGP SIGNED MESSAGE----- Sandy Sandfort writes: > Well, I'm an anarchist... ...a reputation you have earned well in your postings to this list, which is why your answers matter to me. > and I would have no *philosophical* problem with pursuing redress in > the king's court. How could you do this, without incurring cognitive dissonance? > I would use [government] in the same way I would use an oncoming > truck; if someone were trying to mug me, I would consider pushing them > in front of the truck. Government differs from the oncoming truck in that its power comes from its constituency of willing clients generating a demand for its services. Granted, withdrawing your demand will hardly affect that power, because the other hundred million constituents will still be pressing their demands. But how do you deflect accusations of inconsistency and hypocrisy? Our archist adversaries use such charges to deflate anarchist arguments. I don't understand and am increasingly unable to abide the inconsistent and hypocritical attitude of many of my anarchist friends who decry government while at the same time willfully patronizing it, even when they have reasonable alternatives. You have apparently accommodated yourself to this inconsistency. How? > Now ask me if I would have any philosophical objection to taking welfare. Would you have any philosophical objection to taking welfare? This may be drifting away from the charter of cypherpunks, but I'll bet I'm not alone among the anarchists here in wondering how you would answer these questions. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeVNwsDhz44ugybJAQEzCQP/WLswNle4Ixo50Lf0QGC4I4U4cDyGd1xM eg3t675kioj8zqQMZWwCu5id+GC1V/o5V0FZ0mAxknSR37X+CYlwCTFxEUDBJPEm v//9k9HS97CckEtlFdsCTbB/NTiw3HGFYAVyVDtZaxt4DayDENPETh+joQ2LElog i7duMq7fUxg= =ITjs -----END PGP SIGNATURE----- From warlord at MIT.EDU Thu May 26 19:36:32 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 26 May 94 19:36:32 PDT Subject: Malformed Signatures? In-Reply-To: <9405270230.AA05721@hawksbill.sprintmrn.com> Message-ID: <9405270236.AA00459@milquetoast.MIT.EDU> There was a bug in the old versions of PGP. It was discovered in version 2.2, and was corrected, somewhat in version 2.3. The bug was that the RSA-encoded certificated were actually in the reverse byte-order than they should have been, before they were encoded in the RSA encryption. This was somewhat corrected in 2.3, in that 2.3 could read the new, correct, pkcs_compatible signature, although PGP didn't start outputting this corrected signtature until 2.3a. PGP version 2.6 cannot read the old version. This means that anything that was created with versions before 2.3a cannot be read by version 2.6, and this is what you are seeing when you see "Malformed or obsolete signature format".. It is a signature that was created before 2.3a, and therefore 2.6 does not understand it. FYI: PGP 2.6 has a neat feature... If you recreate a signature in the new format, with a newer timestamp than an old signature, 2.6 will use the newer signature in lieu of the older signature when merging keyrings, so you can replace old signatures. -derek PS: This had to happen eventually. From rarachel at prism.poly.edu Thu May 26 19:59:04 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Thu, 26 May 94 19:59:04 PDT Subject: WNSTORM NOT on wuarchive... Message-ID: <9405270246.AB27987@prism.poly.edu> If any of you managed to get it off wuarchive, great.. if not, sorry... I've just looked and some sysadmin removed it... I haven't seen it in the msdos directories either so that's a big problem... I do however have the permission of someone to use theri ftp site, however, I cannot publically post the site name at his request. If you want it, email me and I'll tell you the site name, but please don't post it to the list. From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU Thu May 26 20:19:00 1994 From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU) Date: Thu, 26 May 94 20:19:00 PDT Subject: Banks and Tax Havens on the net (long) Message-ID: <770008437/vac@FURMINT.NECTAR.CS.CMU.EDU> >grep -i bank /alex/ch/switch/nic/registry/CH.domains BIRAG.CH Banken- und Industrie-Rechenzentrum AG, Guemligen DSK.CH Datenbank Schweizerischer Kulturgueter, Bern SBC.CH Schweizerischer Bankverein, Basel UBS.ARCOM.CH Union Bank Switzerland, Zuerich ZKB.CH Zuercher Kantonalbank, Zuerich GREENNET.CH Swiss Volksbank, Bern SBCCH.CH Swiss Bank Corporation, Basel Interesting. There are Swiss banks on the Internet. So we can update /alex/edu/washington/u/stein2/pub/user-supported/phantom/cpunk/swiss.banks with a few Internet domains. See below. If I run "whois" on Panama, Antigua, or Grenada (a few tax havens) I get something interesting. The output of these is at the bottom of this file. As Jim Hart mentions below, there is a book called "Tax Havens" by Hoyt L. Barber that was published in 1993 by McGraw-Hill. Probably any local bookstore can order it for you. I recommend the book. I will keep this file as: /alex/edu/cmu/cs/nectar/furmint/security/banks Which is also: ftp://furmint.nectar.cs.cmu.edu/security/banks If people send me other interesting and related info, I will add it to this file. -- Vince vac at cs.cmu.edu ****************************************************************************** Update of /alex/edu/washington/u/stein2/pub/user-supported/phantom/cpunk/swiss.banks ****************************************************************************** Zuercher Kantonalbank Net: zkb.ch Tel: 41 1 275 71 11 Addr: Neue Hard 9 8005 Zuerich, Switzerland Union Bank of Switzerland Net: ubs.arcom.ch Adr: Bahnhofstrasse 45 8021 Zurich, Switzerland Tel: 29-4411 Swiss Bank Corporation Net: sbcch.ch Tel: 23-2323 Addr: Aeschenborstadt 1 4002 Basel, Switzerland Swiss Credit Bank Paradeplatez 8 8021 Zurich, Switzerland Telephone: 29-2811 Foreign Commerce BAnk Dept 284 Bellariastrasse 82 8022 Zurich, Switzerland Telephone: (01) 45.66.88 Foreign Commerce BAnk Dept 42 3 Rue de Marche CH-1211 Geneva 3 Rive, Switzerland Telephone: (01) 21.42.33 Bank Indiana Suisse Attn: F.C. Mishari 50 Ave. de La Gare 1001 Lausanne, Switzerland Telephone: 20.47.41 Bank Leu Postfach 8022 Zurich, Switzerland Cambio & Valorenbank Postfach 535 8021 Zurich, Switzerland Ueberseebank, A. G. Limmatquai 2 8024 Zurich, Switzerland ****************************************************************************** /alex/edu/washington/u/stein2/pub/user-supported/phantom/cpunk/tax.havens ****************************************************************************** Date: Wed Nov 24 21:21:06 1993 From: Jim Hart Subject: Tax Havens on the Net --------------------- Tax Havens on the Net --------------------- compiled by James R. Hart sources: Internet Connectivity List -- Larry Landweber, U.Wisc. ftp.cs.wisc.edu ../connectivity_table Version 9, August 1993 Hoyt L. Barber, _Tax Havens_, McGraw-Hill 1993 Codes used to indicate sites in each country with access to the Global Multiprotocol Open Internet: BITNET b: minimal, one to five domestic BITNET sites B: widespread, more than five domestic BITNET sites IP INTERNET I: = operational, accesible from entire IP Internet i: = operational, not accesible via the NSFNET backbone UUCP u: minimal, one to five domestic UUCP sites U: widespread, more than five domestic UUCP sites FIDONET f: minimal, one to five domestic FIDONET sites F: widespread, more than five domestic FIDONET sites OSI o: minimal, one to five domestic X.400 sites O: widespread, more than five domestic X.400 sites ------------------------ and without further ado: ------------------------ Aruba net access: ---f- languages: Papiamento, English, Dutch, Spanish currency controls: none? bank secrecy: moderate (numbered accounts not permitted) preferred legal entities: Aruba Exempt Company, NV (Dutch legal tradition, bearer shares allowed) taxes: no income tax on AEC or shareholders, no witholding of any kind tax treaties: none? Austria net access: BIOUFO language: German currency controls: ?? bank secrecy: good; numbered accounts available preferred legal entities: limited liability company, stock orporation taxes: corporate tax. no bank interest tax. 20% divident ax. tax treaties: many, OECD model, primarily personal and orporate income contact: Price Waterhouse, Austria Barbados net access: --u-- language: English currency controls: some (none for offshore banks & nsurance) preferred legal entities: company, public company, offshore bank, exempt insurance company, foreign sales corporation , international business company taxes: income tax offshore banks and international business companies 2.5%, exempt insurance companies and foreign sales corporations none tax treaties: double-tax treaties with 5 major countries (incl. U.K. & U.S.) Bermuda net access: --uf-- language: English currency controls: none for nonresidents bank secrecy: moderate preferred legal entities: local (conduct business in Bermuda, must be 60% Bermuda owned), exempt (only conducts business outside Bermuda) -- min. capitalization US$12,000 -- extensive background check on the principles taxes: no income, profit, sales, value added, witholding, or capital gains taxes tax treaties: no double-tax treaties. U.S. can be provided with tax information concerning civil & criminal tax cases Costa Rica net access: bIuf- language: Spanish currency controls: only on local currency, applies only to citizens or legal entities bank secrecy: good legal entities: individual enterprise/limited liability collective company limited partnership limited-liability company stock corporation (aka chartered company): most common taxes: 15% on dividents for some nonresident shareholders, moderate corporate income, payroll, imort, real estate taxes. Exporters exempt from most taxes. tax treaties: no double-tax treaties. Caribbean Basin Initiative exchange-of-information agreeement signed but not yet ratified (as of 1/93). Hong Kong net access: BI-F- languages: Cantonese, English currency controls: none bank secrecy: moderate? preferred legal entity: limited-liability corporation (English common law Companies Ordinance) taxes: 16.5% domestic source corporate income, 15% domestic employment wages, 15% on domestic property rental income tax treaties: no double-tax agreements n.b.: treaty to return Hong Kong to Communist China in 1997 Ireland net access: BIUFO language: English currency controls: none? bank secrecy: moderate? preferred legal entity: noresident company (private corporation w/limited liability, must conduct operations outside Ireland) taxes: only on Irish operations tax treaties: many double-tax treaties n.b.: those with Irish grandparents can obtain second citizenship Leichtenstein net access: ---f- languages: German, Alemanni currency controls: none bank secrecy: excellent preferred legal entities: allows any type found anywhere in the world (!) establishment (limited liability, unlimited duration) company limited by shares foundations and trusts taxes: none for income outside Leichtenstein. Net worth tax of 0.01% on capital and reserves (min. 1,000 Swiss francs), local resident taxes tax treaties: not party directly or indirectly to any exchange-of-information agreements double-tax treaty exists only with Austria n.b.: bankers won't assist law enforcement officials with drug, fraud, theft, or tax investigations. They might assist in money laundering and insider trading investigations, informing the customer first. Luxembourg net access: bIUFO languages: Letzeburgesh, French, German, English bank secrecy: moderate preferred legal entity: holding company taxes: holding companies pays only 10% registration fee on issued shares and 0.20% annual capital tax on issued capital bonds. tax treaties: many double-tax treaties n.b.: EC member Malta net access: --u-- languages: Maltese, English currency controls: none bank secrecy: good preferred legal entities: offshore notrading, trading, banking (overseas, subsidiary, local), insurance, trusts taxes: nontrading exempt, trading very low tax treties: many double-tax treaties n.b.: EC member Netherlands net access: BIUFO language: Dutch currency controls: ?? bank secrecy: poor preferred legal entities: private or public NV (can have bearer shares) taxes: complex, high (many loopholes for large offshore companies) tax treaties: many Panama net access: b-uFO languages: Spanish, English curency controls: none bank secrecy: good; numbered accounts permissable preferred legal entity: corporation taxes: none on income generated outside Panama tax treaties: only on shipping income Singapore net access: bIuF- languages: Malay, Mandarin, Tamil, English currency controls: none bank secrecy: moderate; numbered accounts available preferred legal entities: private limited company taxes: none on dividends, foreign deposit interest, or income derived from outside Singapore. tax treaties: many Switzerland net access: BIUFO languages: French, German, Italian, Romansch currency controls: none bank secrecy: moderate to good; numbered accounts available preferred legal entity: AG (stock company under Laws of Obligation) taxes: 3.6-9.8% worldwide income tax for operating companies, 35% witholding tax on interest and dividends tax treaties: many double-tax treaties Vanuata net access: --u-- languages: Melanesian, French, English currency controls: none bank secrecy: moderate? preferred legal entities: holding, trading, agency, mgmt. service, contracting taxes: no income or capital gains taxes tax treaties: none Western Samoa net access: --u-- languages: Samoan, English currency controls: none bank secrecy: good preferred legal entities: international company, offshore bank, insurance company taxes: none for companies under offshore acts tax treaties: none If you like having this information, let me know. Also let me know what other kinds of information you need on tax havens and net access; I'd love to be of service. If you have corrections to or additional information for the Tax Havens on the Net list, I'd be happy to add it with full attribution (or full privacy, as you prefer). To preserve your privacy, feel free to use anonymous remailers and encryption. My PGP key enclosed below. James R. Hart hart at chaos.bsu.edu -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiz0Br4AAAEEAJohFjXdkx6i2Mq6nJXdJN+VGupeKwuu1SAiRvsBK7TQ1ajY d3wEFohbwaHGn3iq7A1//koipvzE5S/C6pPxIAHFeoYOUzeI/cWmh6vsuaF3/lVm K9lx/L7PyaF8rvd4FOmLqkvs1xk/24S9ZQaBb3cjhLV571NaiPCIc3SPJUKXAAUT tCJKYW1lcyBSLiBIYXJ0IDxoYXJ0QGNoYW9zLmJzdS5lZHU+ =z2UE -----END PGP PUBLIC KEY BLOCK----- ****************************************************************************** whois on a number of interesting countries ****************************************************************************** Panama (Republic of) top-level domain (PA3-DOM) PANAMANIAN ACADEMIC NATIONAL NETWORK (PANNET) UNIVERSIDAD TECNOLOGICA DE PANAMA P.O. BOX 6-2894 PANAMA 6A Domain Name: PA Domain Status: On Hold Pending Server Activation Administrative Contact: Lopez, Victor (VL7) VLOPEZ at NS.PA (507) 64-1771 Technical Contact, Zone Contact: Lezcano, Julio (JL78) JLEZCANO%UTPVM1.BITNET at UGA.CC.UGA.EDU (507) 64-1771 Record last updated on 25-May-94. Domain servers in listed order: NS.PA 168.77.8.2 NS.USMA.PA 168.77.100.2 NS.CR 163.178.8.2 ICM1.ICP.NET 192.94.207.66 ****************************************************************************** Antigua and Barbuda top-level domain (AG-DOM1) University of Puerto Rico Central Administration Building P.O. Box 364984G San Juan P.R. 00936 Domain Name: AG Administrative Contact: Junquera, Belinda (BJ2) b_junquera at UPR1.UPR.CLU.EDU (809) 250-0000 ext. 5400 (FAX) (809) 763-6760 Technical Contact, Zone Contact: Ramos, Felix G. (FGR) f_ramos at UPR1.UPR.CLU.EDU (809) 250-0000 ext. 5454 (FAX) (809) 763-6760 Record last updated on 28-Apr-94. Domain servers in listed order: UPR1.UPR.CLU.EDU 136.145.1.4 Top Level domain for Antigua ****************************************************************************** Grenada (Republic of) top-level domain (GD1-DOM) University of Puerto Rico Central Administration Building P.O. Box 364984G San Juan P.R. 00936 Domain Name: GD Administrative Contact: Junquera, Belinda (BJ2) b_junquera at UPR1.UPR.CLU.EDU (809) 250-0000 ext. 5400 (FAX) (809) 763-6760 Technical Contact, Zone Contact: Ramos, Felix G. (FGR) f_ramos at UPR1.UPR.CLU.EDU (809) 250-0000 ext. 5454 (FAX) (809) 763-6760 Record last updated on 28-Apr-94. Domain servers in listed order: UPR1.UPR.CLU.EDU 136.145.1.4 Top Level domain for the Republic of Grenada ****************************************************************************** From bmorris at netcom.com Thu May 26 20:31:33 1994 From: bmorris at netcom.com (Bob MorrisG) Date: Thu, 26 May 94 20:31:33 PDT Subject: UNICORN VS. TMP@NETCOM Message-ID: <199405270331.UAA18734@netcom.com> To: cypherpunks at toad.com CC> Despite your protestation, "I also don't like to be a bully", it seems CC> to me that your pursuit of this case was predicated on your ability to CC> be a bully and an insider. Like your colleagues Cantor and Seigel, yo I agree that Unicorn's tone was bullying, but, if as stated, Unicorn received calls from clients asking about the rumors ...then...tmp had done real ( if inadvertent ) damage... What remains unexplained is how the rumor spread so fast through so many utterly different circles, or how Unicorns identity got known. As for insiders, well, a business insider will use the law, a net insider might use other means. Insiders, like anyone, use what they know best. * RM 1.4 B0037 * From ebrandt at jarthur.cs.hmc.edu Thu May 26 21:13:37 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Thu, 26 May 94 21:13:37 PDT Subject: Response to Uni's "Lawsuit" Message In-Reply-To: Message-ID: <9405270413.AA10447@toad.com> At 8:07 am 5/24/94 -0700, Sandy Sandfort wrote: >How about this, instead: A company called "ID Anonymous, Ltd." sets up in >a business secrecy jurisdiction. It buys Internet access accounts in bulk >from DGS, Netcom, etc. (ID1, ID2, ID3, . . .). It then resells them to >people living in the service territories of the various access providers. If I were in law enforcement, and I were faced with the problem of getting a truename for an account like this, I'd trace back the contact with the access provider. No need to try to serve an overseas subpoena; the user has to access the system somehow. If FBI's Big Brother Bill goes through, I can probably do this in fifteen minutes. There may also be problems in trying to buy blocks of anonymous accounts, since the access provider will take the heat for anything coming out of the account. If Netcom is willing to drop Cashier and Scumball, they may not be happy about this whole plan. Eli ebrandt at hmc.edu From kentborg at world.std.com Thu May 26 21:30:01 1994 From: kentborg at world.std.com (Kent Borg) Date: Thu, 26 May 94 21:30:01 PDT Subject: ECASH HOLY GRAIL? Message-ID: <199405270429.AA24581@world.std.com> Gary Jeffers writes: > Say, isn't this the electronic privacy HOLY GRAIL? - The STATE >KILLER? - The POWER GIVER TO THE INDIVIDUAL? Here's to hoping that >its everything that Chaum was looking for & congratulations to >David Chaum & company. Either that or the power is given to DigiCash. What is their take? How do they make a profit? Yes, I like the idea of cryptocash, but all the worries that come up when the government does it come up at least as loud when a private firm does it. How *do* they make their money on this? And what happens when governments get upset that a private script has cropped up? (What are the laws on minting private money?) Fascinating stuff. -kb, the Kent who has been lurking here until now P.S. Have you people developed any special mailbox filters to help deal with high-volume lists like this? From sandfort at crl.com Thu May 26 21:55:21 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 26 May 94 21:55:21 PDT Subject: Unicorn vs.... In-Reply-To: <9405270135.AA28070@ininx> Message-ID: C'punks, On Thu, 26 May 1994, John E. Kreznar wrote, first quoting me: > . . . > > and I would have no *philosophical* problem with pursuing redress in > > the king's court. > > How could you do this, without incurring cognitive dissonance? What cognative dissonance? If I am satisfied that I am in the right, the so-called "government" is just another handy weapon with which to get my way. I'd have no problem using a gun produced by slave labor, either. > . . . > Government differs from the oncoming truck in that its power comes from > its constituency of willing clients generating a demand for its > services. This is philosophical gobblydegook. There is no government. People who call themselves the government derive their powers from their use of force and their ability to con or intimidate other people to recognize them as the "it" of government. You have your government/client causality backwards. > . . . > But how do you deflect accusations of inconsistency and hypocrisy? > . . . I don't bother. Their wrong; I ignore them. > . . . You have apparently accommodated > yourself to this inconsistency. How? There is no inconsistency. There is no government for me to patronize. The folks who call themselves the government will sometimes do things that benefit me. Great. It doesn't mean I condone other things they do that involve the initiation of force. > . . . > Would you have any philosophical objection to taking welfare? Nope. I leave the reasons for this as an exercise for the student. S a n d y P.S. Reasonable minds may differ. I apologize to John if I seem too cavalier in my responses. It's just that I've given these topics much thought over the years, and I'm satisfied with my beliefs. John has raised good questions and I may yet be shown the error of my ways. :-) (Sometimes smileys, just like exclamation points, are justified.) From GRABOW_GEOFFREY at tandem.com Thu May 26 22:01:03 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Thu, 26 May 94 22:01:03 PDT Subject: Clipper escrowed keys. Where's the backup copy? Message-ID: <199405262204.AA13625@comm.Tandem.COM> With all the talk about the problems with escrowed keys (and there are plenty of problems) has anybody considered that there must be a backup set of the keys somewhere? I can't believe that the gov't would spend all the time, effort and money and let the only copy of the keys be accidentally (or on purpose if I get a chance) to destroy the key database. Therefore, there must be a backup set somewhere. Who is guarding these? Where are they? Who has access? Has anybody heard anything about this? G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| | PGP fingerprint = C9 95 0F C4 E9 DD 8E 73 DD 99 4E F5 EB 7A B6 1D | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Thu May 26 22:05:53 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 26 May 94 22:05:53 PDT Subject: Response to Uni's "Lawsuit" Message In-Reply-To: <9405270413.AA10447@toad.com> Message-ID: C'punks, On Thu, 26 May 1994, Eli Brandt wrote: > At 8:07 am 5/24/94 -0700, Sandy Sandfort wrote: > >How about this, instead: A company called "ID Anonymous, Ltd." sets up in > >a business secrecy jurisdiction. It buys Internet access accounts in bulk > >from DGS, Netcom, etc. (ID1, ID2, ID3, . . .). It then resells them to > >people living in the service territories of the various access providers. > > If I were in law enforcement, and I were faced with the problem of > getting a truename for an account like this, I'd trace back the > contact with the access provider. No need to try to serve an > overseas subpoena; the user has to access the system somehow. If > FBI's Big Brother Bill goes through, I can probably do this in > fifteen minutes. But if it doesn't go through, I don't see how they could trace it. My call to CRL is a local call. It might be recorded on my end, but I don't think CRL's phone bill would show it. What did you have in mind? > There may also be problems in trying to buy blocks of anonymous accounts, And maybe not. Let's not borrow trouble. I'm sure they will tell us if they don't want our business. > . . . since the access provider will take the heat for anything > coming out of the account. . . Not necessarily. Remember, they want the status of common carriers. Open access to all, but no control of content. S a n d y From bmorris at netcom.com Thu May 26 22:18:27 1994 From: bmorris at netcom.com (Bob MorrisG) Date: Thu, 26 May 94 22:18:27 PDT Subject: UNICORN VS. TMP@NETC Message-ID: <199405270518.WAA27364@netcom.com> To: cypherpunks at toad.com GG> Of course, no-one has considered the possibility that the tmp at netcom p GG> was manufactured and played out over time solely in order to boost the GG> credibility of the 'uni' persona :-) [does anyone have any proof that GG> *either* of these people exist in real life Aha, that means that you must be them too, huh??? * RM 1.4 B0037 * Men who believe absurdities will commit atrocities -Voltaire From catalyst-remailer at netcom.com Thu May 26 22:33:32 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Thu, 26 May 94 22:33:32 PDT Subject: No Subject Message-ID: <199405270533.WAA09421@mail2.netcom.com> ftp.netcom.com//pub/mpj has source for new macpgp From jdwilson at gold.chem.hawaii.edu Thu May 26 23:06:32 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 26 May 94 23:06:32 PDT Subject: Suggestions for InfoHighway Patrol dealing with abusive (cr)users Message-ID: Alright, CP's, I've got a humorous one for you. The author is Gordon McLachlan (mclachlan at cardinal.com), and the article appeared in the "Crosswired" column of May 1994 Vol. 5 No. 5 Lan Computing. Hope it gives you a chuckle. (Unofficially included below) "Cane the Internet Loons" According to University of Michigan President James Duderstadt, it was a "monstrous act." An act that "made a mockery of the values of civility we hold dear." Was it a brutal campus murder? A rape? An assault? Did they lose a football game to Ohio State? Nope. It was email with the intent to inflict great psychological injury. In early April, someone apparently ripped off a Michigan student's password and made offencive racial and ethnic slurs to several Internet Usenet newsgroups. According to a written statement by university officials, this event "offended, hurt and frightened" many faculty, staff and students. Unfortunately the Internet has no official rules, and no way to effectively punish computerized criminals such as the person who sent these hurtful messages. Underlying Internet etiquette is the realization that the net hovers somewhere between anarchy and democracy. In effect this means you can say anything you want, but if you say the wrong thing, society's only recourse is to assemble an unruly mob at your electronic doorway to burn you out. If your transgression of netiquette is severe enough, you will be pilloried in public by your fellows and sent a barrage of hate mail. If you persist in being a pain in the ass, the system administrator at your home site will be flooded with mail telling him to cut you off. In the Michigan incident, this response was insufficient. All the well-meaning hate mail from the defenders of the net was sent to the wrong guy - the poor physics major who had his password stolen. Despite rapid action by the administration to deplore the act, write an apologetic missive to post on the net, and have "various units {sponsor} community forums where we can share our concerns," there isn't much anyone can do. Well, to hell with sharing our concerns. A monstrous act deserves a monstrous response. In Singapore, they'd hunt the perpetrator down and cane him. And if caning is good enough for a kid from Ohio who vandalizes cars, its good enough for a kid from Michigan who offends sensitive network types. Luckily our opportunity is at hand. At this very moment, congress is getting tough on crime, ready to fine, imprison and kill more young men for a variety of heinous offenses against society. I hope this shocking incident is enough to wake up our legislatures before there are more drive-by shootings on the information super-highway. First of all, we need a seven-day waiting period and a thorough background check before anyone can get issued a user-ID. This would give system administrators time to find out if a user is a loon, or has been bounced off of other systems for misbehaving. To support this effort, congress should establish a national database to keep track of network offenders. A quick scan of almost any mailing list or newsgroup will reveal sociopaths who should have their access priviledges revoked. And we should never forget that network access is a priviledge and not a right. Its ironic to me that we license people to drive cars, but all you need to get on the information superhighway is a MODEM. Of course, a waiting period won't stop network terrorists from stealing other peoples passwords and firing off their Scud missives, but there is much more we can do. By making MODEM manufacturers install something like the Clipper encryption chip in every MODEM they sell, we could trace offensive messages right back to their source so the Feds could confiscate the offending hardware. Maybe we could even use our national health plan ID cards to restrict access to the info highway by requiring every terminal or PC keyboard to incorporate a magnetic card reader. Furthermore, we should require speed licensing for the use of email distribution lists. Just as we have the right to bear arms but not fully automatic weapons, there are damn few good reasons why you need to have a mailing list. If its too much trouble to type out the names of all the people you are sending mail to, youre probably sending it to too many people. Curtailing the use of mailing lists would drastically limit the impact that any maladjusted weenie could have on our delicate sensibilities. That makes it worth any minor inconvenience it might cause. In the event that these steps are insufficient, we should impose stiffer penalties on network criminals. Theft of a password should be made a federal felony with manditory hard time. With "three strikes and youre out" a third breech of netiquette should result in revocation of all network priviledges and removal of your cable TV hookup. Some bleeding hearts may argue that these measures will stifle the free exchange of ideas, but if thats what it takes to stop people from being offended, hurt and frightened, its a small price to pay. -30- -NS From ebrandt at jarthur.cs.hmc.edu Thu May 26 23:27:18 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Thu, 26 May 94 23:27:18 PDT Subject: Response to Uni's "Lawsuit" Message In-Reply-To: Message-ID: <9405270627.AA11269@toad.com> > > overseas subpoena; the user has to access the system somehow. If > > FBI's Big Brother Bill goes through, I can probably do this in > > fifteen minutes. > > But if it doesn't go through, I don't see how they could trace it. My > call to CRL is a local call. It might be recorded on my end, but I don't > think CRL's phone bill would show it. What did you have in mind? Maybe a telephony sort can answer this authoritatively, but I think the phone company's logs record this information even for flat-rate local calls. If not, you can do almost anything with access to a modern switch... > > . . . since the access provider will take the heat for anything > > coming out of the account. . . > > Not necessarily. Remember, they want the status of common carriers. > Open access to all, but no control of content. This may apply to some providers -- apparently not Netcom. Eli ebrandt at hmc.edu From crame001 at next1.tem.nhl.nl Thu May 26 23:36:53 1994 From: crame001 at next1.tem.nhl.nl (ER CRAMER) Date: Thu, 26 May 94 23:36:53 PDT Subject: 2.3 keys changed in 2.6 keys??? Message-ID: <9405270731.AA12974@ next1.tem.nhl.nl > A few people said that there public key was changed from a 2.3a key to a 2.6 PGP key. This can not be. The one reason that there is 2.6 in the armored file is because the keyserver uses PGP 2.6 ... If you outlaw Privacy, only the Outlaws will have Privacy! Eelco Cramer ------ -------------------------------------------------- From Rolf.Michelsen at delab.sintef.no Thu May 26 23:53:56 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Thu, 26 May 94 23:53:56 PDT Subject: dispersed DES In-Reply-To: <9405261559.AA25189@crypto.com> Message-ID: On Thu, 26 May 1994, Matt Blaze wrote: > Assuming the 4 bytes really are unpredictable, and assuming you deal with > both "ends" of the stream, there doesn't seem to be an *obvious* attack > that allows independent search for each of the 2 or 3 des keys. There > was a paper in Eurocrypt this year (that I haven't seen yet) that > discusses some not-so-obvious properties of multi-cipher modes that may > reveal another attack, however. This was probably Eli Biham's talk during the rump session titled "Cryptanalysis of multiple modes of operation". His conclusions were basically that you should use the "traditional" triple DES -- other variants had a nasty habit of being *very* vulnerable to diff cryptanalysis. -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Standards are wonderful -- Email: rolf.michelsen at delab.sintef.no everyone should have one" Phone: +47 73 59 87 33 -- Ancient FORTH proverb ---------------------------------------------------------------------- From barrett at daisy.ee.und.ac.za Fri May 27 00:02:19 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Fri, 27 May 94 00:02:19 PDT Subject: Malformed Signatures? In-Reply-To: <9405270230.AA05721@hawksbill.sprintmrn.com> Message-ID: > a "pgp -kc paul" PGP 2.6 declares my signatories: > (Malformed or obsolete signature format) > and asks if I would like it to: > Remove bad signatures (Y/n)? > Does this mean what I think it means? A PGP signature is made like this (I think): 1. Decide what to sign. In the case of a signature on a key, it includes the key and the user-ID to which the signature will attest, the date, and some other stuff. 2. Generate a digest of the message to be signed. This uses MD5. 3. Encapsulate the digest in some way. The old way used some simple padding, and the new way uses slightly more complex padding. PGP versions up to 2.2 always generated the old format, but 2.2 could understand both formats. PGP 2.3 could understand both formats, and could generate either format under control of the "pkcs_compat" option. PGP 2.5 and 2.6 don't like the old format, and I am not sure how easy it would be to teach them to understand it. 4. RSA encrypt the encapsulated digest, using the secret key of the signer. The results obviously depend on the type of encapsulation chosen in step 3. 5. Encapsulate the encrypted digest and some other stuff in a PGP "packet". If you want PGP 2.5 and 2.6 to understand your signatures, you have to use the PKCS encapsulation at step 3 above. This means that you have to ask people who have already signed your key using the old method to sign it again using the new method. --apb (Alan Barrett) From Rolf.Michelsen at delab.sintef.no Fri May 27 00:02:20 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Fri, 27 May 94 00:02:20 PDT Subject: ecash Press Release In-Reply-To: <9405262247.AA19880@bilbo.suite.com> Message-ID: On Thu, 26 May 1994, Jim Miller wrote: > > > DIGICASH PRESS RELEASE > > > I have a gut feel that this DigiCash(TM) system is going to become a > *really big deal*. Real electronic cash, portable software-only solution, > free client-side software: sounds like a winning combination. I'm > excited. Before you get too enthusiastic remember that electronic cash is not legal tender which means that you will require some clearing system behind this scheme providing conversion between a legal tender and electronic cash before this is getting really useful. Without such a system electronic cash is just prepaid "tokens" with the usability similar to the "tokens" on telephone cards. For those that thinks this will be "the end of the gouvernment": Who do you think will be in control of this clearing system? Just asking ;-) However I do think that this DigiCash stuff is a Good Thing -- certainly better than mailing credit card numbers over the net :-) -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Standards are wonderful -- Email: rolf.michelsen at delab.sintef.no everyone should have one" Phone: +47 73 59 87 33 -- Ancient FORTH proverb ---------------------------------------------------------------------- From jdwilson at gold.chem.hawaii.edu Fri May 27 00:23:47 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Fri, 27 May 94 00:23:47 PDT Subject: Unicorn vs.... In-Reply-To: <9405270135.AA28070@ininx> Message-ID: In the discussions of what is or is not an "anarchist", aside from the obvious "Anarchist Cookbook" (couldn't resist), is there an official Anarchist codicil? What makes one an official anarchist? *.................................................................* . == = =....James D. Wilson.....jdwilson at gold.chem.hawaii.edu.. . " " "....P. O. Box 15432..........or..NetSurfer at sersol.com.. . " " /\ "....Honolulu, HI 96830..Give me the finger for my key. . \" "/ \"....FRC/FAM/AASR/GWB/OTO..........NETSURFER............ *.................................................................* From wcs at anchor.ho.att.com Fri May 27 00:49:20 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 27 May 94 00:49:20 PDT Subject: dispersed DES Message-ID: <9405270748.AA07251@anchor.ho.att.com> Matt Blaze writes: > David Taylor writes: > >I have come up with (and implemented) a version of triple DES for true > >paranoids, which I call dispersed DES. All I do is append four bytes to > >the beginning of the output files for each cycle of triple DES. It seems > >like this should provide even more security than triple DES, but I am no > It sounds like you have weakend 3-DES. Where do you get these 4 bytes? > If they are fixed or deterministically generated, you will have made it > possible for an attacker who can brute-force 1-DES (e.g., with a Weiner > machine) to "peel off" each single DES key. Instead of a 112 (or 168) bit > work factor (as with 3-DES), you'd end up with a 57 or 58 bit work factor. > If you randomly generate the 4 bytes, you have to carefully evaluate your > random number method. In any case it sounds like your mode is the weaker > of 3-des and 1-des*(the complexity of your random bit generator). One way to get the bytes, which involves passing the data through your system in several batches rather than once-through, is to take the last 4 bytes of the message and move them to the beginning, or vice versa. This avoids lengthening your message by a block each time (and avoids the need for high-quality random padding at the end), and the bytes are unlikely to be lower in randomness than the original plaintext, since they'll have been passed through DES once already. On the other hand, assuming you're using CBC, this means you either have to do _lots_ of extra bookkeeping, or else do the second and third encryptions on the CBC'd text rather than the original text, which Biham or Shamir showed was weaker. > Perhaps I don't understand how your scheme works. Also, what intuition > makes you think that it's stronger than plain old 3-DES? My intuitive feel about it is that it gains some strength because the 4-byte (half-block) offset introduces mixing between the blocks of data, and mixing is generally a Good Thing in cryptosystems. On the other hand, CBC also introduces mixing between blocks as well, and is far better studied, and doing stuff experts have studied is also a Good Thing. The mixing done by the 4-byte offset is all local; the data in a given block of input propagates at most two more blocks, while the mixing done by CBC allows each block to affect all blocks farther along in the message. There are also a variety of other ways to mix data between blocks, including Terry Ritter's various DES-packagings and some of the other block extension techniques discussed in Schneier. Bill # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 From wcs at anchor.ho.att.com Fri May 27 00:52:41 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Fri, 27 May 94 00:52:41 PDT Subject: My 2.3a Key is listed as a 2.6 (Aaargh!) Message-ID: <9405270751.AA07274@anchor.ho.att.com> Eric Hughes writes, regarding the issues of keyserver incompatibility: > Why might not one want a key distributed? It indicates use of > cryptography, for one, and, perhaps, the use of patent-infringing > cryptography. Well, if having your key on a keyserver encourages people to send you messages you can't decrypt instead of looking for other keyservers which have more useful keys for you, it's a waste of your time and your correspondents' to have that key out there. It's also, of course, a way to complain to people who run incompatible keyservers :-) Bill From usura at vox.hacktic.nl Fri May 27 01:42:41 1994 From: usura at vox.hacktic.nl (Usura) Date: Fri, 27 May 94 01:42:41 PDT Subject: taxheavens Message-ID: Vincent.Care at turmint.nectar.cs.cmu.edu wrote: :------------------------ :and without further ado: :------------------------ : :Netherlands :net access: BIUFO :language: Dutch :currency controls: ?? :bank secrecy: poor none excistant, all cash deposits above 20.000 guilders will be reported to the authorities. :preferred legal entities: private or public NV (can have bearer shares) public= NV, private= BV, you can also incorporate in Delaware [=Inc] or use another overseas "model" as long as you register with the local Chambers of Commerce. You then save 40.000 guilders in capital. :taxes: complex, high (many loopholes for large offshore companies) a 40% corporate tax in profits till 250.000 guilders, the rest is taxed at 35%. In the Netherlands it is possible to discuss a prospective transaction with the tax authorities and obtian a ruling wich will determine its tax treatment. :tax treaties: many -- The Rabobank wich ranks 2nd among dutch banks is also on the net: rabo.nl --- Exit! Stage Left. Alex de Joode From perry at imsi.com Fri May 27 03:57:37 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 03:57:37 PDT Subject: ECASH HOLY GRAIL? In-Reply-To: <9405262358.AA08860@toad.com> Message-ID: <9405271057.AA07117@snark.imsi.com> "Gary Jeffers" says: > Say, isn't this the electronic privacy HOLY GRAIL? - The STATE > KILLER? - The POWER GIVER TO THE INDIVIDUAL? No. Its a nice tool, though. Perry From perry at imsi.com Fri May 27 04:06:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 04:06:10 PDT Subject: UNICORN VS. TMP@NETCOM In-Reply-To: <199405270331.UAA18734@netcom.com> Message-ID: <9405271105.AA07128@snark.imsi.com> Bob MorrisG says: > I agree that Unicorn's tone was bullying, but, if as stated, Unicorn > received calls from clients asking about the rumors ...then...tmp had > done real ( if inadvertent ) damage... > > What remains unexplained is how the rumor spread so fast through so many > utterly different circles, or how Unicorns identity got known. Who knows if the story "Black Unicorn" tells is even true? However, when commenting on his story, I noted that assuming it was accurately told the behavior seemed reasonable. Frankly, finding out if the tale is true is more effort than I'm interested in... Perry From crame001 at hio.tem.nhl.nl Fri May 27 04:15:14 1994 From: crame001 at hio.tem.nhl.nl (ER CRAMER) Date: Fri, 27 May 94 04:15:14 PDT Subject: pgs099a.zip Message-ID: <9405271205.AA01135@hio.tem.nhl.nl> Yes, finally there is a good MS-DOS shell for PGP. BLOCK presents PGS (Pretty Good PGP Shell) v0.99a public beta. PGS is a professional PGP shell with a very good key managment system. Check it out on: wuarchive.wustl.edu:/pub/msdos_uploads/pgs/pgs099a.zip 128.252.135.4:/pub/msdos_uploads/pgs/pgs099a.zip ftp.funet.fi:/pub/msdos/crypt/pgs099a.zip (???) 128.214.6.100:/pub/msdos/crypt/pgs099a.zip (???) ... If you outlaw Privacy, only the Outlaws will have Privacy! Eelco Cramer ------ -------------------------------------------------- From perry at imsi.com Fri May 27 04:16:06 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 04:16:06 PDT Subject: ecash Press Release In-Reply-To: Message-ID: <9405271115.AA07148@snark.imsi.com> Rolf Michelsen says: > Before you get too enthusiastic remember that electronic cash is not > legal tender I have to mention, yet again, that this sort of phrasing is a product of the notion that digital cash is somehow a currency. It is not. It is an anonymous money transfer method. Saying "digicash is not legal tender" is sort of meaningless -- the real question is "is the currency being transfered legal tender". Perry From perry at imsi.com Fri May 27 04:19:54 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 04:19:54 PDT Subject: Unicorn vs.... In-Reply-To: Message-ID: <9405271119.AA07157@snark.imsi.com> NetSurfer says: > In the discussions of what is or is not an "anarchist", aside from the > obvious "Anarchist Cookbook" (couldn't resist), is there an official > Anarchist codicil? What makes one an official anarchist? I could tell you, but then I'd have to kill you. However, if you send .23gAu via The Trystero Mail Service to the International Federation of Profound Thinkers, they might be able to give you a hint. Perry From Rolf.Michelsen at delab.sintef.no Fri May 27 04:26:33 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Fri, 27 May 94 04:26:33 PDT Subject: ecash Press Release In-Reply-To: <9405271115.AA07148@snark.imsi.com> Message-ID: On Fri, 27 May 1994, Perry E. Metzger wrote: > > Rolf Michelsen says: > > Before you get too enthusiastic remember that electronic cash is not > > legal tender > > I have to mention, yet again, that this sort of phrasing is a product > of the notion that digital cash is somehow a currency. It is not. It > is an anonymous money transfer method. Saying "digicash is not legal > tender" is sort of meaningless -- the real question is "is the > currency being transfered legal tender". Yes, and if you had quoted my entire message you would get my point. Since electronic cash is not legal tender -- just a way of transfering legal tender -- a clearing system which administrates the "real flow of money" must exist so that participants can exchange their "transfer tokens" to "real" cash. -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Standards are wonderful -- Email: rolf.michelsen at delab.sintef.no everyone should have one" Phone: +47 73 59 87 33 -- Ancient FORTH proverb ---------------------------------------------------------------------- From perry at imsi.com Fri May 27 05:59:24 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 05:59:24 PDT Subject: ecash Press Release In-Reply-To: Message-ID: <9405271259.AA07252@snark.imsi.com> Rolf Michelsen says: > On Fri, 27 May 1994, Perry E. Metzger wrote: > > Rolf Michelsen says: > > > Before you get too enthusiastic remember that electronic cash is not > > > legal tender > > > > I have to mention, yet again, that this sort of phrasing is a product > > of the notion that digital cash is somehow a currency. It is not. It > > is an anonymous money transfer method. Saying "digicash is not legal > > tender" is sort of meaningless -- the real question is "is the > > currency being transfered legal tender". > > Yes, and if you had quoted my entire message you would get my point. > Since electronic cash is not legal tender -- just a way of transfering > legal tender -- a clearing system which administrates the "real flow of > money" must exist so that participants can exchange their "transfer > tokens" to "real" cash. It appears that you still insist on refering to the question of whether or not digital cash is "legal tender". The question isn't usually considered meaningful. When you say that "digital cash is not legal tender" you are making a reasonably meaningless statement. Its like comparing the flavor of the photograph of a dish of Chicken Kiev with the flavor of a photograph of a Granny Smith apple. Sure, you can make the comparison -- but usually people realize that there is some problem in levels -- usually one wants to compare the flavors of foods, not photographs of them. (The photographs have a taste, as do all objects, but no one in his right mind would eat them.) Are checks legal tender? No. Technically, they are not. No one ever bothers to mention this fact, however. Its not interesting. Checks are not legal tender, and neither are trucks filled with bank vaults. None the less, both are ways of transfering money. Neither is money-the-abstraction itself, but most people don't think thats noteworthy enough to make a big deal about. You mention that digital cash requires a clearing system. Thats true. Its also true that a champion marathon runner requires legs. Most people don't see fit to mention that -- it usually seems obvious. You say things like "without a clearing system digital cash is only a worthless token good for things like tolls". Thats untrue. Without a clearing system digital cash can't be used for ANYTHING. Without clearing, a bit of digital cash is just a number -- a large number with no more or less value than any one of the infinitely many other large numbers. A clearing system is INTEGRAL to digital cash. I can't just hand someone digital cash -- a clearing system has to be involved in all transactions. Perry From Rolf.Michelsen at delab.sintef.no Fri May 27 06:20:36 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Fri, 27 May 94 06:20:36 PDT Subject: ecash Press Release In-Reply-To: <9405271259.AA07252@snark.imsi.com> Message-ID: This will be the last I have to say on this matter (hear... hear...), not because it's an uninteresting matter but it has been (heavily) debated before and it's approaching weekend time in Norway :-) On Fri, 27 May 1994, Perry E. Metzger wrote: [Delete key used heavily...] > Are checks legal tender? No. Technically, they are not. No one ever I agree!! That's why they require a clearing system (which cash doesen't). A cheque has no intrinsic value (which cash have -- well, since the gouvernment says so). A cheque has value only because it can be cashed. > You mention that digital cash requires a clearing system. Thats > true. Its also true that a champion marathon runner requires > legs. Most people don't see fit to mention that -- it usually seems > obvious. You say things like "without a clearing system digital cash > is only a worthless token good for things like tolls". Thats untrue. > Without a clearing system digital cash can't be used for ANYTHING. > Without clearing, a bit of digital cash is just a number -- a large > number with no more or less value than any one of the infinitely many > other large numbers. A clearing system is INTEGRAL to digital cash. I > can't just hand someone digital cash -- a clearing system has to be > involved in all transactions. Here I think we are nearing the real issue. We agree that all electronic cash schemes require clearing, yes? The problem is that many schemes are specified without this system which means that it can't be used in real life situations. Just see (almost) any paper on digital cash. This was my intended point when commenting on the original postings. The DigiCash scheme probably is *great* but it won't be *usefull* by everybody in an open system before a clearing organization exists. Due to gouvernment regulations etc a clearing system is not trivially implemented. Since it wasn't explicitly mentioned (as a cooperation with a bank, VISA etc) I assume that it's (for the time) non existant which again means that it will take some time before this cash scheme is useable by the public at large. -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Standards are wonderful -- Email: rolf.michelsen at delab.sintef.no everyone should have one" Phone: +47 73 59 87 33 -- Ancient FORTH proverb ---------------------------------------------------------------------- From nelson at crynwr.com Fri May 27 06:23:02 1994 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 27 May 94 06:23:02 PDT Subject: Response to Uni's "Lawsuit" Message In-Reply-To: <9405270627.AA11269@toad.com> Message-ID: Date: Thu, 26 May 94 23:27:10 PDT From: Eli Brandt Maybe a telephony sort can answer this authoritatively, but I think the phone company's logs record this information even for flat-rate local calls. If not, you can do almost anything with access to a modern switch... The #5ESS running version 5E8 can log, as a matter of course, the last sixteen numbers dialed on a phone line. But as you note, it's all software. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From ddt at lsd.com Fri May 27 06:28:12 1994 From: ddt at lsd.com (Dave Del Torto) Date: Fri, 27 May 94 06:28:12 PDT Subject: (fwd) FBI infiltrates Connected.com Message-ID: <199405271327.GAA02518@netcom.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- At 1:15 pm 5/24/94 -0500, Jim choate wrote: >Recently the staff at connected. has admitted that they have "invited" >two FBI agents to roan that system. According to connected.staff these >FBI agents are looking for "hackers phreaks" and people having copywritten >programs. [...] This seems a reflection on the state of America today. >This used to be a free country, but now there is a pig or FBI agent >watching EVERYTHING you do. This is NOT the America described in the >constitution. It's not a society of free, independent people. It is a >dictatorship that must spy on it's own people in order to survive. Personally, I'm very, very distressed by reports like this. As far as I'm concerned, no FBI agent will _ever_ be "invited" to "roam" around MY systems. In fact, they'll have to tie me down, beat me with rubber hoses and put electrodes on my private parts to get anything out of me beyond my name, job title and PGP fingerprint (and that's WITH a very specific warrant and clear explanation of what they intend to do). FYI, I post the following message prominently on my systems when they boot: >> Govt Agents: All HD files are encrypted. >> Permission to monitor is denied by Title 18 USC 2511 & 2703. I'm not sure *exactly* what legal protection this entitles me to, but I (perhaps foolishly) at least _feel_ better when I see that screen come up before a system asks for the password to continue booting/mounting volumes. If one of us has the text of those particular passages in the USC, or the ftp site where they reside, I would be interested in fetching and reading the specific text and posting it for all my users to read. I wonder if: [1] connected.com users have been made aware of this "invitation" [2] they intend to remain after the staff has done this [3] anything illegal was in fact discovered and WHERE [4] the FBI has followed up on anything they discovered I hope you keep us informed about this, Jim... dave -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLeXx/aHBOF9KrwDlAQH1HgQAjTg1dHilHRu0pbZfnj+BTsw1eFUxJigG TO0q+LVq4S8GReKQRO6yyZw20WgCBz1g5ElsJvnSHqitBqLs7YbhTEEtEfIFXjlb SZciZ+Q44rzxpeI5BE42e89K5Vi/KKY9H89rK6v5pk1rCUhLzv0FBtY1Mz0Wz9Q4 rdU0Kc/zd2c= =Vkho -----END PGP SIGNATURE----- dave --- Dave Del Torto ----------- "drag me, drop me, treat me like an object" --- Level Seven Design +1.415.334.5533 vox 80 Alviso Street/San Francisco CA 94127-2841 USA +1.415.334.0700 fax --- ------------------------------------------------------------ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCNAitfCt4AAAEEANk+zWV0Z1tnxsJm25BAvH2NI68RbNOaumDofJgVUL9BePQI HNNbOdu4gAmhcEXMvFVwu3vju4nh9qnzz7lYpw5Yh6TcgVI+vb9OsljfAR+ibhDN j5ParKfwZ+mexOCAfrgdt1z71XLY588qxs70ha6u76dvxUsdw6HBOF9KrwDlAAUT tB1EYXZpZCBEZWwgVG9ydG8gPGRkdEBsc2QuY29tPg== =U20R -----END PGP PUBLIC KEY BLOCK----- From nelson at crynwr.com Fri May 27 06:30:12 1994 From: nelson at crynwr.com (Russell Nelson) Date: Fri, 27 May 94 06:30:12 PDT Subject: ECASH HOLY GRAIL? In-Reply-To: <199405270429.AA24581@world.std.com> Message-ID: Date: Fri, 27 May 1994 00:29:50 -0400 From: kentborg at world.std.com (Kent Borg) P.S. Have you people developed any special mailbox filters to help deal with high-volume lists like this? Yeah, it's called the 'd' key. If the first 25 lines of the message are not interesting, it gets deleted. Grab the reader with your first paragaph! -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From jeffb at sware.com Fri May 27 06:46:35 1994 From: jeffb at sware.com (Jeff Barber) Date: Fri, 27 May 94 06:46:35 PDT Subject: creating a v2.6 of PGP for the REST of us! In-Reply-To: <24363.9405262031@lt1.cs.rhbnc.ac.uk.> Message-ID: <9405271259.AA14586@wombat.sware.com> >Maybe instead of many people producing different patches (some of which will >be good and some bad) a new version (labelled as v2.6euro?) should be >released from outside the USA that is derived from 2.3a code; therefore >producing a version that is no different in _appearance_ to MIT's v2.6. > Also, some ftp sites and bulletin boards outside the USA >don't like carrying software that was illegally exported. A special non-USA >version of 2.6 would allow everyone to be happy and compatible. While creating a 2.6-like version from 2.3a seems a worthy goal, this supporting argument is flawed. The original PGP was written in the USA and, never having received the proper export approvals, must have been "illegally exported." Isn't Phil Zimmerman being "investigated" by a grand jury for this even now? So, it would seem to me that a bulletin board carrying any version of PGP holds illegally exported software (wrt US law). How does 2.3a differ from 2.6 in this respect? -- Jeff From gtoal at an-teallach.com Fri May 27 07:14:10 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 27 May 94 07:14:10 PDT Subject: UNICORN VS. TMP@NETC Message-ID: <199405271414.PAA07011@an-teallach.com> : From: Bob MorrisG : GT> Of course, no-one has considered the possibility that the tmp at netcom p : GT> was manufactured and played out over time solely in order to boost the : GT> credibility of the 'uni' persona :-) [does anyone have any proof that : GT> *either* of these people exist in real life : Aha, that means that you must be them too, huh??? Well, according to our hero David Sternlight, I'm the person behind Iolo Davidson! (Bwaha...etc.) (Wonder if I sue sue him - seems to be the new vogue internet game at the moment :-) ) G From tsumjf1 at asnmail.asc.edu Fri May 27 07:21:44 1994 From: tsumjf1 at asnmail.asc.edu (Jeffrey L. Frost) Date: Fri, 27 May 94 07:21:44 PDT Subject: version 2.6? In-Reply-To: <9405271259.AA14586@wombat.sware.com> Message-ID: This is probably a stupid question, but where is PGP 2.6 available for anon FTP? I've only been able to find v. 2.5 so far. If someone could please send me a good FTP address I would be very appreciative. --- ************************************************************************* ** Jeffrey L. Frost (Jeff please) * This was forwarded to me by a friend in the UK. I don't know whether this guy knows about digital cash. I will forward Mr. Mullally the DigiCash announcement, and ask him onto the list. It's not anonymous, but uses crypto. It's good to see more attention being paid to commerce mechanisms on the net. -Russell --- Forwarded mail from igeldard at capital.demon.co.uk --------------------------------- cut here ----------------------------- Path: capital.demon.co.uk!demon!uknet!EU.net!howland.reston.ans.net! news.cac.psu.edu!news.pop.psu.edu!psuvax1!news.cc.swarthmore.edu! netnews.upenn.edu!msuinfo!news From: mullally at studentm.msu.edu (Sean Mullally) Newsgroups: alt.cyberspace Subject: Internet electronic checking Date: 25 May 1994 00:28:11 GMT Organization: msu Lines: 101 Message-ID: <2ru62r$n7q at msuinfo.cl.msu.edu> Reply-To: mullally at studentm.msu.edu NNTP-Posting-Host: via-annex4-6.cl.msu.edu X-Newsreader: WinVN 0.90.4 * Net Check FAQ * ----------------------------------------------------------------------------- a concept by Sean Mullally (mullally at studentm.msu.edu) Telecommunications student, Michigan State University ----------------------------------------------------------------------------- What is a net check? Simply put, net checking is to standard paper bank checks what email is to the postal service. It is a way for internet users to perform person-to-person electronic monetary transactions. The closest thing to it today is to give a credit card number on which the amount of the transaction is charged. This has two obvious disadvantages. First, the payer must trust the recepiant not to overcharge the account. Second, the recepiant must be set up to accept credit cards. This rules out the average user. Net checks are a more secure, more practical protocal for person-to-person transactions. Is this going to mean I have to pay for my Internet use? No, this will allow you to send money instantly to any fellow internet user for whatever reason you or he want. How does it work? It is fundementaly the same as writing a paper check. You send a net check to your recepiant via internet email. The recepiant then "cashes the check" by forwarding it via email to his financial institution, with instructions on where to put the money. The recipiant's bank then transfers the funds from the payer's account at his bank. What good is it? A net check provides a way for users of the internet to engage in person-to-person monetary transactions with out the hassle of (not to mention the time requirements of) "snail-mailing" paper checks. No really, technically, how does it work? OK, heres the details. Every time you send a net check, you send a copy to your recipiant and a copy to your bank. Both copies are encrypted with public key encription to make sure only the right people recieve them. They also have digital signatures, so both the bank and your recipiant are sure you are indeed the sender. Upon reciept, the recipiant (or his daemon) submits the check to his bank via email to be cashed. If the payer and recideant have the same bank, the money is transfered then, if not, the banks use the existing mechanism used today to transfer the funds for standard checks. A net check is basicly a text email message with 5 parts which is then encrypted with a public key method and given a digital signature. The 5 parts are as follows: 1. SENDERS ID The senders full legal name, email address, and possibly his account number at his bank 2. RECEPIANTS ID The senders full legal name and email address. 3. $ AMOUNT OF CHECK (This should be obvious) 4. SEQUENCE NUMBER OF CHECK Same as standard checks. 101,102,103,104...ect Each net check has a unique sequential number, and each number has one corrosponding check. 5. SECURITY ARGUMENT. This is what makes the system work. The security argument is a very large random number. Upon recieving their copy of your check, the bank uses this number to varify the authenticity of checks trying to be cashed. It would look something like this: ------------------------------------------------------- From: smith at puter.org (Tomas Smith) 143-3234-52214-3 Seq: 104 To: jones at hayes.com (Fred Jones) Amount: US$75.00 Sec-arg:1243865710710298749127849123874921048721097421 ------------------------------------------------------- Is this system secure? If impleminted properly, this system should be secure. Lets consider various attempts at fraud. Someone you never wrote a check to tries to make up a check from you and cash it. This one is easy, if he uses a sequental number you have already used the check is rejected. If he uses a sequential number you have used on a check that is outstanding, the bank has a copy of the check and will not pay out to anyone put who it is written to, for the amount it is written. He cannot use a sequential number that you have not reached, since the bank must recieve a copy of the check from you for it to be accepted. Also he cannot forge a check copy to your bank in your name, thanks to the digital signature technology that will be used with all copies of the check. Thus the system is as secure as the digital signature algorithim that is used. The intended recipiant cannot recieve more than intended since you have authorized the bank only to pay out X amount to this person. And since the bank will honor one and only one check with a given sequential number, the recipiant cannot submit multiple copies. Like many any secure system, it's weakest point it the human interface. Assuming good public key encryption and digital signature schemes, this system could be make nearly fraud proof. Anything else? Yea, if you have any ideas or suggestions email me and let me know. I'm trying to get some discussion going on what would be a good format for this. --------------------------------- cut here ----------------------------- --- End of forwarded mail from igeldard at capital.demon.co.uk -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From paul at hawksbill.sprintmrn.com Fri May 27 07:37:21 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Fri, 27 May 94 07:37:21 PDT Subject: version 2.6? In-Reply-To: Message-ID: <9405271539.AA10787@hawksbill.sprintmrn.com> > > This is probably a stupid question, but where is PGP 2.6 available for > anon FTP? I've only been able to find v. 2.5 so far. If someone could > please send me a good FTP address I would be very appreciative. > You may not find it for anonymous FTP at this point, but you get obtain it directly from MIT: Date: Mon, 16 May 94 14:04:01 -0400 Message-Id: <9405161804.AA08573 at big-screw> From: Jeffrey I. Schiller To: cypherpunks at toad.com Subject: PGP 2.5 Beta Release Over, PGP 2.6 to be released next week -----BEGIN PGP SIGNED MESSAGE----- The beta version of PGP 2.5 is now being removed from MIT file servers. In about a week, MIT will begin distribution of a new release numbered PGP 2.6. PGP 2.6 will incorporate a new version of RSAREF, scheduled for release by RSA Data Security next week, and will also correct bugs that were reported in PGP 2.5. In order to fully protect RSADSI's intellectual property rights in public-key technology, PGP 2.6 will be designed so that the messages it creates after September 1, 1994 will be unreadable by earlier versions of PGP that infringe patents licensed exclusively to Public Key Partners by MIT and Stanford University. PGP 2.6 will continue to be able to read messages generated by those earlier versions. MIT's intent is to discourage continued use of the earlier infringing software, and to give people adequate time to upgrade. As part of the release process, MIT has commissioned an independent legal review of the intellectual property issues surrounding earlier releases of PGP and PGP keyservers. This review determined that PGP 2.3 infringes a patent licensed by MIT to RSADSI, and that keyservers that primarily accept 2.3 keys are mostly likely contributing to this infringement. For that reason, MIT encourages all non-commercial users in the U.S. to upgrade to PGP 2.6, and all keyserver operators to no longer accept keys that are identified as being produced by PGP 2.3. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQBVAgUBLdezEVUFZvpNDE7hAQGRhAH+KACuaOfMynsL9QGmJpp9ToWEJB+1OFGb whoZbHbw/H268zIrFoCcm24UITcBiIcuSsk3ydpMyFTb/YBgIbzgqQ== =EbV1 -----END PGP SIGNATURE----- From jpp at jpplap.markv.com Fri May 27 07:55:31 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Fri, 27 May 94 07:55:31 PDT Subject: GI based PK cryptosystem. Message-ID: Ok, here it is. I currently belive that this publishing makes the system un-patentable by anyone but me (and I can only patent it in the US, not in the EC). It is my intent that this algorithm be unfettered by copyright, liscence, trademark, patent, or any other icky intelectual property right. So let me state here that the algorith is in the public domain. I release all copyright to it. There, i hope that does it. But if I'm wrong, oh well. I don't think there is much economic worth in this scheme. But, I would be happy to be proven wrong! I expect that the odds that this system actually work are pretty long. But I've been over it too much, and can't see any holes, its time for others to poke at it. Besides, I like the tase of crow. j' This is an -*-outline-*- of my public key crypto system (setq outline-regexp "[!$=*]+") (setq paragraph-start "^[ ]+\\|^[!$=*]+") (setq paragraph-separate "^[ ]*$\\|^[!$=*]+") * Informal introduction ** Description of the system *** Key generation In total secrecy, Andy generates two graphs, one for encoding 1's and the other for encoding 0's. He then openly publishes these two graphs. *** Sending a bit In total secrecy, Beth selects one of the two graphs, and generates a new graph isomorphic to the selected graph based. Then Beth publicly sends the new graph to Andy. *** Recieving a bit To decrypt which bit Andy recieved, he must determin which graph Beth selected, and permuted. He must solve one case of the GI problem. To make this easy, he has hidden trapdoor indentifiers in the published graphs. Using my special JGI algorithm, and the trapdoor identifiers, Andy will be able to discover which bit Beth sent. *** The trapdoor information To make hiding a trapdoor identifier possible, Andy also publishes a labeling of the two graphs. For each node and each edge in the published graphs, Andy associates a labeling string. (He uses 2k-bit binary numbers as labels.) When he constructs the graphs, Andy insures that each one has a Hamiltonian Circuit. The trapdoor information is the labeling of the Hamiltonian Circuits of the two graphs. Naturally, each graph has a different Hamiltonian Circuit from the other, with a different labeling. ** Informal security argument For Eve to be able to determin the bit sent from Beth to Andy, she must be able to either solve instances of the Graph Isomorphism problem, or find the trapdoor identifier in the graph that Beth sends to Andy and also in the two published graphs. (I will ignore the posibility that Andy's and Beth's 'total secrecy' is penetrable by Eve. She might have psychic powers, or access to sophisticated spying technology. If this is the case, too bad for Andy and Beth.) *** The Graph Isomorphism problem Graph Isomorphism (GI) is a problem for which people believe there is no polynomial time solution. Although GI is belived to be easyer than problems known to be NP complete. So we belive that Eve has a fairly hard problem ahead of her, although the problem might not quite fit the usual definition of intractable. *** The Hameltonain Circuit problem Instead Eve could try to discover the trapdoor information. But since the Hamiltonian Circuit Decision problem is NP complete, and since NP complete problems are (belived) at least as hard as GI, it doesn't seem that there is much profit for Eve to try this aproach. * The formal version ** Key generation For a particular security parameter k, the published key consists of an ordered pair of graphs . G0 is used for sending 0 bits, and G1 for sending 1 bits. Both G0 and G1 contain 2^4k nodes, and 2^4k*2^2k==2^6k edges. Each graph contains a Hameltonian Circuit. Each node, and each edge of each graph is labled with a member of {0,1}^k (the set of bit strings k bits long). Each node has exactly 2^2k outgoing edges (and 2^2k incomming?). To construct a graph, begin with a random set of labled nodes. Construct the Hameltonian Circuit by adding edges from vi to vj, each with a random label. Note (one of) the string(s) which is formed by appending the node and edge lables in order along the Hameltonian Circuit. This is the trapdoor information which makes the graph isomorphism problem easy. Next add edges to the graph until each node has exactly 2^2k outgoing edges, label each edge at random. (Here is where I should talk about how the GI problem is only rarely hard, and that the edges labeled at random garantees that we _sometimes_ land in the hard susbset of the GI problem. It would be nice to make a better construction which always landed in the hard subset of GI. But this is likely to be a hard research problem. Oh well.) ** Sending a bit Reciever sends two graphs as described above to the sender. The sender decides which bit to send -- 1 or 0. The sender then selects a permutation P of the nodes of the apropriate graph. The sender then sends the isomorphic graph defined by the permutation P to the reciever. The reciever uses my GI algorithm to determin which graph was sent. ** Recieving a bit The reciever runs the folowing algorithm twice in parallel, and the algorithm to finish first determins which graph was sent. The other algorithm is terminated (since its result is unnecesary.) *** Description of the algorithm The JGI algorithm takes as input a trapdoor string T of labels (tni, and tei are strings of binary digits), and a graph G= of |V| nodes. It either halts and accepts the input, or halts and rejects the input. After initializing, the algorithm will halt in exactly V iterations of the main loop. **** Initialization For each node v in the graph, if the node's label matches the first label in the trapdoor, create a set sv containing v. Also create a pair pv of . Finally add the pair pv to the active set. Remove the first label from the trapdoor string. **** Main Loop While the trapdoor string T is not empty and the active set is not empty, do the Outer Loop. After performing the outer loop, make the next active set be the active set, and then remove the first two labels from the trapdoor string. ***** Outer Loop For each pair pi= in the active set, do the Inner Loop. ****** Inner Loop For each edge e= in E where vi==vj, if T's first label matches e's label, and if vk is not in svi, and if T's second label matches vk's label, then add the pair pi'= to the next active set. **** Final step If the trapdoor string is empty, halt and accept. If the active set is empty, and the trapdoor string is not, halt and reject. *** Proof of polynomial time and space behavior (This is a little weak, but I belive it can fly.) The main loop executes no more than |V| times since the trapdoor string contains exactly |V| node labels, and each iteration removes one of them. The important question is how many new pairs are added to the next active set, for each pair in the active set, by the outer and inner loops. For one of my graphs, the expected number is (less than) one. To see this note that the product of number of edge labels and the number of node labels equals the numbe of edges leaving a node. However, the test to see if the new vk is already a member of the old svi reduces this number. ** Proof of security The evesdropper must solve the GI problem for the subset of graphs constructed, or must discover the trapdoor information, and use my GI algorithm. To show how hard this is, I will show that GI of the subset of graphs generated is (polynomial time) GI complete, and I will show that discovering the trapdoor information is as hard as the Hameltonian circuit path discovery problem. *** The reduction to HP Now how am I going to do this? Ideas are solicited. *** The reduction to GI (All I actually present are the constructions for the reductions. I don't proove that isomorphism and (where apropriate) hameltonian posetion is retained. But I am convinced. Just tiered of typeing.) I will write GI for graph isomorphism, LGI for labeld graph isomorphism, HLGI to Hameltonian posesing labeled graph isomorphism, FAHLGI for fixed (at |V|^1/2) arity Hameltonian posesing labeled graph isomorphism. The subset of graphs that are generated in the key generation process are exactly those of the FAHLGI problem. (This is true by construction.) **** FAHLGI <= GI <= FAHLGI I will now prove that FAHLGI <= GI <= FAHLGI. I will prove this by the chain FAHLGI <= HLGI <= FAHLGI, HLGI <= LGI <= HLGI, LGI <= GI <= LGI. ***** FAHLGI <= HLGI <= FAHLGI ****** FAHLGI <= HLGI Obvious: Since FAHLGI is a subset of HLGI, a HLGI algorithm will work just fine when given graphs from the FAHLGI problem. ****** HLGI <= FAHLGI Replace each node with a clique of size |V|. Label the nodes in the clique as the original node, and the edges in the clique 00. For each ordered pair of nodes in V^2, add an edge from one of the nodes in the clique for v1 to one of the nodes in the clique for v2. Label the new edge 11x if the there is an edge in E and its label is x, label the new edge label 10x for some random x, if is not in E. ***** HLGI <= LGI <= HLGI ****** HLGI <= LGI Obvious: Since HLGI is a subset of LGI, a LGI algorithm will work just fine when given graphs from the HLGI problem. ****** LGI <= HLGI For each v labeled x, construct v', v'' labeled 0x and 1x resp. For each v', and each v'', add the edges and each labeled 0x for some random x. For each e= in E labeled x add e'= labeled 1x. ***** LGI <= GI <= LGI ****** LGI <= GI For each node label add a new node, and an edge from the new node to each of the nodes so labeled. For each edge, add an intermediate node. For each label of the edges, construct a new node, and edges from it to the new edge nodes. ****** GI <= LGI Obvious construction: give each node and edge the label 0. From peace at BIX.com Fri May 27 08:47:24 1994 From: peace at BIX.com (peace at BIX.com) Date: Fri, 27 May 94 08:47:24 PDT Subject: Unicorn suit Message-ID: <9405261615.memo.72280@BIX.com> ciber city> Despite your protestation, "I also don't like to be a bully", it seems to me that your pursuit of this case was predicated on your ability to be a bully and an insider. unicorn>This is often the case with lawsuit and any human endeavor. I'm sorry everyone isn't on equal ground in the world. I personally prefer the ability to resort to a civil system of litigation than to have some highly institutionalized, standardized, process that could only be provided by big government. At what price equality? I sometimes find it difficult to agree with Tim May and his anarchist tendencies, but you, Unicorn, have made me wish for exactly that. How can anyone be in favor of big government and crypto privacy. This makes you sound like a hypocrite! It seems that Detwiler, and his tentacles, have performed a valued, if labored, service here. Anonymity may have its uses, but it has abuses as well. It is not the least bit clear from his posting whether Unicorn supports anonymity or not. Neither is it clear whether any of the rest of the punks really support anonymity. Peace From forsythe at usw.nps.navy.mil Fri May 27 08:58:45 1994 From: forsythe at usw.nps.navy.mil (Carl R. Forsythe) Date: Fri, 27 May 94 08:58:45 PDT Subject: Privacy Issues (Long) Message-ID: <199405271557.IAA10395@spray.usw.nps.navy.mil> This document first appeared in the Whole Earth Review magazine. It appears here with the permission ofthe author, Robert Luhn who retains the copyright. >From PCWLuhn at aol.com Thu May 26 15:49:45 1994 >Carl: >Sounds ok by me. A couple of things you must do, however: >1. You must note that the article is: Copyright 1993 Robert Luhn, All rights reserved >2. That the article first appeared in Whole Earth Review, Fall 1993 issue >3. And if anyone wants to contact me, they can do so at PCWLUHN at AOL.COM. >If that's ok, lemme know and you can post away! >Yours, >Robert Luhn -------------------------------------------------------------------------- This is a "toolkit" of resources and informtion about privacy. It is divided into reviews of: ----> Books ----> Newsletters and Journals ----> Reports/Pamphlets ----> Advocacy Groups ----> Online Resources for Computer Users and ----> Other resources THE WHOLE EARTH PRIVACY TOOLKIT by Robert Luhn Copyright 1993 Robert Luhn 1022 Curtis St. Albany, CA 94706 MCI Mail: 302-9347 Internet: pcwluhn at aol.com America Online: PCW LUHN "Privacy is the most comprehensive of all rights...the right to one's personality," wrote Louis Brandeis for the <>, back in the musty pre-fax 1890s. But Judge Thomas Cooley, an obscure contemporary of Brandeis', probably put it better: "Privacy is the right to be let alone." Unfortunately, our clever founding fathers neglected to mention privacy specifically in either the Constitution or the Bill of Rights. The fourth amendment does secure you from "unreasonable searches and seizures", but it doesn't prevent your boss from bugging the company bathroom, a federal employer from demanding a urine sample, or your nosy neighbor from tapping into your cordless phone conversations with a police scanner. In sum, your safeguards against government, corporate, and freelance snoopers are pretty slim, dependent on a handful of narrow federal and state laws and scattered court precedents. California and a few other states embed broad privacy protections right up front in their constitutions, but this is an exception, not the rule. So don't leave home without protection. If you want to protect your credit rating, prevent your boss from rifling through your email, or keep the government out of your bladder, peruse this compendium of vital privacy resources that no one should be without. There's something here for everyone, from the casual reader to the privacy buff. ----> Books Your Right to Privacy This omnibus pocket guide from the ACLU covers just about every privacy issue under the sun, such as what an employer can disclose from your personnel records, confidentiality of AIDS tests, who can ask for your Social Security number, how to correct government records, and how to deal with sneaky private investigators. "If there's enough money, you can get anything" boasts one anonymous PI in the book. "You have to find the weak link in the chain and go for it!" The book doles out advice in an accessible question and answer format, and includes just enough history to give you the proper context. If you buy only one book, buy this one. <> Evan Hendricks, et al, 1990; 208pp. $7.95 from Southern Illinois University Press, P.O. Box 3697, Carbondale, IL 62902-3697, or the ACLU. Steal This Urine Test If you've been asked to fill this cup, please, steal this book. "Fighting Big Brother's Bladder Cops!" shouts the back cover, and nothing could be truer. This classic 1987 volume by the late rabble rouser Abbie Hoffman is still in print--a testament to the growing acceptance of drug testing in America. Dear Abbie gives you scoop on everything: the history of drugs and the government's drug paranoia, the culture of employee surveillance, the facts (pro and con) about drug use, the inaccuracy of drug testing, and of course, how to <> a urine test, just in case. <> Abbie Hoffman and Jonathan Silvers, 1987, 262pp. $7.95 from Viking Penguin Privacy for Sale What happens to that "confidential" credit form you fill out? To that workers compensation claim? <> reporter Jeffrey Rothfeder knows, and it isn't pretty. Rothefeder's book exposes the shadowy information underground--the marketplace where credit agencies, the IRS, private investigators, direct marketers, and other "data cowboys" legally and illegally acquire and sell sensitive information on just about anyone. To demonstrate the lax safeguards, the author easily nabs copies of both Dan Quayle's and Dan Rather's credit reports. Rothfeder's wry book is a cautionary tale of how our new electronic wild west of private and governmental databases threaten personal privacy, the economy, and more. <> Jeffrey Rothfeder, 1992, 224pp. $22 from Simon & Schuster Undercover: Police Surveillance in America Gary Marx knows about undercover police first hand. When the future MIT sociology professor was a student at UC Berkeley, his student organization promoting racial equality was nearly destroyed when the treasurer--a police agent--embezzled the group's funds. But Marx's book looks beyond political policing and tackles a tougher question: In the face of rising crime and political corruption, when is undercover police surveillance warranted? Marx examines this and many other uncomfortable questions in this surprisingly readable and lively book for academics and policy analysts, and arrives at a rather startling conclusion: "In starting this book, I viewed undercover tactics as an <> But, in the course of research I have conluded, however reluctantly, that in the United States they are a <>." An extensively researched book that specialists--and some general interest readers--will find absorbing. <> Gary T. Marx, 1988, 284pp. $11.95 from University of California Press Privacy: How to Get It, How to Enjoy it This book is a Mulligan's stew of privacy advice, philosophy, resources, humor, and a little conspiracy paranoia thrown in for good measure. But as you read story after story--the "little Einstein" who hacked into 21 Canadian computer systems, banks blithely (and illegally) sharing depositor information with just about anyone--you begin to see the author's point of view. <>'s pithy chapters identify key privacy abuses (from credit card scams to the 24 federal agencies that gather intelligence on Americans), offers pointed remedies, explains obscure laws that help you keep a low profile, and suggests books to read. Sometimes the advice is right on ("consider the use of mail-drop services") and sometimes downright weird ("you and your friends might try learning an obscure foreign language to promote privacy"). Either way, it's a fascinating, eclectic read. Note: Eden Press offers half a dozen other privacy books, from <> to <<100 Ways to Disappear and Live Free>>. For the privacy anarchist within. <> Bill Kaysing, 1991, 128pp. $18.95 from Eden Press, P.O. Box 8410, Fountain Valley, CA 92728 Privacy in America David Linowes is one of the privacy experts that every writer cites, and with good reason--his knowledge is encyclopedic. Although this book mirrors <> in focusing on the abuse of computerized personal data, Linowes' thoroughly researched and chilling anecdotes will get your blood boiling. The book embraces everything from genetic screening to electronic fraud, showing time and again how privacy laws and other safeguards are regularly flouted by government and business alike. The book is light on advice, but its overwhelming evidence, copious studies, surveys, and polls make it worth the price. <> David Linowes, 1989, 192pp. $19.95 from University of Illinois Press, 54 East Gregory Drive, Champaign, IL 61820 How to Get Anything on Anybody Want to learn how the pros tap a phone, surreptitiously videotape someone, tail a bad guy, or crack into a "secure" computer? This ultimate hardware catalog-cum-how-to-manual for professional snoopers tells all, and even notes where you can buy neat-o spy stuff. It's also a boon for less nosy folk, says author Lapin, because "the first time someone kicks you right in the privacy act" you'll be prepared. If nothing else says Lapin, remember this: "law enforcement agencies are only the tip of the electronic eavesdropping iceberg. Most bugs are planted by people to spy on their spouses or to gain an advantage in business." <> Lee Lapin, 1991, 224pp. $38 postpaid from ISECO Inc., 2228 S. El Camino Real #349, San Mateo, CA 94403 Other books of interest: <> (M.L. Shannon, $23.95 postpaid, Paladin Press). A companion volume to Lee Lapin's books, with emphasis on showing you how to protect yourself from electronic eavesdropping. <> (Robert Ellis Smith, $14.50, Privacy Journal). Not for casual readers, but if you have an interest in the law and the historical underpinnings of privacy rights (from torts to "fair information" practices), this book is for you. <>. (Frank Donner, $34.95, UC Press) An exhaustively researched book on repressive police tactics over the last 30 years, with much coverage devoted to covert surveillance, and the illegal compilation and distribution of dossiers. <> (Alexander Charns, $24.95, Univ. of Illinois Press). You think you've got it bad? A gripping tale of how Hoover's FBI bugged, harassed, and otherwise attempted to manipulate the Supreme Court during the '50s and '60s. <> (John Carroll, $45, Butterworth-Heinemann). The skinny on private and public databases--who maintains what data on whom and what rules (if any) regulate how that information is disseminated. A slow read, but a valuable sourcebook. <> (Marcus Farbenblum, $32.50, McFarland & Company). Although the subject's arcane, this readable guide details how the IRS withholds records and obscures it own procedures--and how you can make the IRS "tell you everything you have a right to know". ----> Newsletters and Journals Privacy Journal This indispensable 8 page monthly digest covers key privacy stories, legislation, abuses, and trends in the U.S. and abroad, with a special focus on computerized information and telecommunications. Publisher and gadfly Robert Ellis Smith has been puttin out <> for nearly 20 years, frequently testifies before Congress on privacy legislation, and is a constant thorn in the side of credit bureaus. An accessible guide that will inspire you to get mad. Note: <> also publishes a number of useful reference books and studies. <>, P.O. box 28577, Providence, RI 02908, 401/274-7861. Subscription: $109/year; Special <> discount: $35/year. Privacy Times This biweekly 10 page newsletter put out by Evan Hendricks is more news oriented and more timely than <>. If you're a privacy maven, you'll appreciate the in-depth coverage (such as why the Bush administration tried to shut down the FOIA office), and the summaries of recent court rulings affecting privacy. <>, P.O. Box 21501, Washington, DC 20009, 202/829- 3660, 202/829-3653 (fax). Subscription: $250/year for 26 issues ($225 prepaid) geneWatch Worried about who's peeking in your genes? This bi-monthly newsletter is a one-stop source for news about the social, political, and ethical consequences of genetic engineering. Topics range from how insurers use genetic testing to weed out "bad" risks, to DNA identification, as well as non-privacy related issues. <>, Council for Responsible Genetics, 19 Garden St., Cambridge, MA 02138, 617/868-0870, 617/864-5164 (fax). Subscription: $15-$30 for six issues ----> Reports/Pamphlets "If An Agent Knocks: Federal Investigators and Your Rights" This bargain pamphlet is the ultimate how-to privacy guide. Using a simple question and answer format, you learn what to do if a federal agent tries to question you, the scoop on agencies that gather political intelligence, how the feds infiltrate political organizations, and much more. In English and Spanish. $1 from the Center for Constitutional Rights, 666 Broadway, New York, NY 10012, 212/614-6464 "How to Use Freedom of Information Statutes" Curious about what Big Brother has on you? This informative guide shows you how to use the Freedom of Information Act (FOIA) and California Public Records Act to access files maintained on you by the government. You learn what's open and what's exempt, and how to make a request (sample letters are included); relevant addresses and copies of the two acts in question are included. $12 from the Freedom of Information Project, 102 Banks St. San Francisco, CA 94110, 415/641-0651 "Your Right to Privacy" This special report written for the <> is an excellent introduction to personal and workplace privacy. Plusses: a summary of federal privacy laws, a table detailing privacy laws by state, and tips on how to protect yourself. $7, January 20, 1989 Editorial Research Report, Congressional Quarterly Inc., 1414 22nd St. NW, Washington, D.C., 20037, 202/822-1439 "Genetic Monitoring and Screening in the Workplace" (S/N 052-003- 01217-1) and "Medical Monitoring and Screening in the Workplace" (S/N to come) For privacy and medical buffs. These two reports from the Office of Technology Assessment aren't exactly light reading, but they contain a wealth of information about the state of genetic testing; the ethical, political and privacy implications; surveys on use and attitudes; and copious references. $12 each from the Superintendent of Documents, Government Printing Office, Washington, D.C., 20402-9325, 202/783-3238 "Privacy Law in the United Sates: Failing to Make the Grade" This 32 page report by the US Privacy Council and the Computer Professionals for Social Responsibility (CPSR) spotlights the huge gaps in American privacy laws, lax enforcement by federal agencies, and argues persuasively for the creation of a national data protection board. Somewhat technical, but a good source. $10 from CPSR, P.O. Box 717, Palo Alto, CA 94301, 415/322-3778, Internet: cpsr at csli.stanford.edu "Protecting Electronic Messaging: A Guide to the Electronic Communications Privacy Act of 1986" Is an email message as protected as the U.S. Mail? A phone call? A conversation in the company cafeteria? This pricey and somewhat technical guide clarifies this and other questions, helps employers interpret federal law, and if nothing else, will motivate your boss to adopt strict guidelines on email privacy. $195 ($55 for members), Electronic Mail Assocation, 1555 Wilson Blvd., Suite 300, Arlington, VA, 22209-2405, 703/875-8620. ----> Advocacy Groups American Civil Liberties Union There's no national 911 for privacy emergencies, but the ACLU is the next best thing. This granddaddy of all privacy organizations lobbies, educates, and sues on just about every privacy front. Your local ACLU chapter is a resource for cheap reports covering many privacy concerns (from student rights to FOIA access), can offer legal referrals, and in certain cases, represent you in court. Membership: $20/year. ACLU, 122 Maryland Ave. NE, Washington, DC 20002, 202/544-1681 Electronic Frontier Foundation The EFF was co-founded by <<1-2-3>> creator and former Lotus Development chairman Mitch Kapor to "promote privacy services for network users and examine the interaction of computers and society." In short, EFF advocates electronic democracy in all its forms, and is a force in ensuring that new communications technologies are open to everyone and receive proper Constitutional protection. The group lobbies Congress and various federal agencies, defends users wrongly accused of computer crimes, educates and publishes reports, sponsors various conferences, provides legal referrals and counseling, and sometimes sues federal agencies under the FOIA. <>, the EFF's newsletter packed with tips, information, and recent testimony, is posted on popular online services and electronic bulletin boards. Membership: $20/year (students); $40 (regular); $100 (corporate). Electronic Frontier Foundation, 155 Second Street #35, Cambridge, MA 02141, 617/864-0665, 617/864-0866 (fax) Computer Professionals for Social Responsibility Like the EFF, CPSR is concerned about civil liberties, computing, and telecommunications. The well-regarded group has testified at more than a dozen Congressional hearings, led the campaign to stop the FBI's wiretap proposal earlier this year, and recently recommended privacy guidelines for national computer networks. Current CPSR priorities include medical record privacy, curbing the misuse of Social Security numbers, and promoting privacy for communications users. Membership: $40/year (basic); $75/year (regular). CPSR, P.O. Box 717, Palo Alto, CA 94301, 415/322-3778. National Consumers League For activist consumers and workers, NCL is the party to join. The group tackles everything from food irradiation to workplace safety to telemarketing fraud. But the NCL has a special place in its heart for privacy issues, and recently commissioned a national survey on workplace privacy. The bimonthly <> reports on these and other issues. Membership: $20/yr. National Consumers League, 815 15th Street NW, Suite 928-N, Washington, DC 20005. 202/639-8140 Privacy International Like Amnesty International, Privacy International is a global organization dedicated to fostering human rights--in this case, privacy rights. Only 2 years old, PI's first task is to sound the alarm over privacy abuses throughout the world and to push for the adoption of practices that "guard against malicious or dangerous use of technology". PI raises awareness internationally about privacy assaults, repressive surveillance practices, coordinates privacy advocates around the world, and like Amnesty International, monitors and reports on abuses country by country. Members also receive the <>, a quarterly newsletter with privacy reports from around the world, legislative updates, and news on related civil liberties issues. Membership: $50. Privacy International, c/o CPSR, 666 Pennsylvania Ave. SE, Washington, DC 20003. ----> Online Resources for Computer Users CompuServe CompuServe is the Macy's of online services--there's something for everyone. Privacy buffs should check out the Electronic Frontier Foundation (GO EFFSIG), whose rallying cry is "Civilize Cyberspace!". EFFSIG offers online conferences, Q&A with EFF staff, and a well-stocked library that includes back issues of <>, essays on privacy issues, online cyberpunk magazines, and more. Other relevant special interest groups (SIGs): "The Journalism Forum" (GO JFORUM), which focuses on privacy, ethics and journalism; "The Legal Forum" (GO LAWSIG), which includes chitchat and papers about privacy and telecommunications law; and the "Legal Research Center" (GO LEGALRC), an online legal search service that includes indexes for over 750 law journals, studies, publications, plus access to a handful of legal databases. Membership: $39.95 one-time fee, plus $7.95/month. CompuServe, 5000 Arlington Centre Blvd., P.O. Box 20212, Columbus, OH 43220, 800/848-8199 The WELL This laid-back online service is <> online privacy resource. Put out by the same people who, gosh, put out <>, the WELL offers a cornucopia of databases, online conferences, electronic mail, access to USENET "newsgroups" (including privacy groups), and much more. Three forums are largely dedicated to privacy issues: EFF (Electronic Frontier Foundation), CPSR (Computer Professionals for Social Responsibility), and CFP (Computers, Freedom & Privacy). You get online privacy experts, conferences, updates on legislation, the status of court cases, and a chance to truly interact with privacy professionals. The WELL's interface is a little clunky, but you won't find more privacy resources online anywhere. Subscription: $15/month, $2/hr of connect time. The WELL, 27 Gate Five Road, Sausalito, CA 94965-1401, 415/332-4335 (voice), 415/332-6106 (modem) ----> Other resources: Privacy Rights Clearinghouse Hotline 1-800-773-7748 10am to 3pm, M-F Cost: Free Unlike other informational phone lines that play back canned tapes, the Clearinghouse is staffed by live, savvy privacy advocates who can answer questions on a range of privacy issues affecting Californians. Funded by the Public Utility Commission and provided by the Center for Public Interest Law at the University of San Diego, the Hotline can answer questions, provide referrals (such as an insider's phone number at a credit bureau), and send you privacy fact sheets on everything from workplace privacy to using cordless phones. Lucid, sharp advice-- and its free! "The Privacy Project: Personal Privacy in the Information Age" This engaging 13 part series, originally produced for Western Public Radio, is now available on cassette. The half hour episodes combine humor, hard-nosed advice, and interviews with privacy experts. An excellent introduction to privacy issues, from Caller ID to credit bureaus. The company also sells audio tapes of recent Computers, Freedom & Privacy conferences. $11/tape, $75 for all 13. Pacifica Radio Archive, 3729 Cahuenga Blvd. West, North Hollywood, CA 91604, 800/735-0230 "The Complete Video Library of Computers, Freedom & Privacy" This video collection from various CFP conferences captures legal, computer, privacy, and ethics experts debating key privacy issues. See Lawrence Tribe on "The Constitution in Cyberspace", the Secret Service on law enforcement problems, Gary Marx on computer surveillance, the FBI on phone tapping, and more. $55/tape; $385-$480 for complete sets. Sweet Pea Communications, Computers, Freedom & Privacy Video Project, P.O. Box 912, Topanga, CA 90290, 800/235-4922. <> Sidebar #1: "Personal Stealth: Ten Things You Can Do to Protect Your Own Privacy" 1. Minimize data collection. Only give out information that <> believe is really essential. And be careful: data is often gathered automatically without your knowledge or permission. 2. Check for accuracy when data is collected for credit, medical, and personnel records. Check the information periodically for accuracy and to see who else has accessed these files. 3. Exercise your right to opt out. If you feel like it, write to the Direct Marketing Association's mail and telephone preference services, to be removed from list exchanges. [Write to: Direct Marketing Association, 11 West 42nd St., P.O. Box 3861, New York, NY 10163-3861.] Unlist your name and address from the phone book. Use call blocking when you don't want to identify yourself over the phone. If you don't want your information shared, say so. 4. Follow privacy issues. You'll find ongoing coverage in the <> and in newsletters such as <> and <>. Look for them in your library, along with books and other materials on privacy. Educate others about what you've learned about privacy. Share your insights with family, friends, and co-workers. 5. Advocate changes in law and public policy. Let your views be known to your state and federal lawmakers. Write to your public utilities commission about telephone privacy issues. Write letters to the editor; let them know your views about privacy and that you'd like to see more coverage. 6. Advocate from within. In the organizations where you have influence, make sure there's a coherent privacy policy that meets the needs of all stakeholders. 7. Read the fine print. Ask hard questions. Support businesses that respect your privacy; avoid those that don't. 8. Defend and respect the privacy of others. 9. Beware of wireless conversations. People do hear your cordless, cellular, mobile, and ship-to-shore communications. If you don't want to be overhead by your boss, your employees, the police, reporters, or two-bit criminals, don't broadcast it. And remember: the person on the other end of the conversation may use a cordless phone. If this is a problem for you, scramble your communications with encryption. The same goes for electronic mail and voice mail. Change your passwords frequently and don't trust any service 100%, even if it's encrypted. 10. Be alert, but not overly paranoid. If you follow steps 1 through 9, you're doing all you can. <> Sidebar #2 "Marc Rotenberg's Privacy Shelf" Marc Rotenberg is the director of the Washington office of the Computer Professionals for Social Responsibility, chair of the ACM Committee on Scientific Freedom and Human Rights, and something of an expert on privacy and telecommunications. In an informal electronic interview conducted over Internet, Rotenberg shared some of the resources he thinks every privacy buff should have. The Handbook of Personal Data Protection (Wayne Madsen, 1992, $170 from Stockton Press) "Outstanding and comprehensive. The bible of international privacy law." Regulating Privacy: Data Protection in Europe and the United States (Colin Bennet, 1992, $16.95 from Cornell University Press, ) "The first comparative study of privacy protection law. Well written and informative." Uneasy Access: Privacy for Women in a Free Society, (Anita Allen, 1988, $21 list, $24 post-paid from University Press of America) "Explores the role of gender in privacy. An important book by a leading privacy scholar." Privacy Laws & Business "An excellent [British] publication that's timely and comprehensive. A little expensive, but invaluable for people who are interested in following closely privacy developments around the world." Subscription: 240 pounds/year, 4 issues. Call 081- 866-8641. "The Right to Privacy" (Samuel Warren and Louis Brandeis, 1890, in the <>) "For history buffs and privacy experts, this 1890 article is the starting point for privacy law. Considered one of the most important law review articles of all times (it essentially created the legal right of privacy in the U.S.), it is still a valuable resource for understanding the right of privacy." >From owner-cypherpunks Thu May 26 15:55:52 1994 From nobody at shell.portal.com Fri May 27 09:06:19 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 27 May 94 09:06:19 PDT Subject: Makeing MagicMoney worth something. Message-ID: <199405271605.JAA11286@jobe.shell.portal.com> hughes at ah.com (Eric Hughes) said: >If the value transferred is liquid, and the payment is made upon >demand, then, in fact, you are a bank, regardless of what else you >might call yourself. This is the case in the USA. Ok, so gtoal, and my idea for multiple MM IOU servers need to fail at least one test, if not both. I will assume that 'pay on demand' means the payer must pay at the moment the note holder requests payment. So, supose the owner of the IOU server were to accept payment requests electronicaly, but then mail the payment a week later. Or perhaps deliver it in person at the next local CP meeting (but only if given at least 1 weeks notice). Is this enough to dodge 'demand'? I will assume that 'liquid' means 'readily convertible into cash'. So to avoid being 'liquid' perhaps the payments could be made in physical IOU's, personal checks, travelers checks, money orders, phone calling cards, or gift certificates. None is nearly as 'readily convertable into cash' as cash is. But perhaps there are other instruments which could be used. Alternatively, the value could be delivered in the form of some comodity, such as Rice, Corn, Diet Coke, or Sow Bellies. Naturally there still remain the issues of patents. Cat Shoe From sandfort at crl.com Fri May 27 09:55:13 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 27 May 94 09:55:13 PDT Subject: Unicorn vs.... In-Reply-To: Message-ID: C'punks, On Thu, 26 May 1994, NetSurfer wrote: > > In the discussions of what is or is not an "anarchist", aside from the > obvious "Anarchist Cookbook" (couldn't resist), is there an official > Anarchist codicil? What makes one an official anarchist? You have to submit your application (with appropriate fee) in triplicate to the admissions committee. If you pass a background check you will be allowed to sit for the exam. A passing score for the exam is 70%. If you do not pass you must wait at least six months before re-submiting your application (with appropriate fee) in triplicate. Those passing the test will be sworn in as Official Anarchists (tm). Official Anarchists are issued an official certificate (suitable for framing) and an official membership card. Continued membership is contingent upon payment of annual dues. Breaches of appropriate anarchist conduct may also be grounds for loss of membership. S a n d y, Supreme Leader, UBA United Brotherhood of Anarchists (An equal opportunity association) From fnerd at smds.com Fri May 27 10:27:34 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Fri, 27 May 94 10:27:34 PDT Subject: well Message-ID: <9405271720.AA27475@smds.com> i wrote- > ps. MD5 of a file with a random string appended to the *end* > *can* be computed after having discarded the file. Matt Thomlinson asked- > hmmm. why is this? can you find a smaller file that will hash to the same > number if you get to play with the pad bits appended before the 4 logic > applications? it would seem reaonably strong either way.. > > (I know I'm wrong on this, I'm just wondering what I'm missing.) MD5 and similar hash functions work from the beginning of a file to the end, in blocks. For each block, you take the output of the calculation on the previous block (or initiation constants, if it's the first block), combine it with the current block, and get the output for this block. So, you can calculate the output of the second-to-the-last block, and store that and the last block, and throw away the rest of the file. Then you can append anything you want to the last block (doing it right, see next paragraph) and calculate the MD5 of the whole file plus the appendage, even though you don't have the whole file any more. This trick doesn't work for adding stuff at the beginning. (*This* trick doesn't...) (About appending "right"--MD5 and sisters append some special stuff at the end of the last block, including the total file length. You'd have to insert at the right point and adjust.) But the shortcut for appended-to files wasn't obvious to me at first either. I agree with Perry that MD5 isn't necessarily the one to use, and certainly won't always be. A couple people agree that my trick *sounds* safe. Somebody (sorry!) suggested some other methods: - Hash of ( file xor'd with repetitions of the same random string) --sounds a little safer to me. - Xor of specific bits in the file. Sounds okay if you do a 128- bit-wide xor. Except it doesn't test for bit-decay in the bits you didn't ask about. A hash of the whole file does. Anyway, I get the feeling cryptographers haven't studied this problem long and hard. Meanwhile a method that's about as cheap to compute and as simple to explain, but seems less likely to be weak is: - hash( IDEA( file, random password ) ) -fnerd - - - - - - - - - - - - - - - To auditors without the code, calls seem indistinguishable from noise. --George Gilder -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From tcmay at netcom.com Fri May 27 10:54:40 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 May 94 10:54:40 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup Message-ID: <199405271754.KAA28941@netcom.com> An interesting article by Seymour Hersh is cited below. It says that NSA had transcripts of the 1991 coup plotters (and presumably other Russian leaders) and that Bush passed these on to Yeltsin to warn him. If true, a serious compromise of NSA's listening capabilities. Also note the reference to how the coup plotters should've been using PGP. (Prediction: something along these lines will be added to the list of reasons why PGP is bad and Clipper is good..."We need to have Escrowed Coup Plotter Encryption so that we can examine the messages of coup plotters.") --Tim May From: guym at gamma1 (Guy MacArthur) Newsgroups: alt.cyberpunk Subject: Re: NSA Helped Yeltsin Foil 1991 Coup Date: 20 May 1994 01:45:54 GMT Organization: University of Arizona, CCIT Lines: 47 Distribution: world Message-ID: <2rh4oi$p2s at news.CCIT.Arizona.EDU> ben at il.us.swissbank.com (Ben Galewsky) writes: : There is an article on the front page of today's "Independent", a British : daily newspaper. The headline is "US Agents Helped Yeltsin Break Coup". : : It describes how Bush passed on transcripts of encrypted conversations : between the leaders of 1991's failed Soviet coup to Boris Yeltsin. : Apparently the NSA was not too happy that Bush broke their cover and : acknowledged that they could read all of the Soviet military's codes. : : The article reads: : "As soon as the coup started on 18 August, 1991, the NSA, : America's largest intelligence organization was able to decrypt : conversations between the coup's two leaders, Vladimir Kryuchkov, : chairman of the KGB, and Dmitri Yazov, the Defense minister, : taking place over a supposedly secure landline." : : It continues: : "The NSA's ability to decrypt what Soviet military commanders : -- and their successors -- said over their communications system : is probably the most significant intelligence achievement since : Britain broke Germany's Enigma codes during the second world : war." : : Bush decided to pass this info on to Yeltsin. It enabled him to know who : in the military supported the coup and who was against it. : : It finishes by saying that as a result of letting the russians know their : code has been broken "the US intelligence community may no longer be in a : position to have advance warning of momentous events inside Russia -- as : it had months before the coup that brought Yeltsin to power". : : This information came from Seymour Hersh. It will appear in a forthcoming : issue of "Atlantic Monthly" : : I guess the KGB should have been using something secure, like PGP, since : the NSA can't possibly break that ;-) : : At least we can be comforted that the NSA is not allowed to monitor the : domestic traffic. ;-) ;-) : : : Ben Galewsky : ----------------------------------------------------------- : My employer doesn't know I read this group. : They do know I'm posting, though. "Hi Neil!" : ----------------------------------------------------------- : From unicorn at access.digex.net Fri May 27 11:00:15 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 27 May 94 11:00:15 PDT Subject: Unicorn suit In-Reply-To: <9405261615.memo.72280@BIX.com> Message-ID: <199405271757.AA19919@access3.digex.net> peace at BIX.com scripsit > > ciber city> Despite your protestation, "I also don't like to be a bully", > it seems to me that your pursuit of this case was predicated on your > ability to be a bully and an insider. > > unicorn>This is often the case with lawsuit and any human endeavor. I'm sorry > everyone isn't on equal ground in the world. I personally prefer the > ability to resort to a civil system of litigation than to have some > highly institutionalized, standardized, process that could only be > provided by big government. At what price equality? > > > I sometimes find it difficult to agree with Tim May and his anarchist > tendencies, but you, Unicorn, have made me wish for exactly that. How > can anyone be in favor of big government and crypto privacy. This makes > you sound like a hypocrite! It seems that Detwiler, and his tentacles, > have performed a valued, if labored, service here. Anonymity may have > its uses, but it has abuses as well. It is not the least bit clear > from his posting whether Unicorn supports anonymity or not. Neither is > it clear whether any of the rest of the punks really support anonymity. > > Peace > You need to read more carefully. Take it slow this time. I prefer the civil system with a high degree of party autonomy OVER a "highly institutionalized, standardized, process that could only be provided by big government." I am not, and have never been in favor of big government. Where you get this idea from any of my posts is beyond explanation outside of your careless review or misunderstanding. As for my position on anonymity, I have posted long and hard on the subject, and I don't think you will find anything in my posts that is not a pro-anonymous position. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From perry at imsi.com Fri May 27 11:24:14 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 11:24:14 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <199405271754.KAA28941@netcom.com> Message-ID: <9405271821.AA09012@snark.imsi.com> Timothy C. May says: > An interesting article by Seymour Hersh is cited below. It says that > NSA had transcripts of the 1991 coup plotters (and presumably other > Russian leaders) and that Bush passed these on to Yeltsin to warn him. > > If true, a serious compromise of NSA's listening capabilities. If true, it is seriously disturbing. The KGB is presumably the only entity on earth with cryptography expertise in the range of the NSAs. The notion that in spite of the advances of the last twenty years it is still possible for a few years technical lead to make that much of a difference likely means that what we don't know about conventional cryptosystems is likely still extremely important. I had been running on the assumption for a while that the NSA was slowly losing its capacity to break codes as ones with inherently better and better theoretical underpinnings arrived. If the story is true, it means that the NSA can break some classes of conventional cryptosystems very fast -- fast enough to be of use in this case, for instance. We are all very dependent on things like MD5 and IDEA, which may or may not actually be secure. We should bear this in mind. Perry From kafka at desert.hacktic.nl Fri May 27 11:24:30 1994 From: kafka at desert.hacktic.nl (kafka at desert.hacktic.nl) Date: Fri, 27 May 94 11:24:30 PDT Subject: REMAILER at desert.hacktic.nl at CLOSING DOWN AT JUNE 1st Message-ID: THE REMAILER AT DESERT.HACKTIC.NL CLOSES DOWN JUNE 1ST 1994 The remailer at desert.hacktic.nl will close down due to my departure to Spain for the summer. Please use the remailer remail at vox.hacktic.nl or remailer at jpunix.com. Mail to the remailer received after June 10 will bounce. Patrick From unicorn at access.digex.net Fri May 27 11:29:04 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 27 May 94 11:29:04 PDT Subject: British and German citizens.... Message-ID: <199405271828.AA21535@access3.digex.net> If the British or German citizens on the list could drop me some e-mail. (I'm interested in discussing some recent changes to citizenship requirements) -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From unicorn at access.digex.net Fri May 27 11:29:48 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 27 May 94 11:29:48 PDT Subject: New MacPGP? Message-ID: <199405271829.AA21574@access3.digex.net> Someone posted an announcement for a new version of MacPGP on this list.... Is it available? Where? -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jpp at jpplap.markv.com Fri May 27 11:51:46 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Fri, 27 May 94 11:51:46 PDT Subject: From: Anonymous Message-ID: If you tried to send me a message (or two) anonymously via the remailer Anonymous , please try again -- the body of the messages were empty. j' From lefty at apple.com Fri May 27 11:58:18 1994 From: lefty at apple.com (Lefty) Date: Fri, 27 May 94 11:58:18 PDT Subject: Unicorn vs.... Message-ID: <9405271857.AA25072@internal.apple.com> >In the discussions of what is or is not an "anarchist", aside from the >obvious "Anarchist Cookbook" (couldn't resist), is there an official >Anarchist codicil? What makes one an official anarchist? You have to register. When you fill out the form to register to vote, you get a bunch of choices for "Party Affiliation", i.e. Democrat, Republican, Communist, etc. Then there's a blank line if you want to use something other that the standard choices. You write in "Anarchist". In a month or so, the Board of Elections sends you back a card showing you to be a registered Anarchist. Of course, you don't get to vote in the primaries... Well, that's how it works in California, anyway. -- Lefty [gYon-Pa] (lefty at apple.com) C:.M:.C:., D:.O:.D:. From jpp at jpplap.markv.com Fri May 27 12:02:06 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Fri, 27 May 94 12:02:06 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405271821.AA09012@snark.imsi.com> Message-ID: Date: Fri, 27 May 1994 14:21:28 -0400 From: "Perry E. Metzger" We are all very dependent on things like MD5 and IDEA, which may or may not actually be secure. We should bear this in mind. If you suspect that some of the non DOD/NSA cyphers might be broken, but you are not ready to employ one-time-pads, then you should threshold you mesages into N parts so that all N are needed to recover the original. Then encrypt each part under a different cypher. Perhaps IDEA, and 3DES would be apropriate. This will not increase the size of your messages very much since you compress before encrypting -- don't you? j' From kkirksey at world.std.com Fri May 27 12:04:18 1994 From: kkirksey at world.std.com (Ken Kirksey) Date: Fri, 27 May 94 12:04:18 PDT Subject: Quantum Computers Message-ID: <199405271902.AA05980@world.std.com> -----BEGIN PGP SIGNED MESSAGE----- I graduated a couple of years ago, and I haven't been keeping up with the academic literature in Comp Sci. very well since, so I'm kind of lost in the discussion on quantum computers and cryptography. Can anyone give me the Reader's Digest Condensed Version (TM) of the theory behind quantum computers, or maybe point me to a good journal article or two? Many thanks, Ken ============================================================================= Ken Kirksey kkirksey at world.std.com Mac Guru & Developer - ----------------------------------------------------------------------------- The path of my life is strewn with cow pats from the devil's own satanic herd! -Edmund Blackadder -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLeYDf+sZNYlu+zuBAQF/wgP+Kbg03qEA8Gdj3k7tncTSAOy3UUE21VMT Dgg7FcAjYLNNFZxlKf1nsHKYv2fnjMGOXv9qB5yvG4g6m4nEcCpBoj/43C61nKHL mFQ3Uow8y7Qxk9YlKZXH3Mg6zPpKG9cOmdaqCvENjyq30zlsAGfq2D6ejqaZj6cT iA1OJk0hPg0= =XYS1 -----END PGP SIGNATURE----- From perry at imsi.com Fri May 27 12:09:10 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 12:09:10 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: Message-ID: <9405271908.AA09401@snark.imsi.com> Jay Prime Positive says: > Date: Fri, 27 May 1994 14:21:28 -0400 > From: "Perry E. Metzger" > > We are all very dependent on things like MD5 and IDEA, which may or > may not actually be secure. We should bear this in mind. > > If you suspect that some of the non DOD/NSA cyphers might be broken, > but you are not ready to employ one-time-pads, then you should > threshold you mesages into N parts so that all N are needed to recover > the original. Then encrypt each part under a different cypher. Its far simpler to encrypt your message with multiple systems, one after another, than to break it up in the manner you suggest, and the security is in fact better that way than in the manner you suggest. Perry From CCGARY at MIZZOU1.missouri.edu Fri May 27 12:09:30 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Fri, 27 May 94 12:09:30 PDT Subject: Ecash w/ offshore bank clearing house Message-ID: <9405271909.AA21270@toad.com> ECASH WITH OFFSHORE BANK CLEARING HOUSE Well Chaum's ecash doesn't seem to be quite the Holy Grail that it looked like. It needs a clearing house to be effective. Would an off- shore bank acting as a clearing house for Chaum's ecash be practical? Could that be a State Killer? Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKK! BBBEEEAAATTTT STATE! From perry at imsi.com Fri May 27 12:19:16 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 12:19:16 PDT Subject: Ecash w/ offshore bank clearing house In-Reply-To: <9405271909.AA21270@toad.com> Message-ID: <9405271919.AA09483@snark.imsi.com> "Gary Jeffers" says: > Well Chaum's ecash doesn't seem to be quite the Holy Grail that it > looked like. It needs a clearing house to be effective. Would an off- > shore bank acting as a clearing house for Chaum's ecash be practical? > Could that be a State Killer? Nothing, other than several hundred thermonuclear weapons aimed in a grid to slag the entire territory, will be a single technology capable of "state killing", regardless of the state in question. E-Cash will, of course, be an important tool in increasing people's privacy. Perry From jim at bilbo.suite.com Fri May 27 12:22:50 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Fri, 27 May 94 12:22:50 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup Message-ID: <9405271921.AA09180@bilbo.suite.com> : It describes how Bush passed on transcripts of encrypted conversations : between the leaders of 1991's failed Soviet coup to Boris Yeltsin. : "As soon as the coup started on 18 August, 1991, the NSA, : America's largest intelligence organization was able to decrypt : conversations between the coup's two leaders, Vladimir Kryuchkov, How does the author of the article know that the NSA *decrypted* the conversations? For all we know, the NSA learned of the coup from stratigically placed bugs or other mundane technology. Jim_Miller at suite.com From tcmay at netcom.com Fri May 27 12:22:59 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 May 94 12:22:59 PDT Subject: Unicorn suit In-Reply-To: <9405261615.memo.72280@BIX.com> Message-ID: <199405271922.MAA11294@netcom.com> Peace writes: > I sometimes find it difficult to agree with Tim May and his anarchist > tendencies, but you, Unicorn, have made me wish for exactly that. How Inasmuch as my name is taken in vain here, I will respond. I normally don't argue for my "crypto anarchist" position here, preferring that my posts on various subjects make the case instead. All I'll say here on "anarchy" is that it is actually our normal state of affairs. That is, we don't have "rulers" or "laws" dictating what food to eat, what books to read, etc., and how to run our relationships with others. Generally, that is. This is a "market system," or an "anarchocapitalist" system, if you prefer. Goods and services and relationships are exchanged without centralized authority. The issue of Black Unicorn/Uni vs. Tmp/Detweiler is a can of snakes. As you know, I've been one of Detweiler's favorite targets, and yet I've never been tempted to sue Detweiler. Too much hassle. But as Black Unicorn notes, this is a choice we all have to make, and the principles should not depend critically on one's personal desires or dislikes. Although I skimmed most of the tmp postings, and chuckled at his obviously sarcastic "apology" to Black Unicorn, there are many aspects of the case that puzzle me still, and I lack the energy to try to resolve all of the issues. How, for example, did Black Unicorn's true name get revealed to his distant and less Net-literate furniture customers when even we have no idea who he really is? Black Unicorn has certainly made postings that I think are strongly in line with the ideas I call "crypto anarchist." Does my saying this constitute some kind of libel on Black Unicorn, should this posting somehow make it back to the Black Forest or someplace like that? How did all this propagate so quickly? It seems to me that Black Unicorn's mere presence in so active a way on the Cypherpunks list--idenitified in many magazines as being a hotbed of cyberanarchy, black market discussions, underminer of governments, etc.--is orders of magnitude more "damaging" to his reputation amongst staid banking and furniture types than some anonymous person named "tmp" who makes a claim that "Black Unicorn is a dirty cryptoanarchist." (Yes, there were more messages than just this simple claim. I'm simplifying for rhetorical purposes. See Black Unicorn's long postings on this for more details.) Peace goes on to say" > can anyone be in favor of big government and crypto privacy. This makes > you sound like a hypocrite! It seems that Detwiler, and his tentacles, > have performed a valued, if labored, service here. Anonymity may have > its uses, but it has abuses as well. It is not the least bit clear > from his posting whether Unicorn supports anonymity or not. Neither is > it clear whether any of the rest of the punks really support anonymity. What is it about the List that causes folks like Peace and Nalbandian to ignore the posts they choose to ignore so as to insult us all? The statement "Neither is it clear whether any of the rest of the punks really support anonymity." is arrant nonsense. I support anonymity, and so do lots of other folks. If either tmp or Black Unicorn had really been anonymous (or pseudonymous, securely), the lawsuit would've gone nowhere. First, had Black Unicorn really been unlinkable to his True Name (and, like I said, I have no idea what his True Name is, so I wonder who does know and how they found out), then his reputation amongst the Furniture Cartel could not be damaged. Or, had tmp's identity been similarly secure (via remailers, servers in foreign countries, posting pools, etc.), the lawsuit would've been pointless. I have enjoyed the analyses of Black Unicorn over the past year, but on this one I think his actions were misguided. He may or may not be a "crypto anarchist," but his postings here clearly put him in our camp. For him to now claim damage to his reputation because of being linked to the majority (I think) view here seems farfetched. And I think invoking the court system is a dangerous idea. Had this matter gone to trial--which seems unlikely to me for several reasons--then it is quite likely that records of the Cypherpunks list (archives, for example) would have been subpoenaed by one side or the other to support their case. (I know if I were Detweiler, that's exactly what I'd do.) So, Black Unicorn is of course free to do what he wishes. And I'll admit that Detweiler can be obnoxious. But I cannot support the use of the legal system in this way and hope this doesn't become the norm for dealing with postings one doesn't like. I really don't want to see the cops invading the Net and the courts deciding on what language is and is not acceptable. Especially not between two pseudonyms! --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From pauls at dcs.rhbnc.ac.uk Fri May 27 12:32:35 1994 From: pauls at dcs.rhbnc.ac.uk (Paul K. Strong) Date: Fri, 27 May 94 12:32:35 PDT Subject: v2.6 for the rest of us Message-ID: <25654.9405271928@lt1.cs.rhbnc.ac.uk.> Jeff Barber wrote: >While creating a 2.6-like version from 2.3a seems a worthy goal, this >supporting argument is flawed. The original PGP was written in the USA >and, never having received the proper export approvals, must have been >"illegally exported." Isn't Phil Zimmerman being "investigated" by a >grand jury for this even now? So, it would seem to me that a bulletin >board carrying any version of PGP holds illegally exported software (wrt >US law). How does 2.3a differ from 2.6 in this respect? Ok, you got me there! My supporting argument is indeed flawed. However, I would say that most people _regard_ v2.3a as a legal version outside the USA and so are willing to carry it on their systems; and at this time I believe nothing concrete to the contrary has been proved. Versions 2.5 and 2.6 however are obviously illegal exports, and I think that it is the fact that people think of one as legal and the other as illegal that makes the difference, and therefore we who are outside the USA need our own version to be brought up to date. I have, at this time, been informed of two separate people working on a new version that is compatible with 2.6, based on 2.3a code. Maybe everyone working on (or who know of people working on) such developments could post information regarding what exactly they are changing/upgrading/doing to 2.3a to make an 'international' v2.6. What do others think of everyone 'putting their cards on the table' to enable other knowledgeable cypherpunks to help and suggest things? Am I jumping the gun? Should we just let MIT's v2.6 reach an FTP site somewhere outside of the USA and let it slowly (and cautiously) get distributed to a small community of cypherpunks leaving the rest incompatible? All of those inside the USA, *PLEASE* get involved with this. It _is_ important! Thankyou for listening. ***************************************************************************** * Paul Strong Fidonet: 2:254/438 (weekly mail check) * * * * pauls at dcs.rhbnc.ac.uk Finger for PGP v2.3a public key * ***************************************************************************** From ebrandt at jarthur.cs.hmc.edu Fri May 27 12:37:37 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 27 May 94 12:37:37 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405271821.AA09012@snark.imsi.com> Message-ID: <9405271937.AA21717@toad.com> > From: "Perry E. Metzger" > If the story is true, it means that the NSA can break some classes > of conventional cryptosystems very fast -- fast enough to be of use > in this case, for instance. It's also possible that they're not doing a direct cryptanalytic attack. They might be using technical or human means to compromise the key distribution, for example, or they might just have bugged somebody's phone. But, yeah, the bottom line is that they were able to read Russian military communications, which is a substantial achievement. > We are all very dependent on things like MD5 and IDEA, which may or > may not actually be secure. We should bear this in mind. The lack of decent theoretical underpinnings for most cryptosystems is rather worrisome. Eli ebrandt at hmc.edu From werner at mc.ab.com Fri May 27 12:44:44 1994 From: werner at mc.ab.com (tim werner) Date: Fri, 27 May 94 12:44:44 PDT Subject: Unicorn vs.... Message-ID: <199405271944.PAA00930@sparcserver.mc.ab.com> >From: lefty at apple.com (Lefty) >Sender: owner-cypherpunks at toad.com > >>In the discussions of what is or is not an "anarchist", aside from the >>obvious "Anarchist Cookbook" (couldn't resist), is there an official >>Anarchist codicil? What makes one an official anarchist? > > [stuff deleted] > >In a month or so, the Board of Elections sends you back a card showing you >to be a registered Anarchist. Of course, you don't get to vote in the >primaries... We get to vote on other issues besides candidates in primary elections in Ohio. This is their chance to get taxes passed that failed during the last general election. I used to skip the primaries, until I realized this. I used to think they were voting on whether to place the tax on the ballot in November, or something. tw From ebrandt at jarthur.cs.hmc.edu Fri May 27 12:48:09 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 27 May 94 12:48:09 PDT Subject: v2.6 for the rest of us In-Reply-To: <25654.9405271928@lt1.cs.rhbnc.ac.uk.> Message-ID: <9405271948.AA21884@toad.com> > However, I would say that most people _regard_ v2.3a as a legal version > outside the USA and so are willing to carry it on their systems; ... > Versions 2.5 and 2.6 however are obviously illegal exports, If people feel this way, they are confused. Once the code escapes the U.S. it is legal to use, modulo local anti-privacy legislation. Someone exporting the code from the U.S. takes a legal risk; someone who uses already-exported code does not. > Am I jumping the gun? Should we just let MIT's v2.6 reach an FTP site > somewhere outside of the USA and let it slowly (and cautiously) get > distributed to a small community of cypherpunks [...] Snarf it from ghost.dsi.unimi.it, as cautiously as you like. (Oh, actually, the ftp site has moved to goblin.something -- it will tell you when you try to log in.) Eli ebrandt at hmc.edu From ebrandt at jarthur.cs.hmc.edu Fri May 27 12:55:51 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 27 May 94 12:55:51 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405271908.AA09401@snark.imsi.com> Message-ID: <9405271955.AA21973@toad.com> > From: "Perry E. Metzger" > > If you suspect that some of the non DOD/NSA cyphers might be broken, > > but you are not ready to employ one-time-pads, then you should > > threshold you mesages into N parts so that all N are needed to recover > > the original. Then encrypt each part under a different cypher. > > Its far simpler to encrypt your message with multiple systems, one > after another, than to break it up in the manner you suggest, and the > security is in fact better that way than in the manner you suggest. Why? If you XOR-split the message and encrypt each mask differently, you are /guaranteed/ that all of the encryption methods must be broken to retrieve the original. If you use repeated encryption, this is much harder to prove, and not always true. There's a result that if you choose the first cipher unwisely, you're hosed no matter what you do on top of it. Eli ebrandt at hmc.edu From lefty at apple.com Fri May 27 13:00:23 1994 From: lefty at apple.com (Lefty) Date: Fri, 27 May 94 13:00:23 PDT Subject: Unicorn vs.... Message-ID: <9405271959.AA26973@internal.apple.com> >>In a month or so, the Board of Elections sends you back a card showing you >>to be a registered Anarchist. Of course, you don't get to vote in the >>primaries... > >We get to vote on other issues besides candidates in primary elections in >Ohio. This is their chance to get taxes passed that failed during the last >general election. As do we. I can vote on those; it's just that anarchists don't run primary candidates. Or regular election candidates, for that matter. >I used to skip the primaries, until I realized this. I used to think they >were voting on whether to place the tax on the ballot in November, or >something. You can't tell the players if you don't read the program. In case anyone's been wondering, I vote a straight "None of the Above" ticket. Every election. I happen to believe that if you don't punch holes in your cards (we don't have those big, fun voting booths here in California like they do back East), you have no right to complain. -- Lefty [gYon-Pa] (lefty at apple.com) C:.M:.C:., D:.O:.D:. From isdmill at gatekeeper.ddp.state.me.us Fri May 27 13:10:52 1994 From: isdmill at gatekeeper.ddp.state.me.us (David Miller) Date: Fri, 27 May 94 13:10:52 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405271955.AA21973@toad.com> Message-ID: On Fri, 27 May 1994, Eli Brandt wrote: > > From: "Perry E. Metzger" > > > If you suspect that some of the non DOD/NSA cyphers might be broken, > > > but you are not ready to employ one-time-pads, then you should > > > threshold you mesages into N parts so that all N are needed to recover > > > the original. Then encrypt each part under a different cypher. > > > > Its far simpler to encrypt your message with multiple systems, one > > after another, than to break it up in the manner you suggest, and the > > security is in fact better that way than in the manner you suggest. > > Why? If you XOR-split the message and encrypt each mask differently, > you are /guaranteed/ that all of the encryption methods must be > broken to retrieve the original. If you use repeated encryption, > this is much harder to prove, and not always true. There's a result > that if you choose the first cipher unwisely, you're hosed no matter > what you do on top of it. > > Eli ebrandt at hmc.edu I think the second poster assumed what I did - that the message would be split into say 5 parts, each to be encrypted differently. How to X-or split the message isn't obvious to me - pnrg? If you use some bytes conveniently hanging around you may as well use a OTP, since both ends need the same bitstream. Unless I'm missing something, which is usually the case. David isdmill at gatekeeper.ddp.state.me.us From CCGARY at MIZZOU1.missouri.edu Fri May 27 13:39:23 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Fri, 27 May 94 13:39:23 PDT Subject: Ecash w/ offshore bank clearing house Message-ID: <9405272039.AA22582@toad.com> ECASH WITH OFFSHORE BANK CLEARING HOUSE To my question "Could this be a State Killer", Perry Metzger replies that no single tool other than atomics could kill a state. Possibly, I should have stated the question as "Could Chaum's ecash with offshore banking be the straw that breaks the state camel's back?" Private guns along with electronic privacy tools such as anonymous reputations, PGP, anonymous remailers, etc. are already at large. These tools are syner- getic as well as cumulative. At some time we will hit a schelling point. Possibly, with Chaum's ecash we already have the tools. The Soviet Union is a good example of a state that was destroyed by its inability to control its economy. Viet Nam is a good example of a "Socialist" state that due to its internal problems largely allows its people make their own economic arrangements. Privacy technology does not necessarily have to destroy a state. To make the state an ineffective fool would make a happy situation. Incidentally, a new thought occurs to me. Why not one of the old ex Soviet states as an offshore bank acting as a clearing house for Chaum's ecash. A tax haven - offshore banking country with nuclear ICBM's to defend itself & its industry would be nice. :-) Yours Truly, Gary Jeffers From janzen at idacom.hp.com Fri May 27 13:43:17 1994 From: janzen at idacom.hp.com (Martin Janzen) Date: Fri, 27 May 94 13:43:17 PDT Subject: Compress before encrypting? (Was Re: NSA Helped Yeltsin...) In-Reply-To: Message-ID: <9405272043.AA23269@loki.idacom.hp.com> Jay Prime Positive writes: >[...] >If you suspect that some of the non DOD/NSA cyphers might be broken, >but you are not ready to employ one-time-pads, then you should >threshold you mesages into N parts so that all N are needed to recover >the original. Then encrypt each part under a different cypher. > >Perhaps IDEA, and 3DES would be apropriate. This will not increase >the size of your messages very much since you compress before >encrypting -- don't you? Most compression programs add a characteristic signature to the beginning of the compressed output file. If a cryptanalyst guesses that you may be compressing before encrypting, wouldn't this make his job easier? To me, this sounds as though you're adding a known bit of "plaintext" to the start of each message. If you're encrypting files that you wish to store securely you could just clip off the signature, I suppose. But this would be unsuitable for sending messages, because your compression program is now incompatible with everyone else's. Or am I missing something? -- Martin Janzen janzen at idacom.hp.com From perry at imsi.com Fri May 27 14:11:13 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 27 May 94 14:11:13 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405271955.AA21973@toad.com> Message-ID: <9405272110.AA11485@snark.imsi.com> Eli Brandt says: > > Its far simpler to encrypt your message with multiple systems, one > > after another, than to break it up in the manner you suggest, and the > > security is in fact better that way than in the manner you suggest. > > Why? If you XOR-split the message and encrypt each mask differently, > you are /guaranteed/ that all of the encryption methods must be > broken to retrieve the original. If you use repeated encryption, > this is much harder to prove, and not always true. You are correct that in extremely weird cases you are screwed. Such cases are nearly IMPOSSIBLE to produce in practice. Anyone out there want to claim that DES and IDEA are inverses? I'll bet a lot that they aren't. Although in THEORY you are correct, in PRACTICE superencipherment wins. > There's a result that if you choose the first cipher unwisely, > you're hosed no matter what you do on top of it. Again, you have to do something startling stupid. Ordinary use won't let this happen. Perry From tcmay at netcom.com Fri May 27 14:14:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 May 94 14:14:09 PDT Subject: Unicorn suit In-Reply-To: <199405272020.AA27257@access3.digex.net> Message-ID: <199405272113.OAA26739@netcom.com> [This note was written in response to a note from Black Unicorn to me. He suggested at the end that I could copy the Cypherpunks list on it, so I have done so. However, I've deleted some of his points, and since he did not post his note to the list, some context may be unclear. That's life.] I'm responding, but only to a few points. Thanks for your comments. I won't repeat my points, so no comment just means that. > I thought I would reply in person, and off the list because your's is an > opinion which in my mind carries with it a great deal of forethough and > is deserving of much respect. Feel free to post your response (what I'm replying to here) to the list as a whole. Yes, it's long. But it's of more relevance to our world than most of the stuff that gets posted, especially the endless forwardings of Chaum's announcement, for example. > I feel we are in many ways alike in the way we approach problems (I hope > you will take this as a compliment :) ) and in some ways we are akin in > politics. Maybe yes, maybe no. I have no hesitation in advocating the collapse of central governments, as you know. Central governments of both the left and the right have killed hundreds of millions of people, so the "dangers" of anarchy look comparatively mild to me. > I doubt even tmp is "entirely" anonymous. Anyone with a reputation is to > some degree non-anonymous. Of course we all know who he is, for many reasons. > I post anonymously to keep my real name out of common circulation. This > is particularly true of the "scholarly" postings I make. I do not want > these attributed to me in the circles in which I travel. At the same > time, I take a casual approach to my identity. There are those on the > list who know me in person, and I don't feel threatened by this. It is > merely a buffer for an entirely seperate set of endeavors (business v. > academic pleasure if you like). I have never made extreme efforts to > remain entirely unassociated with my real name to friends. Such is not > the case to business associates. If enough people know that Black Unicorn = Fritz Foobar, then the linkage can be made and the "damage" done. As others have said, you apparently have some uptight customers. That's not my problem, or anyone else's who makes the normal kind of comments on the Net. (Tmp goes beyond normal, but if your lawsuit was centered around the "damages" aspect, then potentially nearly any of our opinions could be "damaging" because of your overly sensitive European customers. That's not right.) > In my case an old law school classmate of mine asked for my help on the > net. (Usenet in particular, along with PGP). Clearly this fell under > the "personal relationship" which my anonymous posting was never intended > to protect against. > > After watching the posting war between myself and tmp, said friend faxed > copies (unwittingly with newsprint looking text) with attributation to > make the reference clear to a mutual associate who unfortunately tended more > to the "business" side of relationships. I'd say you have some sleazy friends, then. For them to fax off copies of what they think of as rants is bad enough, but for one of your contacts to then "alert" the others is mind-boggling. > > Black Unicorn has certainly made postings that I think are strongly in > > line with the ideas I call "crypto anarchist." Does my saying this > > constitute some kind of libel on Black Unicorn, should this posting > > somehow make it back to the Black Forest or someplace like that? > > No. You are speaking a truth. My ideas do fall in line with your > definition of cryptoanarchy. They do not however make me a radical > anarchist bent on the destruction of nations as tmp alleged. Tmp was just using a label. I'll admit the semi-forgery was not kosher, though these semi-forgeries are transparent to anyone who looks at the headers. But calling you an anarchist bent on the destruction of nations is acceptable characterization in a political debate. If I say Bill Clinton wants to destroy the health care system, this is normal political rhetoric. If Detweiler calls me a Satanist, so what? ("What if your customers were Moral Majority Christians?" you might ask. Then I'd say that all one has to do is tell one's customers the truth. Under no circumstances can the 'damage" caused by tmp's kind of free spech be considered assault. I'm a free speech absolutist. That the comments tmp made came in a heated forum for such political debate makes it all the more wrong for a lawsuit.) > I've been on the list for some time now, lurking then posting when I had > a feel for who read it, and where it went. I never felt threatened by my > presence on the list, and never did it occur to me that anyone on the > list could or would "out" me to my business associates. Even if they do, so what? Not to sound angry here, but suppose I speculated that Black Unicorn = Fritz Foobar? Would the "damage" that ensued be my fault? I just don't get it. That the Cypherpunks list is not public--except when it gets gatewayed to Usenet, as has happened a few times--is little protection. If I cite your views--but don't quote them verbatim--in a forum where your Swiss customers see them somehwo, have *I* committed a crime or tort? Not in my view, though the law may think so. (I still say it's free speech, even if "damaging." Many things are damaging...negative book reviews, unflattering opinions, etc. Sadly, the American legal sytem is moving toward allowing these "damages" to be the basis for suits.) > rumor mill this is not the case. I would not be HAPPY if my business > associates saw my posts on cypherpunks, but I would be (and was) much more > upset if they saw only the accusatory rants of tmp. The proper and normal response to accusatory rants is to answer them. Are you calling for limits on "accusatory rants"? The Founding Fathers would not be amused. > The real difficulty in these affairs is that not to file a suit is often > more damning than anything. I think your reputation would have no lasting damage done to it by ordinary speech. Even so, Detweiler's rants are clearly broad-brushed insults, which courts should not regulate. Your uptight Swiss clients should be taught not be believe everything they read. > > A settlement is vindication enough in my case. > Except that Detweiler's "apology" was obvious satire, almost identical to the "apology" he posted to the Cypherpunks last December. He is likely now planning a much more massive assault on you and his other perceived enemies....a campaign of fabricating quotes, arguing with himself via different pseudonyms, etc. And now that he knows your uptight Swiss customers are so sensitive, he will probably try to find ways to let them know about your "anarchist" leanings. If he's as smart as I think he is, he'll use the network of remailers. He'll also try to fabricate quotes that make you seem like a truly vicious money launderer, perhaps with insinuations that your furniture business is a cover for drug trafficking. (If I were Detweiler, licking my wounds, plotting revenge, that's what I'd do.) If this happens, as I predict it will, your recourse will be to either try to force the remailer operators to produce the logs (so you'll have somebody to sue), to sue the remailer operators per se (which will become a test of common carriage, unless they back down), or--best of all--to tell your Swiss customers that bizarre rants are the outcome of a society which tolerates free speeech and that they should ignore all posts allegedly written by you unless the posts are coming from your site, or, better, have been digitally signed by you. As Nat Henthoff says, "sunlight is the best disinfectant." > > I know often you do not respond to mail.... I hope you will drop me a > note on this one however. > > Also feel free to post this mail to the list if you like. The only reason I > didn't cc: it was to the extent that my reply sounded like a personal > discussion. OK, I just saw your last paragraph as I was wrapping this up. I'll add the Cypherpunks list to the distribution. It may be long, but these issues are at least as important as much of what gets posted. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sandfort at crl.com Fri May 27 14:22:08 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 27 May 94 14:22:08 PDT Subject: Ecash w/ offshore bank clearing house In-Reply-To: <9405271909.AA21270@toad.com> Message-ID: C'punks, On Fri, 27 May 1994, Gary Jeffers wrote: > . . . Would an off- > shore bank acting as a clearing house for Chaum's ecash be practical? > Could that be a State Killer? That's the plan . . . S a n d y From sandfort at crl.com Fri May 27 14:22:42 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 27 May 94 14:22:42 PDT Subject: ecash Press Release In-Reply-To: Message-ID: C'punks, Stop! Unless you know what you're talking about, there is really no reason to post about this thread. On Fri, 27 May 1994, Rolf Michelsen wrote: > . . . > Here I think we are nearing the real issue. We agree that all electronic > cash schemes require clearing, yes? . . . The DigiCash > scheme probably is *great* but it won't be *usefull* by everybody in an open > system before a clearing organization exists. Due to gouvernment > regulations etc a clearing system is not trivially implemented. . . . Wrong. I thought Perry was quite clear on this. A clearing "system" is anyone or anything that will clear a transaction. Any bank that issues and/or accepts digital cash may *clear* it. Folks, we've been through this before. You get paid some digital money. You deposit it to your account at the 1st Digital Bank and Grill. You go to the store and buy a shirt. You pay using the VISA card issued to you by FDB&G. Need some cash? Take your FDB&G ATM card and go to any cash machine displaying the Plus logo. Simple isn't it? I don't want to have to explain this again. S a n d y From tcmay at netcom.com Fri May 27 14:27:41 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 May 94 14:27:41 PDT Subject: Is Mail being delayed? Message-ID: <199405272127.OAA28543@netcom.com> C'punks, Once again I'm seeing day-long delays in getting mail, and I don't know if the problem is at the toad site or at Netcom's end (or at a relay link in between). Hence this message. I got a message I posted yesterday only this morning, though several responses had either appeared on the list or been sent to me directly. And the messages I posted today have not appeared. Black Unicorn must've gotten it, as he sent me a note and I've just posted a reply, even though my original article has not yet come back to me. If you are gettting mail out of order (replies from others before the original appears) or delayed by more than several hours, drop me a note if you would and I will summarize what I learn. I'm especially interested to hear from Netcom sites. (Asking Netcom Support about bounced mail is a pointless task, as they are clueless and consistently deny that mail is bounced even when presented with bounce logs from other sites. And I don't want to bug Hugh Daniel about this until I've seen some feedback from others.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From Richard.Johnson at Colorado.EDU Fri May 27 14:38:44 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Fri, 27 May 94 14:38:44 PDT Subject: v2.6 for the rest of us In-Reply-To: Message-ID: <199405272138.PAA25156@spot.Colorado.EDU> > Snarf it from ghost.dsi.unimi.it, as cautiously as you like. > (Oh, actually, the ftp site has moved to goblin.something -- it will > tell you when you try to log in.) > Eli ebrandt at hmc.edu Try ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/ Richard From ebrandt at jarthur.cs.hmc.edu Fri May 27 14:41:11 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 27 May 94 14:41:11 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405272110.AA11485@snark.imsi.com> Message-ID: <9405272141.AA23574@toad.com> > You are correct that in extremely weird cases you are screwed. Such > cases are nearly IMPOSSIBLE to produce in practice. Anyone out there > want to claim that DES and IDEA are inverses? I'll bet a lot that they > aren't. Although in THEORY you are correct, in PRACTICE > superencipherment wins. It's pretty easy to screw up subtly and not know it. Given that we're discussing how to get encryption more secure than the KGB's best, I think assuming that DES and IDEA's strengths combine additively, or necessarily combine at all, is a mistake. (They don't have to be inverses (they clearly aren't) to be weak -- meet-in-the-middle?) Unless there is some theory to this effect, or at least some dramatic hand-waving... In any event, XOR-splitting is no less secure, and is much more tractable theoretically. It does require a higher-rate random source than is needed just for key generation. (Though if you're willing to wager that the NSA can't factor fast, you could use the BBS PRNG) And it requires linear ciphertext expansion. Just to make it explicit what I'm talking about: take your message A. let A1=A generate a random string X1, with |X1|=|A|. let A1 = X1 xor A1; let A2 = X1 generate another random string, X2 let A2 = A2 xor X2; let A3 = X2 etc. Then send (E1(A1), E2(A2), ... , En(An)), where the Ei's are distinct. Recipient decrypts to get A1, ... An, and calculates A1 xor A2 xor ... xor An = (A xor X1) xor (X1 xor X2) xor ... xor (Xn-2 xor Xn-1) xor (Xn-1) telescoping, = A Eli ebrandt at hmc.edu From baum at newton.apple.com Fri May 27 14:44:54 1994 From: baum at newton.apple.com (Allen J. Baum) Date: Fri, 27 May 94 14:44:54 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup Message-ID: <9405272143.AA24777@newton.apple.com> > If the story is >true, it means that the NSA can break some classes of conventional >cryptosystems very fast -- fast enough to be of use in this case, for >instance. Well, you are assuming that the coup plotters, who seem to be a fairly incompetent bunch of conspirators, were using high security communications, etc. Though, if they weren't, it still might point out intelligence gather abilities (as opposed to code breaking abilities). ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, MS/305-3B * * 1 Infinite Loop * * Cupertino, CA 95014 baum at apple.com * ************************************************** From sico at aps.hacktic.nl Fri May 27 14:45:43 1994 From: sico at aps.hacktic.nl (Sico Bruins) Date: Fri, 27 May 94 14:45:43 PDT Subject: My 2.3a Key is listed as a 2.6 (Aaargh!) In-Reply-To: <9405252138.AA24321@tartarus.ira.uka.de> Message-ID: <14f_9405271632@apsf.hacktic.nl> Wednesday May 25 1994 23:50 danisch at ira.uka.de (Hadmut Danisch) wrote: [edited] HD> Subject: Re: My 2.3a Key is listed as a 2.6 (Aaargh!) HD> Message-Id: <9405252138.AA24321 at tartarus.ira.uka.de> HD> Date: 25 May 1994 23:50:52 +0200 HD> Haa, HD> *my* key was also converted to a 2.6 key HD> (certainly just s/2.3a/2.6/g; , but it _is_ a 2.6-Key now). Mine says it's 2.7. ;-) HD> Now my public key is a 2.6 key and I am not allowed HD> to have or use 2.6, because I'm german. Isn't it lovely? I don't like to read this list and see that many posts are about the political problems with ITAR, patents and copyrights. Actually, I'm just a simple software type, so I'm glad I read somewhere (here?) that the source to PGP 2.6 will be released, so that we can correct any problems introduced in it for political reasons. As to not being allowed to have or use 2.6 in Europe, what makes you think so? I may be wrong, but I thought the only obstacle was that it may not be exported to us due to ITAR. Once it's available here there's nothing wrong with having or using it. I've seen PGP 2.5 flowing through European wires, so I think that 2.6 will come here too (if it hasn't come already). Which makes this whole mess with ITAR, patents, copyrights and US and maybe Canada only ftp sites even more difficult to understand for an outsider like me. What's the point of all this, if cyberspace knows no borders? What are MIT and RSA up to? Should this be discussed in alt.conspiracy? ;-) I humbly admit that I'm clueless... HD> Hadmut CU, Sico (sico at aps.hacktic.nl). [PGP public key:] bits/keyID Date User ID 1024/5142B9 1992/09/09 Sico Bruins Key fingerprint = 16 9A E1 12 37 6D FB 09 F6 AD 55 C6 BB 25 AC 25 (InterNet: sico at aps.hacktic.nl) From unicorn at access.digex.net Fri May 27 14:57:00 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 27 May 94 14:57:00 PDT Subject: Unicorn suit In-Reply-To: <199405272113.OAA26739@netcom.com> Message-ID: <199405272154.AA05325@access1.digex.net> Timothy C. May scripsit > > If enough people know that Black Unicorn = Fritz Foobar, then the > linkage can be made and the "damage" done. As others have said, you > apparently have some uptight customers. That's not my problem, or > anyone else's who makes the normal kind of comments on the Net. I agree on all counts. > (Tmp > goes beyond normal, but if your lawsuit was centered around the > "damages" aspect, then potentially nearly any of our opinions could be > "damaging" because of your overly sensitive European customers. That's > not right.) Where those opinions are cast as fact, and done maliciously I have to disagree with you. Where they are legitimate extentions of argument and discussion, I do. > > I'd say you have some sleazy friends, then. For them to fax off copies > of what they think of as rants is bad enough, but for one of your > contacts to then "alert" the others is mind-boggling. The context was blurred with each successive forwarding. I might add that as the forwarding went on, it ventured farther into the "business associate" types, and much farther from the "friend" catagory. It's hard to outline without blowing the entire cake, which I'd prefer not to do. Suffice it to say that the distribution was never intended to get as far as it did. > > > > > No. You are speaking a truth. My ideas do fall in line with your > > definition of cryptoanarchy. They do not however make me a radical > > anarchist bent on the destruction of nations as tmp alleged. > > Tmp was just using a label. I'll admit the semi-forgery was not > kosher, though these semi-forgeries are transparent to anyone who > looks at the headers. The forgeries, while offensive, were not the main point of contention. The defamation was. > But calling you an anarchist bent on the destruction of nations is > acceptable characterization in a political debate. If I say Bill > Clinton wants to destroy the health care system, this is normal > political rhetoric. If Detweiler calls me a Satanist, so what? I think this comes down to a basic question of line drawing. We could argue all year on this point and get nowhere, so I will merely state my position and leave it there. Where a person communicates a knowingly false or negligent accusation or characterization about another to a third party, and material damages insue, the communicator is liable in my view. As I have pointed out before, totally anonymous systems make this childish and trival threshold of convience entirely moot. I hope to live to see this day. > ("What if your customers were Moral Majority Christians?" you might > ask. Then I'd say that all one has to do is tell one's customers the > truth. And this is supposed to convince moral majority christians? > Under no circumstances can the 'damage" caused by tmp's kind of > free spech be considered assault. Again, we just differ here. I understand and respect your opinion, and hope as a practical matter that totally anonymous systems will make this a realpolitik reality. > I'm a free speech absolutist. That > the comments tmp made came in a heated forum for such political debate > makes it all the more wrong for a lawsuit.) > > I've been on the list for some time now, lurking then posting when I had > > a feel for who read it, and where it went. I never felt threatened by my > > presence on the list, and never did it occur to me that anyone on the > > list could or would "out" me to my business associates. > > Even if they do, so what? Not to sound angry here, but suppose I > speculated that Black Unicorn = Fritz Foobar? Would the "damage" that > ensued be my fault? I just don't get it. Not in so far as you characterized your accusation as an opinion. This is why there is so much "to do" in libel law about newspapers printing "alleged murderer" and so forth. In theory it's silly. We all know the public reads "murderer" as if the word alleged was never there to begin with. This is a question of damages. How much damage could said accused actually quantify because of this statement? Who knows, probably not much. In addition if there was no intent on the part of the press, there is no case. Free speech is fairly well guarded in this situation. Non-Media antics are another matter, and can be much more damaging. > That the Cypherpunks list is not public--except when it gets gatewayed > to Usenet, as has happened a few times--is little protection. If I > cite your views--but don't quote them verbatim--in a forum where your > Swiss customers see them somehwo, have *I* committed a crime or tort? Again, it is not my responsibilty to guard myself against defamation. I did to some extent, but to say that because I did not choose an entirely anonymous method that anyone might defame me is to my thinking, silly. On the other hand, those who are enough in the public image are usually given the burden. (Public figure exception) This would also apply to your Clinton example. > Not in my view, though the law may think so. (I still say it's free > speech, even if "damaging." Many things are damaging...negative book > reviews, unflattering opinions, etc. Sadly, the American legal sytem > is moving toward allowing these "damages" to be the basis for suits.) Book reviews also fall into a public figure catagory. As do most of the tabloids. I agree, there is a problem. What redress is there however for the defamed? Can Joe Blow really call my clients and produce forged evidence that I am a fugitive white collar criminal, destroy my business and hide behind free speech blankets? Again, it's a question of line drawing. > > The proper and normal response to accusatory rants is to answer them. I guess it's my turn to sound angry. When was the last time you answered tmp publically? I don't mean this to be a barb... but I just don't think that direct confrontation is always the answer. As it was, my case was quickly resolved between the parties. How much more free speech can you get? He's welcome to violate the settlement agreement, and I can push a claim again. How likely this is to win in the courts is an issue for legal speculation. > > Are you calling for limits on "accusatory rants"? The Founding Fathers > would not be amused. > Of course not. Rants and active defamation are two issues much distinct. I simply am exercising my legal rights in so far as I was harmed. As it turned out, tmp corrected the situation and was quite cooperative when we finally talked. > > The real difficulty in these affairs is that not to file a suit is often > > more damning than anything. > > > I think your reputation would have no lasting damage done to it by > ordinary speech. Even so, Detweiler's rants are clearly broad-brushed > insults, which courts should not regulate. Again, we have a line drawing contest here. I just go a little father, I don't even think extensively father. Frankly I don't think U.S. courts go much farther either. > Your uptight Swiss clients should be taught not be believe everything > they read. I should be able to conduct business, without interference, in peace, with whomever, whenever, whatever, and however uptight, as I choose. Period. > > > > A settlement is vindication enough in my case. > > > > Except that Detweiler's "apology" was obvious satire, almost identical > to the "apology" he posted to the Cypherpunks last December. He is > likely now planning a much more massive assault on you and his other > perceived enemies....a campaign of fabricating quotes, arguing with > himself via different pseudonyms, etc. The settlement was much more extensive then a mere public retraction. > And now that he knows your uptight Swiss customers are so sensitive, he > will probably try to find ways to let them know about your "anarchist" > leanings. And to the extent that he does so anonymously, I will have no redress. I accept this. > If he's as smart as I think he is, he'll use the network of remailers. > He'll also try to fabricate quotes that make you seem like a truly > vicious money launderer, perhaps with insinuations that your furniture > business is a cover for drug trafficking. (If I were Detweiler, > licking my wounds, plotting revenge, that's what I'd do.) Again, I accept this as a possibility. As for the drug trafficking, since truth is an absolute defense to libel, I will have no case. > If this happens, as I predict it will, your recourse will be to either > try to force the remailer operators to produce the logs (so you'll > have somebody to sue), to sue the remailer operators per se (which > will become a test of common carriage, unless they back down), I will not sue an overseas remailer like Julf. I will be tempted to ask a local one if tmp is indeed breaking a legitimate settlement agreement, I will not sue if I am refused. > or--best of all--to tell your Swiss customers that bizarre rants are > the outcome of a society which tolerates free speeech and that they > should ignore all posts allegedly written by you unless the posts are > coming from your site, or, better, have been digitally signed by you. Easier said than done. Luckly I believe I have this taken care of. > As Nat Henthoff says, "sunlight is the best disinfectant." Indeed. > > > --Tim May > > -- > .......................................................................... > Timothy C. May | Crypto Anarchy: encryption, digital money, [...] -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From mccoy at ccwf.cc.utexas.edu Fri May 27 15:20:43 1994 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Fri, 27 May 94 15:20:43 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405272143.AA24777@newton.apple.com> Message-ID: <199405272220.RAA18645@tramp.cc.utexas.edu> > From: baum at newton.apple.com (Allen J. Baum) > > > If the story is > >true, it means that the NSA can break some classes of conventional > >cryptosystems very fast -- fast enough to be of use in this case, for > >instance. > > Well, you are assuming that the coup plotters, who seem to be a fairly > incompetent bunch of conspirators, were using high security > communications, etc. One should also consider that there are rather intense rivalries between between the KGB and the GRU and various military branches in the FUSSR; intrigue and paranoia seems to be the norm among these groups, so if someone is planning a coup in the FUSSR (something that earns one a rather swift 7.62mm hole in the skull over there...) other considerations come into play. The plotters might have thought that it was less of a risk to use cryptographicaly unsecure channels (or methods that they knew the other FUSSR agencies were not using) on the assumption that the US would not get involved than to use the standard methods and run the risk of a code clerk or some other person running off and warning Gorby... Additionally the "who is involved" type of info mentioned can also be gained from traffic analysis without necessarily compromising a particular code method, so unless the actual input data the NSA had to work with is known a blanket assumption they can crack modern codes is not necessarily needed for this report to be true... jim From warlord at MIT.EDU Fri May 27 15:51:37 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 27 May 94 15:51:37 PDT Subject: My 2.3a Key is listed as a 2.6 (Aaargh!) In-Reply-To: <14f_9405271632@apsf.hacktic.nl> Message-ID: <9405272251.AA03857@toxicwaste.media.mit.edu> > . What's the point of all this, if cyberspace knows no borders? What > are MIT and RSA up to? Should this be discussed in alt.conspiracy? ;-) Well, I can't answer for RSA, but MIT is making a US-legal version of PGP... The incompatibility is a concession that had to be made to get the approval of RSA. -derek From catalyst-remailer at netcom.com Fri May 27 15:53:46 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Fri, 27 May 94 15:53:46 PDT Subject: MacPGP Message-ID: <199405272238.PAA09276@netcom.com> New MacPGP Unicorn asked about the new MacPGP. Unicorn should ask Tim May, who has had a copy for three days now. Or Eric Hollander who has had it 5 days. Or Eric Hughes who's had it two days. Who the fuck do I have to send this thing to to get it released and mentioned? I'm done. They've got it, well the source at least. The program, MacPGP2.3aV1.1 has been out for months. From unicorn at access.digex.net Fri May 27 16:13:49 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 27 May 94 16:13:49 PDT Subject: MacPGP Message-ID: <199405272311.AA08903@access1.digex.net> -> Unicorn asked about the new MacPGP. Unicorn should ask Tim May, who has had a copy for three days now. Or Eric Hollander who has had it 5 days. Or Eric Hughes who's had it two days. Who the fuck do I have to send this thing to to get it released and mentioned? I'm done. They've got it, well the source at least. The program, MacPGP2.3aV1.1 has been out for months. <- I too have had a copy for quite some time, closely isolated in a closed partition. I just wanted to know that it was indeed now sourced.... -uni- (Dark) From nobody at shell.portal.com Fri May 27 16:16:48 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 27 May 94 16:16:48 PDT Subject: PGP 2.6 Message-ID: <199405272317.QAA16869@jobe.shell.portal.com> Paul "K." Strong wrote: >However, I would say that most people _regard_ v2.3a as a legal version >outside the USA and so are willing to carry it on their systems; and at >this time I believe nothing concrete to the contrary has been proved. > >Versions 2.5 and 2.6 however are obviously illegal exports, and I think that >it is the fact that people think of one as legal and the other as illegal >that makes the difference, and therefore we who are outside the USA need our >own version to be brought up to date. There has never been a ruling declaring it illegal to export PGP. No one has ever been convicted of illegally exporting crypto. The ITAR restrictions also contain many exemptions, under which it could be legal to export PGP. Furthermore, If you didn't get your copy of PGP from the US then you haven't broken any laws. >I have, at this time, been informed of two separate people working on a new >version that is compatible with 2.6, based on 2.3a code. To what effect? >Maybe everyone working on (or who know of people working on) such >developments could post information regarding what exactly they are >changing/upgrading/doing to 2.3a to make an 'international' v2.6. Or maybe you could just keep on using PGP 2.3a and stop worrying about it. >All of those inside the USA, *PLEASE* get involved with this. It _is_ >important! Why? Just because PGP 2.6 exists, doesn't mean you have to use it! If people want to communicate with you, they will use 2.3a also...or fix their damn software. It's their problem, not ours, so let's make it their problem! Boycott MIT-PGP. From Lile.Elam at Eng.Sun.COM Fri May 27 16:39:37 1994 From: Lile.Elam at Eng.Sun.COM (Lile Elam) Date: Fri, 27 May 94 16:39:37 PDT Subject: Privacy at Dunkin Donuts Message-ID: <9405272339.AA08347@bayside.Eng.Sun.COM> Wow, this is good to know... -lile ---------------------------------- : Date: Thu, 26 May 1994 20:28:22 -0400 : From: dartvax!coos.dartmouth.edu!mozart (Sting) : Subject: P: Scary... : : This is pretty scary, I think...I had to read it twice before I could accept : that it wasn't a joke... : : CONCORD, N.H. (AP) -- At some Dunkin' Donuts, the walls have : ears. : So the next time you settle down over coffee and a cruller to : trade gossip with a friend, keep in mind that hidden microphones : may be recording the dirt you dish. : Manager Tony Wright insists he's not being nosy. It's just : another way to increase security and keep employees on their toes, : he said. He would never listen to customer conversations, he said. : ``Do you think I would waste my time?'' said Wright, who manages : five Dunkin' Donuts in Concord. : Use of concealed recorders is widespread at fast-food : restaurants, convenience stores and other businesses, according to : one company that sells them. : But unlike anti-shoplifting mirrors and surveillance cameras : seen throughout retail America these days, hidden microphones are : news to most of the public, judging from interviews Thursday at two : microphone-equipped Dunkin' Donuts in New Hampshire's capital. : ``Knowing this, I would never have a conversation in here,'' : said customer Frank Bowser, a private investigator who was : discussing a case with a partner. ``I think the general public : would be in an uproar to know that every time they come in for a : cup of coffee and a doughnut they could be heard.'' : Other customers, including Nick and Thalia Hondrogen, said they : were more offended by cigarette smoke than listening devices. : Nonetheless, they were surprised. : ``It's like spying. It sounds like Nazism or the KGB. It's not : American,'' Hondrogen said. ``Many times you say things to close : friends you don't want overheard.'' : The systems also were news -- unwelcome, at that -- at Dunkin' : Donuts corporate headquarters in Randolph, Mass. : Any system powerful enough to record customers' conversations : would be ``highly inappropriate'' and a violation of company : policy, spokesman Bill Chiccarelli said. : Still, store owners are using them. Security systems dealer Jeff : Meuse told the Concord Monitor he has installed systems in 500 : Dunkin' Donuts in Massachusetts in the last five years; of those, : 300 had audio monitoring. : Shops that have the monitoring systems display small stickers on : their doors saying, ``Audio monitoring on the premises.'' : All but the loudest customers are safe with many systems. At one : Dunkin' Donuts, Wright demonstrated that a customer standing at the : counter below the single mike in the ceiling had to speak loudly : and distinctly to be heard above the din of coffee grinders, staff : and general restaurant noise. : The systems can be far more sophisticated, however. Lewis Weiss, : chief executive officer of Louroe Electronics Inc. of Van Nuys, : Calif., said his company's systems can pick up conversations within : 30 feet. : ``Unfortunately, this is going to be the future until we get to : the point where there is minimal crime in this country,'' Weiss : said. ``Until then, store owners are going to have to have these : devices to protect their employees and their customers.'' : The American Civil Liberties Union grudgingly accepts : surveillance cameras and audio equipment at store and restaurant : cash registers, providing customers and staff are notified. : ``We would prefer not to see them at all, but if and when it : does happen, we would strongly (want) there to be actual and : functional notification,'' ACLU spokesman Milind Shah said in New : York. ``Often a sign on the door is not enough.'' : Federal law requires stores to post signs informing customers : they might be monitored, and customers should take notice, Weiss : said. : ``There is no invasion of privacy in a public store like a : Circle K or a Dunkin' Donuts because you can't carry on a private : conversation there,'' he said. : ----- End Included Message ----- From sandfort at crl.com Fri May 27 16:45:49 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 27 May 94 16:45:49 PDT Subject: Unicorn suit In-Reply-To: <199405272154.AA05325@access1.digex.net> Message-ID: C'punks, I am surprised that many of you, including Tim, have completely failed to examine the basic premise upon which the Unicorn suit rests. No one has called into question the dubious concept of "defamation." Black Unicorn and I have been having a rousing debate on this point in private e-mail. Maybe it's time for a little more devil's advocacy on this list. For the majority (I think) of you who consider yourselves to be "libertarians," where is TMP's violation of the principle of "non-initiation"? Don't answer to quickly, words of art have specific meanings. (Black Unicorn, this is a clue.) For those of other political stripes, what's so bad about defamation? I know most of you don't like it, but is their any philosophical or logical bases for your antipathy? S a n d y From tcmay at netcom.com Fri May 27 17:14:07 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 May 94 17:14:07 PDT Subject: Unicorn suit In-Reply-To: <199405272154.AA05325@access1.digex.net> Message-ID: <199405280013.RAA20919@netcom.com> I will force myself to respond to no more than three of Black Unicorn's points, so as to avoid boring the audience: > > ("What if your customers were Moral Majority Christians?" you might > > ask. Then I'd say that all one has to do is tell one's customers the > > truth. > > And this is supposed to convince moral majority christians? No, but so what? Life isn't always fair. Since at most one religion is right, at least n -1 religions are based on lies, and hence nearly all religious statements are lies, defamations, etc. The connection with free speech is deep and important: saying "Joe Blow is a Satan worshipper" may or may not be true, but it is not the role of the State to define truth. What damages result, say, from my statements that Hebrew National hot dogs are made from the bodies of Christian children and that all good Christians should thus boycott Hebrew National products is unimportant. Like I said, damages (and benefits) occur all around us, but in the absence of a contract or physical aggression, too bad. (If Hebrew National can collect from me for my rantings, then I ought to be able to present them with a bill for saying good things about them!) > What redress is there however for the defamed? > > Can Joe Blow really call my clients and produce forged evidence that I am > a fugitive white collar criminal, destroy my business and hide behind > free speech blankets? In my admittedly extreme opinion, this is what cryptography will produce: essentially unforgeable identities and messages. Joe Blow will not be able to present himself as you, nor will he be able to convincingly forge evidence. This is actually the "anarchic" situation we see all around us, in parties, in office conversations, etc. Even on this list. People make outrageous claims (we call it gossip) and some claims are believed, some are not. Often the gossipmongers who make the most bogus claims find their credibility has evaporated. Where I differ from many, but am in agreement with the mainstream of anarchocapitalist thought (cf. David Friedman's "The Machinery of Freedom" or Bruce Benson's "The Enterprise of Law"), is that I don't believe businesses/corporations have any different set of laws applying to them than to individuals. That is, if gossip is not to be "outlawed" between a group like ours, it shouldn't be if I hire someone, or hire 100, or hire 10,000. One set of rules for all scales. There's much to be said about this point; maybe another time. > I guess it's my turn to sound angry. When was the last time you answered > tmp publically? I don't mean this to be a barb... but I just don't think About two weeks ago, to expand on a point he made. In general, I have no interest in defending myself against fools who claim I am the spawn of Satan, a pedophilic sodomite, an anarchist bomb-thrower, or a Tentacle of Medusa. Anyone foolish to believe rants like that _deserves_ to believe such rants! In something that may resonate in a strange way with your Swiss friends, I call this "libertarian Calvinism." Not only should one not interfere with one's neighbors lifestyle choices, as a practical matter, but to interfere is to deny that person the ability to make a moral choice. Thus, if your neighbor drinks himself into a stupor, or believes foolish nonsense about Tentacles and Snakes, then so be it. (Another version: Niven and Pournelle's "Think of it as evolution in action.") In the context of "defamation," those who believe lies and won't listen to "reason" (my side) are best met with shrugs. Not perfect, but better than the alternatives of initiating force against them. In the marketplace of ideas, all one can do is present ideas and products as best one can. If competitors "lie" and "defame," that's life. Ultimately, those who choose to buy a Yugo instead of a Toyota, based on "lies" about quality, will learn. The truth will out, because the truth produces greater ultimate fitness (the Toyota is a a better deal than the Yugo) and the incentives move the market in this direction. (A lot more to be said here....this is only the tip of the iceberg on how free markets work even in the presence of "noise.") To paraphrase a book title (which I refuse to read), "Everthing I needed to know about free speech I learned in the phrase 'Sticks and stones may break my bones, but names will never hurt me.'" Call me a free speech absolutist, but I believe that. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Fri May 27 17:18:19 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 May 94 17:18:19 PDT Subject: Unicorn suit In-Reply-To: Message-ID: <199405280018.RAA21546@netcom.com> > > C'punks, > > I am surprised that many of you, including Tim, have completely failed to > examine the basic premise upon which the Unicorn suit rests. No one has > called into question the dubious concept of "defamation." Huh? Maybe you haven't been seeing my posts (I know *I* haven't, do to mail problems somewhere). I've been arguing just this point, that tmp did not initiate force and that the idea of "defamation" is a wrong-headed idea. "Sticks and stones" and all that. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From eagle at deeptht.armory.com Fri May 27 17:33:25 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Fri, 27 May 94 17:33:25 PDT Subject: Email Stalking on CNN Message-ID: <9405271733.aa13952@deeptht.armory.com> The idiot box behind me is making noise about Headline News' lead story for the evening, Email Stalking. The woman involved states she'll never use email again. Seems to me her arguments are moot, as cypherpunks has already developed the technology to solve this problem. Anyone volunteer to be a spokesperson for rebuttal? -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From sandfort at crl.com Fri May 27 18:17:58 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 27 May 94 18:17:58 PDT Subject: Unicorn suit In-Reply-To: <199405280018.RAA21546@netcom.com> Message-ID: C'punks, On Fri, 27 May 1994, Timothy C. May wrote: > > I am surprised that many of you, including Tim, . . . blah, blah, blah. > > Huh? Maybe you haven't been seeing my posts (I know *I* haven't, do to > mail problems somewhere). I've been arguing just this point, that tmp > did not initiate force and that the idea of "defamation" is a > wrong-headed idea. > > "Sticks and stones" and all that. Duh, sorry Tim, I fucked up. Mea culpa, mea culpa, mea maxima culpa. S a n d y From catalyst-remailer at netcom.com Fri May 27 18:32:40 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Fri, 27 May 94 18:32:40 PDT Subject: MacPGP Message-ID: <199405280132.SAA08304@netcom.netcom.com> Unicorn, are you in the US? From jktaber at netcom.com Fri May 27 19:02:05 1994 From: jktaber at netcom.com (John K. Taber) Date: Fri, 27 May 94 19:02:05 PDT Subject: PGP 2.6 In-Reply-To: <199405272317.QAA16869@jobe.shell.portal.com> Message-ID: <199405280201.VAA04456@netcom.com> > > Paul "K." Strong wrote: > > >However, I would say that most people _regard_ v2.3a as a legal version > >outside the USA and so are willing to carry it on their systems; and at > >this time I believe nothing concrete to the contrary has been proved. > > > >Versions 2.5 and 2.6 however are obviously illegal exports, and I think that > >it is the fact that people think of one as legal and the other as illegal > >that makes the difference, and therefore we who are outside the USA need our > >own version to be brought up to date. > > There has never been a ruling declaring it illegal to export PGP. No one has > ever been convicted of illegally exporting crypto. The ITAR restrictions also > contain many exemptions, under which it could be legal to export PGP. > Furthermore, If you didn't get your copy of PGP from the US then you haven't > broken any laws. I don't know if a simple reply gets to the cpunks list, but here goes. There have been two convictions for exporting crypto. They were Elizabeth Martinez and Mario Vallodares, in Miami, in Judge Hoeveller's district court (same judge who tried Noriega). The police work was done by Customs. The NSA does not have a police, apparently. The NSA attended the trial and took copious notes. Elizabeth and Mario exported TV satellite receivers to Latin America. These receivers, made by General Instruments, contain the DES programmed in EPROM, the whole potted in epoxy. They were charged with violation of ITAR because of the crypto. A bunch of counts. All their receivers were seized. They were also charged with conspiracy because they had attended trade shows in Las Vegas where exporting the receivers were the subject of sessions. Mario served one year and one day in Federal prison. Elizabeth served six months in a workhouse. David Kahn, Cipher Deavors, and George Davida were expert witnesses for the defense. It was to no avail. From jpp at jpplap.markv.com Fri May 27 19:55:22 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Fri, 27 May 94 19:55:22 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405272141.AA23574@toad.com> Message-ID: The problem with forming product cyphers is the birthday paradox. The problem with threshold cyphers is bandwidth. Concider for example e1( e2( e3( x ))), and the permutations it generates. Let E1 represent the number of permutations generated by e1 under all the different keys, and similarly E2 and E3 the number generated by e2 and e3 respectively. E1, E2, and E3 are all nearly the same as the number of keys for the respective cryptosystems. But there is no garantee that the number of permutation that the composition of e1, e2, adn e3 is equal to the product of the number of keys (E1*E2*E3). Infact, the birthday paradox just about garantees that the number is less than E1*E2*E3. So some of the additional keybits are lost. On the other hand, the number of permutations that the system Eli and I describe *is* garanteed to increase with the addition of cyphers. Concider the same three encryption functions as in the previous case. If the number of permutations generated by e1, e2, and e3 is E1, E2, and E3 respectively, then the number of permutations in ej{e1,e2,e3}(xi) == and ri is a cryptographic random number generated by e3, is exactly E1 * E2 * E3. The problem with thresholding is the linear increase in cyphertext with linear increase in number of keybits. So if you are a bit too paranoid to rely on a single non DOD/NSA cypher, but not willing to use a one time pad, then concider thresholding. If you don't have the communication bandwidth to support it, then certainly fall back to the simpler scheme Perry describes. (Note that Eli and My scheme is only slightly slower to compute than Perry's. It requires computing one extra xor per block. Also note that the actual increase in bandwidth for a three cypher system threshold in a practical encryption package like PGP would not be 2 to 1 since it likely compresses before encryption.) j' From dmandl at panix.com Fri May 27 20:26:58 1994 From: dmandl at panix.com (David Mandl) Date: Fri, 27 May 94 20:26:58 PDT Subject: If you don't vote... Message-ID: <199405280300.AA28489@panix.com> From: lefty at apple.com (Lefty): >In case anyone's been wondering, I vote a straight "None of the Above" >ticket. Every election. I happen to believe that if you don't punch holes >in your cards (we don't have those big, fun voting booths here in >California like they do back East), you have no right to complain. At the risk of prolonging an irrelevant thread, I feel I've got to point out the bum logic in this argument. If you go to Las Vegas, put a thousand bucks down on the blackjack table, and lose, you can't complain. You made a bet knowing the risks involved, and you lost. You would gladly have accepted the profits if you'd won. If a blackjack dealer comes over and takes a thousand dollars out of my pocket, he's just robbed me. If you vote, you're tacitly accepting that it's a fair game and agreeing to abide by the rules. If your candidate loses, that's the way the cookie crumbles. If you don't vote because you think the whole game is rigged and don't want any part of it, you're clean. You never wanted to play to begin with. Many people on this list are familiar with Lysander Spooner's article "No Treason," which explains that the Constitutional "contract" is not a binding contract at all, because you and I never signed anything. Same argument. I understand why some anarchists vote (though I think it's a big mistake), but there's no way I can be told that I've got no right to complain because I didn't agree to play. If you DO vote, don't complain. --Dave. -- Dave Mandl dmandl at panix.com From blancw at microsoft.com Fri May 27 20:47:13 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 27 May 94 20:47:13 PDT Subject: Unicorn suit Message-ID: <9405280248.AA03677@netmail2.microsoft.com> >From Uni: Again, it is not my responsibilty to guard myself against defamation. I should be able to conduct business, without interference, in peace, with whomever, whenever, whatever, and however uptight, as I choose. ................................ But who will guard you against defamation when you insist on doing business so indiscriminately, wouldn't you say that you bear a bit of responsibility for the kind of associations you engage in which could endanger your reputation? If you were doing a furniture business deal with third-world drug lords (you never know!) and they suddenly declared you to be a scum-bag lawyer who was really a double-agent spy working with the DEA, could you expect much success in taking them to court for accusations which besmirched your reputation? Guess you could try, huh. Many things are possible, although somewhat difficult to achieve. Blanc From blancw at microsoft.com Fri May 27 20:47:24 1994 From: blancw at microsoft.com (Blanc Weber) Date: Fri, 27 May 94 20:47:24 PDT Subject: Official Anarchism Message-ID: <9405280249.AA03684@netmail2.microsoft.com> From: Sandy Sandfort in reply to the question: > is there an official Anarchist codicil? What makes one an official anarchist? Official Anarchists are issued an official certificate (suitable for framing). . . . ............................................ I have one of these, stamped on my forehead. It's in invisible ink, but somehow collectivists can always read it, and react as expected. Blanc From hughes at ah.com Fri May 27 20:59:25 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 27 May 94 20:59:25 PDT Subject: v2.6 for the rest of us In-Reply-To: <25654.9405271928@lt1.cs.rhbnc.ac.uk.> Message-ID: <9405280405.AA25445@ah.com> Versions 2.5 and 2.6 however are obviously illegal exports, and I think that it is the fact that people think of one as legal and the other as illegal that makes the difference, and therefore we who are outside the USA need our own version to be brought up to date. Legality is always relative to some jurisdiction. Let us stipulate for discussion that export of PGP 2.6 from the USA was in violation of the ITAR. Is PGP 2.6 in Europe an "illegal export"? To wit, it is in the USA, but not in Europe, barring specific reciprocity agreements. Under USA law, it violates the ITAR (by stipulation--now may be the time to reach for the dictionary). So, if the USA could manage to extradite a 2.6-user from Europe, that person could be tried under USA law, convicted, and jailed. Think not? One word: Noriega. Noriega was tried under USA law for activities which never took place in the USA. You think that sucks? Well, expect the tendrils of law to extend past the nominal geographic borders more often. If individuals can become locationally ambiguous, there's no reason to expect governments to remain locationally confined. Now, is USA law a threat? Now is the time to estimate the cost of extradition, trial, incarceration, etc. relative to other law enforcement priorities. It's pretty unlikely, in the case of PGP-2.6. No need to lose sleep. So, is it illegal in Europe? Well, not usually. What law of any European state has a 2.6-user broken? The ITAR is a USA law, not, say, a German one. There may be other statutes, as in France, which could restrict its use, but they're not the ITAR. So if I were living in England, using PGP 2.6, I'd have nothing to fear from local authorities as such. (Maybe from them acting as extradition officers, but you can figure out that difference easily.) And I haven't even addressed detection yet. Eric From hughes at ah.com Fri May 27 21:16:33 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 27 May 94 21:16:33 PDT Subject: on detectability of PGP versions Message-ID: <9405280422.AA25479@ah.com> The issue has arisen of whether displaying some particular version number of PGP on the inside of messages or signatures implies that one is using that version number. How could it? The format that one bit of public software makes can be duplicated by another. If there are two bodies of code which produce the same output, an external observer can make no decision as to which one was used if the only evidence were one of format. If, however, there were only one piece of code (say PGP 2.6), there would be a statistically valid judgement that a 2.6 version number indicated a 2.6 use. Let's say we want to avoid that. I'd suggest that a future derivation of the 2.3a code base or the as-yet-mythical 3.0 code base use the version number in the PGP formats (both binary and ascii) as format version numbers, and let the version numbers of PGP proper diverge. To make it really convenient, the config file might have a version_output flag which indicated what kind of message to generate. There's no good functionality reason why such a PGP shouldn't write post-Sept. 2.6 messages, 2.3 messages, 2.4 messages, even non-PKCS 2.2 messages. Ditto for reading and verifying all those kinds of messages. Could anybody really tell the difference? Eric From hayden at krypton.mankato.msus.edu Fri May 27 21:44:18 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 27 May 94 21:44:18 PDT Subject: PGP 2.confusion Message-ID: I guess I'm sorta confused. 2.3x cannot 'legally' be used in the U.S., and it seems that the release of 2.6 is motivated in part so that U.S. users of 2.3 can become "special friends" of the RSA goonsquad. Yet, 2.6 cannot be used by anyone outside of the U.S./Canada. So what is the solution that will be legal, secure, and useful for the whole world? Do we (the cypherpunk community) perhaps need to come up with EBP 1.0 (Even Better Privacy) that abandons the RSAREF patent problem with some other public-key system that is functionally equial and just as safe? Sorry, I'm babbling, but as I said, I do not relish the thought of becoming a special friend of RSA's lawyers. (Or worse, what if 'exporting' a digital signature violates ITAR and makes you a very special friend of an over-ambitious federal district attorney?) ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or Blue Earth County -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From hughes at ah.com Fri May 27 22:10:11 1994 From: hughes at ah.com (Eric Hughes) Date: Fri, 27 May 94 22:10:11 PDT Subject: "illegal": law and tort Message-ID: <9405280516.AA25630@ah.com> Not everything that lands you in court is illegal. If there's a law passed and you violate it, that's an illegal act. If you cause someone harm, that's a tortious act. Law is a criminal matter; tort is a civil matter. Both end up in court, but the difference between civil and criminal is enormous. I got some private mail that pointed out that I didn't address the copyright issue on PGP 2.6. I'll do so here. The RSAREF-1 license doesn't apply outside US and Canada, as I recall. (And let me be explicit--I'm feeling too lazy to look it up right now.) So use of RSAREF-1 products, including PGP 2.6, in Europe is not licensed, and therefore infringes the copyright of RSADSI. Copyright infringement is a tort (a harm), not a violation of law. Saying that infringing software is "illegal" because it infringes is incorrect. Infringing software is tortious, certainly. Let's put an end to confusing tortious with illegal. This distinction makes a big difference. In the case of illegality, the government takes you to court. In the case of tort, the offended party takes you to court. Now while one could conceivably be extradited for the ITAR (criminal), one couldn't be for copyright infringement (civil). Now, if someone in Europe were to use PGP 2.6, what could RSADSI do about it? They could sue in civil court for damages. Which court? If in the USA, then their remedy is limited to what the USA civil court can order, and if the European user were to have no assets in the USA, that's pretty much the end of the remedy. If the court were in Europe, RSADSI would have to sue in a European court. Now _you_ guess what that costs. For an individual user, there's almost nothing to worry about. Eric From ebrandt at jarthur.cs.hmc.edu Fri May 27 22:28:31 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 27 May 94 22:28:31 PDT Subject: v2.6 for the rest of us In-Reply-To: <9405280405.AA25445@ah.com> Message-ID: <9405280528.AA01159@toad.com> Eric said: > So, if the USA could manage to extradite a > 2.6-user from Europe, that person could be tried under USA law, > convicted, and jailed. Convicted of what? The ITAR provides civil and criminal penalties for exporting defense articles or technical information, for providing defense services, etc. AFAIK (anybody OCRed it?), it contains no clause that would cover the use of software or rocket launchers that have already been exported. Eli ebrandt at hmc.edu From jpp at jpplap.markv.com Fri May 27 22:38:52 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Fri, 27 May 94 22:38:52 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup Message-ID: Date: Fri, 27 May 94 18:54 PDT From: jpp at jpplap.markv.com (Jay Prime Positive) Infact, the birthday paradox just about garantees that the number is less than E1*E2*E3. After thinking about it some more, I think I would like to rephrase that. I don't think 2^k is nearly close enough to ((2^k)!)^(1/2) for me to say 'garantee'. But, it is possible for E1*E2*E3 to excede the number of permutations of the e1( e2( e3( x ))) system. j(no i am not a tmp tenticle)' From hayden at krypton.mankato.msus.edu Fri May 27 22:39:08 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 27 May 94 22:39:08 PDT Subject: PGP 2.confusion (fwd) Message-ID: This was sent to just me by mistake, and I'm forwarding with permission of Jay. ---------- Forwarded message ---------- Date: Fri, 27 May 94 21:26 PDT From: Jay Prime Positive To: hayden at krypton.mankato.msus.edu Subject: Re: PGP 2.confusion Date: Fri, 27 May 1994 23:49:55 -0500 (CDT) From: "Robert A. Hayden" Do we (the cypherpunk community) perhaps need to come up with EBP 1.0 (Even Better Privacy) that abandons the RSAREF patent problem with some other public-key system that is functionally equial and just as safe? EBP would have to provide the two critical functions of PGP -- digital signatures, and key distribution. There exist signature standards other than RSA. Perhaps the USA's DSS can be exported. If not, there may well be other systems out there. Feel free to implement DSS, or others. But the critical problem seems to be encryption. Or more exactly the key distribution problem. How do I and my secret corespondant share a secret key? I only know of four kinds of solutions. Send the key via a secure channel. Secure chanels are hard to find, and as history teaches us, not fully secure. (Read Kahn for instance.) Use a trusted key distributer. Trusted. Ha. This is cypherpunks list. Public key cryptography. The problem is that PKP (or is it RSADSI?) claims pattent rights to the whole PK ball of wax. The Diffe Helman key exchange (oblivious transfer?) pattent will expire the soonest, and it can be used in the future. The really exciting result, IMHO, is from crypto 92 that I mentioned a while back. If A and B can hear a source of bits S with some errors, then they can generate a shared secret which even an eves dropper with much greater (listening) resources can't discover. This is exciting. Is it pattented? Does it work on the internet? I don't know. Unfortunately all of these suffer from various active tapper attacks. More unfortuneately, on the internet active tapping isn't very hard to arrange. If you can come up with aditional solutions, or ones more resistant to active tappers, please publish. j' From ebrandt at jarthur.cs.hmc.edu Fri May 27 22:44:40 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 27 May 94 22:44:40 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: Message-ID: <9405280544.AA01300@toad.com> Jay said: > It requires computing one extra xor per block. Plus a truckload of good random numbers. To do it right, a hardware RNG is in order. A PRNG really makes no sense, because if you have a PRNG that strong, why not just use it as a stream cipher? > that the actual increase in bandwidth for a three cypher system > threshold in a practical encryption package like PGP would not be 2 to > 1 since it likely compresses before encryption.) To be fair, you need to compare compressed-and-split with compressed-only. This *is* going to be a factor-of-3 size hit. Eli ebrandt at hmc.edu From tcmay at netcom.com Fri May 27 22:57:42 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 May 94 22:57:42 PDT Subject: The Assault on Unicorn has Begun Message-ID: <199405280557.WAA01651@netcom.com> Earlier today I predicted that Unicorn's satisfaction with tmp's "apology" would be short-lived, that the so-called apology actually looked like a dead ringer for Detweiler's "abject apology" to the Cypherpunks list several months back. I predicted that Detweiler/tmp's latest "apology" would presage a major new assault. Faster than I imagined, it arrive tonight. Filled with invective, forgeries, thinkly veiled death threats, and more accusations that Black Unicorn is the mastermind of a plot to cause the collapse of Western governments (let's hope Unicorn's Swiss clients are spared this one). Unicorn challenged me today about when the last time I responded/defended myself against tmp's rants--I said it was a couple of weeks ago (and then to expand on a point, not to answer the juvenile rants). Generally, any response, no matter how reasoned, not matter how measured, produces a ten-fold resonse from Detweiler. It's pointless to respond. Detweiler is apparently now persuaded that Unicorn cannot touch him, and plans to go for the jugular. If Unicorn's True Name and True Phone Number is known to LD as a result of their recent negotiations (which were apparently moot), I expect we'll see this soon enough in Detweiler's phony sig blocks. (Fortunately, in all the months LD has been attaching my phone number, 408-688-5409, in his various sig blocks, I've never gotten a phone call asking what the hell is going on. Restores my hope.) Anyway, the action is raging in talk.politics.crypto. For whatever reason, Detweiler has to date made only limited use of remailers. All hell will break loose when he really starts. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at shell.portal.com Fri May 27 23:41:42 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 27 May 94 23:41:42 PDT Subject: Why it is legal to export PGP under ITAR Message-ID: <199405280642.XAA05875@jobe.shell.portal.com> The US ITAR law exempts many things from export restrictions, among them, materials availiable in public libraries. It gives no special definition for a library. My American Heritage Dictionary defines "library" as, among other things, "An orginized collection of recorded data arranged for ease of use." IOW, an ftp site. Which means that if a program is available from a public ftp site, you're legally allowed to export it. :) From hayden at krypton.mankato.msus.edu Fri May 27 23:46:52 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Fri, 27 May 94 23:46:52 PDT Subject: Why it is legal to export PGP under ITAR In-Reply-To: <199405280642.XAA05875@jobe.shell.portal.com> Message-ID: On Fri, 27 May 1994 nobody at shell.portal.com wrote: > The US ITAR law exempts many things from export restrictions, among them, > materials availiable in public libraries. It gives no special definition for a > library. My American Heritage Dictionary defines "library" as, among other > things, "An orginized collection of recorded data arranged for ease of use." > IOW, an ftp site. Which means that if a program is available from a public ftp > site, you're legally allowed to export it. :) So if I had the local public library put the software version of 2.6 availabel for checkout (a reasonable simple task, as they have other software available), then would that erase any doubt as to what a library is? ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or Blue Earth County -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From ebrandt at jarthur.cs.hmc.edu Fri May 27 23:47:59 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Fri, 27 May 94 23:47:59 PDT Subject: Why it is legal to export PGP under ITAR In-Reply-To: <199405280642.XAA05875@jobe.shell.portal.com> Message-ID: <9405280647.AA01843@toad.com> nobody said: > The US ITAR law exempts many things from export restrictions, among them, > materials availiable in public libraries. The gotcha is that you can't necessarily *put* it in a library. It's like the publication catch-22. Eli ebrandt at hmc.edu From ghio at andrew.cmu.edu Fri May 27 23:51:35 1994 From: ghio at andrew.cmu.edu (ghio at andrew.cmu.edu) Date: Fri, 27 May 94 23:51:35 PDT Subject: PGP 2.confusion Message-ID: <9405280649.AA01857@toad.com> "Robert A. Hayden" wrote: >Do we (the cypherpunk community) perhaps need to come up with EBP 1.0 >(Even Better Privacy) that abandons the RSAREF patent problem with some >other public-key system that is functionally equial and just as safe? Sounds good to me... which public key system did you have in mind? :) From Matthew.Ghio at andrew.cmu.edu Sat May 28 00:09:00 1994 From: Matthew.Ghio at andrew.cmu.edu (Matthew.Ghio at andrew.cmu.edu) Date: Sat, 28 May 94 00:09:00 PDT Subject: Why it is legal to export PGP under ITAR Message-ID: <9405280708.AA02187@toad.com> Is there anywhere I can ftp a copy of the ITAR law? From jpp at jpplap.markv.com Sat May 28 00:24:19 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Sat, 28 May 94 00:24:19 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: <9405280544.AA01300@toad.com> Message-ID: > Date: Fri, 27 May 94 22:44:29 PDT > From: Eli Brandt > > Jay said: > > It requires computing one extra xor per block. > > Plus a truckload of good random numbers. To do it right, a hardware > RNG is in order. A PRNG really makes no sense, because if you > have a PRNG that strong, why not just use it as a stream cipher? I don't see why. I assume the PRNG is cryptographic, and concider its key (and iv) as part of the key to the system. And I don't see why the PRNG needs to be so tremendously strong. Hmmm. Now I think I get it. If the PRNG is the weak link, then the atacker can solve the easy PRNG crypto system and the hard e1 crypo system. On the other hand if it is the strongest crypto system, the atacker will solve the weaker e1 and e2 crypto systems instead. Hmmm. Yeah, you are right. Although the PRNG threshold scheme has E1*E2*E3 permutations, it is really only as hard as either E1*E2, or E1*E3. Yet another example of 'key size is not proportional to strength'. So my new criteria is if you have bandwidth, and strong random numbers, use the threshold scheme. If not, use the product cypher. But perhaps the fenced DES stratagy is better than either. For comparison purposes we would need to know how the fence permutation(s) are keyed. > > that the actual increase in bandwidth for a three cypher system > > threshold in a practical encryption package like PGP would not be 2 to > > 1 since it likely compresses before encryption.) > > To be fair, you need to compare compressed-and-split with > compressed-only. This *is* going to be a factor-of-3 size hit. Yeah, your are right. The Cthr/Cpro will be about 2 to 1. (2 cause I used one key for the PRNG, the other two for encrypting the thresholded pieces.) But Cthr/Plain will not be nearly 2 to 1. I think this is interesting. If you, Eli, think it is interesting enough for the general list, feel free to forward this. j' From pauls at dcs.rhbnc.ac.uk Sat May 28 02:45:27 1994 From: pauls at dcs.rhbnc.ac.uk (Paul K. Strong) Date: Sat, 28 May 94 02:45:27 PDT Subject: v2.6 for the rest of us Message-ID: <26505.9405280942@lt1.cs.rhbnc.ac.uk.> wrote: >Or maybe you could just keep on using PGP 2.3a and stop worrying about it. Hey, I don't care if you Americans want to stick with v2.3a. I just thought that you wouldn't be able to add your v2.3a key to USA keyservers and would therefore move onto v2.6 (not to mention that v2.3a infringes RSA's patents and some people like to stay legal). The fact is some people will move onto v2.6 and I would like the ability to communicate with them. ***************************************************************************** * Paul Strong Fidonet: 2:254/438 (weekly mail check) * * * * pauls at dcs.rhbnc.ac.uk Finger for PGP v2.3a public key * ***************************************************************************** From mathew at mantis-consultants.co.uk Sat May 28 03:04:57 1994 From: mathew at mantis-consultants.co.uk (mathew) Date: Sat, 28 May 94 03:04:57 PDT Subject: Announcement: PGP 2.6ui -- unofficial international release Message-ID: <2s57u4$klu@sunforest.mantis.co.uk> -----BEGIN PGP SIGNED MESSAGE----- This is to announce an unofficial release of PGP, based on 2.3a, modified for interoperability with MIT's PGP 2.6. The files are on ftp://ftp.demon.co.uk/pub/pgp/ 2.6ui-readme The file README.1st from the 2.6ui release. pgp26ui-src.tar.gz UNIX source distribution, compressed with gzip. pgp26ui-src.tar.gz.sig Detached signature for pgp26ui-src.tar.gz. pgp26uis.zip DOS source distribution, archived with Info-ZIP. pgp26uis.sig Detached signature for pgp26uis.zip. pgp26uix.zip DOS .EXE distribution, archived with Info-ZIP. pgp26uix.sig Detached signature for pgp26uix.zip. pgp23a-26ui.patch.gz Context diffs to go from 2.3a to 2.6ui, gzipped. I tried to upload to ftp.funet.fi, src.doc.ic.ac.uk and ftp.dsi.unimi.it, but the net seems flaky today. The following changes have been made from 2.3a: * Reads encoded data produced by both MIT PGP 2.6 and PGP 2.3a. * Writes data either in the "new" format used by MIT PGP 2.6, or in the old PGP 2.3a format. Option settable via a command line switch or config.txt setting. Default is old 'compatible' format. * No time-bomb code in it. If you want to switch version byte like MIT PGP does, you'll have to do it manually on September 1st. There's no advantage in doing so, unless you want it to look like you're running MIT PGP. * You can choose the version text which you want to have appear in ASCII armoured files. The default is 2.6, and if you're in the USA you probably don't want to change it, as a well known net.personality tends to harass people whose PGP armor says anything else. Again, this can be changed via command line or via config.txt. * Displays and accepts 8 characters of the key ID. Hence there's less chance of two keys having the same visible ID. * Makefile entries have been added for sunos5cc and sunos5gcc, for people using SPARC workstations running Solaris 2. I have personally tested the sunos5gcc build on Solaris 2.3, and it compiles cleanly. A line for NeXTstep Intel has also been added (next486). * The file idea68k.s has been removed, at the request of the author. It was obsolete. Better 68k routines are available; for example, suitable routines for the Amiga are available on Aminet. * A message has been added to the key generation section, reminding the user that MIT PGP 2.6 will only handle keys of 504-1024 bits. This version has no key length crippling, however. * Memory allocated with _fcalloc and freed with _ffree in ztrees.c and zdeflate.c, to avoid memory leakage in the MS-DOS version. * The -w option wipes files with pseudo-random data, to try and ensure the file is wiped even if you're using a disk compressor. Note that this still isn't perfect; DOS can randomly duplicate bits of cleartext files in partially-used clusters, and those fragments won't be removed if the original file is wiped. * Branko Lankester and Paul C Leyland's patches have been applied, so that newer key certification signatures automatically replace older ones. This also fixes a bug in the display of new keys with multiple signatures. This version was assembled by mathew from the standard PGP 2.3a sources, and from source code patches obtained from the net. All patches were scrutinized carefully before being applied by hand. No binary patches were used. The DOS executables were built by mathew using Microsoft Visual C++ version 1.0 (MS C v8). No RSAREF source code was used; in fact, I used no source code from MIT PGP at all. I haven't even looked at the MIT sources. (No, really.) Thanks to those anonymous individuals who tested the program against MIT 2.6... Disclaimer: This software is nothing to do with Mantis Consultants, and is without warranty or guarantee of any kind. Using it in the USA is probably very naughty. If you have any patches to fix bugs or add features, feel free to mail them to me, and I'll consider adding them to any future unofficial release. mathew -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLeYh7HzXN+VrOblFAQFYFAP6Ar+1OKDoUg/5A0p6ZljmP/9Z3IZIx797 NPi2/ELLhZyWWCcsrhLxxPgux4+5WEJ2+FlK0FM10UlWFy7FuieXCWwprMM8Ug0A zfpAdxrQP4F7r0lozM2c8HFOtsse2ISxLOsNcObfgSCBfJKBu9c1nJ0/VvnJ42nA EA/vG3KwgyI= =FDlY -----END PGP SIGNATURE----- -- Seeking a decent bug-tracking system for Windows, DOS, UNIX, Mac... http://www.mantis.co.uk/~mathew/ From lile at netcom.com Sat May 28 04:54:48 1994 From: lile at netcom.com (Lile Elam) Date: Sat, 28 May 94 04:54:48 PDT Subject: Email Stalking on CNN Message-ID: <199405281154.EAA13255@netcom.com> I heard it too. I thought, gosh too bad she didn't know about kill files.... :( -lile From D.J.Crookes at sheffield.ac.uk Sat May 28 05:31:04 1994 From: D.J.Crookes at sheffield.ac.uk (Dave Crookes) Date: Sat, 28 May 94 05:31:04 PDT Subject: "illegal": law and tort In-Reply-To: <9405280516.AA25630@ah.com> Message-ID: On Fri, 27 May 1994, Eric Hughes wrote: > Now, if someone in Europe were to use PGP 2.6, what could RSADSI do > about it? They could sue in civil court for damages. Which court? > If in the USA, then their remedy is limited to what the USA civil > court can order, and if the European user were to have no assets in > the USA, that's pretty much the end of the remedy. If the court were > in Europe, RSADSI would have to sue in a European court. Now _you_ > guess what that costs. For an individual user, there's almost nothing > to worry about. What if the European user obtains PGP 2.6 from a European site, then rips out the RSAREF code, and makes it use Phil's original code from 2.3a, and then distributes this copy. Is there still a copyright violation on RSADSI? Is there one on MIT ? Dave From danisch at ira.uka.de Sat May 28 06:19:45 1994 From: danisch at ira.uka.de (Hadmut Danisch) Date: Sat, 28 May 94 06:19:45 PDT Subject: My 2.3a Key is listed as a 2.6 (Aaargh!) Message-ID: <9405281319.AA01214@deathstar.iaks.ira.uka.de> > As to not being allowed to have or use 2.6 in Europe, what makes you think so? I didn't think in european law, I was thinking in US law. It is prohibited to export, it is prohibitet to use (patents) and the day will come where it is prohibited to be european and we get arrested after coming to the States... ;-) > I may be wrong, but I thought the only obstacle was that it may not be exported > to us due to ITAR. Once it's available here there's nothing wrong with having > or using it. Do you think they will accept this if they put us in jail after entering an american airport next time? Just a stupid question: Do I violate american law when I transfer files from United Kingdom to Germany? In some cases the internet packets are routed through american machines because the connection Germany/Britain is lousy slow. Hadmut From pcw at access.digex.net Sat May 28 07:38:31 1994 From: pcw at access.digex.net (Peter Wayner) Date: Sat, 28 May 94 07:38:31 PDT Subject: Privacy at Dunkin Donuts Message-ID: <199405281438.AA03740@access1.digex.net> The Baltimore Sun also ran the AP story on the hidden microphones at Dunkin Donuts. But they sent some reporter out to freshen up the story and check the local DDs. They report that the DD in Severna Park (a nice suburb of Baltimore that is next to Fort Meade) and the DD next to Fort Meade itself have the mikes. Hah! From ddt at lsd.com Sat May 28 07:45:40 1994 From: ddt at lsd.com (Dave Del Torto) Date: Sat, 28 May 94 07:45:40 PDT Subject: removed from list.... Message-ID: <199405281445.HAA20195@netcom.netcom.com> >there was a mass unsubscribing, probably from nalbandian. Can't Majordomo implement passwords for individual users so that only *they* can unsub themselves? It seems ironic that the Cypherpunks list would be vulnerable to this sort of "attack" from miscreants like [insert bozo-of-choice here]. As an aside: I've set up a filter that immediately trashes anything from the above-mentioned "person." I just don't need that kind of noise. dave ssibly, PGP 2.6 is doing a great deal more longer term >damage to the viablity of PGP than is immediately obvious. Is this a >valid viewpoint ? Absolutely valid, Matthew: I recommend that we do our best to resolve what will be done to counter this tactical move against PGP here on this list - without spreading confusing rumors around to the benefit of RSA Labs - and meanwhile provide a simple, patched version of 2.3 for all platforms that both offers fully-2.6-compatible ciphertext and 2.6-impersonating keys. dave From hughes at ah.com Sat May 28 08:16:05 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 28 May 94 08:16:05 PDT Subject: removed from list.... In-Reply-To: <199405281445.HAA20195@netcom.netcom.com> Message-ID: <9405281522.AA26410@ah.com> The cypherpunks list was wiped because of a bug in majordomo, not because of some attack. Eric From hughes at ah.com Sat May 28 08:30:39 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 28 May 94 08:30:39 PDT Subject: v2.6 for the rest of us In-Reply-To: <9405280528.AA01159@toad.com> Message-ID: <9405281536.AA26432@ah.com> The issue is whether mere use of USA-illegally exported crypto is itself illegal. AFAIK (anybody OCRed it?), it contains no clause that would cover the use of software or rocket launchers that have already been exported. The text of the ITAR is available at one or both of eff.org or cpsr.org. I purposefully elided over this point in my first post in order to more clearly talk about jurisdiction. (This may not have been best.) I don't know if such use is illegal; for the purpose of discussion above, I assumed it was. It may be otherwise, however. Suppose it's not explicitly illegal. Does that mean you can't get prosecuted for it, or convicted? Whatever the answer is, it's not "clearly no". Inside every prosecutor's office is a legal hacker try to push the boundaries of criminal law, trying to make more things _illegal_. (Not exactly what you want to hear, I'm sure.) What creative arguments might an agressive prosecutor use? Conspiracy is a good one. The argument could be that there's so much publicity about PGP that any user must know that 2.6 was USA-illegally exported, and, therefore, was blindly conspiring with the original exporter. This is an apparently ludicrous argument, but could it fly? Ever heard of the twinkie defense? Eric From hughes at ah.com Sat May 28 08:33:15 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 28 May 94 08:33:15 PDT Subject: "illegal": law and tort In-Reply-To: Message-ID: <9405281539.AA26453@ah.com> What if the European user obtains PGP 2.6 from a European site, then rips out the RSAREF code, and makes it use Phil's original code from 2.3a, and then distributes this copy. Is there still a copyright violation on RSADSI? Is there one on MIT ? re: RSADSI. Is the 2.6 work in any way derived from RSADSI property? It doesn't appear to be. There's none of the original RSADSI code and it wasn't used as template for replacement. re: MIT. There would still be copyright property of MIT in a code base as outlined, since that part was not altered. Eric From hughes at ah.com Sat May 28 08:43:23 1994 From: hughes at ah.com (Eric Hughes) Date: Sat, 28 May 94 08:43:23 PDT Subject: My 2.3a Key is listed as a 2.6 (Aaargh!) In-Reply-To: <9405281319.AA01214@deathstar.iaks.ira.uka.de> Message-ID: <9405281549.AA26482@ah.com> will come where it is prohibited to be european and we get arrested after coming to the States... ;-) There's a serious issue lurking behind here, which is that a sufficiently motivated USA government could keep a hot-list of known crypto users on the computer at Customs, and arrest them upon entry. This is unlikely to the point of ridiculousness right now, and, with Cantwell's bill having passed committee and alternate PGP releases already out, becoming moot. Do I violate american law when I transfer files from United Kingdom to Germany? In some cases the internet packets are routed through american machines because the connection Germany/Britain is lousy slow. Well, the USA might want to claim jurisdiction. They've already done this with money in transit. There was a recent case where money was being wired from Columbia to Europe somewhere. New York was an intermediary which provided connectivity for the money--a holding account. The money was seized while in the holding account. The Supremes upheld the seizure. An agressive prosecutor might apply this precedent to data flows, arguing that at the point the data entered a US computer, it came inside USA territory and therefore was re-exported. Ignorance might be no defense. As I recall, the bankers knew the money was flowing through New York, but I don't think their client did. Eric From f_griffith at ccsvax.sfasu.edu Sat May 28 09:04:45 1994 From: f_griffith at ccsvax.sfasu.edu (f_griffith at ccsvax.sfasu.edu) Date: Sat, 28 May 94 09:04:45 PDT Subject: PGP 2.6 is dangerous in the long term ? Message-ID: <9405281604.AA09140@toad.com> >meanwhile provide a simple, patched version of 2.3 for all platforms that >both offers fully-2.6-compatible ciphertext and 2.6-impersonating keys. > > dave > Wouldn't it be better to have a patched version of 2.5? Wouldn't this remove the questions about legal use in the U.S.? From Richard.Johnson at Colorado.EDU Sat May 28 09:33:09 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Sat, 28 May 94 09:33:09 PDT Subject: Email Stalking on CNN In-Reply-To: <199405281154.EAA13255@netcom.com> Message-ID: <199405281625.KAA22739@spot.Colorado.EDU> From the keyboard of: lile at netcom.com (Lile Elam) > I heard it too. I thought, gosh too bad she didn't know about kill > files.... Does AIL, er, AOL have kill files? The reporter trying valiantly to cover the story with some kind of objectivity was reduced to observing that some people just can't ignore any email - they have some kind of weird need to read every message. I guess this goes for messages even from those they want to ignore. In order to overcome this, do email kill files have to do their work silently, so the user can avoid stress about what they're missing? Richard From catalyst-remailer at netcom.com Sat May 28 09:36:57 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Sat, 28 May 94 09:36:57 PDT Subject: New MacPGP2.3a has arrived. Message-ID: <199405281636.JAA04048@netcom.com> I know you guys like to talk instead of act, but outside of your little debate club are real programmers building the future. One work has been completed, a debugged and AE aware MacPGP. Please release it, as it's source code is available. FTP to ftp.netcom.com and cd to /pub/mpj and read README to get the name of the directory. It's amazing that I've been at this a week and the rest of the world is playing with it already, but whenever I get news of your list, I hear there has been no action taken on this new release. BTW, the author in Germany will be updating this soon, and has finally decided to release source as well. From rfb at lehman.com Sat May 28 10:43:58 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Sat, 28 May 94 10:43:58 PDT Subject: Email Stalking on CNN In-Reply-To: <199405281625.KAA22739@spot.Colorado.EDU> Message-ID: <9405281742.AA13449@fnord.lehman.com> Date: Sat, 28 May 1994 10:25:17 -0600 From: Richard Johnson do email kill files have to do their work silently, so the user can avoid stress about what they're missing? With procmail, you can associate arbitrary actions with a match, so no it would not have to be silent. Rick From nobody at shell.portal.com Sat May 28 11:06:24 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 28 May 94 11:06:24 PDT Subject: Phone Taps Take In Israeli Who's Who Message-ID: <199405281807.LAA08138@jobe.shell.portal.com> LA Times, Sat. 5/28/94, pA2 Phone Taps Take In Israeli Who's Who Two private eyes are charged with listening in on hundreds of people's cellular calls. The incident is viewed as a warning to a security-conscious country. By Michael Parks (Times Staff Writer) Jerusalem -- What do Israeli President Ezer Weizman, Tel Aviv Mayor Ronni Milo, the editors and publishers of the country's best-selling newspapers, two bank managers, and the manager of the Maccabees soccer team, several big building contractors and the owner of high-fashion clothing stores have in common? The answer is that they were all on a list of 231 Israelis -- many politically prominent, some financially powerful but a few relatively obscure -- whose cellular telephones are said to have been methodically tapped for eight months by two Tel Aviv private investigators. But the real riddle -- why? -- so far has no answer. The two investigators, arrested in April and facing charges of illegal wiretapping, are refusing to tell police who hired them or what they overheard. Rafi Friedan, one of the investigators, initially told police that he had been asked "to gather data" and that he was confident that his clients' reasons were "personal and family related," according to court records. but Friedan has said nothing further, on his lawyers' advice. The list of those whose calls were regularly monitored, according to preliminary evidence given Tel Aviv courts, is a veritable Who's Who of Israel's movers and shakers -- and a warning to a security-conscious country of the risks many of its leaders are running in unguarded conversations on their always-in-use cellular phones. "The police have found records of some conversations of some of our people that are, well, rather embarrassing in their content," a senior Israeli official commented, asking not to be quoted by name. "Things were said that should not have been said on open lines, and then things were said that were professionally indiscreet. "During World War II, American had a saying, 'Zip a lip and save a ship,' and we had better think the same way. People have gotten very, very casual in their use of their [cellular phones]. If two guys in a Tel Aviv office building can listen to all that they did, just imagine what a real intelligence service is doing." Among the phones that were monitored, according to police, were some belonging to the Israeli Defense Ministry, senior officials of the country's security services, two members of the opposition Likud Party, the state comptroller and the director of an airline used by the government for charter flights. There were also Weizman, top executives of the country's two television stations, a number of lawyers, the agency that administers the Jewish Quarter of Jerusalem's Old City, an insurance company, staff members from the newspapers Yediot Aharonot, Maariv and Haaretz -- and 10 other private investigators. Friedan and Yaakov Tsur, his partner in Agam Security Consultants, were held for three weeks and are now under house arrest. If convicted under Israel's laws prohibiting wiretapping, they would face sentences of three years for each conversation they monitored. Although police do not believe the two monitored all conversations, they have had very limited success in determining which calls they did record and no luck in finding out what they did with them. "Their clients did not exactly pay with company checks," one police detective said. Prosecutors theorize the monitoring operation may have grown out of the bitter rivalry between Yediot Aharonot and Maariv, which have been engaged in a long-running circulation war. But they are at a loss to explain how it came to encompass such high-ranking officials. Friedan, a former undercover policeman, and Tsur listened to the conversations with a monitor that continually scanned the radio frequencies used by cellular phones for calls made to and from specified numbers, according to prosecutors. They had rented the $200,000 monitor from its Israeli manufacturer, ECI Telecom, for "experimentation purposes" prior to its sale to foreign security services and police departments. Friedan and Tsur pledged in the contract with ECI to listen only to their own telephones and those of ECI. Friedan has a reputation as a "tapping contractor," working for a number of clients and taking on cases from other private investigators, and police and prosecutors have suggested that ECI knew what use he would make of its monitoring equipment. "Even wiretapping for experimental purposes requires permission," prosecutor Rafi Levy told a Tel Aviv court this week, "and they did not get it." ---------- From CCGARY at MIZZOU1.missouri.edu Sat May 28 11:23:03 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sat, 28 May 94 11:23:03 PDT Subject: American Eagle Scherzando! Message-ID: <9405281822.AA11289@toad.com> AMERICAN EAGLE SCHERADO Cypherpunks, I have found a source of info. that I just must share! American Eagle Publications, Inc. P. O. Box 41401 Tucson, AZ 85717 I'm sure they will send you a catalog just for the asking. So, what are they about? They are about VIRUSES! They don't just carry a couple of virus things - they are the VIRUSES-ARE-US of the virus world! They have a journal: Computer Virus Developments Quarterly. They have books on viruses, virus protection, cryptanalysis, the science fiction book "Heiland", a CD-ROM for $99.95 of several thousand live viruses, disks of viruses with source code, executable & utilities, programs & cards for boot protection, & even a virus IDEA computer system protector. Copy follows for two items of particular interest to Cypherpunks: POTASSIUM HYDROXIDE, KOH By the "King of Hearts" A sophisticated piece of software which uses ideas first developed by computer virus writers to secure your computer system against those who would like to get their hands on the information in it. You give KOH a pass phrase, & it uses state of the art IDEA data encryption algorithm to encrypt all of the information on your hard disk & your floppies. It is, for all intents & purposes, unbreakable, & works well with DOS & Windows. Many encryption programs offered commercially are easily cracked, but this one is not. Some people call this program a virus, come say it is not. In ways, it acts like a virus to do some of your security housekeeping for you. Yet at worst it is a friendly virus that lets you choose when & how it will replicate. program & manual on disk, $10 program, full source, & manual on disk, $20 (Overseas customers add $12: KOH cannot be exported from the US, but since it was not developed in the US, we will forward your order to the overseas distributor. Please allow 6 weeks for delivery) HEILAND By Franklin Sanders 276 pages, Paperback, 1986 Here's an entertaining book about America in the year 2020. If you wonder if it's proper to use viruses in wartime or if such a virus could be termed "good", this book will give you some food for thought. Sanders makes use of computer "worms" when the oppressed people of the US attack the federal government in an all-out war against tyranny. Sanders uses his worms right too - not as some all-powerful monster. Rather, they are deployed as part of a larger military strategy. For a book written in 1986, that's not bad! And if you're fed up with the government, this book is sure to give you a vision for the future. Sanders has been part of the mounting tax protest in this country. He's fought the IRS in court for years & won some important battles. Unfortunately the government seems to be con- firming some of his worst suspensions about them. Now you can get a good dose of his philosophy & his ideas about remedying our problems. And if you work for the government, don't be offended - this book is doubly recommended for you! Book, $8.00 for shipping add $2 per book. 5% sales tax for AZ. residents. It is my belief that in the next few years more uses for viruses than just being a vandal will be found. Also, they may find a place in protecting our electronic freedom. - for instance virus remailers. Also see my previous post - The FREEDOM DEAMON. Also, they have a place in my CHATTERBOX concept(a remailer for chat mode or commands). "Viruses aren't just for Sociopaths anymore!" Also, I suspect the state may start cracking down on virus tech- nology. Incidentally, did you all know that crypt has a place in modern viruses? Encryption is used to hide "nasty" code & virus signatures until they get into the system & decrypt. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKK! BBBEEEAAATTTTT STATE ! From hfinney at shell.portal.com Sat May 28 11:24:10 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 28 May 94 11:24:10 PDT Subject: Detweiler's motivations Message-ID: <199405281825.LAA09262@jobe.shell.portal.com> From: NetSurfer > The author is Gordon > McLachlan (mclachlan at cardinal.com), and the article appeared in the > "Crosswired" column of May 1994 Vol. 5 No. 5 Lan Computing. > [...] > First of all, we need a seven-day waiting period and a thorough background > check before anyone can get issued a user-ID. This would give system > administrators time to find out if a user is a loon, or has been bounced > off of other systems for misbehaving. To support this effort, congress > should establish a national database to keep track of network offenders. > > A quick scan of almost any mailing list or newsgroup will reveal sociopaths > who should have their access priviledges revoked. And we should never > forget that network access is a priviledge and not a right. Its ironic to > me that we license people to drive cars, but all you need to get on the > information superhighway is a MODEM. This kind of suggestion, although made in jest, provides a clue to what Detweiler is trying to do, IMO. (These are just my speculations, and perhaps they are obvious to others, but I haven't seen these specific points made here.) He posts innumerable messages, alternating between reasonable-sounding arguments and insane gibbering. He replies to himself, posting other people's words as if they were his own. He calls for accountability and decries the use of pseudonyms while being one of the most prominent users and abusers of this technology. Some have concluded that Detweiler actually is insane, but I don't think so. I suspect that he is acting on a carefully calculated program designed to discredit the kinds of technologies we support. By posting trash to the newsgroups under a pseudonym, and making clear that it is just a psuedo- nym, he hopes to undermine tolerance for this method of using the net. He has largely ruined talk.politics.crypto as a forum for serious discussion of the kinds of social changes which might be brought about by strong crypto- graphy. This kind of abuse will undoubtedly lead to complaints against his service provider, as well as demands to know his true identity. Detweiler also seeks to reveal hypocrisy on the part of supporters of anonymity, as when I posted logs of his "Death to Blacknet" post bombs to dozens of Usenet groups, breaking his anonymity. He is saying that anonymity is so bad that even its supporters will seek to destroy it when provoked. In this way he seeks to further discredit CP goals. His bizarre practice of posting replies to his own messages, criticizing his own words in scathing tones (apparently basing these messages on the private email he receives) is designed to show that lack of clear ident- ification of message sources is confusing. This further advances his argu- ment that psuedonymity is bad and that clear identification of identities will be necessary for effective communication. So, having failed to persuade by his words, Detweiler is trying to demon- strate his points by example. By taking all that he hates and becoming the embodiment of it, to an exagerrated degree, he is trying to show that anonymity is dangerous, confusing, and a barrier to communication. In this light, his behavior is perfectly rational. Hal From jktaber at netcom.com Sat May 28 12:37:42 1994 From: jktaber at netcom.com (John K. Taber) Date: Sat, 28 May 94 12:37:42 PDT Subject: Phone Taps Take In Israeli Who's Who Message-ID: <199405281937.OAA12377@netcom.com> Forwarded message: > > LA Times, Sat. 5/28/94, pA2 > > Phone Taps Take In Israeli Who's Who > > Two private eyes are charged with listening in on hundreds of > people's cellular calls. The incident is viewed as a warning > to a security-conscious country. > > By Michael Parks > (Times Staff Writer) A little skepticism is in order. The story reeks of PR, most likely by Israeli counter-intelligence. It appears to threaten (in a nice way) the civilian leadership. I would suspect the facts as being inflated, the private eyes a convenient cover for the desired message. I read it as some sort of blackmail by Israeli secret police. From ebrandt at jarthur.cs.hmc.edu Sat May 28 13:23:36 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Sat, 28 May 94 13:23:36 PDT Subject: doubled messages? doubled messages? Message-ID: <9405282023.AA13603@toad.com> Anybody else started getting double messages? They're both To: the list, not a Cc: and a To:. Eli ebrandt at hmc.edu From eagle at deeptht.armory.com Sat May 28 13:38:50 1994 From: eagle at deeptht.armory.com (Jeff Davis) Date: Sat, 28 May 94 13:38:50 PDT Subject: Email Stalking on CNN In-Reply-To: <9405281742.AA13449@fnord.lehman.com> Message-ID: <9405281338.aa18620@deeptht.armory.com> > With procmail, you can associate arbitrary actions with a match, so no > it would not have to be silent. > > Rick You might pass this information on to CNN in Atlanta. It seemed to me the woman's problem was completely unnecessary give current cypherpunk techology _in_situ_. Their number is: (404) 827-1500 10:00 to 18:00 weekend hours- 08:00 to 21:00 week day hours. I didn't have to wait long to get a live one on the line. Rates are great on Saturday as well if you haven't gotten around to dumping AT&T as your carrier. -- PGP PUBLIC KEY via finger! JAFEFFM Speaking & Thinking For Myself! * eagle at deeptht.armory.com email info at eff.org * *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** ***** Committed to Free Public Internet Access for World Peace ***** From jamesd at netcom.com Sat May 28 14:27:03 1994 From: jamesd at netcom.com (James A. Donald) Date: Sat, 28 May 94 14:27:03 PDT Subject: The Assault on Unicorn has Begun In-Reply-To: <199405280557.WAA01651@netcom.com> Message-ID: <199405282127.OAA10198@netcom.com> I guess this will make it easy to uphold my anarchist principles and refrain from suing people. Lawsuits do not seem to work very well in cyberspace. If somebody owes you money, and there is documentary proof and court judgements that he owes you money, and he is in one jurisdiction, and you are in another, you are usually stuffed. Courts of diverse jurisdictions do not work well together. I imagine that the situation with libel suits is considerably more so. Internet business will have to work on the basis of trust and reputation. No alternative. -- --------------------------------------------------------------------- We have the right to defend ourselves and our | property, because of the kind of animals that we | James A. Donald are. True law derives from this right, not from | the arbitrary power of the omnipotent state. | jamesd at netcom.com From sidney at apple.com Sat May 28 15:18:13 1994 From: sidney at apple.com (Sidney Markowitz) Date: Sat, 28 May 94 15:18:13 PDT Subject: Email Stalking on CNN Message-ID: <9405282203.AA03247@federal-excess.apple.com> Jeff Davis said: >You might pass this information on to CNN in Atlanta. I think that there's an aspect to this that people are missing. I've been told that there's a big flame/discussion happening on WISEnet (Women In Science and Engineering mailing list) about a recent article in Newsweek which portrays women on the Internet as being intimidated by the technology and the net traffic, going so far as to show pictures of women at their pink computers. People on the mailing list are upset over the underlying message of the article that the net is technological and male and no place for a poor helpless unscientific woman. The CNN report seems to have the same message. It doesn't matter to them that there exists technology to prevent "e-mail stalking", whatever that is. The whole story doesn't match most people's experience of e-mail, anyway. The point is not to present facts, but to perpetuate the culture that relies on CNN for information rather than wider and more free alternatives represented by the Internet. I admit that I did not see the report, and I am not questioning the reporter's intentions or objectivity. This is a comment about the broader messages that make the commercial news media worthy of funding by corporate and governmental powers. The relevance to cypherpunks goes beyond the fact that anonymous remailers can prevent "e-mail stalking". It has to do with what is newsworthy when information is set free. -- sidney markowitz From snyderra at dunx1.ocs.drexel.edu Sat May 28 15:20:55 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Sat, 28 May 94 15:20:55 PDT Subject: Email Stalking on CNN Message-ID: <199405282219.SAA23172@dunx1.ocs.drexel.edu> At 5:33 PM 5/27/94 -0700, Jeff Davis wrote: >The idiot box behind me is making noise about Headline News' lead story >for the evening, Email Stalking. The woman involved states she'll never >use email again. Seems to me her arguments are moot, as cypherpunks has >already developed the technology to solve this problem. Anyone volunteer >to be a spokesperson for rebuttal? The stalking itself wasn't conducted via email, from my understanding of the story. They met via email (on AOL, it appears), and she tried to slow things down, and he showed up and sent her email saying he saw her leave work, and that he thought she was attractive. The involvement of email is only secondary, but since email fits in the "Information Superhighway" buzzword catagory, I suspect CNN jumped on this. This really has little to do with cryptography, though. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From kentborg at world.std.com Sat May 28 15:43:14 1994 From: kentborg at world.std.com (Kent Borg) Date: Sat, 28 May 94 15:43:14 PDT Subject: Email Stalking on CNN Message-ID: <199405282243.AA19130@world.std.com> various people wrote: [various things about email stalking, kill files, and whether AOL has 'em] No, AOL does not have kill features, but between rebooting their overloaded computers they are adding new features to their email system... Having recently subscribed to both cypherpunks and savoynet, I only now have my first real need for mail filtering, first in many years of doing email. Hey folks, it ain't something my mom is going to figure out any time soon. procmail (which several of you very nicely mentioned to ignorant me, thanks again) has about the worst man page I have ever seen--imagine hiding the "SEE ALSO" section near the beginning of a man page? Now that I have also found the procmailrc man page and have some examples (thanks pierre) I will soon be shunting you folks into a different cubby hole from Mikado and leap year discussions. Related note: when was the last time you successfully explained how to use PGP to a "normal" ( <- be honest here) person? The "real world" (which now *does* include email) needs better tools than this. If you expect CNN reporters to even know that man pages exist you are in for a disappointment. -kb, the money-in-mouth Kent who will donate user interface design work to c'punk-type efforts to make this stuff easier... -- Kent Borg +1 (617) 776-6899 kentborg at world.std.com kentborg at aol.com Proud to claim 24:35 hours of TV viewing so far in 1994! From lile at netcom.com Sat May 28 17:39:24 1994 From: lile at netcom.com (Lile Elam) Date: Sat, 28 May 94 17:39:24 PDT Subject: Email Stalking on CNN Message-ID: <199405290039.RAA26370@netcom.com> I am pretty sure that kill files work silently. THe whole point is to not be bothered with mail coming from a person. Haven't heard from Sternlight in awhile.... :) As for AOL, I am not sure what mailer she was using and if she even knows how to use such things as killfiles. Prehaps someone could get an account on AOL and investigate what is offered in this area. It would be great if the oldones could inform the newones... though it's hard. Prehaps we should write a book... -lile From jgostin at eternal.pha.pa.us Sat May 28 17:45:06 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Sat, 28 May 94 17:45:06 PDT Subject: (None) Message-ID: <940528193024y7Cjgostin@eternal.pha.pa.us> kentborg at world.std.com (Kent Borg) writes: > Related note: when was the last time you successfully explained how to > use PGP to a "normal" ( <- be honest here) person? Interestingly enough, just yesterday. I assure you, the person who needed the explanation was hardly what one could consider 'techno-savvy'. --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From jgostin at eternal.pha.pa.us Sat May 28 17:45:08 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Sat, 28 May 94 17:45:08 PDT Subject: (None) Message-ID: <940528192734A3ajgostin@eternal.pha.pa.us> sidney at apple.com (Sidney Markowitz) writes: > pink computers. People on the mailing list are upset over the underlying > message of the article that the net is technological and male and no place > for a poor helpless unscientific woman. For almost two years, I was a Tech Support Rep (ooooooo! Evil Incarnate!) for a software company. It was my experience that, of all the customers I dealt with, women tended to be less "clued in" about computers. However, I also found that they were easier to work with, and didn't require as much "diplomacy" as the male customers I dealt with. Mind you, this is my experience -- your mileage may vary. The whole point here is that, as a whole, women do tend to be less informed about technology (or at least computers.). Technology is generally seen, by society, as a "male thing". This trend is changing, but it is still in force. --Jeff -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+ From bart at netcom.com Sat May 28 18:25:22 1994 From: bart at netcom.com (Harry Bartholomew) Date: Sat, 28 May 94 18:25:22 PDT Subject: Is this just MY problem? Message-ID: <199405290125.SAA23460@netcom.com> Anon1 says: >... Whoever2 says: ... >... ... >... ... HUH? At this point I am no longer conversant with who is who, are you? So, what is the solution? Rather more explicit attribution I think. From bill at kean.ucs.mun.ca Sat May 28 19:34:13 1994 From: bill at kean.ucs.mun.ca (Bill Garland) Date: Sat, 28 May 94 19:34:13 PDT Subject: Is Mail being delayed? Message-ID: <0097F20E.5CFDA620.32@Leif.ucs.mun.ca> >From Tim May : >C'punks, >Once again I'm seeing day-long delays in getting mail, and I don't >know if the problem is at the toad site or at Netcom's end (or at a >relay link in between). Hence this message. ... >If you are gettting mail out of order (replies from others before the >original appears) or delayed by more than several hours, drop me a >note if you would and I will summarize what I learn. This happens to me all the time. I quite often see duplicate postings, too, although the multiple-posting copies of the same message eg the Chaum ecash announcement was a different problem, possibly caused by the same delay problem - re-posters haven't yet seen the first copy. >I'm especially interested to hear from Netcom sites. Can't help you there, except provide evidence that it is not a local netcom problem. Not to say netcom doesn't have local problems... I am at the end of the world here, at least the corner of North America. Think of me as your East Coast Sentinel - I can see Signal Hill from here if I go outside, and I can see Cape Spear from there. On Signal Hill there actually is one of those posts with arrows pointing to New York, London, Moscow, etc, with all the mileage. (Maybe I should invent East Coast Sentinal as a pseudonym.) There are two lines into here for Internet traffic, and perhaps soon to be others, but except for that, we are the end of the line. Might make traffic analysis a problem someday. >--Tim May /----------------------------------------------------------------------\ | I am an Extropian. | Macronic Systems, Inc. offers Ideas for Sale ! | | BEST: DO_IT_SO ! | Go for it : Pledge a Digital US Dollar now. | | CryptoAnarchist. | Send PGP key for more information. | | Cypherpunk. | Get in on the ground floor. Invest Now. Trust me! | | Owner : MSInc., |---------------------------------------------------| | HEx, INFO_Banque | Day Job : Bill Garland = bill at kean.ucs.mun.ca | \__________________________________o o_________________________________/ From lefty at apple.com Sat May 28 20:37:14 1994 From: lefty at apple.com (Lefty) Date: Sat, 28 May 94 20:37:14 PDT Subject: removed from list.... Message-ID: <9405290336.AA24106@internal.apple.com> >The cypherpunks list was wiped because of a bug in majordomo, not >because of some attack. Thank you for clearing this up; I think it's severely overdue. I've tried to gently point this out when it came up, but there was never a _shred_, _scintilla_, _iota_, or _atom_ of evidence that Mr. Nalbandian, although an extreme dope, was in any way involved in the mass unsubscribing of a few weeks ago. I mean, fun's fun and all, but many people on this list are carrying personal paranoia to an, in my opinion, unhealthy extreme. Moreover, the willingness to point at a supposedly guilty party on the basis of no evidence whatsoever does not speak well of the commitment of many here to any of the commonly accepted principles of a free society _other_ _than_ that of privacy. Presumption of innocence? Reasonable doubt? Any of those things ring a bell? I would even go so far as to suggest that those who have cast blame in Mr. Nalbandian's direction should apologize to him. -- Lefty [gYon-Pa] (lefty at apple.com) C:.M:.C:., D:.O:.D:. From usura at vox.hacktic.nl Sat May 28 20:37:18 1994 From: usura at vox.hacktic.nl (Usura) Date: Sat, 28 May 94 20:37:18 PDT Subject: Proof that tmp@netcom.com is Detweiler ? Message-ID: Who/what is Detweiler ? > > From: Stanton McCandlish > Message-ID: > Date: 21 May 1994 10:06:51 GMT > Expires: 25 Jun 1994 10:05:54 GMT > Reply-To: Stanton McCandlish > Approved: news-answers-request at mit.edu > Supersedes: > NNTP-Posting-Host: bloom-picayune.mit.edu > X-Last-Updated: 1994/05/03 > Originator: faqserv at bloom-picayune.MIT.EDU > > Archive-name: net-community/orgs-list > Version: 3.13 > Last-modified: 94/04/08 > > > (This document has been brought to you in part by CRAM. See the > bottom for more information, including instructions on how to > obtain updates.) > > === [massive deletia] > === > CRAM: the Cyberspatial Reality Advancement Movement > > In an effort to bring valuable information to the masses, and > as a service to motivated information compilers, I > (L. Detweiler) will help others unfamiliar with Usenet > `publish' their documents for widespread dissemination via the > FAQ structure, and act as a `sponsor' knowledgable in the > submissions process. This document is being distributed under > this arrangement. > > I have found these compilations tend to appear on various > mailing lists and are valuable enough to deserve wider > distribution. If you know of an existing compilation of > Internet information that is not currently a FAQ, please > contact me and I may `sponsor' it. The benefits to the author > include: > > - use of the existing FAQ infrastructure for distribution: > - automated mail server service > - FTP archival > - automated posting > > - a far wider audience that can improve the quality, accuracy, > and coverage of the document enormously through email > feedback > > - potential professional inquiries for the use of your > document in other settings, such as newsletters, books, > etc. > > - with me as your sponsor, I will also take care of the > technicalities in the proper format of the posted version > and updating procedures, leaving you free of the `overhead' > to focus on the basic updates alone > > Send comments relating to the *distribution* of this document > (particularly relevant newsgroups not currently covered in > its current distribution) or inquiries on other documents to > . > > The choice of who I `sponsor' is entirely arbitrary. You always > have the option of handling the submission process yourself. > See the FAQ submission guidlines FAQ in news.answers. >  -- Exit! Stage Left. Alex de Joode From carterm at spartan.ac.brocku.ca Sat May 28 20:45:52 1994 From: carterm at spartan.ac.brocku.ca (Mark Carter) Date: Sat, 28 May 94 20:45:52 PDT Subject: Email Stalking on CNN In-Reply-To: <9405282203.AA03247@federal-excess.apple.com> Message-ID: <8n$vjiU9QPaH065yn@spartan.ac.brocku.ca> > Science and Engineering mailing list) about a recent article in Newsweek > which portrays women on the Internet as being intimidated by the technology > and the net traffic, going so far as to show pictures of women at their Of course this controversy would exist among women on the net, because women who _are_ on the net aren't intimidated by the technology. As a portrait of people who _aren't_ on the net, it would be fairly accurate, for both men and women. Mark /----------------------------------\ | Mark Carter | | carterm at spartan.ac.brocku.ca | | PGP key available by finger. | \----------------------------------/ From prz at acm.org Sat May 28 22:36:07 1994 From: prz at acm.org (Philip Zimmermann) Date: Sat, 28 May 94 22:36:07 PDT Subject: Zimmermann statement on PGP 2.6 Message-ID: <9405290539.AA24788@columbine.cgd.ucar.EDU> The following message may be reposted to all interested newsgroups. -----BEGIN PGP SIGNED MESSAGE----- From: Philip Zimmermann, author of PGP To: People interested in PGP Date: 28 May 94 On 24 May 1994, the Massachusetts Institute of Technology released PGP (Pretty Good Privacy) version 2.6. PGP is a software package that encrypts electronic mail, using public key cryptography. Over the past three years, PGP has become the worldwide de facto standard for email encryption. PGP 2.6 is being published under the terms of the RSAREF license from RSA Data Security, Inc (RSADSI). This is a significant milestone in PGP's legal development. Export of this software from the US or Canada may be restricted by the US Government. PGP version 2.6 is being released through a posting on a controlled FTP site maintained by MIT. This site has restrictions and limitations which have been used on other FTP sites to comply with export control requirements with respect to other encryption software such as Kerberos and software from RSA Data Security, Inc. These special mechanisms are intended to preclude export of cryptographic software from the US. The MIT FTP site that carries PGP is net-dist.mit.edu, in the pub/PGP directory. This new freeware version of PGP is for noncommercial use. For commercial use, you may get ViaCrypt PGP, available on a variety of platforms. ViaCrypt may be contacted at 602-944-0773, or via email at viacrypt at acm.org. PGP 2.6 is as strong as earlier versions. It contains no back doors. It can read messages, signatures, and keys from PGP versions 2.5, 2.4, 2.3a, and 2.3. Beginning in September, a built-in software timer will trigger PGP 2.6 to begin producing messages, signatures, and keys that cannot be read by earlier versions of PGP. It will still retain its ability to read things from earlier versions after that date, so that users who upgrade to 2.6 will not be inconvenienced, particularly if everyone else upgrades by that time. The reason for the change in format is to grant RSADSI's request to MIT to encourage all users to stop using older versions. ViaCrypt's new products will support the new formats used by PGP 2.6. Details of the compatibility issues and their reasons are outlined in the PGP User's Guide, included in the release package. See also the official statements released by MIT for further details. Version 2.6 also has some bug fixes and improvements of the version 2.5 released by MIT on 9 May 1994. Both the 2.5 and 2.6 versions were produced in a joint project between myself and MIT. Both versions were released by MIT after extensive review by MIT's administration and their legal counsel. I am told by MIT that MIT's legal counsel believes that both versions 2.5 and 2.6 do not infringe the RSA patents in any way, and they both comply with the terms of the RSAREF licenses that each were released under. But regardless of the noninfringing nature of version 2.5, I urge all PGP users in the US to upgrade to version 2.6, to help move toward eradication of earlier, pre-RSAREF versions of PGP. This will improve the overall political and legal landscape surrounding PGP. MIT will publish details on the simple format change so that earlier European versions of PGP may be independently upgraded by the Europeans. This note does not attempt to answer all the questions you may have about the implications of this new release of PGP. For further details, see the information released by MIT, or see the PGP User's Guide in the new release package. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLegMXmV5hLjHqWbdAQE0NAQAiTafSwM8eNfYYvkslNR6bun/GIelvziA M/9h5fn3zUQt2Bc6rkuz1TBlnMZUoduufinI9eSr+cdXbfhxNIQmRArhw3EJd1f+ siZaPmTR3YXvUwuXMcruMbUvEYpSBmtBVrxTzxNSIwx3/hJJB2z9sT1/B+UZdFwi EZX1O/mpiZw= =ULD1 -----END PGP SIGNATURE----- From dmandl at panix.com Sat May 28 23:27:04 1994 From: dmandl at panix.com (David Mandl) Date: Sat, 28 May 94 23:27:04 PDT Subject: The Assault on Unicorn has Begun Message-ID: <199405290626.AA07616@panix.com> Some random and unorganized thoughts on this whole issue from the list's token anti-capitalist: Bob Black (the anarchist) has declared that he has a standing "no first use" policy regarding the state. He won't sic the cops on anyone unless they do it first. Noam Chomsky has publicly stated that, on principle, he won't sue anyone for defamation or libel no matter what they do--and he's had plenty of opportunities. I feel the same way (though I don't see completely eye-to-eye with either of those guys). I would have to be harmed in a VERY serious way before I'd consider calling the cops. As for lawsuits, pretty much the same thing goes, and I almost can't imagine suing anyone for something they _say_ about me. This is something I never think about; it seems absolutely basic to my anarchist views. Unicorn: If you choose to be involved with the straight business world, you've got to deal with the heat. MY views could potentially get me in much more hot water than yours could, but I (grudgingly) accept the risk. I'm not dying to have the capitalists I work for see my rants, but if they do, I've got to live with it. They know me and know that I've never screwed them, and they can believe what they want to believe. I'm not thrilled about this, but c'est la vie. You wimped out at the very first sign of heat, and invoked the LAW (i.e, the state) as your first line of defense. I don't think you specified exactly what the settlement with tmp was, but what could it have possibly been? Payment to you? How would that have helped assuage the concerns of your business associates? An apology from tmp to the associates? Big deal. The guy's obviously a nut-ball, and you could have explained that; presumably the associates have some amount of trust in you. If it _was_ a payment, that's just sleazy and greedy, the standard ambulance-chaser cliche ("You've done irreparable damage to me, but maybe if you agreed to pay me $3,000..."). And how could the tiny amount tmp could afford compensate for the "millions" of dollars you've lost? If the settlement was for an apology, again, big deal--do the associates take this anonymous net.lunatic seriously enough that an apology would make everything all better? And you now look silly, because he's reneged on that part of the deal anyway. So in this case, using the lawyer weapon has had much the same effect as the standard statist weapon ("I know: we'll pass a LAW! _That_ will stop them!")--that is, no effect at all. Tim May (who I have certain obvious philosophical differences with) has been completely consistent on this issue, and his word carries that much more weight because he's been subjected to Detweiler's most relentless battering. THIS is the real world. Your anarchist principles have just been put to the test, and you buckled, immediately falling back on a statist solution. "Right-wing" anarchists are always bashing liberals and "P.C." types for being thin-skinned and unable to stand up to harmless name-calling. Well, you've shown yourself to be just as thin-skinned. The only difference I see is that there's MONEY involved. So? Liberals are wimps for trying to sue you for calling them names, but you're justified in suing because the name-calling has cost you money? And all because you're dealing with straights who can't handle reality? And meanwhile, YOU'RE the one who messed up and blew your own cover? Hmmm... It's very late, and I'm groggy, so I apologize in advance if any of the above seems unnecessarily blunt. It's not intended that way. --Dave. -- Dave Mandl Planetary Work Machine, Brooklyn Branch dmandl at panix.com From jamesd at netcom.com Sun May 29 00:36:20 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 29 May 94 00:36:20 PDT Subject: Quantum Computers Message-ID: <199405290736.AAA08609@netcom14.netcom.com> Ken Kirksey writes > lost in the discussion on quantum computers and cryptography. Can > anyone give me the Reader's Digest Condensed Version (TM) of the > theory behind quantum computers, or maybe point me to a good journal > article or two? Many thanks, No readers digest version. It is very heavy going, and any simplified version is necessarily misleading. The key articles are D. Deutsch, Quantum Theory, the Church--Turing Principle and the Universal Quantum Computer, Proc. R. Soc. Lond., Vol. A400, pp. 96--117 (1985). E. Bernstein and U. Vazirani, Quantum Complexity Theory, Proc. 25th ACM Symp. on Theory of Computation, pp. 11--20 (1993). Set aside a long time for understanding them. If your quantum theory is weak, you will need to brush up on quantum theory first. --------------------------------------------------------------------- We have the right to defend ourselves and our | property, because of the kind of animals that we | James A. Donald are. True law derives from this right, not from | the arbitrary power of the omnipotent state. | jamesd at netcom.com From albright at scf.usc.edu Sun May 29 01:23:00 1994 From: albright at scf.usc.edu (Julietta) Date: Sun, 29 May 94 01:23:00 PDT Subject: Email Stalking on CNN In-Reply-To: <8n$vjiU9QPaH065yn@spartan.ac.brocku.ca> Message-ID: <199405290822.BAA29102@nunki.usc.edu> Mark Carter quoted a previous post: > > > Science and Engineering mailing list) about a recent article in Newsweek > > which portrays women on the Internet as being intimidated by the technology > > and the net traffic, going so far as to show pictures of women at their > And responded with: > Of course this controversy would exist among women on the net, because > women who _are_ on the net aren't intimidated by the technology. > > As a portrait of people who _aren't_ on the net, it would be fairly accurate, > for both men and women. > > Mark Based on what evidence Mark? That article was based almost entirely on opinions, and on a survey conducted regarding people "dreaming up their ideal machine". Based on that kind of flimsy, anecdotal evidence you would say the portrayal of men, women and computer usage was an accurate one? I hope to God you're not a scientist..... because with proof like that, you'd never get anything done. Do you still believe in the tooth fairy Mr. Carter? People said he/she exists too.. -- Julie _____________________________________________________________________________ Julie M. Albright Ph.D Student/ Net Scholar Department of Sociology University of Southern California albright at usc.edu From jdwilson at gold.chem.hawaii.edu Sun May 29 02:58:49 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Sun, 29 May 94 02:58:49 PDT Subject: Info: Policy Statement by Viacrypt re: PGP 2.6 Message-ID: I received the following and thought it would be of interest to the list: *.................................................................* . == = =....James D. Wilson.....jdwilson at gold.chem.hawaii.edu.. . " " "....P. O. Box 15432..........or..NetSurfer at sersol.com.. . " " /\ "....Honolulu, HI 96830..Give me the finger for my key. . \" "/ \"....FRC/FAM/AASR/GWB/OTO..........NETSURFER............ *.................................................................* -----BEGIN PGP SIGNED MESSAGE----- VIACRYPT POLICY STATEMENT ViaCrypt(tm) PGP(tm) compatibility with MIT PGP Version 2.6 27 May 1994 This policy statement may be reproduced and redistributed as long as it is done so in its entirety and without alteration. On 24 May 1994, The Massachusetts Institute of Technology began distribution of PGP Version 2.6 which incorporates the RSAREFTM Cryptographic Toolkit and is licensed for personal noncommercial use along with other restrictions. MIT stated that to protect RSADSI's intellectual property rights in public key technology, PGP V2.6 is designed so that messages it creates after 1 September 1994 will be unreadable by earlier versions of PGP, which includes ViaCrypt PGP V2.4. PGP V2.6 will, however, always be able to read messages generated by ViaCrypt PGP V2.4. It is ViaCrypt's policy to make ViaCrypt PGP interoperable with both ViaCrypt PGP V2.4 as well as with MIT's release of PGP V2.6. Therefore ViaCrypt will soon release ViaCrypt PGP V2.7 which will contain new features found in PGP V2.6 and will accept messages created by ViaCrypt PGP V2.4 as well as those created by PGP V2.6. For messages created by ViaCrypt PGP V2.7, either the present format compatible with ViaCrypt 2.4 or the new format which will be produced by PGP V2.6 after 1 September 1994, can be selected. Because PGP V2.6 is licensed for personal noncommercial use, after 1 September 1994 the new format is expected to come into wide use. ViaCrypt strongly urges all ViaCrypt PGP users to upgrade to ViaCrypt PGP V2.7 and to the new format. A ViaCrypt PGP V2.7 upgrade package will be made available to registered users of ViaCrypt PGP V2.4 at a nominal charge of $10 (which includes shipping and handling). Effective the date of this notice and until ViaCrypt PGP V2.7 begins shipping, all new purchasers of ViaCrypt PGP V2.4 will automatically receive a free ViaCrypt PGP V2.7 upgrade package. -----BEGIN PGP SIGNATURE----- Version: 2.4 iQCVAgUBLeZDzmhHpCDLdoUBAQE9iAP/Rg7iO+adsNHSfmGT51BNzrVTzhUlHrcE Nl/i4BAfz3THOb1mr2th3Ed8SzFllw3qXE7jos9Ddu0SeAxKCktt/7KL0JJD25q1 6Bqwq51XU8ID3Sl9lfUjjeFjT9ZQrng2FnPFmDZQbGqDWnhhtgpJ8k4hr+IJ8/Vb kyar9V5LtM4= =o3iY -----END PGP SIGNATURE----- From lefty at apple.com Sun May 29 10:22:14 1994 From: lefty at apple.com (Lefty) Date: Sun, 29 May 94 10:22:14 PDT Subject: Why it is legal to export PGP under ITAR Message-ID: <9405291721.AA01961@internal.apple.com> >The US ITAR law exempts many things from export restrictions, among them, >materials availiable in public libraries. It gives no special definition for a >library. My American Heritage Dictionary defines "library" as, among other >things, "An orginized collection of recorded data arranged for ease of use." >IOW, an ftp site. Which means that if a program is available from a public ftp >site, you're legally allowed to export it. :) Congratulations on outsmarting the United States Government. No doubt they'll shrug their shoulders and pout while you go right ahead and export all the stuff you want. Perry, what was the name of the fellow who proved that the IRS couldn't collect taxes from him? How many bullets did they put in him? -- Lefty [gYon-Pa] (lefty at apple.com) C:.M:.C:., D:.O:.D:. From rarachel at prism.poly.edu Sun May 29 10:30:05 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 29 May 94 10:30:05 PDT Subject: Detweiler's motivations In-Reply-To: <199405281825.LAA09262@jobe.shell.portal.com> Message-ID: <9405291717.AA17695@prism.poly.edu> Perhaps we should just call the FBI and tell them that we have information that he has child porno on his computer (anonymously of course), and call the Customs office and say he has exported crypto, and call the CIA and tell them he's working for the soviets? :-) From rarachel at prism.poly.edu Sun May 29 10:59:55 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 29 May 94 10:59:55 PDT Subject: WNSTORM on ftp.wimsey.bc.ca Message-ID: <9405291747.AA18006@prism.poly.edu> I've just ftp'ed this to ftp.wimsey.bc.ca... it's in the /uploads/WNS210 directory. From kentborg at world.std.com Sun May 29 11:08:02 1994 From: kentborg at world.std.com (Kent Borg) Date: Sun, 29 May 94 11:08:02 PDT Subject: (None) Message-ID: <199405291807.AA23851@world.std.com> Jeff Gostin writes: >kentborg at world.std.com (Kent Borg) writes: > >> Related note: when was the last time you successfully explained how to >> use PGP to a "normal" ( <- be honest here) person? > Interestingly enough, just yesterday. I assure you, the person who >needed the explanation was hardly what one could consider 'techno-savvy'. I suppose your student only knew basic command line navigating, maybe how to create a directory, fire up emacs, etc.? Um, that is a pretty far from the mark I had in mind. Imagine the 'techno-savvy' score of the next person on this earth to pick up a phone, a person who doesn't know how to dial an international call. I want everybody on this earth to have secure crypto (so I can talk to them), and if the current PGP is as easy as it gets... -kb, a Kent who can't be trusted, for he likes Macintoshes! -- Kent Borg +1 (617) 776-6899 kentborg at world.std.com kentborg at aol.com Proud to claim 28:15 hours of TV viewing so far in 1994! From rarachel at prism.poly.edu Sun May 29 11:09:15 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Sun, 29 May 94 11:09:15 PDT Subject: "lifeguard(?)": bullet tracking system??? Message-ID: <9405291756.AA18068@prism.poly.edu> Hey guys, I heard a blurb on the radio a few days abo about something called "lifeguard" which can track the source of gunfire. My guess is that they use acoustics for this. I don't know how they can claim that it wouldn't be confused by non-gun noises, nor what silencers would do to this thing. They also mentioned that some models can be fitted with guns so as to auto matically return fire... Is this bullshit? Anyone else hear about this? I wish they'd given out more info on this thing... I heard this on WCBS (AM) in NYC... This can have some serious big brother is watching effects in bad neighborhoods. Such a beast could be fitted with a machine gun to simply fire wherever it hears a bullet come from, potentially killing anyone else who happens to be near the source of the fired gun, more likely a hostage with a gun to his head than the holder of the gun... :-( Ugh, if this is what the crime bill means, I'm all for legalizing drugs just to get the cops and criminals out of business... Shit if every pharamacy sold cheap drugs, or every liqour store, there'd be a gigantic drop ib drug related murders. Sure, the ammounts of stick ups and burglaries that liquor stores would suffer would rise, but, if the FBI, CIA, ??? are already involved in drug runnimg, they may as well make it legal and stop hiding their activities. (Of course if they did their economic strangleholds would drop) From brookfld at netcom.com Sun May 29 11:09:16 1994 From: brookfld at netcom.com (Brookfield Economics Institute U.S.A. Limited) Date: Sun, 29 May 94 11:09:16 PDT Subject: digital clearinghouse idea Message-ID: <199405291809.LAA24209@netcom.netcom.com> I am a crypto-novice, so perhaps you can develop these ideas better. But, here goes. Right now, if you want an anonymous transaction done and a small amount of money is involved, you can go down to a bank or Seven Eleven and purchase a money order for cash. You mail the money order, and it is very hard for anyone to find out who you are. The money order has introduced anonymity between you and the payee. My concept is similar, but it would seem that any such concept must work with your existing checking accounts, to be useful today. So, to establish an ecash digital clearinghouse, how about the following: 1. Set up an Ecash Clearinghouse (ECH) in bank secrecy haven, such as Bahamas, Liechtenstein, etc. 2. Subscribers to ECH pay $2/month plus small transaction charge (say $.15/transaction) 3. Each subscriber authorizes his bank to accept electronic checks from ECH as debits to his account. Electronic checks are currently handled by the U.S. banking system as Automatic Clearinghouse transactions, and are used by organizations such as Checkfree(tm) and by insurance companies to automatically take money out of your account each month for premiums, etc. 3. Ecash is emailed to ECH. 4. ECH issues an electronic debit to payor's account. This debit clears, so now the money is in the account of the ECH. 5. ECH issues an electronic payment to the payee's account. This electronic payment is from the ECH, with the ecash number as the "backup" for the transaction. 6. Now everyone has gotten paid. Weaknesses perhaps you can address: the ECH "knows" who is the payor and payee for each transaction. Similar to anon.penet.fi, in that there _is_ a list somewhere which could be seized and use to reconstruct the transactions, e. g. for "law enforcement" purposes. Perhaps ECH subscribers could open an ECH account as a "numbered" account, but even so, since the ECH would have each subscribers' regular checking account number, this wouldn't be much protection. Without the ECH knowing your checking account number, ecash isn't convenient. Any ideas? BROOKFIELD ECONOMICS INSTITUTE (U.S.A.) Limited ----------------------------------------------------------- Do you want to subscribe to our newsletter? Send email to brookfld at netcom.com, with the words SUBSCRIBE BBA your_first_name your_last_name as the subject of the message. Do you have a business question? Send it to brookfld at netcom.com. Questions which Brookfield determines are of common interest will be answered in the newsletter. Submissions become property of Brookfield Econcomics Institute. Copyright (c) 1994 Brookfield Economics Institute (U.S.A.) Limited. Rights are granted for use or duplication of this information by subscribers and individuals, but all commercial rights and rights of resale are reserved. Other use or duplication is prohibited. Brookfield is not engaged in rendering professional advice. In business and legal matters the advice of an attorney or other competent professional should be sought. From sandfort at crl.com Sun May 29 11:29:27 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 29 May 94 11:29:27 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <9405291756.AA18068@prism.poly.edu> Message-ID: C'punks, On Sun, 29 May 1994, Arsen Ray Arachelian wrote: > Hey guys, I heard a blurb on the radio a few days abo about something called > "lifeguard" which can track the source of gunfire. My guess is that they > use acoustics for this. It does. I saw something about in Popular Science, I think. It strategically placed microphones to triangulate the origin of the shots. > I don't know how they can claim that it wouldn't be > confused by non-gun noises, nor what silencers would do to this thing. There aren't many sounds that are really that similar to gun shots. For one thing most rounds are supersonic unlike firecrackers and car backfires. There really is no such thing as a "silencer" outside of the movies. *Sound supressors* work marginally well for subsonic rounds. They are pretty much useless for supersonic rounds. > They also mentioned that some models can be fitted with guns so as to auto > matically return fire... Please. This is the purest nonsense. The microphone system only works well enough to get the cops to the general vacinity of the shooting. However the real issue is legal presumptions and liability. Ain't gonna happen here pardner. S a n d y From cfrye at mason1.gmu.edu Sun May 29 11:41:25 1994 From: cfrye at mason1.gmu.edu (Curtis D Frye) Date: Sun, 29 May 94 11:41:25 PDT Subject: "lifeguard(?)": bullet tracking system??? Message-ID: <9405291840.AA17938@mason1.gmu.edu> I just saw something about this on CNN -- they actually showed the Lawrence Liverm Livermore computers doing the tracking. The FBI spokesdroid said that in a military situation, return fire would be automatic, though one would need to be a bit more careful in a law enforcement situation. Then again, if they want to put the National Guard in the Anacostia district of DC, maybe that area or the U-Street corridor in DC will qualify??? Curt From radcliff at alpha2.csd.uwm.edu Sun May 29 12:08:00 1994 From: radcliff at alpha2.csd.uwm.edu (David G Radcliffe) Date: Sun, 29 May 94 12:08 PDT Subject: 100 consecutive composite numbers Message-ID: If N is the product of all prime numbers less than k, then the numbers N+2,N+3,...,N+k are all composite. This is the best upper bound that I can find without doing a brute force search. I wrote a Maple program to search for the first prime gap of 100 or more. I am not a programmer, so please don't laugh too hard: for i from 100 to 1500000 by 100 while nextprime(i) - prevprime(i) < 100 do od; The result is that there are no prime numbers between 370261 and 370373. From sidney at apple.com Sun May 29 19:25:46 1994 From: sidney at apple.com (Sidney Markowitz) Date: Sun, 29 May 94 19:25:46 PDT Subject: Email Stalking on CNN Message-ID: <9405291804.AA09679@federal-excess.apple.com> carterm at spartan.ac.brocku.ca (Mark Carter) said: >As a portrait of people who _aren't_ on the net, it would be fairly accurate, >for both men and women. And if my grandmother had wheels she'd be a bicycle. But she doesn't, she isn't, the article isn't a portrait of people who aren't on the net and it isn't an accurate portrayal of anything (according to people who, unlike me, have read it). Every article that I've ever read in Newsweek and Time that was on a subject with which I had first hand experience had wild inaccuracies. I see no reason to try to find some truth in this article, as that likely would be a pointless exercise. More to the point of this mailing list, if anyone out there is a member of the U.S. version MacPGP development group at qwerty, are you all in the process of upgrading MacPGP 2.3a to play with 2.6, or providing a version to MIT so they can release a street legal PGP for the Mac? And if not, why not? -- sidney From oxhlodo at hebron.connected.com Sun May 29 19:26:11 1994 From: oxhlodo at hebron.connected.com (Ryan Bushby) Date: Sun, 29 May 94 19:26:11 PDT Subject: List Message-ID: <199405292202.PAA03845@hebron.connected.com> Send List. From rah at shipwright.com Sun May 29 19:26:30 1994 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 29 May 94 19:26:30 PDT Subject: "lifeguard(?)": bullet tracking system??? Message-ID: <199405292202.SAA05375@zork.tiac.net> >C'punks, > >On Sun, 29 May 1994, Arsen Ray Arachelian wrote: > >> Hey guys, I heard a blurb on the radio a few days abo about something called >> "lifeguard" which can track the source of gunfire. My guess is that they [snip] and Sandy Sandfort replied, [much really spiffy stuff about shooting the shooter(or not) "elided" as they say around here...] uh, is this *really* cryptography? [sorry...] ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From sandfort at crl.com Sun May 29 19:26:37 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 29 May 94 19:26:37 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <199405292202.SAA05375@zork.tiac.net> Message-ID: C'punks, On Sun, 29 May 1994, Robert Hettinga wrote: > . . . > [snip] > and Sandy Sandfort replied, > > [much really spiffy stuff about shooting the shooter(or not) "elided" as > they say around here...] > > > > uh, is this *really* cryptography? > > [sorry...] No need to apologize, Robert. We all make mistakes. Well, it is about privacy (all those microphones wouldn't have to just listen for gunshots) and about empowering the police state. As I see it, Cypherpunks aren't primarily interested in crypto as an end, but rather as a means to an end. I'll leave the determination of what end(s) we have in mind. Probably, though, they would strongly overlap with concern about a police state with ubiquitous microphones, and (doG forbid) automated machine guns. Think about it. S a n d y From markh at wimsey.bc.ca Sun May 29 19:26:43 1994 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Sun, 29 May 94 19:26:43 PDT Subject: WNSTORM on ftp.wimsey.bc.ca Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: WNSTORM on ftp.wimsey.bc.ca > I've just ftp'ed this to ftp.wimsey.bc.ca... it's in the /uploads/WNS210 > directory. > I've copied these files to a more permanent place: ftp.wimsey.bc.ca:/pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/Steg Usual routine to get it. i.e. cd /pub/crypto/software, get the README file, and if you agree to the terms then follow the instructions. Mark -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBVAgUBLekUPGrJdmD9QWqxAQH1tQH/WebE3IDtAdl8YcJ7m8KtZ448A1b4aQpM X8E3SCDck/Dql7QMgzYPFpDLZrCiR0pkWR3G9Y5+Wre2G5vClQxZ/Q== =fZOa -----END PGP SIGNATURE----- -- Mark Henderson markh at wimsey.bc.ca - RIPEM MD5: F1F5F0C3984CBEAF3889ADAFA2437433 ViaCrypt PGP key fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46 low security key fingerprint: EC E7 C3 A9 2C 30 25 C6 F9 E1 25 F3 F5 AF 92 E3 cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto From hughes at ah.com Sun May 29 20:46:01 1994 From: hughes at ah.com (Eric Hughes) Date: Sun, 29 May 94 20:46:01 PDT Subject: digital clearinghouse idea In-Reply-To: <199405291809.LAA24209@netcom.netcom.com> Message-ID: <9405300140.AA28585@ah.com> Electronic checks are currently handled by the U.S. banking system as Automatic Clearinghouse transactions, and are used by organizations such as Checkfree(tm) and by insurance companies to automatically take money out of your account each month for premiums, etc If you use the ACH system, you can't pre-authorize sporadic payments for arbitrary amounts. Since the receiving institution enters the transaction into the ACH, and since the security environment of the ACH is, er, primitive to what can be accomplished with public key techniques, each transaction amount must be specifically authorized with a piece of paper. Individual transactions can be authorized, as well as periodic payments such as loans and insurance premiums. With Checkfree, the sender must separately authorize each payment, as I understand it. The receiving institution cannot ask for payment. It's a hole in the payments system--an electronic way for individuals to give authorization to take money from their accounts on a per transaction basis. Eric From nelson at crynwr.com Sun May 29 21:00:42 1994 From: nelson at crynwr.com (Russell Nelson) Date: Sun, 29 May 94 21:00:42 PDT Subject: digital clearinghouse idea In-Reply-To: <9405300140.AA28585@ah.com> Message-ID: Date: Sun, 29 May 94 18:40:48 -0700 From: hughes at ah.com (Eric Hughes) If you use the ACH system, you can't pre-authorize sporadic payments for arbitrary amounts. I talked to both Fidelity Checks and Checks-By-Phone, and both of them said that they would accept electronic mail as evidence of authorization. They work as alternatives to credit cards. When a customer calls you up, you tell them that you can accept a check over the phone. They read you the check number, account number, and routing code. You submit that information to them by modem and they print up the checks and overnight them to you. Fidelity Checks charges $200 startup fee plus $2.50 per check. Checks-By-Phone charges $350 startup fee plus $2.00 per check. They both contend that this a standard way to buy things and that customers accept it. Personally, I've *never* had a vendor suggest that they could write a check on my account. -russ ftp.msen.com:pub/vendor/crynwr/crynwr.wav Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | Quakers do it in the light Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From qwerty at netcom.com Mon May 30 01:07:53 1994 From: qwerty at netcom.com (-=Xenon=-) Date: Mon, 30 May 94 01:07:53 PDT Subject: MacPGP2.6 (was Re: Email Stalking on CNN) Message-ID: <199405300807.BAA23828@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Sidney asked, >More to the point of this mailing list, if anyone out there is a member of >the U.S. version MacPGP development group at qwerty, are you all in the >process of upgrading MacPGP 2.3a to play with 2.6, or providing a version >to MIT so they can release a street legal PGP for the Mac? And if not, why >not? More to the point, if anyone out there happens to be a Mac programmer, are you joining the MCIP to create a street smart interface? And if not, why not? :-) Our main concern is ITAR and we are getting legal advice from a team of lawyers, well versed in such matters. MacPGP2.6 will indeed arrive, but it will be the same old beast. We will likely use it as our short-term crypto engine. MacPGP2.6 is a dead end though. PGP3.0 will be turned into a Mac system Manager, adding new routines to the Toolbox. There will also be an Apple Events Linker with a nice interface (to replace MacPGP2.3/MacPGP2.6) for normal programmers and script writers to use. A system-wide menu will get your girlfriends to use PGP with you, FINALLY :-). Drag-and-Drop and "Vaults" for the Finder (thought the Menu could also act on Finder selections, but that's another hack since you guys at Apple wont tell us how to get that info, not to mention how to put up a system-wide menu!). Whoever wants to see what we're up to ftp to ftp.netcom.com in /pub/mcip, and grab MCIP.pictures. There's a bunch of project literature there including a list archive and list of members. -=Xenon=- I heard about MacPGP2.3aV1.1 appearing on ftp.netcom.com in /pub/mpj/... but I can't find it in Europe yet. I mailed Christoph about where he put it. He says he's updating it and will release source, but I heard that in a copy of mail one of our members had with him. No word on the existing source being available overseas, which is rather odd, since it came out of Germany. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBVAgUBLellt2qUjHAmZBGNAQHV6QH+LjaNwn78JaNRs3VplnfLSBJNwFZi7N+h Uti2K/SyBCNunxZ55q212bW55myeAnqWpjnlLBSJqoS406Dc8TzdWQ== =rS8Z -----END PGP SIGNATURE----- From rishab at dxm.ernet.in Mon May 30 01:57:25 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 30 May 94 01:57:25 PDT Subject: FBI: to Russia with love Message-ID: <9405291401.AA05516@ern.doe.ernet.in> Ho ho. Not content with Big Brothering America, the FBI is draping a protective arm around the Russians, to teach the KGB's progeny how to _really_ do their job. Freeh said that Russian mafia selling nukes to terrorists may pose the single largest threat to American security. Whatever happened to all the ferocious pedophiles on the Net? Does Boris know that his new protector's favourite encryption ensures the absolute secrecy of his communications? I thought that US jurisdiction was extended to the whole world through the spooks and the DEA. The FBI's in good company, no doubt. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From sidney at apple.com Mon May 30 05:48:50 1994 From: sidney at apple.com (Sidney Markowitz) Date: Mon, 30 May 94 05:48:50 PDT Subject: MacPGP2.6 (was Re: Email Stalking on CNN) Message-ID: <9405301012.AA16401@federal-excess.apple.com> qwerty at netcom.com (-=Xenon=-) wrote: >A system-wide menu will get your girlfriends to use PGP with you, FINALLY :-). Yes, I noticed the smiley, but I would like to point out that the name "sidney" is ambiguous regarding both gender and sexual orientation, and the statement is ironic given that almost half of Apple's PowerMac OS team, including the person in charge, is female. (I have no statistics as to how many of the team members would have girlfriends vs. boyfriends). Anyway, back to the topic: >hack since you guys at Apple wont tell us how to get that info, not to >mention how to put up a system-wide menu!). I do my hacking in Macintosh Common Lisp, not at that level. But if there is any information you need for MacPGP that I can find out for you by tracking down people within Apple, if Apple doesn't consider it confidential, e-mail the questions to me directly and I'll see what I can do. Be sure to give me enough detail in the question so that I can understand what it means and how to ask it. I'm still pretty much a Mac novice, although I would like to change that. Hmmm... I haven't looked much into the crypto stuff built in to System 7 Pro. Would that stuff you're talking about for PGP 3.0 integrate it in well enough that the existing 7 Pro facilities for mail encryption and digital signatures could be used to produce PGP compatible output? That would be a real win, letting Apple deal with user interface issues. I guess that the state of MacPGP is relevant to the cypherpunks list, but followups regarding your questions to me can drop back to private mail. -- sidney markowitz SK8board Punk Rocket Scientist [not speaking for Apple!] Advanced Technology Group voice: (408) 862-4319 Apple Computer, Inc., M/S 301-3D fax: (408) 974-8414 1 Infinite Loop AppleLink: SIDNEY Cupertino, CA 95014 Internet: sidney at apple.com From cardtris at umich.edu Mon May 30 06:59:12 1994 From: cardtris at umich.edu (Jennifer Mansfield-Jones) Date: Mon, 30 May 94 06:59:12 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: Message-ID: [With apologies -- no, it's not cryptography.] Considering the wide variety of gun noises and urban noise artifacts, a lot of false alarms would be expected. On the other hand some of them might be worth responding to from the police perspective. It might be preferable to respond to firecrackers early in the evening and discourage accidental or deliberate arson later. On Sun, 29 May 1994, Sandy Sandfort wrote: > > There aren't many sounds that are really that similar to gun shots. For > one thing most rounds are supersonic unlike firecrackers and car backfires. > There really is no such thing as a "silencer" outside of the movies. > *Sound supressors* work marginally well for subsonic rounds. They are > pretty much useless for supersonic rounds. > The above is is a bit of an oversimplification. Most of what these gadgets would be listening for are .22/.32/.38/9mm/.45 etcetera. 9mm and 22LR could easily be supersonic, but the other common ones tend to be slower. .45ACP, for example, is usually in the 900fps range (or slower), and won't give any sonic signature other than the shot itself. Regarding automatic shoot-back> > Please. This is the purest nonsense. The microphone system only works > well enough to get the cops to the general vacinity of the shooting. > However the real issue is legal presumptions and liability. Ain't gonna > happen here pardner. > > > S a n d y > As several people pointed out, arming a mechanical device would be litigationally unacceptable. Worry about it when private security firms are allowed to employ mine fields. Furthermore, how long would an audio monitor last in the company of a stealable weapon? 15 minutes? A more reasonable concern would be future "upgrades" of the system for greater sensitivity and a wider range of uses. Regards, JMJ From rarachel at prism.poly.edu Mon May 30 07:02:40 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 30 May 94 07:02:40 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <199405292202.SAA05375@zork.tiac.net> Message-ID: <9405301349.AA01227@prism.poly.edu> > [snip] > and Sandy Sandfort replied, > > [much really spiffy stuff about shooting the shooter(or not) "elided" as > they say around here...] > > > > uh, is this *really* cryptography? > > [sorry...] The only place you're likely to find only info on crypto is [drum roll please] sci.crypt on usenet news. :-) While crypto is the main focus of cypherpunks, occasionally other issues do come up. Privacy, the evils of the state, microphones in Dunkin Donuts, etc. are certainly of interest to the denizens of cypherpunks, and so quite on topic. :-P We'z stoned immaculate... From rarachel at prism.poly.edu Mon May 30 07:05:31 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 30 May 94 07:05:31 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <9405300124.AA28557@ah.com> Message-ID: <9405301352.AA01278@prism.poly.edu> > What's the relevance to crypto or politics of lifeguard? What's the relevance of microphones in Dunkin Donuts? What's the relevance of Digital Telephony II? What's the relevance of 1984? What's the relevance of yet another use of technology by Uncle Sam to strenghen law enforcement and the millitary? I'm surprised at you Eric... I'd expected you jump on this from the other side... From jpp at jpplap.markv.com Mon May 30 07:17:05 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Mon, 30 May 94 07:17:05 PDT Subject: Compress before encrypting? (Was Re: NSA Helped Yeltsin...) In-Reply-To: <9405272043.AA23269@loki.idacom.hp.com> Message-ID: From: Martin Janzen Date: Fri, 27 May 94 14:43:02 MDT Most compression programs add a characteristic signature to the beginning of the compressed output file. If a cryptanalyst guesses that you may be compressing before encrypting, wouldn't this make his job easier? To me, this sounds as though you're adding a known bit of "plaintext" to the start of each message. In short, you are right, compression algorithms often _do_ include a magic number at the begining. However, compression algorithms intended for cryptographic applications don't have to include a magic number. This is especialy true if the crypto system is never used without the compression algorithm. And if magic numbers are unavoidable, then they can be put at the end, and the system run in CFB or CBC modes. Alternatively, a random block can be prepended to the plaintext, and then exored with each of the folowing plaintext blocks (thus creating a garanteed flat distribution for the first bytes of the plain text). Finaly, the state of the art in cryptanalysis (as far as I know), sugests that modern crypto systems aren't as vulnerable to known plaintext as past systems. The best attacks I know of (differential, and linear cryptanalysis) require masive (about 2^30 blocks for DES) amounts of known, or chosen, plaintext -- though miniscule relative to the key size (2^56 again for DES). j' From paul at hawksbill.sprintmrn.com Mon May 30 07:18:15 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 30 May 94 07:18:15 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <9405301352.AA01278@prism.poly.edu> Message-ID: <9405301520.AA04101@hawksbill.sprintmrn.com> > > > What's the relevance to crypto or politics of lifeguard? > > What's the relevance of microphones in Dunkin Donuts? What's the relevance of > Digital Telephony II? What's the relevance of 1984? What's the relevance > of yet another use of technology by Uncle Sam to strenghen law enforcement > and the millitary? > > I'm surprised at you Eric... I'd expected you jump on this from the other > side... > Curses. I must've missed the "microphones in Dunkin Donuts" thread. ,-) - paul From rishab at dxm.ernet.in Mon May 30 07:42:55 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 30 May 94 07:42:55 PDT Subject: FBI: to Russia with love Message-ID: Ho ho. Not content with Big Brothering America, the FBI is draping a protective arm around the Russians, to teach the KGB's progeny how to _really_ do their job. Freeh said that Russian mafia selling nukes to terrorists may pose the single largest threat to American security. Whatever happened to all the ferocious pedophiles on the Net? Does Boris know that his new protector's favourite encryption ensures the absolute secrecy of his communications? I thought that US jurisdiction was extended to the whole world through the spooks and the DEA. The FBI's in good company, no doubt. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Short-Sleeved Shirt Association says: Support your right to bare arms! -------------------------------------------------------------------------- From bart at netcom.com Mon May 30 07:50:46 1994 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 30 May 94 07:50:46 PDT Subject: ecash-info (fwd) Message-ID: <199405301450.HAA08455@netcom.com> Forwarded message: > From info at DigiCash.nl Mon May 30 05:44:18 1994 > Date: Mon, 30 May 1994 14:08:20 CET > From: "DigiCash Information" > To: bart at netcom.com > Subject: ecash-info > > Thank you for your interest in our electronic money technology. > Because of all the reactions we have received, we have made available > some background information on our Web server > > http://digicash.support.nl > >... > David Chaum > Managing Director > ---------------------------------------------------------------------- > DigiCash bv info at digicash.nl > Kruislaan 419 tel +31 20 665 2611 > 1098 VA Amsterdam fax +31 20 668 5486 > The Netherlands http://digicash.support.nl > ---------------------------------------------------------------------- > From werner at mc.ab.com Mon May 30 08:24:47 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 30 May 94 08:24:47 PDT Subject: List Message-ID: <199405301524.LAA24257@sparcserver.mc.ab.com> >Date: Sun, 29 May 1994 15:02:13 -0700 >From: Ryan Bushby >Sender: owner-cypherpunks at toad.com >Precedence: bulk > >Send List. cornflakes razor blades light bulbs ham national enquirer cheese bread spaghetti sauce soap From m5 at vail.tivoli.com Mon May 30 08:47:08 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 30 May 94 08:47:08 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <9405291756.AA18068@prism.poly.edu> Message-ID: <9405301546.AA04972@vail.tivoli.com> Arsen Ray Arachelian writes: > Sure, the ammounts of stick ups and burglaries that liquor stores > would suffer would rise How do you know? In fact, why would you even suspect this to be the case? (Note that a significant motivator for such crimes---the need for money to buy drugs---would diminish in importance considerably.) -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From jpp at jpplap.markv.com Mon May 30 09:06:17 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Mon, 30 May 94 09:06:17 PDT Subject: Compress before encrypting? (Was Re: NSA Helped Yeltsin...) In-Reply-To: <9405301653.aa25522@salmon.maths.tcd.ie> Message-ID: Date: Mon, 30 May 1994 16:53:32 +0200 From: Alastair McKinstry [...] While this is true, don't forget the usefulness of known plaintext for brute-force analyses. If you're doing a brute-force search [...] Costs: <$20 million (see Schneier) and this then makes breaking DES keys (for example) trivial, if they all have the plain text. [I presume Alastair ment to say] ...the same known plain text. [...] Ah yes. Well, the state of the art in cryptanalysis (as far as I know) just moved forward a notch. =) j' From m5 at vail.tivoli.com Mon May 30 09:11:29 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Mon, 30 May 94 09:11:29 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <9405291756.AA18068@prism.poly.edu> Message-ID: <9405301611.AA05176@vail.tivoli.com> Oops. I didn't mean to blast that note out to the list. Sorry. -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From rishab at dxm.ernet.in Mon May 30 09:15:47 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 30 May 94 09:15:47 PDT Subject: tmp's illness and a free world Message-ID: Various people, on Unicorn's suit: > > You only had to find someone who was ill, and then kick him > > while he was down. > > It has never been demonstrated to my satisfaction that tmp at netcom.com > is ill, and while the suggestion has been made frequently I don't > think we can use the supposition to accuse Mr. Unicorn of "kicking" a > sick person. This is a serious twisting of the facts. Hee hee. True, Detweiler (who's not tmp, of course) has often been accused of being 'ill' -- meaning mentally deranged. I doubt that he'd agree, though ;-) > > Was it Rousseau who said, "First, we kill all the lawyers"? > > No, my ignorant friend, it was Shakespeare. Shakespeare?? Not Moses... ;-) As I said earlier: > In an ideal world one would have the freedom to express without any risk of > damage, whether it be economic, material or social. Ideally, I should be able > to publicly discuss my views, on anarchy or religion or sadism or whatever, > without risking social censure. In an ideally tolerant society, the need for > anonymity would then be reduced to freedom from analysis. > > Unfortunately our society is far from ideal. Though Unicorn could freely post > on the relatively more tolerant Net, he still faces intolerance in the 'real' > world. > > For all we may talk about reputation systems, multiple identities and so on, > the seven-digit possible loss Unicorn talks about is _real_, in a way > cyberspace and lost net.reputations just aren't, yet. > -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Fairness to Game Animals Association says: Support your right to arm bears! -------------------------------------------------------------------------- From rishab at dxm.ernet.in Mon May 30 09:16:08 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Mon, 30 May 94 09:16:08 PDT Subject: Does Estonian RSA chip violate patents? Message-ID: Jyri Poldre : > Recently i became involved in project of designing semi-custom VLSI device > for endecryption. The device uses variable length RSA for key exchange and > IDEA for data encryption. For pipelinig IDEA block we have to use 6 > multipliers 16 bit ant that leaves us with 96 bit adder for RSA calculations. > ( The chip should be reasonably cheap ). Otherwise the RSA speed would not As this is in Estonia, I don't suppose you're bothered about the patents? As far as I know, RSA/PKP patents are for _algorithms_, not respected outside the US, though patents for RSA/PKP _hardware_ would be respected worldwide. I'm not sure how algorithm patents can be applied to hardware -- you may or may not be able to sell this chip in the US _without_ violating patents. (Though you can freely sell RSA hardware or software outside the US.) You may even be able to apply for a European patent for the hardware, which would then be respected everywhere, except in the US where it may be superceded by the algorithm patents. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Fairness to Game Animals Association says: Support your right to arm bears! -------------------------------------------------------------------------- From janzen at idacom.hp.com Mon May 30 09:16:15 1994 From: janzen at idacom.hp.com (Martin Janzen) Date: Mon, 30 May 94 09:16:15 PDT Subject: Compress before encrypting? (Was Re: NSA Helped Yeltsin...) In-Reply-To: Message-ID: <9405301616.AA27727@loki.idacom.hp.com> Jay Prime Positive writes: > > From: Martin Janzen > Date: Fri, 27 May 94 14:43:02 MDT > > Most compression programs add a characteristic signature to the beginning > of the compressed output file. If a cryptanalyst guesses that you may > be compressing before encrypting, wouldn't this make his job easier? > To me, this sounds as though you're adding a known bit of "plaintext" to > the start of each message. > > In short, you are right, compression algorithms often _do_ include a >magic number at the begining. > > However, compression algorithms intended for cryptographic >applications don't have to include a magic number. This is especialy >true if the crypto system is never used without the compression >algorithm. [...] OK; so ideally this is something that would be built in to one's encryption/decryption program. I was thinking of UNIX compress, gzip, and the like. > Finaly, the state of the art in cryptanalysis (as far as I know), >sugests that modern crypto systems aren't as vulnerable to known >plaintext as past systems. The best attacks I know of (differential, >and linear cryptanalysis) require masive (about 2^30 blocks for DES) >amounts of known, or chosen, plaintext -- though miniscule relative to >the key size (2^56 again for DES). That's good to know! Thanks for the explanation, Jay. -- Martin Janzen janzen at idacom.hp.com Pegasus Systems Group c/o Hewlett-Packard, IDACOM Telecom Operation From hughes at ah.com Mon May 30 09:29:35 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 May 94 09:29:35 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <9405301352.AA01278@prism.poly.edu> Message-ID: <9405301636.AA29635@ah.com> > What's the relevance to crypto or politics of lifeguard? Almost all of you saw this quoted statement for the first time on this list, because I sent the original in private email. What's the relevance of microphones in Dunkin Donuts? Privacy. What's the relevance of Digital Telephony II? Privacy. What's the relevance of 1984? Privacy. What's the relevance of yet another use of technology by Uncle Sam to strenghen law enforcement and the millitary? Well, it's not privacy, whatever it is. There's precious little speech content in a shotgun blast. Cypherpunks is about privacy through implementations of cryptography. Some politics intrudes perforce, since use and distribution is part of implementation, and because bad politics can interfere with both use and distribution. Cypherpunks is not _about_ other topics, althought they can and do become relevant sometimes. The tailors of seamless garmets should go elsewhere to advocate their views. Cypherpunks is not for the partisan. I don't particularly care if you're anti-fascist or pro-fascist, if you're pro-privacy, you're welcome here. You don't have to be against increased power for police acting in public to be against wiretaps. Privacy and encryption is not the sole province of one political view or another. As soon as an issue becomes a partisan issue, you've lost, because at least half the people are against it. Linking support for privacy and encryption to the support for any particular partisan position, be it libertarianism, anarchism, extropianism, or whatever, is foolish in the extreme. The implied message is "Warning: if you don't believe X, privacy may be inconsistent with your current beliefs." Those who argue that a support for privacy implies a support for some other unrelated political view deserve, to paraphrase Tim May, the results for their own stupidity. But _I_ don't deserve the results of this stupidity, and I don't want cypherpunks turned into a medium for its propagation. Where is the abortion-clinic-blocking Christian right on cypherpunks? I, for one, feel that the lack of their presence is a serious flaw in the social makeup of cypherpunks. There _are_ members of the list who are sympathetic to this view, but they do not have a presence, certainly, in the same way that the libertarians do. This is a flaw. We need the presence of more folks who are in-your-face for privacy. There are some in the Christian right, I'm sure. Why are they not here? They and others are not here because they've been chased out by the anti-government rhetoric. Being against government in general certainly leads, _a fortiori_, against government involvement in crypto. It is not, however, the only such reason to be against government restrictions on crypto and government actions against privacy. I'm sure it feels very nice to be part of a mutual self-congratulation anarchy, but to the extent that self-congratulation causes the exclusion of others who share your nominal political goals, that self-congratulation is stupidity. There is a tendency to argue for privacy by a deduction from some previously held political view. That's fine for one person, but it doesn't generalize past one's own partisans. If you want victory, and not just a few small gains, you have to generalize, and in order to generalize, you have overcome your laziness to think in terms of your own values and not in terms of those of another. If you want to convince someone else who doesn't agree with you in many things, you have to dig deeper and think harder about the reasons and the desires for privacy. Therefore, off-topic posts like the one about gunfire location are counterproductive. They implicitly argue that "you, too, should be in alignment with this in order to be pro-privacy." Get it out of here. A have only a little hope, but definitely some hope, in the power of self-restraint to make a good discussion forum. Think about what you're saying on the list; if it's not about privacy through cryptography and their tactics, don't say it here. Eric From hughes at ah.com Mon May 30 09:41:32 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 May 94 09:41:32 PDT Subject: Does Estonian RSA chip violate patents? In-Reply-To: Message-ID: <9405301648.AA29683@ah.com> As far as I know, RSA/PKP patents are for _algorithms_, not respected outside the US, though patents for RSA/PKP _hardware_ would be respected worldwide. The patent on the RSA cryptosystem, whatever its content, only applies within the USA. There is no worldwide patent on the RSA cryptosystem. Activities not in the USA are not relevant to a USA patent. I'm not sure how algorithm patents can be applied to hardware -- you may or may not be able to sell this chip in the US _without_ violating patents. If the firmware on the chip does RSA, it's covered. If it merely does modular exponentiation, it's not. If the chip has an on-board programmable microcontroller and no RSA firmware, it's not covered by the patent, even if software can be loaded into the chip which does RSA. The device which loads the code in and which uses the loaded code, however, would be covered. You may even be able to apply for a European patent for the hardware, which would then be respected everywhere, except in the US where it may be superceded by the algorithm patents. Supercession like this does not happen. If there were a patent on the hardware and a patent on RSA both active in the same jurisdiction, one would have to obtain license from _both_ patent holders. Eric From smb at research.att.com Mon May 30 10:09:10 1994 From: smb at research.att.com (smb at research.att.com) Date: Mon, 30 May 94 10:09:10 PDT Subject: Does Estonian RSA chip violate patents? Message-ID: <9405301709.AA13972@toad.com> As this is in Estonia, I don't suppose you're bothered about the patents? As far as I know, RSA/PKP patents are for _algorithms_, not respected outside the US, though patents for RSA/PKP _hardware_ would be respected world wide. I'm not sure how algorithm patents can be applied to hardware -- you may or may not be able to sell this chip in the US _without_ violating patents. (Though you can freely sell RSA hardware or software outside the US.) You may even be able to apply for a European patent for the hardware, which would then be respected everywhere, except in the US where it may be superceded by the algorithm patents. There's a lot of confusion about what the RSA patent covers, and what's prohibited by it. Rivest, Shamir, and Adleman did not patent an algorithm. Rather, they patented a cryptographic communication system based on certain equations. That means that it doesn't matter if you build it using software or hardware -- if it's still a system using the mechanisms described by their patent, it would infringe the patent in the U.S. Both within and outside the U.S., RSA hardware is patentable to the extent that the circuitry used is new, useful, and non-obvious. But what you're patenting is a circuit to do RSA, not RSA itself, of course. (The circuit might actually be more general, i.e., a modular exponentiation chip or some such -- in which case you'd be well advised to patent the more general concept rather just its utility for RSA.) That doesn't mean you could use the circuit to do RSA in the U.S. without a license from PKP. A patent is *not* the right to do something; rather, it is the right to prevent others from doing it. But if the circuit did not do only RSA, there's no reason why you couldn't sell it within the U.S. without worrying about the RSA patent. Finally, many folks have claimed that non-U.S. law does not permit ``algorithm'' patents. That may very well be. However -- there have been a lot of patents like that that have been issued within Europe; IDEA and Schnorr's signature algorithm come to mind. Whether these have been issued due to some quirks of the Patent Co-operation Treaty, or whether they could be issued without that, or whether they'll stand up in a European court, I couldn't say -- but the patents *are* being issued. --Steve Bellovin From brookfld at netcom.com Mon May 30 11:25:36 1994 From: brookfld at netcom.com (Brookfield Economics Institute U.S.A. Limited) Date: Mon, 30 May 94 11:25:36 PDT Subject: digital clearinghouse Message-ID: <199405301825.LAA07518@netcom.netcom.com> We are able to use ACH ourselves. Yes, a customer can pre-authorize us to take amounts out of their checking account using ACH. The amounts do not have to be periodic, they can be any time, any amount. Our bank, with whom we are setting up ACH, determines whether or not we are using adequate security and authorization procedures, and holds us responsible if we're not. BROOKFIELD ECONOMICS INSTITUTE (U.S.A.) Limited ----------------------------------------------------------- Do you want to subscribe to our newsletter? Send email to brookfld at netcom.com, with the words SUBSCRIBE BBA your_first_name your_last_name as the subject of the message. Do you have a business question? Send it to brookfld at netcom.com. Questions which Brookfield determines are of common interest will be answered in the newsletter. Submissions become property of Brookfield Econcomics Institute. Copyright (c) 1994 Brookfield Economics Institute (U.S.A.) Limited. Rights are granted for use or duplication of this information by subscribers and individuals, but all commercial rights and rights of resale are reserved. Other use or duplication is prohibited. Brookfield is not engaged in rendering professional advice. In business and legal matters the advice of an attorney or other competent professional should be sought. From rah at shipwright.com Mon May 30 12:45:20 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 30 May 94 12:45:20 PDT Subject: IMP (was Re: ecash-info (fwd)) Message-ID: <199405301945.PAA11305@zork.tiac.net> >Forwarded message: >> From info at DigiCash.nl Mon May 30 05:44:18 1994 [snip. . .] >> http://digicash.support.nl [snip. . .] This, like CommerceNet(tm), seems to be pretty much under construction. The store windows look nice, however... >> >>... >> David Chaum On another point, I still think I'm subscribed to imp-interest, the internet mercantile protocol list, though I haven't seen anything much come out of there lately. It got Detweiler-infested and flamed over pretty badly before it went moribund, but I think imp-interest died primarily because implicit in it was a sort of top-down-plan idea that was incongruous with the do-it-first ethic of the internet. Cypherpunks write code, or Chaum does, anyway ;-). At the risk of violating that canon, ( I couldn't code my way out of a paper bag, even though I've designed an application or two) I'd like to start a thread here. Could we talk about IMP here? Here's what I think: 1.) Chaum's e-cash coupled with WWW/Mosaic is a de facto internet mercantile protocol. 2.) It seems to me that that e-cash, contrary to the status quo's thinking, is *critical* to internet commerce. An anonymous cash market is most unrestricted and efficient market there is, because privacy/security (more than trust, I think) is the capstone of any serious transaction mechanism. The imp-interest people seemed to be afraid of e-cash because the Chaum-patent hairball reminded them too much of the RSA/PGP fight, and probably because they didn't want to be associated with any wild-eyed crypto-anarchists(tm). (As a dyed-in-the-wool yellow-dog congenital up-by-your-bootstraps crypto-fascist republican, I haven't the slightest idea what they're talking about. . .) 3.) Since a big pile of the discussion on this group lately has been about our collective concerns about an RSA-approved version of PGP, I think there is a real parallel here in e-cash. Not that some enterprising cypherpunk should immediately code up "e-cash for the masses"; that would be way cool but probably not within the second-mortgages of the people here. However, some effort should be made to get Chaum et. al. to see to logic of distributing *both* the "cash-register" and the "wallet" of this e-cash system to anyone who wants it. It seems that, like Mr. Bill (Gates), his real market is the people who make e-cash ("banks", "currency exchanges", "mints"), not the people who use it. Just a second. My flame-suit is around here somewhere... OK. Flame on. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From edgar at spectrx.sbay.org Mon May 30 13:24:44 1994 From: edgar at spectrx.sbay.org (Edgar W. Swank) Date: Mon, 30 May 94 13:24:44 PDT Subject: PRZ Endorses PGP 2.6 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I was a little surprised to receive the following as a response from a "vacation" program apparently prepared by PRZ to answer his e-mail during a temporary absence: In case you haven't heard, MIT is soon releasing PGP version 2.6, available from an FTP site at MIT, for US noncommercial users only. It is a nice version of PGP, with all the strength and integrity of PGP 2.3a, with some bug fixes and improvements. -Philip Zimmermann I suppose this means he thinks (knows?) that problems inter-operating with overseas & commercial (Viacrypt) users will be worked out. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLechXt4nNf3ah8DHAQHDCQP/YejwsDpt/Mtb9KvKKY4m7xlC7nudFFO3 s6Q8v9ExknOsnpQ9Xp+vEeosFVtYkceqI3Saa1uhErwF3HBR4xCczGEXGE9jk0PD 1OHoe5lbzjg6dsjw6wj89GGSLM/oEaJEj3+3kBXq2UJPunQHmXryx5KV4lW8RGtQ NW8ydMIwaZA= =GrzX -----END PGP SIGNATURE----- -- edgar at spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From jdwilson at gold.chem.hawaii.edu Mon May 30 13:30:31 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Mon, 30 May 94 13:30:31 PDT Subject: Does Estonian RSA chip violate patents? In-Reply-To: Message-ID: On Mon, 30 May 1994 rishab at dxm.ernet.in wrote: > I'm not sure how algorithm patents can be applied to hardware -- you may or > may not be able to sell this chip in the US _without_ violating patents. > (Though you can freely sell RSA hardware or software outside the US.) > If a PROM, EPROM, EEPROM, ASIC, FPGA etc. contains a program which is patented or copyrighted, is it hardware or software - is it the same as a diskette containing the same program code is it the same as a book containing the code? -NS *.................................................................* . == = =....James D. Wilson.....jdwilson at gold.chem.hawaii.edu.. . " " "....P. O. Box 15432..........or..NetSurfer at sersol.com.. . " " /\ "....Honolulu, HI 96830..Give me the finger for my key. . \" "/ \"....FRC/FAM/AASR/GWB/OTO..........NETSURFER............ *.................................................................* From warlord at MIT.EDU Mon May 30 13:40:35 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 30 May 94 13:40:35 PDT Subject: PRZ Endorses PGP 2.6 In-Reply-To: Message-ID: <9405302040.AA29350@toxicwaste.media.mit.edu> > I suppose this means he thinks (knows?) that problems inter-operating > with overseas & commercial (Viacrypt) users will be worked out. Don't *you* think it will be worked out? If not, then you have little faith! :-) ViaCrypt has already stated that it will be upgrading to a new version that will be compatible with 2.6... (Go read alt.security.pgp). -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord at MIT.EDU PP-ASEL N1NWH PGP key available From CCGARY at MIZZOU1.missouri.edu Mon May 30 14:16:17 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 30 May 94 14:16:17 PDT Subject: No Subject Message-ID: <9405302116.AA20629@toad.com> who cypherpunks index cypherpunks From peb at netcom.com Mon May 30 14:29:21 1994 From: peb at netcom.com (Paul E. Baclace) Date: Mon, 30 May 94 14:29:21 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup Message-ID: <199405302129.OAA19561@netcom.com> The author's source did not reveal the nature of the intercept...it could have been through a direct bug. However, the article does give the impression that the coup leaders believed they were secure, so apparently they took some steps toward privacy. Paul E. Baclace peb at netcom.com From CCGARY at MIZZOU1.missouri.edu Mon May 30 15:07:34 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 30 May 94 15:07:34 PDT Subject: The Cypherpunks' Electronic Book Message-ID: <9405302207.AA22877@toad.com> THE CYPHERPUNKS' ELECTRONIC BOOK (CEB) C'punks write in sand - the cure sssss aaa nnn n nn n n ddd d sss aaa aaa nnn nn nnn n n ddd d sss aaa aaa nnn nnn nnnn dddd sss aaaaaaaaaaa nnn nnn nnn n n dddd sss aaa aaa nnn nnn nnn n dddd sss aaa aaa nnn nn nn nn ddd dddd d d sss aaa aaa nnn nnn nn dd dddd aaa aaa nnn nnnn ddd dddd dd THE CURE Ok, its not quite as bad as that but its bad! As we all know the Cypherpunks' list is not archived, indexed, or hard back bound. Information that cannot be found is useless. Tim May has recently volunteered to make a list of privacy software. Congratulations for that! That is certainly a step in the right direction. I don't wish to be overly critical of the Cypherpunks' list as it is surely the best electronic privacy list & better than any corresponding newsgroup on the Internet. I am merely pointing out a solution to its greatest deficiencies & how to greatly improve it. I have an idea (CEB) that would get us a very workable knowledge base fast. First, it is not that practical to archive the list. Its too big, no one wants to do it, too much of it is junk, & files that are valuable today are time dependent & become tomorrow's junk. The only good reasons for archiving the whole list are for history & entertainment. My idea for a good Cypherpunk knowledge base is a "Cypherpunks' Electronic Book" ("CEB") that would have named chapters that are indexed, refereed, & continuously updated. Contributors would have their items signed. These chapters would consist of: 1. List of privacy software & locations. 2. State of the Art. 3. Current significant problems. 4. Capabilities & Dreams (things we can do, things we want to be able to do). 5. Reputations of people by name, their products & achievements. 6. PGP's state of affairs. All chapters would be refereed & all chapters of large size would be indexed. There would be a collective index for the whole CEB. LIST OF PRIVACY SOFTWARE & LOCATIONS In the software listing, in addition to listing where software can be found, we could also have reviews by Cypherpunks so we could know each package's quality. STATE OF THE ART In the State of the Art chapter, we would list only the best software of its kind. It would of course include reviews of each piece & its fitness for its job. Each piece would be indexed by name, category, & author. CURRENT SIGNIFICANT PROBLEMS In the Current significant problem's chapter, we would have a list of the particular current problems as well as general problems to solve & tactics for carrying out the Cypherpunks' mission. We could list who was working on these problems & how far they had gotten. We could also state a difficulty level to each problem. Many problems would be only partially solved or solved in a not entirely satisfactory way. For those hoping to make contributions to electronic privacy, this chapter would provide a list of targets. CAPABILITIES & DREAMS In the Capabilities & Dreams chapter, we would have a compilation of things that we are currently able to do as well as things that we hope to be able to do in the future. A good example is how far we are with anonymous digital money. Is anybody actually using it? Do we have useable money systems available but unused? Do we have users beating down our doors for a working digital money system not yet developed? Do we have anonymous digital barter & what is being bartered? REPUTATIONS OF PEOPLE BY NAME, THEIR PRODUCTS & ACHIEVEMENTS The reputations chapter is a much needed who's who of the electronic privacy world. We would know who had made heavy contributions to electronic privacy & who the proven capable are. Much needed recognition would be provided to the productive. This chapter would serve as a reputations grade lister for the more outstanding people. I would also suggest that their public keys, if any, be included. This chapter would provide some much needed justice. PGP'S STATE OF AFFAIRS PGP in its various versions is a topic that rates its own chapter in CEB. What versions are compatible? What versions are good? What versions are endorsed by Phil Zimmerman? For what versions do we have source code? What versions are legal & where? The PGP versions would require some thoughtful indexing. Then, there are the patches to PGP versions to make them compatible with other versions & for bug fixes & upgrades. THE CEB WOULD BE WRITTEN QUICKLY & WOULD GROW This Cypherpunks' Electronic Book could be written very quickly. It would be written in parallel with many Cypherpunks writing in different sections in different chapters. We would not have to start out big. The first edition could be a high quality booklet. New editions could be published weekly or even daily due to the fact that its medium is electronic. The booklet would have immediate value with its first edition as permanent continuously updated sources of electronic privacy knowledge are badly needed. I would suggest that Tim May could be one of the first writers with his software list. In order to get something published early, Tim could list only the best of the software in the first edition. It would be good if Tim could have a critique to go with each software piece. CEB - CURRENT, CONTINUOUSLY UPDATED, & REFEREED As far as I know, the Cypherpunks' Electronic Book would be the only current, continuously updated, refereed electronic privacy knowledge base on the Internet. As various Cypherpunk writers contributed to it it would grow in value. It would become THE electronic communications privacy knowledge base. MAJORDOMO IS THE TOOL We could use Majordomo as the book's distributor. With some small modifications, Majordomo could do a lot for us. I would suggest that Majordomo be modified so that it advertised CEB by name with each query. The CEB would be available from Majordomo as one of its files with the full instruction: get cypherpunks CEB . When the CEB became very large individual chapters could be offered. Each chapter would have its own index. There would be a collective index for the whole CEB. MAJORDOMO DISTRIBUTES AUTOMATICALLY Majordomo could also be programmed to send out a Majordomo file every week that explained how to use Majordomo & what it had to offer. This would keep newbies from asking a lot of questions. Our Majordomo would also develop a reputation as the distributor of the Internet's best knowledge base for crypt software locations, evaluations & electronic privacy concerns. Later, Majordomo could be programmed to automatically send out daily or weekly updated versions of the Cypherpunks' Electronic Book to related interest groups such as Sci.Crypt & Politics.Crypt. Note: From this point on in the text, I will use the term CEB to denote Cypherpunks' Electronic Book. CEB WOULD BE *THE* REFERENCE KNOWLEDGE BASE CEB would be THE reference for the statuses for all the Cypherpunks' concerns. Researchers would know immediately what the status was of their area of work. People who wanted to use electronic privacy products would know what the best products were, where to find them, & what their capabilities were. C'punks wanting to make a contribution to the tech- nology would find where the significant problems were & what needed to be done. People wanting to find out the reputation & products of a C'punk could do so quickly. The location of everything of current value to electronic privacy could quickly be found in CEB. CEB IS A BADLY NEEDED COUNTERPART TO THE CYPHERPUNKS' LIST CEB is a badly needed counterpart to the Cypherpunks' list. Our list is disorderly, huge, & things get lost in it. For instance, recent- ly, there was a post about PGS (pretty good PGP shell). It was stated that PGS was a very good product. But, if we are distracted by interest- ing threads & monthes pass, we might have a terrible time finding PGS. With a well indexed CEB, we would immediately find PGS. Another example is WNSTORM. This is a greatly needed piece of software. After some months pass, we may wonder "is WNSTORM any good?", "who wrote it?", "where can I find it?", "what was its name?", "has it solved the patter- ened lower order bits problem?", "has it been obsoleted by another steganography program?".With a good CEB, we could immediately know the answers to these questions. Another example is the Windows implemen- tation of PGP. I only found out about it because I made a post suggest- ing that a good Windows implementation of PGP could greatly popularize encryption. Julietta, then sent another post saying that that software had not been done well from a user friendly point of view. Is Julietta right? Is it user unfriendly or not? With a refereed CEB we would know. With a comprehensive CEB, I would have known of its existance. CEB WOULD BE "FINISHED" & PROFESSIONAL The CEB would constitute a "finished" product. It would look pro- fessional, refereeing would guarantee its quality, & it would have a feeling of completeness magnitudes beyond the list. It would also give experienced & skilled Cypherpunks their own medium without being swamp- ed out by the work of the less capable - a joy for the Elite & Elitists! CEB CAN START NOW All that it takes to start CEB is some cooperation from Eric Hughes in making some changes to Majordomo & in appointing referees. We've got the material to start typing immediately. CEB can start out as a high quality booklet. It will grow as C'punks add to it & we might very well wind up selling yearly editions of it to Loompanics & other quality pubs. Possibly, later, CEB could finance the Cypherpunks' mailing list. Many capable C'punks are tired of having their best work buried & would gladly contribute to CEB. Anybody got any ideas? Yours Truly, Gary Jeffers Cypherpunk PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKK! BBBEEEAAATTTT STATE! From jkreznar at ininx.com Mon May 30 15:10:29 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Mon, 30 May 94 15:10:29 PDT Subject: Popular opposition doesn't mean privacy is lost In-Reply-To: <9405301636.AA29635@ah.com> Message-ID: <9405302210.AA29949@ininx> -----BEGIN PGP SIGNED MESSAGE----- While grudgingly accepting the larger message of your posting, I qualify this with the following observation: Eric Hughes, 1994 May 30: > As soon as an issue [such as privacy] becomes a partisan issue, you've > lost, because at least half the people are against it. Eric Hughes, in the cypherpunks welcome message: > Cypherpunks acknowledge that those who want privacy must create it for > themselves and not expect governments, corporations, or other large, > faceless organizations to grant them privacy out of beneficence. Egregious among the ``large, faceless organizations'' is the tyranny erected by the majority, ``at least half the people'', called democratic political government. My interpretation of the welcome message has always been that a cypherpunk works to create his own privacy _in spite of_ interference by ``at least half the people'', acknowledging that these people are not to be expected to grant that privacy on their own. I do not concede that half the people being against privacy means that I've lost. I seek to apply what I learn through cypherpunks to create my privacy even without their approval. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLepjFcDhz44ugybJAQHrWgQA2ix+775G0eIiQXsXgDjU71Cu+m1xOPnA a5QkYS5J1GTSlVHuD1MKRS/mfa++Kf6U5h2wvpOeLqHVnE2aBta8llTKBPxMQjym 9/1yMNxdtdXbac9FeARKG5UGdLMglNudwrVWdrdfzham6xd0n0tLFVn6IE0OStg7 aGX0DHrdW9g= =ATx7 -----END PGP SIGNATURE----- From paul at hawksbill.sprintmrn.com Mon May 30 15:15:24 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Mon, 30 May 94 15:15:24 PDT Subject: your mail In-Reply-To: <9405302116.AA20629@toad.com> Message-ID: <9405302317.AA05073@hawksbill.sprintmrn.com> > > who cypherpunks > index cypherpunks > we cypherpunks ,-) From CCGARY at MIZZOU1.missouri.edu Mon May 30 15:36:13 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 30 May 94 15:36:13 PDT Subject: Cypherpunks' Electronic Book Message-ID: <9405302236.AA23248@toad.com> Please see my current post of the truncated subject title: The Cypherpunks' Electronic Bo Yours Truly, Gary Jeffers From klbarrus at owlnet.rice.edu Mon May 30 15:36:59 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Mon, 30 May 94 15:36:59 PDT Subject: Detweiler's motivations In-Reply-To: <199405281825.LAA09262@jobe.shell.portal.com> Message-ID: <9405302236.AA24055@flammulated.owlnet.rice.edu> Hal wrote: >Some have concluded that Detweiler actually is insane, but I don't think >so. I suspect that he is acting on a carefully calculated program designed >to discredit the kinds of technologies we support. By posting trash to I agree it is difficult to determine Detweiler's motivations; I've carried on quite civil email exchanges with him... but the posts from tmp at netcom.com are quite bizzare. Anyway, I was looking thought this months PC Techniques articles on Secret Sharing, Simple Encryption (XOR), and Subliminal Channels, when I flipped through Connect magazine... and was stunned to see the article "Cryptography for the Unwashed Masses" by L. Detweiler! The article is calm, reasonable, explains the rudiments of crypto (keeping in mind the target audience), and in general pro crypto. So while he may have it in for cypherpunks stuff, he seems to be supporting cryptography. -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From tcmay at netcom.com Mon May 30 15:43:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 30 May 94 15:43:32 PDT Subject: IMP (was Re: ecash-info (fwd)) In-Reply-To: <199405301945.PAA11305@zork.tiac.net> Message-ID: <199405302243.PAA04445@netcom.com> Robert Hettinga wrote: > >> http://digicash.support.nl > [snip. . .] > > This, like CommerceNet(tm), seems to be pretty much under construction. > The store windows look nice, however... > >>... > >> David Chaum David Chaum's work is of course central to Cypherpunks, and has been for the past two years (since Cypherpunks plans were laid...). Eric Hughes worked with him in '91-'92, and many of us have talked to him about these issues. Further, his papers on DC-Nets and digital mixes (the basis of Cypherpunks remailers) are often cited. I mention this not to chide or "one-up" Robert, but to make clear the role that Chaum's untraceable digital cash has _always_ had for us. The strength of true digicash, even if not yet fully realized/deployed, is why so many of us are skeptical of half-baked "digital cash" schemes that turn out upon quick inspection to have none, or few, of the important features. IMP-interest folks had an especially naive view, for the most part (based on posts I saw and things I heard from participants). I wished them well, but it seemed unlikely that a group of such hobbyists could build a real digicash system while avoiding Chaum's work! > implicit in it was a sort of top-down-plan idea that was incongruous with > the do-it-first ethic of the internet. Cypherpunks write code, or Chaum > does, anyway ;-). Even with the smiley, are you implying Cypherpunks don't actually write code? Some do, some don't. But Cypherpunks remailers are fully operational, as are message pools, a form of digital money (Pr0duct Cypher's "Magic Money"), etc. > At the risk of violating that canon, ( I couldn't code my way out of a > paper bag, even though I've designed an application or two) I'd like to > start a thread here. > > Could we talk about IMP here? Digital cash is discussed here often. And every one of the various "digital money" schemes announced by folks has--I think--been forwared here and discussed. In my view, Cypherpunks have talked a lot more about Internet Mercantile Protocols than the IMP-interest list has talked about crypto (an absolutely core technology, of course). > 1.) Chaum's e-cash coupled with WWW/Mosaic is a de facto internet > mercantile protocol. Hardly. Maybe it will be in the future, but enough infrastructure pieces are lacking that it can hardly be called a "de facto internet mercantile protocol." I agree it has huge promise. (I suspect I'm sounding pedantic in this post...what I'm trying to do is get across the idea that Cypherpunks are familiar with Chaum's work--or should be--but that much work remains to be done....merely getting excited about Chaum's stuff is where many of us were in 1988 to 1992, with the actual work still lying ahead. And much of the work _still_ lies ahead. (Cf. the soda archives for a "Glossary" and various articles on Chaumian things.) (2.) It seems to me that that e-cash, contrary to the status quo's thinking, > is *critical* to internet commerce. An anonymous cash market is most > unrestricted and efficient market there is, because privacy/security (more > than trust, I think) is the capstone of any serious transaction mechanism. > The imp-interest people seemed to be afraid of e-cash because the > Chaum-patent hairball reminded them too much of the RSA/PGP fight, and > probably because they didn't want to be associated with any wild-eyed > crypto-anarchists(tm). (As a dyed-in-the-wool yellow-dog congenital > up-by-your-bootstraps crypto-fascist republican, I haven't the > slightest idea what they're talking about. . .) Of course crypto and true digital cash is central....this is our whole message, nearly. > 3.) Since a big pile of the discussion on this group lately has been about > our collective concerns about an RSA-approved version of PGP, I think there > is a real parallel here in e-cash. Not that some enterprising cypherpunk > should immediately code up "e-cash for the masses"; that would be way cool > but probably not within the second-mortgages of the people here. However, You may be new to the list, but Magic Money/Tacky have been discussed as recently as last week. And ftp sites have been listed. Also, within the last week there were several discussions of making the schemes more "usable by the masses." (Having said this, MM is _not_ an easily usable, readily-convertible currency or even a payment xfer system for real currency...again, see the many posts on this.) > Just a second. My flame-suit is around here somewhere... OK. Flame on. > > Cheers, > Bob Hettinga I don't think of my comments as flamish, but the comments here seem to bespeak no awareness of the heavy focus Cypherpunks has had on digital cash for a long time. That we have not "deployed" digital cash is related to many factors, including patents, lack of financial incentive (Chaum's folks have spent perhaps 10-20 man-years and several million dollars, and Chaum holds key patents...it is hard to imagine any of us competing head on...and make no mistake about it: a "Pretty Good Digital Cash" scheme would, on the whole, be a much larger project than PGP was), etc. Just my views. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ravage at bga.com Mon May 30 17:11:06 1994 From: ravage at bga.com (Jim choate) Date: Mon, 30 May 94 17:11:06 PDT Subject: 100 consecutive composite numbers (fwd) Message-ID: <199405310010.AA09704@zoom.bga.com> Forwarded message: From hfinney at shell.portal.com Mon May 30 17:19:11 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 30 May 94 17:19:11 PDT Subject: IMP (was Re: ecash-info (fwd)) Message-ID: <199405310020.RAA01160@jobe.shell.portal.com> > From: rah at shipwright.com (Robert Hettinga) > >> http://digicash.support.nl > This, like CommerceNet(tm), seems to be pretty much under construction. > The store windows look nice, however... I agree with this, which is why I don't understand why you said: > 1.) Chaum's e-cash coupled with WWW/Mosaic is a de facto internet > mercantile protocol. You're jumping the gun here a little, aren't you? There is no evidence yet that Chaum's current proposals are going to catch on. The CommerceNet idea seemed to have more backing judging from the press releases. And it did not appear to support anonymous transactions. > 2.) It seems to me that that e-cash, contrary to the status quo's thinking, > is *critical* to internet commerce. An anonymous cash market is most > unrestricted and efficient market there is, because privacy/security (more > than trust, I think) is the capstone of any serious transaction mechanism. I don't follow this argument. You are suggesting that an anonymous cash market would be more efficient than one based on checks and credit cards? It would have lower transaction costs, so things would be available for lower prices? Why is this? The hypothetical discussions we've had here on "if I ran an anonymous bank" often talked about service charges. Your use of the term "capstone" is unclear in this context. Are you suggesting that retaining privacy is more important for most people than trusting a seller in most transactions? Most people would rather buy from FlyByNight Corp if they could stay anonymous than from Sears using their credit card? I don't think so. For some people, the kind who won't use checks today and get by with cash and money orders, this might be true. But I don't see it as being the rule. > The imp-interest people seemed to be afraid of e-cash because the > Chaum-patent hairball reminded them too much of the RSA/PGP fight, and > probably because they didn't want to be associated with any wild-eyed > crypto-anarchists(tm). (As a dyed-in-the-wool yellow-dog congenital > up-by-your-bootstraps crypto-fascist republican, I haven't the > slightest idea what they're talking about. . .) It seemed to me that the IMP list discussions degenerated into flame wars between Detweiler and cypherpunks. Those in the middle, which included most subscribers, were shocked and disgusted by Detweiler's crude flaming and this made everyone uncomfortable about bringing up the topic of anon- ymity and cash. With Detweiler on the list it was impossible to have a serious discussion of the matter. > 3.) Since a big pile of the discussion on this group lately has been about > our collective concerns about an RSA-approved version of PGP, I think there > is a real parallel here in e-cash. Not that some enterprising cypherpunk > should immediately code up "e-cash for the masses"; that would be way cool > but probably not within the second-mortgages of the people here. However, > some effort should be made to get Chaum et. al. to see to logic of > distributing *both* the "cash-register" and the "wallet" of this e-cash > system to anyone who wants it. It seems that, like Mr. Bill (Gates), his > real market is the people who make e-cash ("banks", "currency exchanges", > "mints"), not the people who use it. Chaum is trying to make money off his ideas. In doing so, he is being guided by the invisible hand of the market to try to find those niches where his technologies can be most profitable. Maybe going after the bankers is the wrong idea, but it is understandably tempting to prefer trying to get millions of dollars from a few people than a few dollars from millions of people. It does sound, though, like he is trying to branch out now and spread his technology around. Perhaps he will follow the lead of RSA and make a "ChaumREF" free implementation of his cash technology. The Commerce- Net model had RSA supplying free client software while charging the vendors licensing fees, I believe. Chaum may be planning a similar approach. It would be nice to see more details about what Chaum has in mind. My WWW access is very weak. Could someone summarize what is available at the page listed above? Hal From rah at shipwright.com Mon May 30 17:24:09 1994 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 30 May 94 17:24:09 PDT Subject: IMP (was Re: ecash-info (fwd)) Message-ID: <199405310022.UAA12781@zork.tiac.net> Oh boy. Now I'm in for it... I *really* didn't mean to put the ball through the window, mister, I was just trying to play.... Tim May said, > >David Chaum's work is of course central to Cypherpunks... [Agree to all up to this point \|/] >IMP-interest folks had an especially naive view, for the most part >(based on posts I saw and things I heard from participants). I wished >them well, but it seemed unlikely that a group of such hobbyists could >build a real digicash system while avoiding Chaum's work! > >> implicit in it was a sort of top-down-plan idea that was incongruous with >> the do-it-first ethic of the internet. Cypherpunks write code, or Chaum >> does, anyway ;-). > >Even with the smiley, are you implying Cypherpunks don't actually >write code? [I think the ball goes through the window about here...] I *really* didn't mean that at all. I did not *even* mean to "cast asparagus" on your collective efforts. *Really*. What I meant is that Chaum seemed to be making the implicit claim that he had gone out and done something a whole lot of people around here seem to have been hoping for for a long time: an Internet Mercantile Protocol. *Not* a Kerberos-based Billing Server, *Not* anonymous credit cards, *Not* a coffee-klatch at a BOF session somewhere, but a real way for people to do cash transactions on the internet. I think of Chaum as the 900 lb gorilla in all of this. Chaum is really (because he owns the patents, after all) the only guy who could do something here. I am _happy_ that he and his folks have kicked the snowball down the hill. In my enthusiasm, I was applauding Chaum for doing something whose time has come; I was *not* saying anything about the efforts of the people on this list. If I gave that impression I *really* apologize. Now the other stuff... >> Could we talk about IMP here? > >Digital cash is discussed here often. And every one of the various >"digital money" schemes announced by folks has--I think--been forwared >here and discussed. In my view, Cypherpunks have talked a lot more >about Internet Mercantile Protocols than the IMP-interest list has >talked about crypto (an absolutely core technology, of course). Having read the roasted-over imp-archives on thumper at belcore, I agree. I was making the request in light of the fact that you folks have worked over this ground before. I was asking your indulgence more than anything else... > >> 1.) Chaum's e-cash coupled with WWW/Mosaic is a de facto internet >> mercantile protocol. > >Hardly. Maybe it will be in the future, but enough infrastructure >pieces are lacking that it can hardly be called a "de facto internet >mercantile protocol." [snip] > >(Cf. the soda archives for a "Glossary" and various articles on >Chaumian things.) [will do] This is the main point of my posting, I believe. It seems to me that more than that is being claimed by Chaum and Co. [snip] >Of course crypto and true digital cash is central....this is our whole >message, nearly. Violent agreement here... >You may be new to the list, but Magic Money/Tacky have been discussed >as recently as last week. And ftp sites have been listed. Also, within >the last week there were several discussions of making the schemes >more "usable by the masses." (Having said this, MM is _not_ an easily >usable, readily-convertible currency or even a payment xfer system for >real currency...again, see the many posts on this.) I agree. I just started learning about all this stuff in the last three months or so. But, I've been lurking here since. I have been paying attention. Honest. I've been trying to do my homework. I've pulled everything down out of Nexis/Lexis that I could find on Internet Commerce and Digital Cash, Chaum, Eric, the Cypherpunks group (not you in particular, I'm afraid ;-)). Hell, I've even read Schneier, though for the life of me I couldn't discuss 10% of the technical stuff and keep a straight face (for pretending like I knew what I was talking about, in other words). > >> Just a second. My flame-suit is around here somewhere... OK. Flame on. Putting this thing on has drawn more fire than it kept off of me. I better keep it off. > >I don't think of my comments as flamish, but the comments here seem to >bespeak no awareness of the heavy focus Cypherpunks has had on digital >cash for a long time. Here's where I wish eudora had a "say what I mean" feature... Again my apologies... >That we have not "deployed" digital cash is >related to many factors, including patents, lack of financial >incentive (Chaum's folks have spent perhaps 10-20 man-years and >several million dollars, and Chaum holds key patents...it is hard to >imagine any of us competing head on...and make no mistake about it: a >"Pretty Good Digital Cash" scheme would, on the whole, be a much >larger project than PGP was), etc. I suppose my point was that Chaum seems to be seeing what is happening out there, (CommerceNet) and has decided he can make things happen by opening up things a little bit. I applaud this. I was egging him on. I was *not* trying to get my tail-feathers fried. My analysis may be simplistic, but when Digicash Inc. says this: > >Payment from any personal computer to any other workstation, over >email or Internet, has been demonstrated for the first time, using >electronic cash technology. I figure that somebody acted. Somebody wrote code. Is it shipping? I have a product I'm dying to sell this way right now. Maybe I should wait a day before I post when I get excited about something... As it is, I feel like Garth and/or Wayne. "I'm not worthy!, I'm not worthy!" I really didn't want get into it with Tim May of all people... How many lawns do I have to mow to pay for the window, mister? ;-). ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From ebrandt at jarthur.cs.hmc.edu Mon May 30 17:59:12 1994 From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Date: Mon, 30 May 94 17:59:12 PDT Subject: Detweiler's motivations In-Reply-To: <9405302236.AA24055@flammulated.owlnet.rice.edu> Message-ID: <9405310059.AA25238@toad.com> Karl said: > I agree it is difficult to determine Detweiler's motivations; I've > carried on quite civil email exchanges with him... but the posts from > tmp at netcom.com are quite bizzare. He's still mostly normal in e-mail. However, I think it's best to be careful what you say. I once responded to a question of his about actual instances of PSEUDOSPOOFING; I mentioned a user here who spent some time replying to himself on rec.music.industrial. His response was something along the lines of "hee hee you're a tentacle", and now look what he's doing to talk.politics.crypto et al.... Hal's analysis seems plausible to me. This whole self-reply cascade has got to be some kind of surreal propaganda maneuver. Eli ebrandt at hmc.edu From peb at netcom.com Mon May 30 18:04:20 1994 From: peb at netcom.com (Paul E. Baclace) Date: Mon, 30 May 94 18:04:20 PDT Subject: to The Atlantic Message-ID: <199405310104.SAA19257@netcom.com> Here is my final draft to the editor of The Atlantic in response to the June '94 article by James Fallows entitled "Open Secrets". ---------------------------------------------------- Editor The Atlantic 745 Boylston St. Boston, MA 02116 May 20, 1994 In James Fallows' article "Open Secrets" (June 1994), the Clipper chip and Digital Telephony bill are discussed with admirable clarity. The presentation of public key cryptography is the best I have seen for a lay audience. However, some incorrect implications from the article might be assumed unless several additional facts are pointed out. Government use of the Clipper chip is approved by the NSA for the transmission of non-secret information. The article gives the impression that Clipper is so strong that military and intelligence services would use it, but this is not so. Given this, concern is warranted about Clipper's actual degree of security or about possible secret back-doors. The 50,000 people who supported an Internet petition against Clipper were concerned about the classified nature of the algorithm. The Open Secrets article brushes this aside as an apparent distrust of bureaucracy. In actuality, cryptographers have always maintained that no cryptosystem can be trusted unless it is openly developed and tested. This is based on mathematical and programmatic aspects of cryptography that are ubiquitously used in mathematical proofs and software testing. In the absence of this open development, the only thing citizens can do is trust the NSA, an organization that is not directly accountable to citizens. However, the NSA has major incentives to support cryptosystems which are breakable only by their organization without using the escrow keys. A back door is difficult to recognize even in a non-secret algorithm, but in a secret algorithm it is essentially impossible to determine. (Historically, the NSA has backed encryption technology that it can break; the DES algorithm it approved for commercial usage is breakable by the NSA.) The FBI has never released statistics about how they are thwarted by encryption technology or by digital telephony. How can a citizen judge the need for Clipper and the Digital Telephony bill without such information? The Digital Telephony bill broadly defines telephone technology and even imposes exorbitant fines on private telephone systems that do not implement remote wiretapping capabilities. Since any multimedia computer today can be turned into a telephone by simply adding software, will this law have an unintended effect on individuals? The Digital Telephony bill will make wiretaps cheaper to implement because the consumer pays for the implementation. Since spying is limited by economics, this bill could increase the extent to which wiretapping is abused. And finally, it should be mentioned that the first NIST press release on the Clipper chip said that citizens do not have a right to unbreakable encryption. Thus, the administration started off with the goal of restricting encryption and only after opposition did they start saying Clipper was voluntary. Given their original intentions, which challenge the First Amendment, there is reason to be concerned. From hart at chaos.bsu.edu Mon May 30 18:05:05 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Mon, 30 May 94 18:05:05 PDT Subject: encrypted IP Message-ID: <199405310102.UAA15186@chaos.bsu.edu> Does anybody have an update on the crypto IP efforts? I've heard there are several commercial products, including weakened U.S. DES versions from Semaphore Technologies, Motorola, Hughes, and UUNET technologies. Also, some higher quality foreign versions. How many of these products interoperate across vendors? Are there any public domain versions available or in the works? Any emerging standards, so that if I wrote my own system it could interoperate with other crypto IP based clients and servers? thanks, Jim Hart hart at chaos.bsu.edu From tcmay at netcom.com Mon May 30 18:50:46 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 30 May 94 18:50:46 PDT Subject: IMP (was Re: ecash-info (fwd)) In-Reply-To: <199405310022.UAA12781@zork.tiac.net> Message-ID: <199405310150.SAA28702@netcom.com> In the interests of brevity, I'll make my points without quoting Robert Hettinga's article. 1. Like I said a couple of times, no flaming was intended. I was only urging what I ordinarily urge, that super-enthusiastic newcomers get some idea of context, the better to see how ideas fit together and the better to avoid making "Cypherpunks are doing enough" types of comments in any form. 2. Many newcomers seem to arrive on the List excited about the Glowing Digital Future and then learn that things are not on the verge of Happening....some of them urge us to "Do something!" or aver that we are not really "writing code." I think it's important that Cypherpunks understand that Changing the World is exciting, and likely, but will not happen easily or casually, and that most Cypherpunks are not able to work on things full-time, with budgets, assistants, etc. 3. Enthusiasm is good. In fact, it is necessary. But too many newcomers arrrive on the list, rail against the lack of progress in some area they favor, and then either leave the list or become dormant. A few become coders of important new capabilities, or analysts of events and directions. 4. I urge all those interested in digital cash, Chaumnian anonymity, etc., to read the many articles. These have been cited many times, and are referenced at the soda site. "Scientific American" had an article in July 1992 on this, for example. And as we have said so many times, the "Crypto" Conference Proceedings (and Eurocrypt, Auscrypt) carry the key research articles. 5. Robert mentioned "egging Chaum on" with his comments. Let me assure you all, Chaum does not need egging on by cheerleaders...he does not even read this List, and the stakes in digital cash are so enormously high that our comments are as nothing. I'm just being realistic here. 6. What we can do is to continue to prepare for this, to look for technial or political weaknesses in proposed protocols, lobby others we may talk to, and so on. Just as with other aspects of crypto. It is also remotely possible that a Zimmermann-like person (or group) may develop a PGDC scheme. Maybe. But PGP took PRZ a lot of time, and that of the v 2.0 crew that helped (many of them on this List!), and hence it may not be too likely for a while. (Also, absent banks that will honor PGDC--though some efforts may change this--the challenge will be enormous. And straight encryption is vastly more understandable, conceptually and practically, than digital cash protocols.) 7. The "voice encryption" is probably more important right now, and much "easier" to implement. It also can be done by independent groups without as much need for "buy-ins" by institutions. In any case, the "occupational disease" of Cypherpunks is to become convinced that some facet of crypto is so important that all other efforts should be abandoned. In the past, we have had folks strenuously argue that random number generators were crucial, others that "stealth PGP" was by far the number one priority. And so on. 8. We're an anarchic band. Lots of advantages here (nobody to arrest and charge with the crimes of the group, strenth in diversity, etc.). Some disadvantages, of course. In any case, no budget, no staff, no formal goals, no group projects. Only what sufficiently-motivated individuals or small groups will choose to work on. Thus, most of the "we all ought to work on X" posts are flawed. We may slip into this language as shorthand for saying we think something is especially important, but is seriously in error to ever think that we can make something a "group" goal. This came up in a different, non-technical context several weeks ago when one bunch wanted Cypherpunks to become a "spokesperson" group (like EFF), with a database of "resumes" of oppononents of Clipper ("to show that not all Clipper opponents are hippie hackers" or somesuch) and when another bunch (or one or two people) wanted Cypherpunks to become a lobbying group. In both cases, failure of the others to rally behind these proposals produced apparent anger or frustration on the part of the proponents. Which was too bad, but typical of an anarchy. ("Herding cats" is the usual metaphor.) Robert Hettinga writes: > I figure that somebody acted. Somebody wrote code. Is it shipping? I have a > product I'm dying to sell this way right now. It will likely be at least a few years, in my estimation, before enought peopole are using this so as to create a market. Meanwhile, sell your product the normal way...unless the privacy/anonymity issues are critical, why wait? > > Maybe I should wait a day before I post when I get excited about > something... As it is, I feel like Garth and/or Wayne. "I'm not worthy!, > I'm not worthy!" I really didn't want get into it with Tim May of all > people... > > How many lawns do I have to mow to pay for the window, mister? ;-). > Just read the articles. You don't have to be a number theory expert, debating birthday paradoxes with Eli Brandt, Hal Finney, Jay PP, Eric Hughes, and the other number theory savvy folks, but some overall sense of where things are going (and where they have been, etc.) is best gotten from the literature. Cheers, --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From mike at EGFABT.ORG Mon May 30 20:46:05 1994 From: mike at EGFABT.ORG (Mike Sherwood) Date: Mon, 30 May 94 20:46:05 PDT Subject: PGP 2.6/Turbo C Message-ID: I'm running Turbo C++ 3.0 and get "Invalid configuration file" when trying to load pgp.prj to compile pgp 2.6. Anyone else try this type of setup to compile 2.6? I've been able to reproduce this result on multiple machines starting with the signed .zip file. Anyone that can offer any suggestions? thanks -Mike -- Mike Sherwood internet: mike at EGFABT.ORG uucp: ...!sgiblab!egfabt!mike  From hughes at ah.com Mon May 30 21:47:02 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 May 94 21:47:02 PDT Subject: IMP (was Re: ecash-info (fwd)) In-Reply-To: <199405301945.PAA11305@zork.tiac.net> Message-ID: <9405310454.AA00788@ah.com> 1.) Chaum's e-cash coupled with WWW/Mosaic is a de facto internet mercantile protocol. Hardly. The announcement just says it's available, not that anybody's using it. Since the information came from a press release, we can assume that lack of mention of an important customer, like a bank, means that there are no such customers right now. What that says to me is that DigiCash has looked for customers, and not found any. They've certainly had the time. Furthermore, it's not clear that this software can be both legally and usefully deployed in the USA. The Foreign Bank Secrecy Act of 1974 requires the microfilming of all checks of value over $100, with administrative provisions for extending the required recording keeping. Other check-like transaction accounts have since been added. So can a bank avoid this? First, they can limit transaction amounts to less than $100. That violates my criterion of usefulness; it would have some utility, to be sure, but just as surely would be a severely crippled utility. Second, they might be able to record the transaction as a "cash purchase". The problem here is that this accounting technique may be ruled non-compliant by the regulators, which would make the transaction _illegal_ (since there's not way to comply by recording both parties). The regulators have been authorized to move activities across the boundary of legality by legislative action. Now, one cost of deploying any such system would be the expected (negative) value of the risk taken in losing the whole development investment to an adverse regulatory decision, let alone possible actual penalties. Even beyond this, there's the IRS $10K cash reporting limit, and the attendant restrictions on structuring. Detection of structuring becomes much more difficult, and banks are held responsible for at least some of the enforcement. Here's another set of risks, like above. Just how big is the potential Internet market (in, say, two years), compared to other banking segments? Precious small right now, really. Just plain profitability is also an issue. Add to that costs of licensure and costs of risk and you're left with some significant barriers to USA deployment. 2.) It seems to me that that e-cash, contrary to the status quo's thinking, is *critical* to internet commerce. No, it's not critical. Some form of transaction mechanism is critical. Privacy is not critical to the bulk of the economy, though. Face up to it. If it were, it would be so obvious that we wouldn't be discussing it on a mailing list. In fact, _we_ wouldn't be discussing it, but rather a whole bunch of bank vice presidents. An anonymous cash market is most unrestricted and efficient market there is, because privacy/security (more than trust, I think) is the capstone of any serious transaction mechanism. Is anonymous cash really the most efficient? No, not in all cases. When no one is looking, the anonymity is irrelevant, and identifier-based schemes work fine. Is, for example, anonymity the most efficient for the Federal funds transfer network? No, because the values of money are so large that default on a transaction would case serious systemic problems. Cash does have some advantages, in particular its immediate and final clearing. These can reduce transaction costs in certain markets. Anonymity, however, is not a panacea. Characterizations of where anonymity is _already_ practiced indicate potential places for initial deployment. Negotiation for trades in the foreign exchange market are frequently anonymous, even though the trades themselves are not. There is a gold and silver exchange in Shanghai, I think it is, where the exchange keeps no records and all transactions are settled between traders. Motivated list members may wish to hit the libraries and look for more. 3.) Since a big pile of the discussion on this group lately has been about our collective concerns about an RSA-approved version of PGP, I think there is a real parallel here in e-cash. PGP only requires the cooperation of your email correspondent in order to function. The risk of a patent infringement suit is small, since the parties involved are small. Digital cash requires the participation of many more parties, some of whom have, almost of necessity, deep pockets. The parallel does not extend very far. Without the creation of an entirely black market which can remain completely unexposed (and this is more difficult that it appear even on second or third thought), it is unlikely that digital cash technology will be usefully deployed independently. Eric From hughes at ah.com Mon May 30 21:52:08 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 May 94 21:52:08 PDT Subject: The Cypherpunks' Electronic Book In-Reply-To: <9405302207.AA22877@toad.com> Message-ID: <9405310459.AA00802@ah.com> > CEB CAN START NOW > All that it takes to start CEB is some cooperation from Eric Hughes > in making some changes to Majordomo & in appointing referees. I'm afraid, then, that this project is doomed, because I don't have time to hack on majordomo. Gary Jeffers, however, could manage the whole thing with a cleverly written procmail filter, taking inspiration from the cypherpunks remailer on how to offer mail servers from user accounts. Eric From hughes at ah.com Mon May 30 22:01:51 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 May 94 22:01:51 PDT Subject: Popular opposition doesn't mean privacy is lost In-Reply-To: <9405302210.AA29949@ininx> Message-ID: <9405310509.AA00819@ah.com> While grudgingly accepting the larger message of your posting, I qualify this with the following observation: Thank you. I'll clarify what you responded to below. re: partisan issue v. direct action When you're engaged in politics, you try to be politic. When you're directly acting, you can tell 'em to fuck off. And I find no particular contradiction in participating in both contexts at the same time. The key is to realize that there are two different contexts with different rules of rhetoric. Egregious among the ``large, faceless organizations'' is the tyranny erected by the majority, ``at least half the people'', called democratic political government. Not everyone believes this. Be politic when doing politics. My interpretation of the welcome message has always been that a cypherpunk works to create his own privacy _in spite of_ interference [...] And do whatever you want when not doing politics. It was not my intention to become involved with political issues as such when cypherpunks started. Clipper changed that. Direct action of writing and deploying code should continue, as well as the political education and action necessary to allow deployment to exist. Eric From hughes at ah.com Mon May 30 22:08:01 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 May 94 22:08:01 PDT Subject: IMP (was Re: ecash-info (fwd)) In-Reply-To: <199405302243.PAA04445@netcom.com> Message-ID: <9405310515.AA00833@ah.com> re: IMP-interest folks [...] it seemed unlikely that a group of such hobbyists could build a real digicash system while avoiding Chaum's work! Well, the IMP people weren't tring to build digicash, but rather do internet commerce. Cash and anonymity were discussed, but were not considered central to the program. (2.) It seems to me that that e-cash, contrary to the status quo's thinking, > is *critical* to internet commerce. Of course crypto and true digital cash is central....this is our whole message, nearly. When I responded directly to the original message, I claimed that it wasn't central to internet commerce. I was speaking there about the realpolitik of deployment. Internet commerce can and might happen without anonymity. That doesn't make it any less central to my own and other's desire that it be present and available. Eric From hughes at ah.com Mon May 30 22:23:43 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 May 94 22:23:43 PDT Subject: IMP (was Re: ecash-info (fwd)) In-Reply-To: <199405310022.UAA12781@zork.tiac.net> Message-ID: <9405310530.AA00865@ah.com> I figure that somebody acted. Somebody wrote code. Is it shipping? I have a product I'm dying to sell this way right now. I'd like to hear something about this. If you don't want to talk about the product or it's means of delivery, fine. We're talking finance here now. My questions are: Total yearly expected revenue -- gives an idea about how much revenue is available to create intermediation. Distribution of buyers of the transactions -- is this more like a vending machine or a subscription service? A question of relative efficiency between identifier systems and cash systems. Total number of transactions -- gives an idea of the cost per transaction and the amount of capability to provide that number of transactions. Distribution of the amounts of the transactions -- are the amounts fixed, clustered, flat, or what? This also affects the relative efficiency of various systems. Distribution in time of the transactions -- another cost-to- rovide figure; peak load is important. If you don't want to discuss this in public, I also understand. Eric From catalyst-remailer at netcom.com Mon May 30 23:42:37 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Mon, 30 May 94 23:42:37 PDT Subject: Magic Money 1.1/AutoClient Message-ID: <199405310642.XAA12123@netcom.com> -----BEGIN PGP SIGNED MESSAGE----- Magic Money V1.1 with AutoClient and MultiServer Capability Uploaded to csn.org, should be available soon. Read README.MPJ in /mpj This is the automatic client I described a couple of weeks ago. This is a new version of Magic Money. It is compatible with V1.0 in both directions. The major improvements are: * Automatic Client allows software-automated services to accept and pay out Magic Money. * Coin files contain the keyid of the server that created the coins. This allows the Automatic Client to accept money from multiple servers. * New fifo.c fixes a memory-freeing bug in fifo_destroy. This fix was previously posted on csn.org as pgptlupd.zip The keyid is appended to the end of the coin file with a new packet type number preceding it. These coin files will be accepted by the V1.0 client. V1.0 coin files will also be accepted by the V1.1 clients. See the README10.DOC file for more general instructions about how to use Magic Money. This file concentrates on the changes. The Automatic Client performs the same functions as the manual client, except that it has no user interface. It is designed to be controlled by software (PERL scripts or C programs). The program is controlled by command-line arguments and information piped into stdin. All output is written to files or sent to stdout. Compiling AC.C with MM.C and the appropriate PGPTools files produces the Automatic Client. If you are using a PC, it is worthwhile to get the 8086.ASM file from PGP2.3a and use it. Define MSDOS, SMALL_MEM, DYN_ALLOC, and UPTON for the MS/DOS version with 8086.ASM. These defines work for both the normal and automatic clients. Automatic Client Commands The automatic client accepts one option, and zero, one, or two filenames. If run with no options or filenames, it will print a help screen. ac -[option] [inputfile] [outputfile] - -k display bank's keyid and client's keyid This prints the keyid of the bank on the first line, and the keyid of the client on the second line, as 8-byte hex strings. - -k [inputfile] display keyid of bank which made this coins.dat file, or the keyid needed to decrypt an ascii-armored pgp message. If the file is a coins.dat-type file produced by a client, this will produce the keyid of the bank that created it. If it is a PGP message, such as a reply from a server, it will produce the keyid the message is encrypted with. In either case, it returns an 8-byte hex string. If the file is from a 1.0 client, there is no keyid so you will get a NO_DATA error. There is a 1/256 chance that the byte at offset 9 from the end of file will match the identifier byte. In this case, you may get a no-good server id. If you get a server id but do not recognize it, assume this has happened. - -d list coin denominations Prints the available denominations of coins from the elist file, one denomination per line. These are all the possible denominations, and their presence here does not mean you have any coins of that denomination. - -i [outputfile] initialize client (key length, key name from stdin) This initializes the client, producing the initialization message (which must be sent to the server) in the specified file. The bank.asc file must be present before running this. It creates a key to communicate with the server. The key length in bits, and the name for the key, are read from stdin. They should be on separate lines. - -l list all coins in allcoins.dat Lists all available coins as a stream of numbers, one coin per line. - -l [inputfile] print total value of a coins.dat (client output) file. Checks signatures and rejects if signature bad Prints one number, the total value of the coins.dat file specified. If any signatures are bad, or coins have unknown exponents, the program terminates with a BADSIG or BADEXP error. - -p [inputfile,outputfile] process a coins.dat file for exchange with the server. Reads from stdin a list of coin denominations to create, terminated by 0. Writes to stdout a 128-bit transaction identifier. Before running this, you must have used the -l above and decided what denominations to create. Then run this to process the coins and prepare a message for the server. Feed the denominations you want into stdin, one number per line, terminated by a zero. There is no checking here. If you specify less value than you are turning in, you will lose value. If you specify more, the server will throw out the transaction and you will lose all the coins you are depositing. This function writes out one value to stdout: a 128-bit hex identifier. This is an xor of the coinids of all of the new protocoins created. This allows your script to identify this transaction when it comes back from the server. - -r [outputfile] Reinitialize (generate init packet) This generates a new client initialization packet. If your system is inactive for a while, do this, send it in, and run -s on it. This will check for a coin expiration and update your elist if necessary. - -s [inputfile] Process a response from the server. Outputs the 128-bit transaction identifier, followed by total value, followed by any message from the server. This takes a reply from the server (ascii-armored) and processes it, adding new coins to your allcoins.dat file and removing the corresponding protocoins. The output is: on the first line, the same 128-bit identifier generated by -p when this transaction was prepared. On the second line, the total value added to your coin file (same as the value of the coins you created in the -p). Following that, any message from the server, if there is one. If -s is run on a response to a -i or -r initialization, it will return 00..00 for the identifier and 0 for the value, because no coins were processed. - -w [outputfile] Withdraws coins for payment. Accepts a list of coin values from stdin, terminated by a zero. Extracts coins from your allcoins.dat file and writes them to the output file. Send to stdin a list of values to create, followed by a zero to terminate. The output file can then be processed by another client. - -x Returns the total value of any old coins (in danger of expiration) Checks for old coins that are in danger of expiring. Outputs the total value of all old coins, or zero if there aren't any. - -x [outputfile] Exchanges old coins. Accepts a list of denominations and generates an identifier like -p This is like -p for old coins. Run -x above first, decide what denomin- ations you want to create, and run this. Feed in the denominations, term- inated by a zero, and send the output file to the server to exchange your old coins for new ones. If you have expired coins (you didn't exchange them in time) this will throw them out. Error codes (from MM.H) These are returned by exit(code) when the program ends. A 0 is good, anything else is bad. The only errors that are not included here are out-of-memory and missing rand.dat file. These will still print English messages, however, if the system is correctly set up, they should not happen. #define MMAC_OK 0 /* Normal exit */ #define MMACERROR_BADCOMMAND 1 /* Bad command */ #define MMACERROR_NOFILE 2 /* File not found or inaccessible */ #define MMACERROR_NODATA 3 /* Data such as a key not found */ #define MMACERROR_BADSIG 4 /* Coin/file has bad signature */ #define MMACERROR_BADEXP 5 /* Coin has unknown exponent */ #define MMACERROR_NOCOIN 6 /* Tried to use nonexistent coin */ #define MMACERROR_NOPROTO 7 /* No protocoin in file */ Using the Automatic Client Ok, that's great, but how do I use it? For an automatic service, you want to receive coins, process them, get the response back from the server, and then perform some service. You may optionally want to send some coins back to the person. So first, when a message comes in, you have to decrypt it or dearmor it or uudecode it, or whatever is necessary to get a binary coins.dat file. Then run -l [file] to check its value. If you get a value and not an error, figure out what denominations you want. -d will list all possible denominations. Now run -p [file] [output file] and send it your list of denominations. Record the transaction id output from the client, along with whatever information you need to keep about the service the customer wants. Mail the output file off to the server, and go on to the next problem. When the message comes back from the server (-k [file] and compare with -k to verify it is encrypted for your client) run -s [file] on it to deposit the coins in your allcoins.dat file. The output from the client gives you the transaction id, value, and any message. Use the transaction id to look up the information you recorded earlier, and deliver the service to the customer. The value can be verified if you want, and the message should probably be saved in a file for later reading. You can check each new message against the last one and only save it if it has changed. Occasionally run a -x to see if you have any old coins. If so, figure out what denominations you want to trade them for, and run -x [file] to exchange them. You can probably do this part by hand, since coin expirations are pretty rare. To pay out money, do a -l to find the denominations to extract, then do a -w to withdraw them into a coins.dat file. Handling Multiple Servers You can run a service that accepts coins from multiple servers. To do this, you have to keep a separate client directory for each server. When a coin file comes in, run -k [file] to determine which server it is for. Using the server id as the directory name would make life much simpler. Then CD into that directory and process the coins from there. If you get coins from a 1.0 client (which has no server id), you will have to go into each directory in turn and try a -l [file] on the coins. You will get an error return on each one until you find the right directory. If messages are coming back from multiple servers, using -k [file] on the incoming message will tell you which client's key it is encrypted with. Running -k will tell you the key of that client (on the second line). - From this, you can determine which client should process that server's reply. This is probably easier than using the from line in the email. Ideas for Automated Magic Money Applications Currency Exchange - Accept one currency and return another, skimming off a profit. Find the correct exchange rates where the same amount of each currency is coming in and going out. Pay-For-Use System - Accept Magic Money to pay for remote access to a machine, use of a MUD, remailer, news posting service, etc. Gambling - Accept bets on sports, the stock market, horses, etc. This is the MGMNY11A release. That means it might have bugs. If you find any, please post them on Cypherpunks at toad.com or alt.security.pgp. These are also good places to announce your service, or to contact me. Pr0duct Cypher "One line of code is worth a thousand rants." -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLerF1MGoFIWXVYodAQFtVAQAn7HOBDX4bg6MZv6uAgr3KhDfpTsAF1Te i8C9WjWGgPlqv6wJz+uACBo9dKnT5oP3u7foz3rB7GRp8UHHGBs2u8TjvTeedrQ4 wUit6Bb3LcmwRPjQ8MfLK3cam8EeNsy9Hn9hqw9fm7xs4jwgaqsZU8dslthSEdh4 lab6JYE0vWM= =7QpT -----END PGP SIGNATURE----- From phantom at u.washington.edu Mon May 30 23:45:59 1994 From: phantom at u.washington.edu (Matt Thomlinson) Date: Mon, 30 May 94 23:45:59 PDT Subject: Seattle Times cpunks article, 5/27/94 Message-ID: Paul finally polished this one up and put 'er in print. It talks about the NSA document, cypherpunks, and clipper. Pretty good, I thought. (c) 1994 Seattle Times, I'm sure.. ;) Is government chipping away at freedom, privacy on new information highway? --------------------------------------------------------------------------- -Another in a periodic series looking at the impact of technology on contemporary society- By Paul Andrews, Seattle Times staff reporter Long dormant, '60s-style civil disobedience may soon make its reappearance -- not at college campuses or draft inductions but on the information superhighway. The issue this time around: electronic privacy. An underground computer group, known as cypherpunks, is among a variety of groups fighting the Clinton administration's attempt to monitor electronic communications, saying it smacks of Big Brother and thought control. And they're intent on using the electronic equivalents of protest marches, sit-ins and card burnings to make their point. The dress rehearsal came last month when cypherpunks distributed the employee manual of the National Security Agency over the Internet in an attempt to embarrass the administration. The incident was generally viewed as a teenage prank. Although an intriguing glimpse into the psychology of one of the government's most secret bureaus, the manual is not a "Top Secret" document. The agency contacted and questioned at least one cypherpunk, but took no formal action. "There was no information in the document that would be considered damaging to national security," said Judi Emmel, public-relations officer for the NSA. But observers say the episode presaged the inevitable: digital enactments of civil disobedience not seen since publication of the Pentagon Papers in 1971. In that case, a one-time Pentagon consultant named Daniel Ellsberg leaked documents to The New York Times and Washington Post, detailing decades of official deceit, ineptitude and ignorance over Vietnam foreign policy. The Justice Department attempted--unsuccessfully--to bar newspapers from printing the papers, arguing that publication threatened U.S. soldiers and wartime strategy. Ellsberg, whose action contributed to President Nixon's eventual disgrace and resignation, was charged with 12 counts of espionage, conspiracy and theft. The case ended in a mistrial. Inevitably, Net observers say, an Ellsberg-style cyber protester will post classified documents on the Internet--not as a prank, but to embarrass, disrupt or otherwise bait the government. Digital protests could take other forms as well -- everything from mail "bombs" -- long files meant to slow a system's functions or operations -- to viruses or "hacking" (entering and damaging files in) federal computers. If such actions happen, the government's response may move legal principals behind the First Amendment and Bill of Rights to a new and untested electronic arena. "It's absolutely going to occur," said Winn Schwartau, author of the recently published "Information Warfare." As government documents leak and people get hold of them, whether for personal or political reasons they're going to be on the Net." Like Ellsberg, cypherpunks say their aim is to expose government mendacity and incompetence as a defense of the public's right to know in a democracy. Their target: the Clipper chip, a device placed in computers that would enable security agencies to eavesdrop on, store and search all electronic communications. Last month's episode began when a 25-year-old Austin, Texas, computer engineer, Chris Goggans, posted an electronic version of the NSA manual in Phrack, an on-line magazine he publishes. It was then copied and redistributed to Electronic Frontier Foundation (an activist organization) and cypherpunk news groups on the Internet. Goggans, who uses the on-line alias "Erik Bloodaxe," reported that he received the manual in a white envelope with a Silicon Valley-area postmark and no return address. It's impossible to determine how many of the Internet's estimated 15 million to 20 million users saw the posting. Among the Net's community of users concerned about electronic privacy, it received wide distribution. Traditionally the NSA, whose specialty is decoding encrypted information, has been steeped in secrecy. During the Cold War era, its existence was routinely denied, but it has become more open since President Clinton office. The NSA manual urges employees to be vague about their job without drawing "attention to themselves nor to their association with this agency." Intelligence employees with specific job classifications are directed to "generalize" their titles to "research analyst." The manual states that it is "FOR OFFICIAL USE ONLY," encompassing "information or material which, although unclassified, ... should not be given general circulation." If the manual is disclosed, "appropriate administrative action will be taken to determine responsibility and to apply corrective and/or disciplinary measures," it states. Emmel indicated that the agency, although "not particularly pleased" with the cypherpunk posting, did not consider it illegal. "A Freedom of Information request could do the same thing," she said. Cypherpunks say the symbolism is more meaningful than the action itself. The manual was posted "to embarrass the NSA at a point where they are pushing the Clipper chip," wrote Grady Ward, an Evergreen State College graduate living in northern California, in response to an electronic inquiry. "If the NSA can't keep its own security manual from the hands of the public, what guarantees they can keep the Clipper keys" from falling into the wrong hands, he said. Ward was contacted afterward by an NSA security officer, whom he gave instructions on how to subscribe to Phrack. A Seattle cypherpunk, Matt Thomlinson, who goes by "Phantom," said he would have published the NSA manual even if it had been classified. A Univeristy of Washington senior from Auburn who had never heard of the Pentagon Papers episode, Thomlinson said he would publish classified documents to make a point only if doing so would neither harm national security, nor put someone in physical jeopardy. "It really depends on the situation," he said. The Clipper chip is designed to encrypt data transmissions over telephone lines so they cannot be read without a decoding key. Under the administration's plan, one half of the key would be held in escrow by the Treasury Department and the other by the National Institute of Standards and Technology within the Commerce Department. Government security agencies would have to get permission from the escrow agencies to use the key to decode suspect communications. Cypherpunks, a largely anonymous group of programmers whose name combines the terms cyberpunk and cipher(using the British spelling), support encryption, but say only senders and recipients should hold the keys. They argue that the Clipper keys would fall into the hands of terrorists, criminals or spies. "The idea that nobody will do this is ludicrous," said Scott Northrop, a Seattle cypherpunk who uses the pseudonym "Skyhawk." "The incentives are enormous." The Clipper chip would be replicated, they say, or obtained by a double agent such as Aldrich Ames, who has been in the news latedly for selling classified material to the Russian government. "They (cypherpunks) didn't have to go to the trouble of printing the NSA manual to make their point," said Jim Warren, a Silicon Valley computer-industry pioneer who founded an annual conference on Computers, Freedom and Privacy. "Aldrich Ames is evidence enough." Warren thinks foreign corporations after trade secrets would eagerly pursue Clipper technology -- "and they have a considerably more suspicious profile than foreign governments." The administration counters that without the Clipper "trap door" capability for monitoring communications, encryption will be used to conceal covert or illegal activities from enforcement authorities. Administration officials have suggested that without Clipper capability, encryption may have to be banned altogether. An attempted ban would be a folly, said Schwartau: "From a political, social, technological and pragmatic standpoint, it ain't gonna happen." A popular slogan on the Internet sums up opposition to a ban: "If encryption is outlawed, only outlaws will have encryption." Unswayed, the administration is moving to put Clipper encryption in government interagency communications. So far it has indicated that compliance by private industry and citizens should be voluntary. If classified documents were posted on the Internet, it's unclear what government response would be. Emmel said such a step would be met with "appropriate action," but she declined to elaborate. ----- Matt Thomlinson University of Washington, Seattle, Washington. phone: (206) 548-9804 Check my home page -- ftp://ftp.u.washington.edu/public/phantom/home.html Get PGP 2.2 or 2.5 key via email or finger phantom at hardy.u.washington.edu From edgar at spectrx.sbay.org Tue May 31 00:43:26 1994 From: edgar at spectrx.sbay.org (Edgar W. Swank) Date: Tue, 31 May 94 00:43:26 PDT Subject: Diff utility available from SIMTEL Message-ID: <9wH7mc2w165w@spectrx.sbay.org> To: rel at lipo.st.co.at (Roland E. Lipovits) CC: Cypherpunks Roland, Thanks for posting the additional changes needed for Alan Barrett's formatting of 8-character Key ID's. It was very helpful. You also said, (Sorry for the format, I have no diff-utility therfore it's made by hand.) You can get a free diff utility from SIMTEL. dif115ax.zip 73327 02-04-93 B GNU Text file differences finder, v1.15, EXE You can get via FTP from Repository primary mirror site OAK.Oakland.Edu (141.210.10.117) and its mirrors wuarchive.wustl.edu (128.252.135.4), archive.orst.edu (128.193.2.13), ftp.uu.net (192.48.96.9), ftp.funet.fi (128.214.6.100), src.doc.ic.ac.uk (146.169.2.1), ftp.switch.ch (130.59.1.40), archie.au (139.130.4.6) or NCTUCCCA.edu.tw (140.111.1.10), ftp.technion.ac.il (132.68.1.10), or by e-mail through the BITNET/EARN file servers. If you don't have FTP you can order it via an E-mail server. To: LISTSERV at VM1.NODAK.EDU (ND State Univ - SIMTEL) Subject: any Body: /PDGET MAIL /pub/msdos/gnuish/dif115ax.zip -- edgar at spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From barrett at daisy.ee.und.ac.za Tue May 31 01:29:22 1994 From: barrett at daisy.ee.und.ac.za (Alan Barrett) Date: Tue, 31 May 94 01:29:22 PDT Subject: Diff utility available from SIMTEL In-Reply-To: <9wH7mc2w165w@spectrx.sbay.org> Message-ID: > Thanks for posting the additional changes needed for Alan Barrett's > formatting of 8-character Key ID's. It was very helpful. My changes, plus the horizontal spacing fixes that Roland noted, more horizontal spacing fixes that Roland missed, and a few other good things from various sources, are all incorporated in mathew's release of PGP2.6ui, available from ftp://ftp.demon.co.uk/ (sorry, I don't remember the directory name). As well as the .tar and .zip files, the distribution includes a patch file showing the differences between 2.3a and 2.6ui, and everything is signed by mathew. --apb (Alan Barrett) From jp at jep.pld.ttu.ee Tue May 31 02:58:16 1994 From: jp at jep.pld.ttu.ee (Jyri Poldre) Date: Tue, 31 May 94 02:58:16 PDT Subject: Estonian RSA chip Message-ID: <9405310952.AA17082@jep.pld.ttu.ee> I think that i was a bit rushing and did mainly focus on my own problem, that was this division. I will enlighten this more clearly, so that you do not think about me being 'FSP hard/soft/whateverware stealer'. Yes, this chip is basically 'FAST integer calculator' with different levels of microprogamming. I think that user-accessible levels include A*B mod Z , where A,B,Z are 510- local_register_ram_limit nr of bits. The only main difference about commercially available circuits would be relative cheapness- meaning that modular exponents are optimized in algorithm level, not via HUGE adder, and main force lies in 16 BIT calculations , needed for fast encryption algorithms. (EStimated speed using IDEA will be not less than 2 Mbit/sec, RSA key exch will be less than 0.4 sec. ), But still it will not contain IDEA or RSA to start with. ( though using primitives like A*B mod Z this is 10~20 lines of code. ) Now i do explain in a few words, why i do not like the idea of user tinkering with that. Every known cryptosystem using one-way functions contains trapdoor. While there will be no reason in users snooping around with things that run IDEA or DES just because you might lose the ability to have one-to-one mapping of data, there is nothing wrong in just changing a bit of RSA. Everything would possibly 'LOOK' the same with one guy opening trap^2 door occasionally. That would zero the whole meaning of the chip, what would otherwise work like that: (just for example i am using RSA and IDEA. ) CHIP would look like it ------------------------- RSA, D1, D2, E1, E2 I IDEA K1, K2 I <---> RAM RND generator I <---> interface to communication systems I ------------------------- IN RAM we will keep PUBLIC components and id-s of those we want to keep secure chat with. FOR RAM we will have D2,E2 the chips ID will be pair E1,D1 they will be generated inside chip and !!! Both of them not known to users!!!. when you want to initiate communication you bind 2 chips together and they will exchange public components through trusted channel - meaning you should avoid the write access to that channel- nothing is wrong with read access. It can be achieved rather easyly with 2 chip modules. ( 3 special lines and single sided PCB board- you 'see' the lines and it would rather hard to write into them ) after initialisation chips will store their partners Public components and real names in RAM using D2. Now the rest is obvious. After chip A receives talk request from Chip B it looks up public components in RAM and if it matches then uses these do decrypt and get IDEA key from X. If everything is Ok you will get data and the name of CHIP B. Now i cannot guarantee what happens between chip and terminal, but that is not my problem. For this chip-to-chip construct i could give money-back guarantee on some reasonable sums ( dependidng on the length of key change moduli and while-it-is-safe-to use IDEA or DES or whatever for one session.) Now let us look at it from the different viewpoint. Just imagine the possibility of firmware being left to user. I am not even thinking about stupid things like i-will-keep-the-code-secret. This simply won't work. Imagine you being able to reprogam this chip. I know that this would be hard, but it would be NPboring instead of NP-difficult task of factorizing large primes. For me as a constructor it makes no differnce to let or to let not user cahnge microcode technically, but i am still fond of my life and would tell the codes for firmware to publicity at once. Therefore my idea has been from the start open design while in devolopment and no user interaction when in production. ARGUE with me. - that is the main idea I am anyhow using VHDL firmware devolopment and have my own assembly language for this chip. So far I have decided no interaction in algorithms for user, due to licences it will possibly turn out the other way. Jyri Poldre from Tallinn Technical University PHONE/fax 372-6-392062 If it was not for the MIPS being so good at building CHIPS the yards would still be open for the lines remix, >From Pfloyd, The final Cut From jp at jep.pld.ttu.ee Tue May 31 03:41:06 1994 From: jp at jep.pld.ttu.ee (Jyri Poldre) Date: Tue, 31 May 94 03:41:06 PDT Subject: sorry, serios error in previoos text Message-ID: <9405311035.AA17289@jep.pld.ttu.ee> It is rather hard to factorize even small primes :-) it should of cource read like fact. large numbers. JP from TTU. From bart at netcom.com Tue May 31 04:19:01 1994 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 31 May 94 04:19:01 PDT Subject: http://digicash.support.nl = NULL In-Reply-To: <199405310020.RAA01160@jobe.shell.portal.com> Message-ID: <199405311119.EAA22274@netcom.com> Hopefully this does not presage anything, but just now its empty. From perry at imsi.com Tue May 31 04:31:26 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 31 May 94 04:31:26 PDT Subject: (fwd) Re: NSA Helped Yeltsin Foil 1991 Coup In-Reply-To: Message-ID: <9405311129.AA15931@snark.imsi.com> Jay Prime Positive says: > Date: Fri, 27 May 94 18:54 PDT > From: jpp at jpplap.markv.com (Jay Prime Positive) > > Infact, the birthday paradox just about garantees > that the number is less than E1*E2*E3. > > After thinking about it some more, I think I would like to rephrase > that. I don't think 2^k is nearly close enough to ((2^k)!)^(1/2) for > me to say 'garantee'. But, it is possible for E1*E2*E3 to excede the > number of permutations of the e1( e2( e3( x ))) system. Possible, yes. Indeed, I'd say its almost certain that you'll lose some fraction of a bit of key. I don't lose sleep over fractions of bits. In fact, this whole thing is completely silly. If it were possible to, say, break IDEA by then encrypting the IDEA output with DES using a key independant from the IDEA key, all an attacker would have to do is encrypt all IDEA ciphertext he gets with DES and he could break it -- DES then becomes a tool for breaking IDEA. If IDEA is secure, it is secure against almost all functions (ones selected with knowlede of the key being the exception) being applied to the ciphertext. I completely agree that your scheme is in theory more secure. So is a one time pad. People don't use impractical schemes that actually do lend real security -- why use one that only adds theoretical security? If I have a series of encryption functions applied with independent keys, the only way one can weaken another is if the systems were not secure in the first place. If one of the systems is secure, no number of non-secure encryptions applied with random keys is going to ever weaken it in practice. If it could, that would be the way to break the secure system, and even used alone it would not be secure. Perry From perry at imsi.com Tue May 31 04:56:02 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 31 May 94 04:56:02 PDT Subject: New MacPGP2.3a has arrived. In-Reply-To: <199405281636.JAA04048@netcom.com> Message-ID: <9405311155.AA15972@snark.imsi.com> catalyst-remailer at netcom.com says: > I know you guys like to talk instead of act, but outside of your > little debate club are real programmers building the future. One > work has been completed, a debugged and AE aware MacPGP. Please > release it, as it's source code is available. FTP to ftp.netcom.com > and cd to /pub/mpj and read README to get the name of the directory. > It's amazing that I've been at this a week and the rest of the > world is playing with it already, but whenever I get news of your > list, I hear there has been no action taken on this new release. Is my lack of action on this topic going to be of real impact to me? Will I be thrown in jail for not knowing what AE is, or why MacPGP might want to be aware of it? Will my inactivity result in the deaths of millions of sea otters? You hear that there has been "no action taken" on this new release. I promise to tapdance wildly later today. I know that many people assume that others will drop everything and immediately start doing whatever they ask, but frankly, why should *I* care? I don't even own a Mac ferchrissake. Perry PS please don't take this as a denigration of your work. I'm sure its good work, and I'm sure its of use to some people, perhaps even many people. I'm only suprised that you think that *everyone* should drop everything and pay attention. From perry at imsi.com Tue May 31 05:00:41 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 31 May 94 05:00:41 PDT Subject: Email Stalking on CNN In-Reply-To: <9405281338.aa18620@deeptht.armory.com> Message-ID: <9405311200.AA15982@snark.imsi.com> Jeff Davis says: > > With procmail, you can associate arbitrary actions with a match, so no > > it would not have to be silent. > > > > Rick > > You might pass this information on to CNN in Atlanta. Yup, Jeff -- information on Procmail is the sort of late-breaking wide-interest news that CNN jumps at. Perry From werner at mc.ab.com Tue May 31 05:23:13 1994 From: werner at mc.ab.com (tim werner) Date: Tue, 31 May 94 05:23:13 PDT Subject: procmail Message-ID: <199405311223.IAA26531@sparcserver.mc.ab.com> Someone said: >> > With procmail, you can associate arbitrary actions with a match, so no >> > it would not have to be silent. Will anyone who has procmail working please send me an example of how you use it? I am totally confused. thanks tw From perry at imsi.com Tue May 31 05:39:53 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 31 May 94 05:39:53 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: <9405301352.AA01278@prism.poly.edu> Message-ID: <9405311239.AA16025@snark.imsi.com> There are hundreds of interesting topics to discuss. We have only a limited amount of "cycles" available. There are other mailing lists for general political topics. This one is for cryptography. If Lifeguard is relevant, why not discuss, say, the War on Drugs, Clinton's health care plan, or the state of New York's subways? Perry Arsen Ray Arachelian says: > > What's the relevance to crypto or politics of lifeguard? > > What's the relevance of microphones in Dunkin Donuts? What's the relevance o f > Digital Telephony II? What's the relevance of 1984? What's the relevance > of yet another use of technology by Uncle Sam to strenghen law enforcement > and the millitary? > > I'm surprised at you Eric... I'd expected you jump on this from the other > side... From perry at imsi.com Tue May 31 05:53:53 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 31 May 94 05:53:53 PDT Subject: encrypted IP In-Reply-To: <199405310102.UAA15186@chaos.bsu.edu> Message-ID: <9405311253.AA16050@snark.imsi.com> Jim Hart says: > > Does anybody have an update on the crypto IP efforts? swIPe, which is a proposed network layer security protocol for the internet, may be read about in documents available from ftp://research.att.com/dist/mab/ A swIPe implementation should be available to the public very soon. Various work is being conducted to produce a security infrastructure for IPng. > I've heard there are several commercial products, including weakened > U.S. DES versions from Semaphore Technologies, Motorola, Hughes, and > UUNET technologies. These aren't actually general secure IP implementations -- they are usually more ad hoc than that. Perry From ndw1 at columbia.edu Tue May 31 06:32:08 1994 From: ndw1 at columbia.edu (Nikolaos Daniel Willmore) Date: Tue, 31 May 94 06:32:08 PDT Subject: New MacPGP2.3a has arrived. Message-ID: <199405311331.AA16818@ciao.cc.columbia.edu> :: Request-Remailing-To: cypherpunks at toad.com Nice four posts of noise toady PM. Drop everthing? How 'bout stick it on your ftp site and shut up about it? Dork. From remailer-admin at chaos.bsu.edu Tue May 31 06:51:52 1994 From: remailer-admin at chaos.bsu.edu (Anonymous) Date: Tue, 31 May 94 06:51:52 PDT Subject: No Subject Message-ID: <199405311348.IAA00713@chaos.bsu.edu> > From owner-cypherpunks at toad.com Tue May 31 09:34:37 1994 > Date: Tue, 31 May 1994 09:31:57 -0400 > From: Nikolaos Daniel Willmore > To: cypherpunks at toad.com > Subject: Re: New MacPGP2.3a has arrived. > Sender: owner-cypherpunks at toad.com > > :: > Request-Remailing-To: cypherpunks at toad.com > > Nice four posts of noise toady PM. Drop everthing? How 'bout stick it > on your ftp site and shut up about it? Dork. > Heh heh. Suggestion: Read the "How To" document for the remailers before trying something like this next time, Nikolaos Daniel Willmore. From snyderra at dunx1.ocs.drexel.edu Tue May 31 07:24:22 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Tue, 31 May 94 07:24:22 PDT Subject: New MacPGP2.3a has arrived. Message-ID: <199405311423.KAA10676@dunx1.ocs.drexel.edu> At 7:55 AM 5/31/94 -0400, Perry E. Metzger wrote: Is my lack of action on this topic going to be of real impact to me? >Will I be thrown in jail for not knowing what AE is, or why MacPGP >might want to be aware of it? Will my inactivity result in the deaths >of millions of sea otters? AE means Apple Event. If the new MacPGP supports Apple Events, that makes it scriptable, which is a wonderful thing. It means that I can (as I can do with RIPEM Mac today) pull down a menu in my mail reader, Eudora, and have a message encrypted or signed automatically. However, it appears to still be the infringing 2.3 code, which I won't run, given that I do live in the US. Let me know when a Mac version of 2.5/2.6 is out. Bob -- Bob Snyder N2KGO MIME, RIPEM mail accepted snyderra at dunx1.ocs.drexel.edu finger for RIPEM public key When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From gtoal at an-teallach.com Tue May 31 07:27:10 1994 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 31 May 94 07:27:10 PDT Subject: Message-ID: <199405311427.PAA03602@an-teallach.com> : From: Anonymous : > Nice four posts of noise toady PM. Drop everthing? How 'bout stick it : > on your ftp site and shut up about it? Dork. : > : Heh heh. : Suggestion: Read the "How To" document for the remailers before : trying something like this next time, Nikolaos Daniel Willmore. Xenon always was careless about that sort of stuff :-) I dunno why he bothers with anonymous remailers though, all those rants recently about people sitting on the source of MacPGP were *obviously* from Xenon - he doesn't even attempt to disguise his writing style... G PS I suggested it half in fun a couple of weeks back, but I'm now nearly certain that uni == tmp ... I'm also starting to suffer this really weird paranoid delusion that uni and tmp are both t.c.may - it would explain why tc never has time to post much, he's too busy being detweiler ;-) PPS While in paranoid mode, I thought I'd mention that I've noticed some of Detweiler's mannerisms emanating from email in New Delhi of all places. Weird. I think I must be cracking up. From ndw1 at columbia.edu Tue May 31 07:29:06 1994 From: ndw1 at columbia.edu (Nikolaos Daniel Willmore) Date: Tue, 31 May 94 07:29:06 PDT Subject: New MacPGP2.3a has arrived. Message-ID: <199405311428.AA21206@ciao.cc.columbia.edu> I wrote, >:: >Request-Remailing-To: cypherpunks at toad.com All right, we're both dorks. I'll ask politely. Will you please put the new MacPGP onto the Cypherpunks ftp site? It's on ftp.netcom.com in /pub/mpj/... only so far. I was contacted by whoever is releasing this thing about his/her woes in getting it out there. But as I have a new ITAR-clean ftp site/project, I'd like to not carry crypto code there. I've attracted a bunch of programmers with promises of a worry-free environment, and was trying to keep some distance from this thing. I gotta get back off this list, as all I'm seeing is the same old cynicism, inaction, and endless threads about money. That said, BTW, we're interested in what utilities and features you all would like to see from a large userbase of PGP users. - Nik From dct at python.cs.byu.edu Tue May 31 07:41:35 1994 From: dct at python.cs.byu.edu (David C. Taylor) Date: Tue, 31 May 94 07:41:35 PDT Subject: thanks Message-ID: <9405311441.AA05690@toad.com> Thanks for all the replies on Dispersed DES - a bit wiser now, I have decided to junk that version of the idea (seeing as CBC probably provides a great deal more protection with seemingly much lower security cost). David C. Taylor From whitaker at dpair.csd.sgi.com Tue May 31 07:46:06 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 31 May 94 07:46:06 PDT Subject: http://digicash.support.nl = NULL In-Reply-To: <199405311119.EAA22274@netcom.com> Message-ID: <9405310742.ZM26333@dpair.csd.sgi.com> On May 31, 4:19am, Harry Bartholomew wrote: > Subject: http://digicash.support.nl = NULL > > Hopefully this does not presage anything, but just now its empty. > I've checked it myself, and it's not empty. I think the error message above indicates a local problem resolving the URL. It looks fine from my machine. >-- End of excerpt from Harry Bartholomew -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From catalyst-remailer at netcom.com Tue May 31 07:53:21 1994 From: catalyst-remailer at netcom.com (catalyst-remailer at netcom.com) Date: Tue, 31 May 94 07:53:21 PDT Subject: New MacPGP Message-ID: <199405311453.HAA05825@netcom.com> >Why don't you ask Eric? 99% of the people on the list have no >administrative access to this or any other FTP site. (You could also >contact Mike Johnson, who runs a pretty good crypto archive.) Mike at mpj at netcom.com put it up within a day. That was a week after I sent it to both Erics, Tim May, and a few other people who were on this list who seemed interested in it. I *did* come to you guys first :-). What y'all been up to? Nice soda remailer, though it looks too hard to use ;-). - Nik From paul at poboy.b17c.ingr.com Tue May 31 08:18:09 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 31 May 94 08:18:09 PDT Subject: "lifeguard(?)": bullet tracking system??? In-Reply-To: Message-ID: <199405311518.AA17322@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- > [With apologies -- no, it's not cryptography.] > Considering the wide variety of gun noises and urban noise > artifacts, a lot of false alarms would be expected. On the other > hand some of them might be worth responding to from the police > perspective. It might be preferable to respond to firecrackers > early in the evening and discourage accidental or deliberate > arson later. The original report on CNN said that LLNL claimed their system didn't use sound for tracking. They wouldn't discuss further details, since the system hasn't been patented yet. Sci.military readers might remember that a debate about these types of acoustic locating systems took place there a couple of months ago. Apparently the UK has a vehicle-mounted system that they use to sniff out snipers in Northern Ireland. - -Paul - -- Paul Robichaux, KD4JZG | Out the 10Base-T port, through the router, perobich at ingr.com | over the leased line, off the bridge, past Intergraph Federal Systems | the firewall... nothing but net. Of course I don't speak for Intergraph. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLetVOafb4pLe9tolAQFOUAQAmG0clN+Zy0QolI82XENnwNShR12DInCF b98VLy6/a0U254/lGw9OBDKikFUZqxZ3F4XeIkUmrVmzAMZY0x5PpBRAN25a2g+J Jxs8vcoEpIz7uwBMpIXQUnrIdW22AtIxJSW53d6bZTgUASGA+upJBatPnMqYPz1y iJzmsFl5MJw= =qmyo -----END PGP SIGNATURE----- From jims at Central.KeyWest.MPGN.COM Tue May 31 08:23:51 1994 From: jims at Central.KeyWest.MPGN.COM (Jim Sewell) Date: Tue, 31 May 94 08:23:51 PDT Subject: Lawsuit In-Reply-To: <199405272154.AA05325@access1.digex.net> Message-ID: <9405311523.AA17424@Central.KeyWest.MPGN.COM> > > Timothy C. May scripsit > > > > I'd say you have some sleazy friends, then. For them to fax off copies > > of what they think of as rants is bad enough, but for one of your > > contacts to then "alert" the others is mind-boggling. > > The context was blurred with each successive forwarding. > I might add that as the forwarding went on, it ventured farther into the > "business associate" types, and much farther from the "friend" catagory. If the context was blurred by each of the people in the chain of friends and associates of yours before the 'uptight business associates' saw it then aren't they as responsible for you defamation as tmp is? Not an attack... I personally agree that lawsuits are acceptable in the right circumstance... merely an observation. Jim -- Tantalus Inc. Jim Sewell Amateur Radio: KD4CKQ P.O. Box 2310 Programmer Internet: jims at mpgn.com Key West, FL 33045 C-Unix-PC Compu$erve: 71061,1027 (305)293-8100 PGP via email on request. 1K-bit Fingerprint: 8E 14 68 90 37 87 EF B3 C4 CF CD 9A 3E F9 4A 73 From whitaker at dpair.csd.sgi.com Tue May 31 08:35:36 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 31 May 94 08:35:36 PDT Subject: Detweiler's motivations In-Reply-To: <9405310059.AA25238@toad.com> Message-ID: <9405310833.ZM26551@dpair.csd.sgi.com> On May 30, 5:58pm, Eli Brandt wrote: > Subject: Re: Detweiler's motivations > Karl said: > > I agree it is difficult to determine Detweiler's motivations; I've > > carried on quite civil email exchanges with him... but the posts from > > tmp at netcom.com are quite bizzare. > > He's still mostly normal in e-mail. However, I think it's best to be > careful what you say. I once responded to a question of his about > actual instances of PSEUDOSPOOFING; I mentioned a user here who spent > some time replying to himself on rec.music.industrial. His response > was something along the lines of "hee hee you're a tentacle", and > now look what he's doing to talk.politics.crypto et al.... > I had a similar thing happen to: Detweiler sent me private email some months back, in some apparent urgency, asking my opinion on "pseudospoofing", as "a director of the Extropy Institute". I replied that I wasn't in the business - as an ExI director or otherwise - of having an opinion on everything. This seemed to really bother him. He emailed me back, expressing his surprise that I didn't drop everything and respond to his clarion call. I'm told - though I didn't find out until a few days ago - that I too ended up being listed as a "tentacle". How amusing. > Hal's analysis seems plausible to me. This whole self-reply cascade > has got to be some kind of surreal propaganda maneuver. > Or a serious local loopback problem. > Eli ebrandt at hmc.edu > > > >-- End of excerpt from Eli Brandt -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From Marianne.Mueller at Eng.Sun.COM Tue May 31 08:36:03 1994 From: Marianne.Mueller at Eng.Sun.COM (Marianne Mueller) Date: Tue, 31 May 94 08:36:03 PDT Subject: Sun looking for applicants for secure networks Message-ID: <9405311534.AA14303@puffin.Eng.Sun.COM> Begging your pardon for this use of the mailing list, but, if you're looking for a job developing network security software, Sun's hiring. Please send resumes or inquiries to nick.johnson at sun.com. --Marianne Subject: Re: SPARCstorage array and striping Date: 23 May 1994 18:36:55 GMT Organization: Sun Microsystems Inc. Summary: Wanted: Network/UNIX Security Engineers Looking for candidates. Responsibilities: Working has part of the Corporate IR group these positions (2 currently open) are responsible for the internal security of Sun's Network. Individuals will develop and maintain security policies, perform audits on existing network and system implementations, develop tools for the performance of remote audits and intrusion detection, work with other internal Sun groups to identify secure methods to inter-connect business partners, evaluate new security products, drive encryption usage inside corporation, perform customer presentations, work with enginering groups to test new OS releases and influence product strategy. Individuals should have at least 3 IP networking and 5 years UNIX security work experience. Prefer individuals that have at least a BS in computer science or directly related field with some software development background. Interested parties should forward their resume to: angie.alfred at Sun.Com with a copy to nick.johnson at Sun.Com. From bart at netcom.com Tue May 31 08:56:26 1994 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 31 May 94 08:56:26 PDT Subject: http://digicash.support.nl = NULL In-Reply-To: <9405310742.ZM26333@dpair.csd.sgi.com> Message-ID: <199405311556.IAA13449@netcom.com> > > On May 31, 4:19am, Harry Bartholomew wrote: > > Subject: http://digicash.support.nl = NULL > > > > Hopefully this does not presage anything, but just now its empty. > > > > I've checked it myself, and it's not empty. I think the error message above > indicates a local problem resolving the URL. It looks fine from my machine. > > >-- End of excerpt from Harry Bartholomew > > > > -- > Russell Earl Whitaker whitaker at csd.sgi.com (Sig deleted) The subject was my creation, not an error message. Here is the error reported by lynx on netcom.com, via screen capture: _____________________________________________________________________ DigiCash home page [IMAGE] WELCOME TO THE DIGICASH HOME PAGE _________________________________________________________________ [IMAGE] Click here for the WWW'94 presentation. [IMAGE] Click here for the DigiCash Cybershop. [IMAGE] Click here for DigiCash publications. _________________________________________________________________ For more information, contact info at digicash.nl Alert!: Unable to connect to remote host. Arrow keys: Up and Down to move. Right to follow a link; Left to go back. H)elp O)ptions P)rint G)o M)ain screen Q)uit /=search [delete]=history list Now, when I use the = key to see what cannot be connected to I see what looks to me like a typo: YOU HAVE REACHED THE INFORMATION PAGE File that you are currently viewing Linkname: DigiCash home page URL: http://digicash.support.nl Owner(s): None size: 18 lines lynx mode: normal Link that you currently have selected Linkname: [IMAGE] Click here for the WWW'94 presentation. Filename: http://digicash.support.nlpresentation/www_1.html ^ Missing / here | ? From whitaker at dpair.csd.sgi.com Tue May 31 09:04:52 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 31 May 94 09:04:52 PDT Subject: http://digicash.support.nl = NULL In-Reply-To: <199405311556.IAA13449@netcom.com> Message-ID: <9405310900.ZM26666@dpair.csd.sgi.com> On May 31, 8:56am, Harry Bartholomew wrote: > > Linkname: [IMAGE] Click here for the WWW'94 presentation. > Filename: http://digicash.support.nlpresentation/www_1.html > ^ > Missing / here | ? > Most certainly. Try again using that "/". Russell > >-- End of excerpt from Harry Bartholomew -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From adam at bwh.harvard.edu Tue May 31 09:10:05 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 31 May 94 09:10:05 PDT Subject: New MacPGP2.3a has arrived. In-Reply-To: <199405311428.AA21206@ciao.cc.columbia.edu> Message-ID: <199405311609.MAA27529@spl.bwh.harvard.edu> Could the person who did the new macpgp 2.3 please contact me? I have a couple of quick patches that allow it to be compiler under Think C++ 6, and a couple of other questions for him/her. Adam -- Adam Shostack adam at bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker. From whitaker at dpair.csd.sgi.com Tue May 31 09:13:52 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 31 May 94 09:13:52 PDT Subject: http://digicash.support.nl = NULL In-Reply-To: <199405311556.IAA13449@netcom.com> Message-ID: <9405310909.ZM26785@dpair.csd.sgi.com> On May 31, 9:00am, Russell Whitaker wrote: > Subject: Re: http://digicash.support.nl = NULL > On May 31, 8:56am, Harry Bartholomew wrote: > > > > Linkname: [IMAGE] Click here for the WWW'94 presentation. > > Filename: http://digicash.support.nlpresentation/www_1.html > > ^ > > Missing / here | ? > > > > Most certainly. Try again using that "/". After ".nl", as follows: http://digicash.support.nl/presentation/www_1.html That would be the correct *syntax*; however, my client says that page is not present on that server. Russell > > Russell > > > > > >-- End of excerpt from Harry Bartholomew > > > > -- > Russell Earl Whitaker whitaker at csd.sgi.com > Silicon Graphics Inc. > Technical Assistance Center / Centre D'Assistance Technique / > Tekunikaru Ashisutansu Sentaa > Mountain View CA (415) 390-2250 > ================================================================ > #include >-- End of excerpt from Russell Whitaker -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From perry at imsi.com Tue May 31 09:35:20 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 31 May 94 09:35:20 PDT Subject: http://digicash.support.nl = NULL In-Reply-To: <9405310909.ZM26785@dpair.csd.sgi.com> Message-ID: <9405311632.AA16601@snark.imsi.com> Thus far, I find on that WWW server 1) software to pay for things with digicash, which I need digicash software to buy. 2) documents which I need digicash software to buy 3) A non-existant general explanation document -- or at least, not accessable to me. 4) Lots of mediocre logos. Perry Russell Whitaker says: > On May 31, 9:00am, Russell Whitaker wrote: > > Subject: Re: http://digicash.support.nl = NULL > > On May 31, 8:56am, Harry Bartholomew wrote: > > > > > > Linkname: [IMAGE] Click here for the WWW'94 presentation. > > > Filename: http://digicash.support.nlpresentation/www_1.html > > > ^ > > > Missing / here | ? > > > > > > > Most certainly. Try again using that "/". > > After ".nl", as follows: > > http://digicash.support.nl/presentation/www_1.html > > That would be the correct *syntax*; however, my client says that page is not > present on that server. > > Russell > > > > > Russell > > > > > > > > > >-- End of excerpt from Harry Bartholomew > > > > > > > > -- > > Russell Earl Whitaker whitaker at csd.sgi.com > > Silicon Graphics Inc. > > Technical Assistance Center / Centre D'Assistance Technique / > > Tekunikaru Ashisutansu Sentaa > > Mountain View CA (415) 390-2250 > > ================================================================ > > #include > >-- End of excerpt from Russell Whitaker > > > > -- > Russell Earl Whitaker whitaker at csd.sgi.com > Silicon Graphics Inc. > Technical Assistance Center / Centre D'Assistance Technique / > Tekunikaru Ashisutansu Sentaa > Mountain View CA (415) 390-2250 > ================================================================ > #include > > > > From whitaker at dpair.csd.sgi.com Tue May 31 10:14:49 1994 From: whitaker at dpair.csd.sgi.com (Russell Whitaker) Date: Tue, 31 May 94 10:14:49 PDT Subject: http://digicash.support.nl = NULL In-Reply-To: <9405311632.AA16601@snark.imsi.com> Message-ID: <9405311010.ZM27110@dpair.csd.sgi.com> On May 31, 12:32pm, Perry E. Metzger wrote: > Subject: Re: http://digicash.support.nl = NULL > > Thus far, I find on that WWW server > > 1) software to pay for things with digicash, which I need digicash > software to buy. > 2) documents which I need digicash software to buy > 3) A non-existant general explanation document -- or at least, not > accessable to me. > 4) Lots of mediocre logos. > > Perry I see several articles on digicash, and a general bibliography. I suspect (from a combination of private email, the postings here, and a little testing I did) that Harry B.'s problems had at least one foot in the fact that he was using a version of a line-mode browser which sometimes maps temporary links differently for different clients (e.g. Cello vs xmosaic vs whatever). -- Russell Earl Whitaker whitaker at csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include From janzen at idacom.hp.com Tue May 31 10:22:36 1994 From: janzen at idacom.hp.com (Martin Janzen) Date: Tue, 31 May 94 10:22:36 PDT Subject: procmail Message-ID: <9405311722.AA01266@dunbar.idacom.hp.com> tim werner writes: >> With procmail, you can associate arbitrary actions with a match, so no >> it would not have to be silent. > >Will anyone who has procmail working please send me an example of how you >use it? I am totally confused. OK. First -- just checking -- I assume you're running some version of UNIX. I'm using HP-UX 9.03 on an HP 9000 workstation, but everything should work pretty much the same on other systems. First, you have to tell the mail system that you want your mail to be filtered through the procmail program. You do this by creating a one-line file called ".forward" in your home directory: "| IFS=' '; /usr/local/bin/procmail -p" The quotes are necessary. Replace /usr/local/bin with the name of the directory in which you've installed the procmail program. Do a "chmod 644 .forward" to make sure that your mail software can read this file. Now you can create a ".procmailrc" file in your which tells procmail how to filter your mail. Here are some excerpts from mine: ------------------------------------------------------------------------------- # ~/.procmailrc # # Configuration file for procmail mail processing software # # General environment variables (You may not need all of these; see the # procmail(1) man page to find out what each one means. Of course, the # HOME variable should be set to your own home directory.) # HOME= /Home/janzen PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin:$HOME/bin MAILDIR = $HOME/Mail LOGFILE = $HOME/.procmaillog LOCKFILE = $HOME/Mail/procmail TMP= $HOME/tmp SENDMAIL= /usr/lib/sendmail TMPFILE= $TMP/procmail.$$ LOCKFILE= $HOME/Mail/.procmail # # First, toss out junk mail # :2H ^From:.*root at idacom.hp.com ^Subject:.*cron /dev/null # The ":" introduces a new "recipe". The "2" means that two expressions # follow. The "H" indicates that procmail should search the header only, # ignoring case. (The man page lists all kinds of other flags.) # # The first regular expression (regexp) matches a line containing "From:" # at the start of the line ("^"), then any arbitrary characters (".*"), # then "root at idacom.hp.com". # # Similarly, the second regexp matches a header line beginning with # "Subject:" and containing the word "cron" anywhere in the subject. # # The line following the last expression tells procmail where to save # the message. In this case, I save it to /dev/null, throwing it away. # (When you're first setting up procmail, I suggest saving unwanted # messages to ~/junk or something, until you're satisfied that your # recipes work as expected!) # # You can also forward matched messages to another user (eg. !joeuser at host) # or pipe them to a UNIX command (eg. |$HOME/bin/my_fancy_mail_processor). :2H ^From:.*cypherpunks detweiler /dev/null :2H ^From:.*cypherpunks subscribe /dev/null # # Now, sort mail from mailing lists into the proper folders # :1H ^From:.+cypherpunks Cypherpunks # Put all mail with a "From:" line containing the word "cypherpunks" into # the file $HOME/Mail/Cypherpunks. :1H ^TOcypherpunks Cypherpunks # "^TO" is shorthand for "^(To|Cc|Apparently-To):.*". This is supposed to # catch all destination addresses. :1H ^Return-Path:.+cypherpunks Cypherpunks :1H ^From:.*pgpmip PGPMIP :1H ^From:.*wnet.edex.edu.au PGPMIP :1H ^From:.*Extropians Extropians :1H ^TOExtropians Extropians ------------------------------------------------------------------------------- One other thing: I like to get a summary each day, showing me what procmail has done. I do this by creating a script called procmailsummary.sh: ------------------------------------------------------------------------------- #!/bin/sh # # Summarize the ~/.procmaillog file # # Use the LOGFILE variable if it's set; otherwise, use a default LOGFILE=${LOGFILE:=$HOME/.procmaillog} # Add a header to the message # (This also avoids sending a message with a null body, which confuses Elm!) echo "Subject: Procmail Summary" echo " " sort ${LOGFILE} | awk ' /^ Folder:/ { folder = $2; nbytes = $3; msgcount[folder] += 1; totalbytes[folder] += nbytes; } END { for (folder in msgcount) printf "Folder %s:\tsaved %d messages (%d bytes)\n", \ folder, msgcount[folder], totalbytes[folder]; } ' if [ "$1" = "-clear" ]; then rm -f $LOGFILE; fi ------------------------------------------------------------------------------- I then use crontab to schedule this script so that it's executed at 7AM every morning, and mails me the result. When I come in, I can see at a glance which mailing lists have new messages. (WARNING: If you're not running HP-UX, the crontab(1) command may not exist on your system, or may work somewhat differently. Also, on some systems you must be root to use cron. If you have problems, try "man cron" or ask your sysadmin to give you a hand.) echo '0 7 * * * /usr/local/bin/procmailsummary.sh -clear | elm -s "Procmail Summary" janzen' | crontab This should all be on one line. Replace /usr/local/bin with the name of the directory in which you've put the script. Make sure to do a "chmod +x procmailsummary.sh", to make the script executable. Finally, if you are using a mailer other than elm, replace the "elm ... janzen" command with something appropriate (eg. "mail janzen"). Now verify that the crontab command worked: crontab -l Hope that helps... -- Martin Janzen janzen at idacom.hp.com Pegasus Systems Group c/o Hewlett-Packard, IDACOM Telecom Operation From m5 at vail.tivoli.com Tue May 31 11:08:51 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 31 May 94 11:08:51 PDT Subject: Is DES exportability context-dependent? Message-ID: <9405311808.AA10701@vail.tivoli.com> I don't have my "Applied Cryptography" handy, but this keyboard's here in front of me always ready :-) Lets say I rigged up a "signature" system that cranked the message through a DES or 3DES engine in CBC mode, and used the last value as the signature (or something like that; whatever makes the most sense). In that context---as a signature algorithm---would DES be exportable? It's been demonstrated that something developed as a signature algorithm but later adapted to encryption purposes remains exportable, right? What about going the other direction? -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From sidney at apple.com Tue May 31 11:12:24 1994 From: sidney at apple.com (Sidney Markowitz) Date: Tue, 31 May 94 11:12:24 PDT Subject: http://digicash.support.nl = NULL Message-ID: <9405311621.AA06613@federal-excess.apple.com> [Harry Bartholomew wrote about problems accessing digicash web page via lynx.] It looks to me like the web page requires Mosaic forms support. I could see a little bit more than you did using MacMosaic, which shows the pictures but doesn't support forms. It was a bit confusing, since I could see a number of entries for things with prices next to them, such as $5 for the e-cash software and $0.25 for "information". I couldn't tell how you are supposed to get either of those without either the software or at least the information. Maybe someone who has X or Windows Mosaic can tell us more about what's there. I sent e-mail to the info e-mail address that the page mentioned and got back the following. (I sent just the word "info" in the subject and body of the message.) What I find strange about it is that it looks like an automated reply, but it is asking me to reply as if the mail will be read by a human. Another interesting thing about it is that Chaum does not include consumers in his list, just people who are interested in selling products or clearing money. After reading all of the copies of the digicash press announcement that were sent to this list, I'm a bit hesitant to post this, but what the heck. Following is the reply I got back from info at digicash.nl: [begin quote] Date: Tue, 31 May 1994 14:51:25 CET From: "DigiCash Information" To: sidney at apple.com Subject: ecash-info Thank you for your interest in our electronic money technology. Because of all the reactions we have received, we have made available some background information on our Web server http://digicash.support.nl If you prefer, we would of course be pleased to provide similar information by electronic or paper mail. In any case, we plan to be keeping you informed of developments by email. It would be helpful for this purpose, if you could let us know more about the nature of your interest, and at least which of the following categories fits best: (a) potential acceptor of electronic cash for services offered over the network, (b) potentail provider of electronic cash service itself to other network service providers, (c) member of the press, or (d) interested in the technology for other purposes. We are looking forward to finding a way that we can work together. Very kind regards, David Chaum Managing Director [end quote] From werner at mc.ab.com Tue May 31 11:19:03 1994 From: werner at mc.ab.com (tim werner) Date: Tue, 31 May 94 11:19:03 PDT Subject: procmail Message-ID: <199405311816.OAA10030@sparcserver.mc.ab.com> >Date: Tue, 31 May 1994 11:22:17 -0600 >From: Martin Janzen > >tim werner writes: >>> With procmail, you can associate arbitrary actions with a match, so no >>> it would not have to be silent. >> >>Will anyone who has procmail working please send me an example of how you >>use it? I am totally confused. > >First, you have to tell the mail system that you want your mail to be >filtered through the procmail program. You do this by creating a >one-line file called ".forward" in your home directory: > >"| IFS=' '; /usr/local/bin/procmail -p" Sorry to bother the list with this thread, but I need just one more question answered, and I don't know where else to ask. I work on a heterogeneous system. My personal workstation is a decstation, running Ultrix-4.3, but I'm pretty sure that email enters our local domain via a sparcstation running SunOS-4.1.3. My email ends up in /var/spool/mail/werner, which is one of the sparcstation disk partitions. If I use the above-mentioned .forward magic to start procmail, does it execute on my local decstation, or on the sparcstation. In other words, do I build a decstation or sparcstation executable? Is there some way I can test this without the mail daemon getting into some kind of infernal .forward loop if there is an error? thanks a lot, tw From rfb at lehman.com Tue May 31 11:47:52 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Tue, 31 May 94 11:47:52 PDT Subject: procmail In-Reply-To: <199405311816.OAA10030@sparcserver.mc.ab.com> Message-ID: <9405311844.AA22741@fnord.lehman.com> At least at my site, it runs on the server that would otherwise be putting your mail into your spool file. I think that this means that you should build a Sun executable. Also, you realize that your .forward will now be increasing the load on your server machine which could make your local sysadmins unhappy. It's also possible to use a combination of cron, lockfile and formail to cause your procmailing to be done on your own machine. Rick From ghio at cmu.edu Tue May 31 12:12:57 1994 From: ghio at cmu.edu (Matthew Ghio) Date: Tue, 31 May 94 12:12:57 PDT Subject: Anonymous Remailers Message-ID: <9405311912.AA09852@toad.com> First, I'd like to announce that I am running a new remailer. The address is ghio at kaiwan.com. It supports the standard cypherpunks headers/format, including the ## pasting header. It also has a 'fuzzy matching' routine, that should be able to accept all reasonable variations of Anon-To and Remail-To. Upper/lower case is unimportant. No PGP yet, but I should have that done soon. Second, I want to ask why everyone else's remailers keep disappearing??? We've recently lost three: remail at desert.hacktic.nl, remailer at dis.org, and ebrandt at jarthur.claremont.edu. Dis.org made no announcement of the remailer going down, it just disappeared. Finally, I have set up an automatic remailer ping system on my account at CMU. Finger ghio at andrew.cmu.edu to see the list. It lists the address of each remailer, the date and time of the last ping message that it responded to, and how long (in hours, minutes, and seconds) that it took to receive the response. From fnerd at smds.com Tue May 31 12:27:25 1994 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Tue, 31 May 94 12:27:25 PDT Subject: I back your scratch... Message-ID: <9405311917.AA13956@smds.com> So, the reason I asked about "orthogonal checksums" was this: If you can check the integrity of a copy of a file remotely, then people can trade storage space and have remote backups. Or have more complicated schemes where, say, a group of users pay for a common storage service by backing up some of the files (or other files) for the provider. The nice thing about this is that storage space is something that's immediately valuable and electronically tradable. And its value can increase by trading. In other words, we can trade one meg for one meg and both come out ahead in terms of safety. "I back your scratch and you back mine." I'm not sure storage space makes a good unit of value for anything else, since the cost of storage keeps going down. On the other hand, trading space for space is immune to that inflation. Some concrete applications: o Making bulletin boards' data safe from loss by vandalism o Archiving a mailing list -fnerd - - - - - - - - - - - - - - - nowhere man has gone before -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvt3niQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2tPEot1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hSnC1R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From CCGARY at MIZZOU1.missouri.edu Tue May 31 12:30:29 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 31 May 94 12:30:29 PDT Subject: Cypherpunks' Electronic Book2 Message-ID: <9405311930.AA10172@toad.com> CYPHERPUNKS' ELECTRONIC BOOK (CEB) 2 Dear Cypherpunks, Well, my evil plan to volunteer Eric Hughes's time for my Cypherpunk's Electronic Book has not worked out as well as I had hoped but somewhat as I had expected. Eric, it is crucial to the project that you give out permissions for some people to change Majordomo, possibly make a few changes in the Cypherpunks' mailing list, & possibly appoint a few people as referees. I realize that you are quite busy & that your time is valuable but it looks like there will be other people to handle the technical details. I think CEB can progress with a very small amount of your time. I think that you will agree that CEB is quite valuable & I think that you will be proud of the results. Robert Hayden has volunteered to make the changes in Majordomo & do the file handling work. This is the most crucial technical work to be done. This will setup the actual mechanics of the CEB. Robert says that this is all he has time for. Well, this is a lot! With Eric's per- missions, Robert's technical work, a description of how to contribute to CEB & possibly some writers' contributions to seed to CEB, I think CEB will generate a life of its own. Once CEB gets going, most of the work will be done by the referees & writers. The contributors will be doing just what they like to be doing anyway. The most difficult part will be in just getting it started. I think that, once it gets going, everybody will want to get on the bandwagon. Robert Lau has volunteered to donate his Cypherpunks' archives. Due to the nature of the CEB, we will not need them early on. However, they may be very valuable to researchers working on projects. Later, people looking for a project for CEB may want to comb them for projects. Thanks to the C'punks who have volunteered to help with the project. Eric, would it be alright for Robert Hayden to make some changes to Majordomo & perhaps the mailing list? I don't know what all he will need to do. Robert Hayden will probably need to talk to you. Also, once Mr. Hayden has started work, maybe others will volunteer to help him. Yours Truly, Gary Jeffers From willey at bach.seattleu.edu Tue May 31 12:42:47 1994 From: willey at bach.seattleu.edu (steve willey) Date: Tue, 31 May 94 12:42:47 PDT Subject: procmail In-Reply-To: <199405311816.OAA10030@sparcserver.mc.ab.com> Message-ID: On Tue, 31 May 1994, tim werner wrote: > > Sorry to bother the list with this thread, but I need just one more > question answered, and I don't know where else to ask. > the place to ask procmail questions is on the procmail list it's low volume, centres on problem solving, and never flames dumb questions. to subscribe: >To: procmail-request at informatik.rwth-aachen.de >subscribe procmail xxxxx steve From jamesd at netcom.com Tue May 31 12:58:58 1994 From: jamesd at netcom.com (James A. Donald) Date: Tue, 31 May 94 12:58:58 PDT Subject: New MacPGP2.3a has arrived. In-Reply-To: <9405311155.AA15972@snark.imsi.com> Message-ID: <199405311959.MAA11270@netcom.com> > catalyst-remailer at netcom.com says: > > It's amazing that I've been at this a week and the rest of the > > world is playing with it already, but whenever I get news of your > > list, I hear there has been no action taken on this new release. > Perry E. Metzger writes > [offensive ranting deleted] > I know that many people assume that others will drop everything and > immediately start doing whatever they ask, but frankly, why should *I* > care? I don't even own a Mac ferchrissake. This little rant would sound better if it came from one of the cypherpunks that had actually written some code on some machine recently. I recommend that Perry eat a pizza supreme with double cheese and salami. I have only done a little, but I have not flamed those who do more. -- --------------------------------------------------------------------- We have the right to defend ourselves and our | property, because of the kind of animals that we | James A. Donald are. True law derives from this right, not from | the arbitrary power of the omnipotent state. | jamesd at netcom.com From Richard.Johnson at Colorado.EDU Tue May 31 13:02:17 1994 From: Richard.Johnson at Colorado.EDU (Richard Johnson) Date: Tue, 31 May 94 13:02:17 PDT Subject: http://digicash.support.nl = NULL In-Reply-To: <199405311556.IAA13449@netcom.com> Message-ID: <199405311954.NAA06604@spot.Colorado.EDU> From the keyboard of: bart at netcom.com (Harry Bartholomew) > The subject was my creation, not an error message. > Here is the error reported by lynx on netcom.com, via screen > capture: ... > Filename: http://digicash.support.nlpresentation/www_1.html > ^ > Missing / here | ? Indeed. This is a lynx bug that's bitten me before. The work around is to do a 'G'o to a specific URL, and type in: http://digicash.support.nl/presentation/www_1.html with ^ I'm not sure if the lynx developers have fixed this in the latest beta version. Richard From hayden at krypton.mankato.msus.edu Tue May 31 13:27:38 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Tue, 31 May 94 13:27:38 PDT Subject: Cypherpunks' Electronic Book2 In-Reply-To: <9405311930.AA10172@toad.com> Message-ID: On Tue, 31 May 1994, Gary Jeffers wrote: > Robert Hayden has volunteered to make the changes in Majordomo & do > the file handling work. This is the most crucial technical work to be > done. This will setup the actual mechanics of the CEB. Robert says that > this is all he has time for. Well, this is a lot! With Eric's per- > missions, Robert's technical work, a description of how to contribute > to CEB & possibly some writers' contributions to seed to CEB, I think > CEB will generate a life of its own. Let me just make a couple of comments here, and you can decide if what I can offer is what you need. I will be putting a low-end workstation online in a couple of weeks (mid-june). By the end of june, I should have any bugs in the OS worked out, a good backup made, and the machine should be ready to do stuff with (I'm being overly generous on the time, just in case). This will be an ethernetted workstation, not SLIPed, so connectivity is no problem. Now, what I can do is install Majordomo and set up any mailing lists that are needed. Eric suggested in private mail that perhaps a series of regional cypherpunks lists would be helpful for planning of physical meetings and the like. I can, of course, also set up lists for the CEB project. Each list will have its own administrator that IS NOT me :-) Majordomo also appears (I havn't fully groked it yet) to support file archives using a 'get' parameter, so any files that are produced can be made available via the same software, or some other software if it becomes available. I can help with the setup of the software as well. I _am not_ willing to administrate the CEB, though. I know that in the near future I just wouldn't have time. Besides, I've got a book that was due last week (got a month reprieve :-) and two more that I am working on, and that is enough playing editor for any man's sanity. This, coupled with my new admin job working for the city, just kills my free time. I may (maybe) be able to make an account available to the editor, but the machine itself is not very capable beyond the above, so you wouldn't be getting much out of it except a platform to hack from :-) Assuming no problems, I shoudl have everything ready to go with the above in about a month, perhaps a little less. Let me know if that would work. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or Blue Earth County -=-=-=-=-=-=-=- (GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++ n-(---) h+(*) f+ g+ w++ t++ r++ y+(*) From eb at sr.hp.com Tue May 31 14:42:23 1994 From: eb at sr.hp.com (Eric Blossom) Date: Tue, 31 May 94 14:42:23 PDT Subject: Cypherpunks' Electronic Book2 In-Reply-To: <9405311930.AA10172@toad.com> Message-ID: <9405312142.AA03450@srlr14.sr.hp.com> Gary writes: > ... Eric, it is crucial to the project that > you give out permissions for some people to change Majordomo, possibly > make a few changes in the Cypherpunks' mailing list, & possibly appoint > a few people as referees. I realize that you are quite busy & that your Please! Don't keep thinking somebody else has got to do something for you to make this work. You don't need any changes made to MajorDomo. Just subscribe a new user that points at your mail processing code. For that matter, you could do most of it with procmail or perl out of your ~/.forward Cypherpunks write code. There's nobody stopping you from doing it. Eric Blossom From plaz at netcom.com Tue May 31 15:45:03 1994 From: plaz at netcom.com (Plaz) Date: Tue, 31 May 94 15:45:03 PDT Subject: FWD: Encryption for Newton Message-ID: <199405312244.PAA23166@netcom.netcom.com> An interesting tidbit for those who are watching out for Newton Encryption and Privacy solutions: > From: R._Braithwaite-Lee at magic-bbs.corp.apple.com > Newsgroups: comp.sys.newton.misc > Subject: Encryption for Newton > Date: 31 May 1994 14:13:24 -0500 > Organization: M A G I C > Hello: > > On June 1, 1994, CustomWare of Toronto will be releasing a freeware newton > application called "nCrypt". nCrypt provides "strong" encryption for newton > objects including notes and names. > > The freeware version of nCrypt will provide password protection for newton > objects and is intended for use as a personal privacy utility. A commercial > version to follow will also implement "public key" protocols for digital > signature authentication and key distribution similar to PowerTalk, > RIPEM/SIG, PGP and RIPEM. > > nCrypt also suppports "drop in" encryption modules for adding compatibility > with other encryption systems. > > Interested developers may contact CustomWare about writing encryption > modules or for testing their apps with nCrypt for compatibility. The > algorithms used by nCrypt will be made available in a technical note for > review. There may even be another of those cash prizes for breaking the > system... > > Contact Reginald Braithwaite-Lee or Andrew Bartle: > > Compu$erve: 73114,2055 > Internet: 73114.2055 at compuserve.com (temporary) > Telephone: +1 416 410 0675 > Facsimile: +1 416 932 8304 > AppleLink: CUSTOMWARE > SnailMail: 1111-200 Dufferin Street, Toronto, ON, Canada, M6K 1Z4 > > Regards, > Reginald !:-) > > Public Key Fingerprint: D8 B8 C1 D0 DD 56 20 B4 06 A2 81 83 87 E8 8B 64 > (Send message with subject "HELP" to pgp-public-keys at pgp.ox.ac.uk) _______________________________________________________________________ Geoff Dale -- Cypherpunk/Extropian -- Plastic Beethoven AnarchyPPL - Anarch (Adjudicator) ExI-Freegate Virtual Branch Head plaz at netcom.com 66 Pyramid Plaza plaz at io.com Freegate, Metaverse at io.com 7777 "You don't greet Death, you punch him in the throat repeatedly as he drags you away. I think John Wayne said it best when he said, 'Fuck Death and the lung cancer he rode in on.'" - Denis Leary From jpp at jpplap.markv.com Tue May 31 15:58:55 1994 From: jpp at jpplap.markv.com (Jay Prime Positive) Date: Tue, 31 May 94 15:58:55 PDT Subject: FWD: Encryption for Newton In-Reply-To: <199405312244.PAA23166@netcom.netcom.com> Message-ID: > Date: Tue, 31 May 1994 15:44:56 -0700 > From: plaz at netcom.com (Plaz) > > > From: R._Braithwaite-Lee at magic-bbs.corp.apple.com > > > > modules or for testing their apps with nCrypt for compatibility. The > > algorithms used by nCrypt will be made available in a technical note for > > review. There may even be another of those cash prizes for breaking the > > system... This is a bad sign. They didn't use IDEA or 3DES it seams. On the other hand, they are making the encryption algorithm available for study, which is good news. j' From perry at imsi.com Tue May 31 16:49:45 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 31 May 94 16:49:45 PDT Subject: New MacPGP2.3a has arrived. In-Reply-To: <199405311959.MAA11270@netcom.com> Message-ID: <9405312347.AA17902@snark.imsi.com> James A. Donald says: > Perry E. Metzger writes > > [offensive ranting deleted] > > I know that many people assume that others will drop everything and > > immediately start doing whatever they ask, but frankly, why should *I* > > care? I don't even own a Mac ferchrissake. > > This little rant would sound better if it came from one of the > cypherpunks that had actually written some code on some machine > recently. I love James Donald. I'm probably one of the few people on this list who is actively involved in cryptography as a business, albeit in a startup capacity. > I recommend that Perry eat a pizza supreme with double cheese > and salami. Most people wouldn't understand your reference, so I'll explain. I'm a vegan. James thinks that he's making himself sound more impressive by being personally insulting. Unfortunately, he doesn't understand that I don't insult easily -- certainly the suggestion that I eat meat and cheese isn't terribly stinging. I can take consolation in the fact that James is likely accumulating cholesterol plaques in his arteries as we speak, and I am thus likely to outlive him. Perry From Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU Tue May 31 17:41:05 1994 From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU (Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU) Date: Tue, 31 May 94 17:41:05 PDT Subject: Sternlight infested version of pgp26 Message-ID: <770428527/vac@FURMINT.NECTAR.CS.CMU.EDU> The pgp26-RSAREF_3.0_beta.tar.gz file is not real. From some other post, it seems this came from the site in Italy that I mentioned awhile back. They have removed the file from there. It is a lot of bytes for a joke. It should probably be removed from soda too. -- Vince > pwd /alex/edu/berkeley/soda/pub/cypherpunks/pgp/pgp26 > ls -NOT_FOR_EXPORT pgp26ui-src.tar.gz pgp26uis.zip pgp26-RSAREF_3.0_beta.tar.gz pgp26ui-src.tar.gz.sig pgp26uix.sig pgp26.zip pgp26uis.sig pgp26uix.zip > gunzip -c < pgp26-RSAREF_3.0_beta.tar.gz | (cd ~/tmp; tar xvf -) gunzip: stdin: not in gzip format > strings pgp26-RSAREF_3.0_beta.tar.gz WANTED FOR NET.TREASON: |\/\/\/\| | | | (o)(o) C _) OFFICER David Sternlight | ,___| Net.Police | / a.k.a. PROUD _0--------/\/----\/\-------0_ DICK OF / /0 \----/ 0\ \ THE INTERNET / | \ \||/ / | \ / /|STERN || POLICE|\ \ _/_____/ ||LIGHT] || | [#] || \_____\_ |_______/ |\____/ || \__*_/| \_______| > ll pgp26-RSAREF_3.0_beta.tar.gz -rw-r--r-- 1 alexsrvr 567791 May 25 00:20 pgp26-RSAREF_3.0_beta.tar.gz From janzen at idacom.hp.com Tue May 31 18:29:50 1994 From: janzen at idacom.hp.com (Martin Janzen) Date: Tue, 31 May 94 18:29:50 PDT Subject: The Cypherpunks' Electronic Book In-Reply-To: <9405302207.AA22877@toad.com> Message-ID: <9406010129.AA02721@dunbar.idacom.hp.com>
Gary Jeffers writes:
>                THE CYPHERPUNKS' ELECTRONIC BOOK (CEB)
>
>[lots of good ideas deleted]
>
>            MAJORDOMO IS THE TOOL
>   We could use Majordomo as the book's distributor.
I'm not familiar with Majordomo. But allow me to suggest that this project might work well if it were organized as a set of World Wide Web pages.

Starting Point

You'd start with a home page located on an easily accessible machine, just like the Cypherpunks home page that someone (Sameer?) created a while ago. This machine would run the HTTP (Hypertext Transfer Protocol) daemon; a process which accepts requests from WWW browsers and returns hypertext pages.

Adding Information

Now, if someone wants to contribute information to the CEB, they could create one or more HTML (Hypertext Markup Language) pages. This is easy to do; HTML is just ASCII text which contains some simple markup commands -- like this message.

To add the new pages to the CEB, the author could do one of two things:

  • Send the pages to the CEB maintainer, who adds them to the CEB on the main machine.
  • Set up his/her own HTTP server, and ask the CEB maintainer to update the CEB so that it includes a hypertext link to the author's machine.
Readers can now use a browser like Mosaic or Lynx to read the contents.

Advantages

The WWW approach offers a number of advantages:
  • familiarity The Web is growing at a tremendous rate, and Mosaic is rapidly becoming the browser of choice. If the goal is to DISSEMINATE this IMPOR.. -- sorry, to make the CEB easy for people to use, it would help if it were based on a technology with which people are already familiar.

  • distributed responsibilities It's easy for individuals or groups to set up and maintain servers devoted to specific topics. Once a link has been made from the main CEB, the CEB maintainer doesn't need to be involved in every change to that subtopic.

  • distributed text The CEB text (and any other software, etc. that you want to include) doesn't all have to be located on the same machine. This feature can be used to reduce the load on individual servers, and to add to the reliability of the system. (For instance, the home page could be made available from several servers, possibly located in different countries...)

  • graphics If authors want to include graphics in their pages, this can be done relatively easily.

  • convenient software distribution Most WWW browsers make it easy to download files; just click on the files, and tell the browser where you want them stored.

  • feasibility You don't need to bother Eric! :-)

Disadvantages

The main disadvantage is that updates would not be provided automatically. Even if the CEB were to provide a "What's New" page, a reader still has to follow that link and look at the page occasionally. Periodic updates on sci.crypt and other appropriate groups would still be a good idea.

Comments...?


janzen at idacom.hp.com
From rishab at dxm.ernet.in Tue May 31 18:38:21 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 31 May 94 18:38:21 PDT Subject: PGP 2.3 vs 2.6 outside the US Message-ID: Jeff Barber : > While creating a 2.6-like version from 2.3a seems a worthy goal, this > supporting argument is flawed. The original PGP was written in the USA > and, never having received the proper export approvals, must have been > "illegally exported." Isn't Phil Zimmerman being "investigated" by a > grand jury for this even now? So, it would seem to me that a bulletin > board carrying any version of PGP holds illegally exported software (wrt > US law). How does 2.3a differ from 2.6 in this respect? 2.0 to 2.3a were developed outside the US, released in New Zealand and the Netherlands, and _imported_ into the US. While a version of 2.3a in India, say, need not have come from the US, and hence does not indicate an ITAR violation somewhere, the version of 2.6 in Italian sites got there only because they were illegally exported from the US. From sommerfeld at localhost.medford.ma.us Tue May 31 18:39:09 1994 From: sommerfeld at localhost.medford.ma.us (Bill Sommerfeld) Date: Tue, 31 May 94 18:39:09 PDT Subject: Is DES exportability context-dependent? In-Reply-To: <9405311808.AA10701@vail.tivoli.com> Message-ID: <199406010125.VAA00325@localhost> Disclaimer: I'm not an expert in export control law; before acting on anything in here, check with a "real" expert. Date: Tue, 31 May 94 13:08:32 CDT From: m5 at vail.tivoli.com (Mike McNally) Sender: owner-cypherpunks at toad.com Lets say I rigged up a "signature" system that cranked the message through a DES or 3DES engine in CBC mode, and used the last value as the signature (or something like that; whatever makes the most sense). In that context---as a signature algorithm---would DES be exportable? My understanding is that under current regulations, yes, assuming that 1) the end-user does not have access to use the raw DES encryption routines for data privacy. 2) you do not export source code for DES (it's too easy to remove "static" from C source :-) ) (of course, someone armed with a disassembler and an architecture reference manual could probably figure out where the raw DES entry points in the object code are are, but it would be far less effort for them to just code DES from scratch or FTP it from Finland..) It's been demonstrated that something developed as a signature algorithm but later adapted to encryption purposes remains exportable, right? Wrong. If I wrap 5 lines of code around MD5 which turns it into an encryption engine, I can't export those five lines of code. If I remember correctly, Dan Bernstein attempted to go through the process of exporting just such a system and was stymied all the way. - Bill From rishab at dxm.ernet.in Tue May 31 18:39:26 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 31 May 94 18:39:26 PDT Subject: NSA breaks Russian PRNGs with neural networks?? Message-ID: tcmay at netcom.com: > An interesting article by Seymour Hersh is cited below. It says that > NSA had transcripts of the 1991 coup plotters (and presumably other > Russian leaders) and that Bush passed these on to Yeltsin to warn him. A recent article from the Daily Telegraph, another British paper, went on about the possible encryption techniques used by the Russians. It described how reused one-time pads led to the unmasking of Fuchs, the Rosenbergs, Philby et al. Then it suggested that the method the NSA broke was based on (presumably weak) PRNGs, a stream cipher. It suggested that the NSA might have developed techniques to find patterns in PRNG outputs through neural networks, or genetic algorithms!! While the latter sounds like crap to me, even though I've worked with and believe in the power of neural networks for amazing pattern recognition, unless the PRNGs were _really_ weak, I'm skeptical. I don't think the Russians are fools, and in these times one doesn't rely on secret weak algorithms for crypto, not when there are publicly well known strong ones. Humint? Maybe. The Atlantic Monthly will carry a story on the NSA-Yeltsin thing in June. It would be nice if someone posts it here. -------------------------------------------------------------------------- Rishab Aiyer Ghosh rishab at dxm.ernet.in Voicemail +91 11 3760335; Vox/Fax/Data 6853410 H-34C Saket New Delhi 110017 INDIA The National Fairness to Game Animals Association says: Support your right to arm bears! -------------------------------------------------------------------------- From CCGARY at MIZZOU1.missouri.edu Tue May 31 19:32:34 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 31 May 94 19:32:34 PDT Subject: Cypherpunks' Electronic Book 3 Message-ID: <9406010232.AA16653@toad.com> Cypherpunks' Electronic Book (CEB) 3 Eric Blossom suggests that I could do the CEB job myself by using procmail or Perl & by subscribing a new user that points at my mail processing code & no changes need to be made to Majordomo. Well, he certainly makes it sound easy. However my computer skills are: arguably an expert in Assembler for 80x86 chips; fairly expert at the DOS operating system; very good with DOS Batch files; & at one time rather good with C but now quite rusty. I can get around on the Internet but am not an Internet guru. As for Perl, I would probably cast it before swines. I don't know the languages or protocols or mechanics of the Internet to do it myself. I was hoping to provoke an Internet guru to do this. Robert Hayden wants to know what the extent of his involvement in this project would be. Well, I would say just writing the code & setting up a new account. Eric Blossom makes it sound easy. However, Robert suggests that an administrator would be needed. This could even be more serious. I suspect Eric Hughes would not see it as just a minor ex- pansion of his Cypherpunk list duties - but that was what I was orig- inally hoping for. - would Eric? (shields up!). At this point, I would say that we would need an Internet guru to shepherd this project & we may need an administrator too. I have no idea how heavy the duties of an administrator would be. Anybody have any suggestions or want to volunteer? Also, we probably need someone capable of making an assessment of what is needed. Yours Truly, Gary Jeffers From CCGARY at MIZZOU1.missouri.edu Tue May 31 20:17:20 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 31 May 94 20:17:20 PDT Subject: Cypherpunks' Electronic Book 4 Message-ID: <9406010317.AA17220@toad.com> Cypherpunks' Electronic Book (CEB) 4 Martin Janzen suggests using World Wide Web (WWW) to support & distribute the CEB. I am not at all familiar with WWW but hopefully its good. My concern with this distributed organization is that CEB could be controlled by the Cypherpunks' List & that all additions & changes to CEB would be refereed. No unauthorized changes would be made. As for updates, the point of CEB is to be made up of the most recent knowledge. People concerned with an area of electronic privacy & making contributions to the CEB would naturally update the CEB whenever they ran into new developments. People who wanted to read the CEB would be assured that by the nature of the CEB, what they found there would be the latest & the current best. Martin suggests that the CEB could be on several servers. I would suggest, then, that they be on different servers by chapter. Referees who are interested in particular chapters could maintain & administer that chapter. This could mean very little administration by Eric Hughes (cringe). For those who are kindly offering their archives of Cypherpunks' list, they are not needed now, but if & when the CEB gets established, it would be good to have your names on the CEB as archivists. Yours Truly, Gary Jeffers From kentborg at world.std.com Tue May 31 20:37:55 1994 From: kentborg at world.std.com (Kent Borg) Date: Tue, 31 May 94 20:37:55 PDT Subject: Cypherpunks' Electronic Book 4 Message-ID: <199406010337.AA25412@world.std.com> An important frustration from this electronic age: Information moves so easily now but people move no more quickly than before. Changes to CEB should not be a continuous process. Changes need to happen slow enough and in meaningful enoug chunks that someone other than the author can keep up. I think this means digests of the changes, digests which are readable in their own right--not mechanical diffs--should both detail *and* summarize for those who recently read the old copy. Refereing might dove tail nicely with keeping the whole thing stable enough to be usable. -kb, a Kent with a thick enough protective coating of ignorance to avoid most of the work... -- Kent Borg +1 (617) 776-6899 kentborg at world.std.com kentborg at aol.com Proud to claim 28:15 hours of TV viewing so far in 1994! From wcs at anchor.ho.att.com Tue May 31 23:04:39 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com_1-510-484-6204) Date: Tue, 31 May 94 23:04:39 PDT Subject: Privacy at Dunkin Donuts Message-ID: <9406010603.AA17323@anchor.ho.att.com> > Hidden microphones at Dunkin Donuts Hey, all this time we've been worrying about cops spying on people. Now _we've_ got a way to listen to _them_ :-) ..... From wcs at anchor.ho.att.com Tue May 31 23:50:47 1994 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com_1-510-484-6204) Date: Tue, 31 May 94 23:50:47 PDT Subject: Cypherpunks' Electronic Book 3 Message-ID: <9406010649.AA17636@anchor.ho.att.com> Well, you've got an opportunity for a Learning Experience, then :-) Assuming you've got access to a Unix machine you can run things on, it's not hard to set up procmail or majordomo or the old, simple, reliable netlib stuff that ran the netlib at research.att.com (and maybe still does?). Since you're posting from MIZZOU1, you're at least behind a mail server run by somebody else, so I'm not sure how much control you have..... If you want to roll your own crude mail-reply system on Unix, it's really not hard, using some simple shell programming and the sed batch editor equivalent to "ed" and the : commands of vi - when you receive a mail message, you stick it in a file, then use sed or whatever to find the "From:" line so you know who to send it back to, and lines that look like your command set (e.g. "get foo"), stickthe appropriate stuff into a mail message and send it back. If you want to do all this on DOS, well, good luck :-) Look at teh tools you've got available for handling mail, and get yourself a copy off Eudora or Waffle if you don't have either of them. Then you're on your own. BIll