"You aren't following the _rules_!"

Tue Nov 29 04:44:04 PST 1994

-----BEGIN PGP SIGNED MESSAGE-----

Deletia...

> Most people, including one of (the?) leading thinker(s) of the group on the
> net that most supports cryptography believe that the added security and
> privacy that cryptography provides are not worth typing a few commands or
> clicking a few buttons. I myself rarely, if ever, sign my post. If WE don't
> even use crypto ourselves, who do you think else uses it and who do you
> think will therfore care if the government chooses to outlaw it?

I've noticed this and always thought it quite strange.

> We don't have a motivation to use crypto. We all realize that there is
> really no need to encrypt/sign the vast majority of the stuff we are
> sending. There may be the occasional message that we will encrypt and we
> are well aware that we encrypt that message for the very reasons that the
> powers-that-be want to see encryption outlawed.

Yes there is...I recent got my fanny pulled out of the fire because I sign
ALL of my messages. Someone spoofed me on one of my accounts. I never got
the full details, but I screamed VERY loudly to the powers "WAS THE MESSAGE
SIGNED WITH MY DIGITAL SIGNATURE." The answer was "NO." My reply was "It
couldn't be me, because my software automatically signs all of my
posts...If I were you I would look at your logs to see who hacked the
message." I never heard another word. Granted this wasn't a really big
deal, but it does illustrate the power of digital signatures. It got them
to at least look at their logs, which probably wouldn't have happened
otherwise. (Even though that SHOULD have been the first place they looked.)

More deletions...

> There are no better tools for integration of crypto today, because there
> has been no need. The few times you actually need crypto you can punch the
> commands "by hand".

I'm basically a lazy S.O.B. when I first got my shell account I made sure
that my provider had uqwk installed because:

         a. I wanted to use AUTOPGP to sign all of my messages
            automatically because I had been burned several times before on
            forgeries.

As more people get burned, the demand for digital signatures will go up.
This was my initial motivation for installing PGP. The encryption angle
came later.

We might learn something from AUTOPGP. Instead of focusing on making every
reader compatible with encryption, why not focus on making a semi-universal
pre-processor and post-processor for them. Hit the lowest common
denominator.

Another interesting concept would be for providers to make signatures
mandatory. While you wouldn't be forced to sign your messages, you would be
responsible for any message bearing your name if your software wasn't set
up for signing.

Deletion...

> We are stuck: No need -> no development of tools -> no spreading of crypto
> beyond the "hard core" -> no public resitance when crypto becomes illegal.
>
>
> So how can we prevent crypto from becomming illegal? Just follow the above
> chain backwards. Create a need. Create mailing lists that require signed
> messages. Create ftpsites that require signed uploads or whatever. Require
> the use of crypto. Not to partake in some involuntary interaction with the
> government (that will happen without out help), but for some voluntary
> interactions between people on the net. Sending mail to cypherpunks is such
> a voluntary interaction. Requiring it here just might result in better
> tools in the long run. Just an idea, if it sounds like garbage, forget
> about it.

I agree with you Lucky, we have to create a demand. We also have to make it
easy enough for people to implement. There is definitely a stigma attached
to encryption though. Some of you may remember my post a while back about
looking for a place to set up a mailing list, this will demonstrate some of
the forces involved.

A while back I came up with an idea, "Why not set up a public mailing list
to distribute PGP Keys." After mulling it over for a while I decided to do
it. I also came up with the idea of subscribing alt.key-dist to it and also
subscribing a keyserver to it. One stop shopping...post your key to the
list and it makes it to all interested parties. A universal venue for
distributing PGP keys. No system administrator involvement needed, instead
of having to rely on them carrying alt.key-dist, which isn't on a lot of
systems. I went to several providers about setting up the list.
(BTW - Thank You L. McCarthy for your efforts!!!) Everything was great
until they found out what the list was for. After that "Sorry, we can't do
it." or they wanted to charge an exorbitant price for the list. The moral:
A lot of system administrators do not want encrypted messages, because they
fear that they are responsible for the content. While they won't kill
encrypted messages they won't help propagate the technology either. BTW -
I'm still LISTLESS. (I couldn't resist the pun)

Sam

(Who ALWAYS signs his messages)

==============================================================================

One was never married, and that's his hell; another is, and that's his plague.
                         - Robert Burton, 1651

==============================================================================
skaplin at skypoint.com                   | "...vidi vici veni" - Overheard
                                       | outside a Roman brothel.
PGP encrypted mail is accepted and     |
preferred.                             | Change is the only constant in the
                                       | Universe..."Four quarters, please."
E-mail key at four11.com for PGP Key or   |
Finger skaplin at mirage.skypoint.com     | Smile!! Big brother is watching.
==============================================================================

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLtsg6gpnimeWAf3FAQH/BwP5AWqVCjtaa7RWjRtImKoTIwoof3FVQVPs
Q1BqI/XAte92YWTiJqi06CWHxyL3lojuQSjY5a4d1reepBfydjI3QVypOQZtXyaM
MKeXmJJQwqW+oKU1SV0v5DGIVIqZRqT86uxZBTYs0UsdewUtET8MUTY/6CgPhgBQ
XCJIO3xxOsY=
=CX+D
-----END PGP SIGNATURE-----