From bart at netcom.com Sat Oct 1 02:19:53 1994 From: bart at netcom.com (Harry Bartholomew) Date: Sat, 1 Oct 94 02:19:53 PDT Subject: Friendly, neighborhood NSA... In-Reply-To: <199410010522.AA01650@metronet.com> Message-ID: <199410010919.CAA11989@netcom7.netcom.com> > > iiti.doc.gov > /pub/newitems/ii_inventory/app_projs/library > ================================================== > IITF APPLICATIONS PROJECT INVENTORY Of course the final "i" in "iiti" is a typo, the address is: iitf.doc.gov:/pub/newitems/ii_inventory/app_projs/library btw: in the file "doe" there I found this of perhaps cp interest: DESCRIPTIVE DATA: PROJECT: Database of Scientific Mathematical Software LEAD AGENCY/ORGANIZATION: Department of Energy CONTACT NAME: Dan Hitchcock PHONE #: (301) 903-6767 e-mail: hitchcock at er.doe.gov LEVEL OF EFFORT: START DATE: COMPLETION DATE: Ongoing DESCRIPTION OF PROJECT: Netlib - Data Base of Scientific Mathematical Software to provide state-of-the-art numerical software to internet users. Contains many of the most useful and sophisticated numerical analysis software packages available without fee. Purpose is to provide an easy exchange mechanism for researchers and users of numerical software. From prig0011 at gold.tc.umn.edu Sat Oct 1 02:43:33 1994 From: prig0011 at gold.tc.umn.edu (prig0011 at gold.tc.umn.edu) Date: Sat, 1 Oct 94 02:43:33 PDT Subject: New T-Shirt Offer Message-ID: <2e8d1b0a2ea4002@gold.tc.umn.edu> Well, summers gone, fall is here, and I'm sufficiently caught up with all my projects to go ahead with A New Cypherpunks t-shirt offer! The shirt: ========== Printed in white, on a heavyweight black t-shirt. Front: CYPHERPUNKS Putting the NSA out of business Back: (with permission from TC May) Crypto Anarchy encryption, digital money, anonymous networks, digital pseudonyms, zero knowledge, reputations, information markets, black markets, collapse of governments. (I'll post gifs of the front and back as soon as I can convert the files to soda.berkeley.edu) Whats the deal? =============== Cost of the shirts are US $12 each (plus $2 for postage). This offer runs for 3 weeks (until October 21st). I'll be taking orders until then, and expect to start shipping approximately 1 to 2 weeks later. I expect to have all shirts in the mail no later than November 15th, just in time for Christmas :) Where can I get one? ==================== Send a Check or Money Order (no cash, please) to: Kevin Prigge 3638 19th Ave So Minneapolis, MN 55407 Please specify what size shirt you want (S, M, L, XL, or XXL). Any questions can be sent to prig0011 at gold.tc.umn.edu Any flames can be directed to /dev/null From mikecap at WPI.EDU Sat Oct 1 07:47:38 1994 From: mikecap at WPI.EDU (Michael V. Caprio Jr.) Date: Sat, 1 Oct 94 07:47:38 PDT Subject: NII calendar... Message-ID: <199410011447.KAA13193@bigwpi.WPI.EDU> Here's the latest schedule of events... looks like the only public meeting left is on the 27th. What the heck is the National Security Telecommunications Advisory Committee? (see Oct. 17-19) Any brave cypherpunks in the area of "lecture room B" feel like venturing into the den of the enemy and reporting? NIST is lecturing to the Committee on Applications and Technology... is that a congressional thing? Might there be a chance it'll appear on C-span? ------------------------------------------------------------------------- Schedule of Upcoming Public Events September 14: Telecommunications Policy Committee Department of Commerce 3:45 p.m. - 5:00 p.m., Room 1414 October 11-13: Interchange '94 Renaissance Hotel and Washington Convention Center Washington, D.C. (Co-sponsored by the GITS Working Group, the Federation of Government Information Processing Councils, Public Technology Inc., and the State Information Policy Consortium) October 17-19: National Information Infrastructure Symposium U.S. Naval War College Newport, Rhode Island (Co-sponsored by the President's National Security Telecommunications Advisory Committee (NSTAC) and the Office of Science and Technology Policy) October 27: Committee on Applications and Technology National Institute of Standards and Technology (NIST) Lecture Room B 10:45 a.m. - 11:45 a.m. ----- Mike From adam at bwh.harvard.edu Sat Oct 1 08:25:54 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 1 Oct 94 08:25:54 PDT Subject: Friendly, neighborhood NSA... In-Reply-To: <199410010522.AA01650@metronet.com> Message-ID: <199410011525.LAA26350@bwh.harvard.edu> | LEAD AGENCY/ORGANIZATION: NSA | CONTACT NAME: Norma Davila | PHONE #: 301/688-7353 | The "Digital Librarian" links together the libraries where | information of any type (books, texts, pictures, audio, video, | multi-media, etc.) is stored to the librarians who assist the | users in navigating through these storehouses of knowledge. This | project brings these ideas to the desktop by allowing a user to | gain access to any number of information sources, independent of | the originating development of the sources. The information | sources can be anything from databases to online reference | materials to online training materials. The user interacts with | these sources through one common interface. |---- | Out of the kindness of it's heart, the NSA is going to build us all a nice, | new, improved WWW! | | Isn't that just *too* kind of them? | | I wonder why I have this feeling I'd better not turn my back on them..... I'd be suprised if they did this without releasing source. As soon as they release source, we can drop real encryption into things. Much as we dislike them, the NSA is *very* good at sorting through and dealing with huge quantities of data. ("Its in their nature.") If we can take advantage of this, and get a WWW design that is relatively secure, then thats great. All we'll need to do is remove the calls to skipjack(), and replace them with calls to IDEA(). :) The NSA is not some huge monolithic enemy. It is a teaming multitude of enemies. Like any other government agency, we need to tale the good and discard the rest. Adam From merriman at metronet.com Sat Oct 1 10:50:12 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 1 Oct 94 10:50:12 PDT Subject: IIT*F* collection Message-ID: <199410011749.AA19118@metronet.com> I've just uploaded a rather eclectic collection of text files to the Cpunks site at csua. They're in an MSDOS .zip file NII.ZIP. Some of the files in the IIT_F_ directories had duplicate filenames, but differing contents. The file is about 1M, unzips to about 3.5M (I was there for a while, okay? :-) Minutes of hearings, reports, project summaries like the the Friendly Neighborhood NSA I posted, and more. There's some scary stuff in there - like the report of the first IITF public meeting in Albuquerque has only *one* instance of the word "privacy" :-( Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From hfinney at shell.portal.com Sat Oct 1 10:56:50 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 1 Oct 94 10:56:50 PDT Subject: Technical Remailer Analysis. In-Reply-To: <199410010435.AAA10221@ducie.cs.umass.edu> Message-ID: <199410011756.KAA17377@jobe.shell.portal.com> "Louis Cypher" writes: >The attack on the reordering remailer is simple. The attacker sends a >stream of marked messages through the remailer. After the waiting >messages have been flushed out, any incoming real message will be >flushed out of the remailer before more arrive, allowing it to be >uniquely identified coming and going. The defense against this is to >only check the group and send excess messages after a time delay. This >delay should be the typical time for n real messages to arrive. A >mixing of approximately n messages is ensured by this process. If >there is no attack, then the mixing is not quite as good as keeping a >group of 2n messages. Good point. There is a related attack which Chaum pointed out in his 1981 CACM paper: the attacker intercepts and keeps a copy of an incoming message, then later re-sends it. This one will go to the same place and by repeating this multiple times we can figure out where the original message went. >[Interesting math deleted] >The second issue for consideration is: >Given a web of perfect remailers, how easy is it to identify >corespondents? Tim has been asking this one for a while. >[...] >The probability of a >given pair of corespondents in a given tick is > f^2 >The probability of a pair of corespondents occurring m times in n >ticks is > m >p= 1 - Sum [(f^2)^i (1 - f^2)^(n-i) n! / (i! (n-i)!)] > i=0 If I follow this, the attack is something like, every time Alice sends a message Bob receives one. Observing this happening over a period of time we conclude they are communicating. Could this be defeated by sending dummy messages so that Alice sends exactly 10 messages every day? Then the fact that Bob receives messages on some day can't very well be associated with Alice. Hal From GERSTEIN at SCSUD.CTSTATEU.EDU Sat Oct 1 11:19:26 1994 From: GERSTEIN at SCSUD.CTSTATEU.EDU (ADAM GERSTEIN, _THE_ MACGURU) Date: Sat, 1 Oct 94 11:19:26 PDT Subject: What privacy issues to discuss..... Message-ID: <941001141830.2025f38e@SCSUD.CTSTATEU.EDU> Fellow C'punks- I work for my school as a resident advisor, and we have to have two programs every semester. One of them is supposed to be educational, and I think I want mine to be about privacy issues, since it's such a hot topic and not that many of the folks in my school seem to care about Big Brother. What I want from you guys is pointers to papers I can use as references, but stuff that's easy to explain to Joe/Jane College student. I would also like input as to how you folks think I should do it. Should it be a discussion group, or should I just talk and then answer questions? I think a discussion group might be better, but I'm not sure. All input is welcome, adam -=-=-=-=-=-=- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQBPAi3NGo0AAAECAMOrXrau7Kp80+mjsCwqU3tpM1uFZKG9lVlBpMFgo3tPwBPb JHJlP1L+1Jpj27NtFNhlDgFhTAueBPvdAmUopWUAEQEAAbQQQWRhbSBKLiBHZXJz dGVpbg== =6d6B -----END PGP PUBLIC KEY BLOCK----- -=-=-=-=-=- God's last message to his creation: "We apologize for the inconvenience" -D. Adams From tcmay at netcom.com Sat Oct 1 11:44:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 1 Oct 94 11:44:32 PDT Subject: Technical Remailer Analysis. In-Reply-To: <199410011756.KAA17377@jobe.shell.portal.com> Message-ID: <199410011844.LAA16070@netcom15.netcom.com> Hal wrote: > Good point. There is a related attack which Chaum pointed out in his > 1981 CACM paper: the attacker intercepts and keeps a copy of an incoming > message, then later re-sends it. This one will go to the same place and > by repeating this multiple times we can figure out where the original > message went. Thanks to Louis Cypher and Hal Finney for discussing this. Our remailers are, as several of us have discussed, at a primitive level of security...in fact, most of the security is illusory and would collapse under serious scrutiny. Here are some fixes to consider, as I see them. Chaum, in his Feb. 1981 paper on Untraceable E-Mail (Comm. of the ACM) remains the key paper, though some of the later DC-Net papers also deal with such attacks (under the rubric of "collusion" and "flooding" types of attacks). Sorry for the format, as I'm using the tools I use for the FAQ. 157.3. Some possible fixes: 157.3.1. remailers can recognize duplicates and agree not to remail them, or to remail them off in different directions (adding their own hop-wrappers) 157.3.2. digital postage helps a bit, as the attacker at least has to spend money 157.3.3. (If the inner layers of a message each have some digital money, or a "one-use" coupon, then an attacker who copies and resends the whole message is effectively double-spending and this should be detected. Most simply, the "use once" coupon will only allow one passage through the remailer.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From nowhere at chaos.bsu.edu Sat Oct 1 11:52:54 1994 From: nowhere at chaos.bsu.edu (Chael Hall) Date: Sat, 1 Oct 94 11:52:54 PDT Subject: REMAIL: changes to chaos remailer Message-ID: <199410011842.NAA29444@chaos.bsu.edu> I have made several changes to remailer at chaos.bsu.edu: 1. From: line changed from Anomymous to Anonymous . 2. Reply-To: line added that says remailer-admin at chaos.bsu.edu. 3. Errors-To: line added that says nobody at chaos.bsu.edu. These changes do not affect nowhere at bsu-cs.bsu.edu [yet.] Remember, for information about the remailers, finger remailer at chaos.bsu.edu or send a message to remailer-help at chaos.bsu.edu. Chael -- Chael Hall, nowhere at chaos.bsu.edu From jgostin at eternal.pha.pa.us Sat Oct 1 13:50:42 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Sat, 1 Oct 94 13:50:42 PDT Subject: Think you're a hacker, eh? Message-ID: <941001161042U9rjgostin@eternal.pha.pa.us> Bill Baker writes: > > Well, the only thing the pseudohackers seem to be able to do is > forge-cancel postings that make them feel bad. So here it is again, > with some extra data at the bottom. Maybe I missed the beginning of this thread (I've been remiss in my reading!), but what the heck is going on here? It sounds interesting, but I'm rather clueless. Anyone care to comment? (And no, I've got no live IP, so there's no worries about hacking from me.) --J -- ====== ====== +----------------jgostin at eternal.pha.pa.us----------------+ == == | BOYCOTT SEA QUEST DSV... ask me why. | == == -= | PGP 2.[3a|6] Key Available | ==== ====== +---------------------------------------------------------+ From jya at pipeline.com Sat Oct 1 13:56:51 1994 From: jya at pipeline.com (John Young) Date: Sat, 1 Oct 94 13:56:51 PDT Subject: EFFy Wiretap Win? Message-ID: <199410012056.QAA11171@pipe3.pipeline.com> EFF what say you about this? Excerpts from WSJ, September 30, 1994, p. B5 Bill Would Ensure Law Enforcement Is Able to Tap Wires By Mary Lu Carnevale Staff Reporter of The Wall Street Journal WASHINGTON - The House Judiciary Committee cleared a bill that would require telephone companies to ensure that their networks remain accessible to law enforcement wiretaps. But key lawmakers agreed to changes aimed at appeasing local phone companies. The modifications largely spell out that phone companies won't be forced to pay to modify their existing networks to comply with the measure. They are expected to be included in the bill before it goes to the House floor, possibly as early as Tuesday. A similar measure sailed through the Senate Judiciary Committee earlier this week on a 16-1 vote. Though little time remains in the current Congress, the legislation could squeak through. * * * The agreement, details of which are being ironed out, also aims to protect individuals' privacy rights; prevent phone companies or law-enforcement agencies from installing or ordering unnecessary upgrades; and ensure that the changes have the least possible effect on phone rates and phone-company efforts to build advanced communications networks. The legislation is separate from the Clinton administration's controversial "Clipper Chip" proposal that would have mandated an encryption standard for computer and communications equipment. That failed proposal would have let law-enforcement agencies decipher any calls or messages that had been encoded. ------------------- END From merriman at metronet.com Sat Oct 1 13:57:19 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 1 Oct 94 13:57:19 PDT Subject: What privacy issues to discuss..... Message-ID: <199410012056.AA12128@metronet.com> >Fellow C'punks- > What I want from you guys is pointers to papers I can use as >references, but stuff that's easy to explain to Joe/Jane College student. ftp.csua.berkely.edu /pub/cypherpunks/papers :-) > I would also like input as to how you folks think I should do it. >Should it be a discussion group, or should I just talk and then answer >questions? I think a discussion group might be better, but I'm not sure. > Split the difference: explain some of the details and such to them, and then let them work it out. Might help to use something like a phone bill to point out how data is collected that could easily be used by any kind of oppressive regime. It's my understanding (possibly in error :-) that European nations do *not* provide the level of detail in their telephone bills that we do here; the theory being that if who someone calls is unknown, then it makes any effort to do a guilt-by-association and witchhunt more difficult. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From mg5n+ at andrew.cmu.edu Sat Oct 1 14:45:15 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 1 Oct 94 14:45:15 PDT Subject: Technical Remailer Analysis. In-Reply-To: <199410010435.AAA10221@ducie.cs.umass.edu> Message-ID: Hal Finney wrote: > If I follow this, the attack is something like, every time Alice sends > a message Bob receives one. Observing this happening over a period of > time we conclude they are communicating. Could this be defeated by > sending dummy messages so that Alice sends exactly 10 messages > every day? Then the fact that Bob receives messages on some day can't > very well be associated with Alice. This attack can be defeated if both Alice and Bob are running remailers. Then their correspondence is hidden in the 100 messages a day of remailer traffic. An observer can not tell wether the messages were for Alice or Bob, or if they were for the remailer (assuming latency was used) or if they were bit bucket messages. Alice could even forward her personal messages to a bitbucket (after saving a copy for herself) to further increase security. This is why everyone should be running a remailer if they are concerned about their privacy. From werewolf at io.org Sat Oct 1 15:01:49 1994 From: werewolf at io.org (Mark Terka) Date: Sat, 1 Oct 94 15:01:49 PDT Subject: PGP 2.6.2?? Message-ID: <4LIZkOwsc-m8072yn@io.org> -----BEGIN PGP SIGNED MESSAGE----- I saw in alt.security.pgp recently that a new release of PGP was due in the next few days from MIT. Evidently this version will handle the generation of keys of up to 2048 bits. Can anyone substantiate this? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCzAgUBLo0lxaACeR4xBXv5AQGeIwTwqopgv3fV9Xkhk/kD319nsRRnN0lt3qON omaQibl5mszx+dqnF2mxwxFLTVo2RuSEWq1YFbT6qmlrSR/Q0jvlbdSO6dnc/ufN E4SwKl7NF5vgMVxIJzCP9M/dL4dOEY2xOMvtxG7u+Y7hEawVEKKnoiINE+xhEja8 6zZEB5ab5t5vfY5uRirY1GN8Zb7CT+rg2pMmfZyjhonk5dXMfs8= =rH5c -----END PGP SIGNATURE----- From nobody at shell.portal.com Sat Oct 1 15:15:20 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 1 Oct 94 15:15:20 PDT Subject: FWD: Safe-Tcl meets PGP!!!! Message-ID: <199410012214.PAA14345@jobe.shell.portal.com> This is from the Safe-Tcl list, which discusses a variant on tcl which provides a "safe" subset of capabilities appropriate for letting incoming mail bring in programs which can run autonomously on your computer. I mentioned this a few weeks ago and I've been on the list, although I haven't looked at it in much detail. Nathaniel Borenstein is very active in the email community so this may turn out to be an influential technology. He is using PGP to authenticate incoming messages and grant them more privileges as appropriate: > From hfinney at shell.portal.com Sat Oct 1 13:30:26 1994 > Date: Sat, 1 Oct 1994 15:44:46 -0400 (EDT) > From: Nathaniel Borenstein > Subject: Safe-Tcl meets PGP!!!! > Cc: Marshall Rose , > John Ousterhout , > Philip Zimmermann , > Trent Jaeger > > For over a year now, people have been asking me about extending safe-tcl > to make use of digital signatures so that it can grant more powerful > capabilities to programs from trusted senders. My position all along > has been "the hooks are there, but nobody has put all the pieces > together." > > Today, after a message from Trent Jaeger that got me to thinking about > this again, I took a new look at the situation, the first time I'd done > so since becoming a regular PGP user. It turns out -- amazingly enough > -- that integrating these technologies was almost trivial! I am happy > to report that I now have integrated safe-tcl, pgp, the Internet Draft > on MIME/PGP, and metamail, to do "the right thing". Best of all -- you > don't need to compile anything, the "hooks" all work. > > With this hack -- which works for all metamail-based mail readers, and > which I expect will be easy to replicate for mhn and others -- I believe > that Safe-Tcl now has the last bit of functionality where Telescript was > previously superior. We now have a completely open platform for sending > around programs with differential capabilities dependent on the level of > trust that the receiver has in the sender. > > Getting this working is trivial. The assumption here is that you have a > message with a content-type of "application/pgp; format=mime" which, > when after its signature is checked (and after it is decrypted if > necessary) contains a MIME entity with a content-type of either > "application/safe-tcl" or "multipart/enabled-mail" (or some other > multipart, with one of these two types nested inside it somewhere). The > basic scheme is to make the PGP-smart process put signature information > into an environment variable, PGP_SIGNATURE, which is then checked by > the safe-tcl interpreter. Obviously, if you implement this, you want to > make sure that you don't usually have PGP_SIGNATURE set in the process > you use to read your mail! > > Anyway, to make this work there are two steps: > > 1. In your .safetclrc file, add the following: > > catch { > global SafeTcl_Services > set SafeTcl_Services(authentication) $env(PGP_SIGNATURE) > } > > This will ensure that SafeTcl_Services is set properly if the > PGP_SIGNATURE variable is set. > > 2. Configure your mail reading tool so that it understands > application/pgp and text/pgp, and sets the PGP_SIGNATURE variable. For > metamail-based systems, this consists of adding the following mailcap > lines: > > text/pgp; decode-pgp %s ; needsterminal > application/pgp; decode-pgp %s mime; needsterminal; \ > test=test %{format} = mime > application/pgp; decode-pgp %s ; needsterminal > > and then installing the "decode-pgp" script on your search path. That > script is a twelve-line shell script: > > #!/bin/csh -f > set viewprog=cat > if ($#argv > 1) then > set viewprog=metamail > endif > set prog="pgp" > set infile=$1 > pgp $1 -o /tmp/outputfile.$$ |& tee /tmp/shotputfile.$$ > set PS=`grep "Good signature" /tmp/shotputfile.$$ | sed -e "s/Good > signature from user//"` > setenv PGP_SIGNATURE "$PS" > $viewprog /tmp/outputfile.$$ > rm /tmp/*putfile.$$ > > I think that's all you need to do! If I'd known it was going to be this > simple I would have done it months ago! > > As an example of how to USE this facility, you can put the following > code in your .safetclrc: > > proc readsharedfile {nm} { > set fd [open $nm r] > set result [read $fd] > close $fd > return $result > } > catch { > if {[regexp "nsb at nsb.fv.com" $SafeTcl_Services(authentication)]} { > declareharmless readsharedfile > } > } > > In this case, if you get a safe-tcl program that is signed (and, > optionally, encrypted) by ME, and I'm on your keyring, it will be able > to read any file YOU can read. Otherwise, the readsahredfile procedure > will be undefined in the restricted interpreter. > > Pretty cool, eh? I encourage folks to try it out. -- Nathaniel > > PS -- Assuming no problems turn up, I will probably put "decode-pgp" and > the relevant mailcap entries in the next metamail release, and will > build the few lines that set SafeTcl_Services based on PGP_SIGNATURE > into the stuff done automatically in the next safe-tcl release. -- > Nathaniel From vvallopp at eniac.seas.upenn.edu Sat Oct 1 19:31:35 1994 From: vvallopp at eniac.seas.upenn.edu (Vinod Valloppillil) Date: Sat, 1 Oct 94 19:31:35 PDT Subject: Feds & Ecash! Yikes! Message-ID: <199410020231.WAA24339@blue.seas.upenn.edu> Anyone have any enlightening info about this????? Path: netnews.upenn.edu!news.amherst.edu!news.mtholyoke.edu!world!mkj From: mkj at world.std.com Everybody knows that Al Gore is hot on this "National Information Infrastructure" thing. What many people may not fully appreciate -- or at least, what I'm just discovering myself -- is the sheer enormity of the disaster going on as we speak, under the banner of the "Information Infrastructure Task Force" (IITF). If you haven't already done so, I highly recommend an enlightening browse on the iitf.doc.gov site (ftp & gopher at standard ports, http at port 70). ^^^^^^^^^^^^ (NOTE: Individuals in fragile health should always consult a physician before exposing themselves to detailed information about their government's activities. Have you ever felt like an ant in the path of a steamroller? YOU WILL ...) Although I've barely scratched the surface, I've already run across a number of items which might be of interest to folks here. The DOE, for instance, reports that they are working on "Developing electronic cash systems that would maintain the privacy of individuals from merchants and banks, but would allow law enforcement to trace the flow of the electronic cash, given proper court orders." Other spectacularly dubious achievements include the report of the Privacy Working Group, which never once acknowledges any individual right to privacy, and in fact devotes most of their report to various ways to increase the "willingness" of the public to divulge personal data; and the draft report of the Intellectual Property Working Group, which with a straight face characterizes most current Internet activity as illegal, and then goes on to outlaw the rest of it, while blandly noting that the public will require "education" in these matters. Also, of course, there are any number of hints of NII projects involving various intelligence agencies. Enjoy. --- mkj ------------------------------+---------------------------------------------- Vinod Valloppillil | Even if you're one in a million, Telecom/MIS/Strategic MGMT | there's still a thousand more of you Engineering/Wharton | in China..... vvallopp at eniac.seas.upenn.edu | ------------------------------+---------------------------------------------- "It is often easier for our children to obtain a gun than it is to find a good school." -- Joycelyn Elders "Maybe that's because guns are sold at a profit, while schools are provided by the government." -- David Boaz From merriman at metronet.com Sun Oct 2 06:49:01 1994 From: merriman at metronet.com (David K. Merriman) Date: Sun, 2 Oct 94 06:49:01 PDT Subject: Cpunk list check Message-ID: <199410021348.AA18413@metronet.com> Haven't heard anything out of the list for a while, so just sending this out to see if the list is still up. Sorry. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From sandfort at crl.com Sun Oct 2 12:59:43 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 2 Oct 94 12:59:43 PDT Subject: H.E.A.T. BEAT Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . H.E.A.T. seeking C'punks, "Code Name: Assassin" In this episode, we see the return of H.E.A.T. archnememis, Neil Strake. (For those who haven't seen Acapulco H.E.A.T., Strake is played by James Healing who does an extremely bad imitation of bad (French?) actor, Louis Jordan.) Anyway, forget the plot, it is even more Byzantine and illogical than usual. Suffice it to say that Strake shoots Mike--on Mike's birthday--in an attempts to kill him. Mike is in a coma through most of the show. The special cartridge has "Happy Birthday" written on it; the bullet is inscribed, "Mike." (Wow, talk about a bullet having your name on it.) This episode was unique in the number of flashbacks and fantasies it offers: (1) Mike goes into cardiac arrest on the operating table. Instead of having the currently popular NDE (near death experience; dark tunnel, white light, life review, etc.), Mike has a fantasy dream of fighting in a boxing match. (He gets knocked out.) (2) When the Team fingers Strake, Ashley has a flashback to the previous Strake episode, thus practicing the parsimony of recycling. (3) Later at Mike's bedside, Ashley has another flashback about the two of them. She then sweet talks him in his coma and tells him not to die. (4) After Ashley talks to him, Mike has another fantasy dream boxing match in which he KOs his opponent. (5) Finally, Strake goes to a disco for no apparent reason. There he first dances with a beautiful quadroon. He drops her for an Anglo-looking woman. During his dance with the Anglo, he fantasized that she is Ashley (he has an obsession with Ashley). The dance is meant to be erotic, but it's just silly, even when they virtually fornicate on the dance floor. Here are the crypto/techno elements: (1) The cartridge is a ".223 nitro express," which is made by only one man, a guy named Sabross. (2) Krissie uses the H.E.A.T. computers headquarters to "patch" into the surveillance camera system of the prison in which Strake is supposedly incarcerated. This takes her all of 10 seconds. (3) The person in prison is not Strake, but an imposter whose appearance has been altered by plastic surgery to look, sound and act just like Strake. (4) Strake plants a radio controlled bomb at Mike's "funeral" (don't ask), which the Team discovers in a sweep of the chapel. There were several good lines in this episode. In a face-to-face encounter between Ashley and Strake, he says something about how he sees the world and Ashley says, "Don't they call that schizophrenia?" To which he replies, "Only the people who get paid to put a name on it, then get paid even more to cure it. While Strake is putting his bomb together he opines, "I love the smell of C4 in the morning." During the funeral, Strake pulls out the radio detonator and says, "One flick of my finger and you're all taco meat." (Don't laugh, have you ever eaten a taco in Mexico?) There were tons of bikinis in the beech scenes (strangely, there were only beautiful women on the beach). The disco people looked hot, and there was no Fabio! Tune in next week--same H.E.A.T. channel, same H.E.A.T. time--for the further adventures of Acapulco H.E.A.T. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From nobody at jpunix.com Sun Oct 2 14:12:33 1994 From: nobody at jpunix.com (Anonymous) Date: Sun, 2 Oct 94 14:12:33 PDT Subject: Nom de guerre public key Message-ID: <199410022111.QAA03425@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- I'm new at both remailing and PGP, but having read the Cyphernomicon (OK, skimmed it) and various other FAQs, I haven't seen this issue addressed: I've created a pseudonym and a PGP key pair for that pseudonym. Now, how do I secure signatures for my public key, given the fact that (a) to sign it, you should be sure that it really belongs to me, and (b) I have no intention of revealing who "me" actually is? You can't call me on the phone, or meet me face to face, or do any of those other standard practices for confirming the key before signing it. But I sure don't want to use an unsigned, untrusted public key, since I want to make and keep a reputation and I can't risk someone spoofing my public key. ======================================================================= Crim Tideson Privacy is its own justification. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ My public key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCPAy51e6kAAAEEAMLIkYRAJqKnrQL7Xxmu7hNycUU06YZuR2i3WVxN9Jc6vnoF i7gT6/u7zVI4gmZCTA6mF6SYEFeOiENHaz0wyBNe+8AOIgdaezUsPODMh7UC64k0 YVQTNOiPN9jQAnyCGjPrplSliWT4gHGC796whwJ8CFkwPdpQf6vOblMnt4MdABEB AAG0DENyaW0gVGlkZXNvbg== =pwyo - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLo3MxqvOblMnt4MdAQH0jwQAvzbd7b7KpcKdaeGzWUx8aav4WxWJWD9W qwYaVF/WNFFg89+m0K8TztTEcc9QVz3wYvKz1ojOx7IOJl10ZUBXbXrChaDYhbKJ YTU3QeOHN7o8VdzJ3o7z6lK9QqLZhhzQd4VgF9VxR++8LcBVS8AYaVWsfGLv7L2q W+4h4FIR0GE= =Vu2X -----END PGP SIGNATURE----- From nobody at jpunix.com Sun Oct 2 14:24:21 1994 From: nobody at jpunix.com (Anonymous) Date: Sun, 2 Oct 94 14:24:21 PDT Subject: Nom de guerre public key Message-ID: <199410022123.QAA03808@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- I'm new at both remailing and PGP, but having read the Cyphernomicon (OK, skimmed it) and various other FAQs, I haven't seen this issue addressed: I've created a pseudonym and a PGP key pair for that pseudonym. Now, how do I secure signatures for my public key, given the fact that (a) to sign it, you should be sure that it really belongs to me, and (b) I have no intention of revealing who "me" actually is? You can't call me on the phone, or meet me face to face, or do any of those other standard practices for confirming the key before signing it. But I sure don't want to use an unsigned, untrusted public key, since I want to make and keep a reputation and I can't risk someone spoofing my public key. ======================================================================= Crim Tideson Privacy is its own justification. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ My public key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCPAy51e6kAAAEEAMLIkYRAJqKnrQL7Xxmu7hNycUU06YZuR2i3WVxN9Jc6vnoF i7gT6/u7zVI4gmZCTA6mF6SYEFeOiENHaz0wyBNe+8AOIgdaezUsPODMh7UC64k0 YVQTNOiPN9jQAnyCGjPrplSliWT4gHGC796whwJ8CFkwPdpQf6vOblMnt4MdABEB AAG0DENyaW0gVGlkZXNvbg== =pwyo - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLo3MxqvOblMnt4MdAQH0jwQAvzbd7b7KpcKdaeGzWUx8aav4WxWJWD9W qwYaVF/WNFFg89+m0K8TztTEcc9QVz3wYvKz1ojOx7IOJl10ZUBXbXrChaDYhbKJ YTU3QeOHN7o8VdzJ3o7z6lK9QqLZhhzQd4VgF9VxR++8LcBVS8AYaVWsfGLv7L2q W+4h4FIR0GE= =Vu2X -----END PGP SIGNATURE----- From unicorn at access.digex.net Sun Oct 2 14:34:12 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 2 Oct 94 14:34:12 PDT Subject: Cyphernomicon Message-ID: <199410022134.AA01136@access2.digex.net> Could someone give me a current pointer to the Cyphernomicon? -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From pfarrell at netcom.com Sun Oct 2 14:44:50 1994 From: pfarrell at netcom.com (Pat Farrell) Date: Sun, 2 Oct 94 14:44:50 PDT Subject: Cyphernomicon Message-ID: <199410022144.OAA03965@netcom5.netcom.com> Hi Uni, look in ftp.netcom.com in /pub/tcmay for the original source. Pat From tcmay at netcom.com Sun Oct 2 14:46:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 2 Oct 94 14:46:21 PDT Subject: Nom de guerre public key In-Reply-To: <199410022111.QAA03425@jpunix.com> Message-ID: <199410022145.OAA20902@netcom13.netcom.com> Anonymous wrote: > I'm new at both remailing and PGP, but having read the Cyphernomicon > (OK, skimmed it) and various other FAQs, I haven't seen this issue > addressed: I'll be sure to put something in about this, though I thought I had. > I've created a pseudonym and a PGP key pair for that pseudonym. Now, > how do I secure signatures for my public key, given the fact that (a) > to sign it, you should be sure that it really belongs to me, and (b) I > have no intention of revealing who "me" actually is? You can't call me > on the phone, or meet me face to face, or do any of those other > standard practices for confirming the key before signing it. But I > sure don't want to use an unsigned, untrusted public key, since I want > to make and keep a reputation and I can't risk someone spoofing my > public key. > > ======================================================================= > Crim Tideson Privacy is its own justification. Crim Tideson, you are who you say you are by the fact that you possess the key yoy have just announced yourself with! Only you can sign messages with the private key for which the public key produced a valid signature. We have no interest in your (alleged) physical identity. Maybe you are a committee. Maybe you are an AI. Or a Zeta Reticulan. Digital signatures have this wonderful property of being more important than putative physical identity, such identity being vastly easier to forge. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From tcmay at netcom.com Sun Oct 2 14:48:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 2 Oct 94 14:48:12 PDT Subject: Cyphernomicon In-Reply-To: <199410022134.AA01136@access2.digex.net> Message-ID: <199410022147.OAA21047@netcom13.netcom.com> Black Unicorn wrote: > > Could someone give me a current pointer to the Cyphernomicon? > Details are in the sig below. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From iqg1550 at acf4.NYU.EDU Sun Oct 2 15:55:05 1994 From: iqg1550 at acf4.NYU.EDU (iqg1550) Date: Sun, 2 Oct 94 15:55:05 PDT Subject: archives Message-ID: <9410022254.AA18179@acf4.NYU.EDU> could someone please tell me where the CP list is archived -- if, in fact, it is -- as well as the dates covered by any such archive thank you very much ira From CCGARY at MIZZOU1.missouri.edu Sun Oct 2 16:03:29 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sun, 2 Oct 94 16:03:29 PDT Subject: list test Message-ID: <199410022303.QAA29200@cygnus.com> testing to see if list ok. From bogus at no.return.address Sun Oct 2 16:13:04 1994 From: bogus at no.return.address (Underdog) Date: Sun, 2 Oct 94 16:13:04 PDT Subject: Technical Remailer Analysis. Message-ID: <199410022312.TAA20726@ducie.cs.umass.edu> -----BEGIN PGP SIGNED MESSAGE----- From: Louis Cypher Hal Writes: >Good point. There is a related attack which Chaum pointed out in his >1981 CACM paper: the attacker intercepts and keeps a copy of an incoming >message, then later re-sends it. This one will go to the same place and >by repeating this multiple times we can figure out where the original >message went. This raises a fundamental problem with current remailers. It is clear that next generation remailers will have to encrypt all messages sent between them, on top of any nested encryption of the message done by the originator. Timothy C. May Writes: >157.3. Some possible fixes: > > 157.3.1. remailers can recognize duplicates and agree not to >remail them, or to remail them off in different directions (adding their own >hop-wrappers) > > 157.3.2. digital postage helps a bit, as the attacker at >least has to spend money > > 157.3.3. (If the inner layers of a message each have some >digital money, or a "one-use" coupon, then an attacker who copies and resends >the whole message is effectively double-spending and this should be detected. >Most simply, the "use once" coupon will only allow one passage through the >remailer.) If the remailers also batched messages to a given destination, or padded outgoing messages before encrypting them, they would be far less susceptible to this kind of attack. Re-encrypting the message with padding (to some standard size) would prevent attackers from recognizing their own messages in a flood attack, except by noting destination (which could be a giveaway). Batching would do the same, but would also hide the number of messages trashed or locally delivered. Neither of these does much against the concerted "spam attack". I think in the end, remailers will need to run something like encrypted links, sending a constant volume of data between them, which would be random garbage when not a real message. This leaves open the denial of service attack of sending more data per hour then the link supports, therefore causing long queues at the remailers. Sigh, I really need to get down to a library and dig up the Chaum articles I hate to always reinvent the wheel. While waiting for good digital postage, a substitute could be used. If one added a "Msg-ID:" header similar to the Ghio remailer's "Cutmarks", which contained a large random number, this number could be stored at the remailer, and messages with the same ID simply send to /dev/null. This would be simple to do with remailer chaining scripts like "premail". Hal writes: >If I follow this, the attack is something like, every time Alice sends >a message Bob receives one. Observing this happening over a period of >time we conclude they are communicating. Could this be defeated by >sending dummy messages so that Alice sends exactly 10 messages every day? >Then the fact that Bob receives messages on some day can't very well >be associated with Alice. Since I assumed that a typical user sends one message per day, Alice may draw attention to herself through this mechanism. 10 messages is not enough, it would leave some correlation. Alice needs to send at least one message per tick (e.g. 48 in my example), in which case she shown 100% correlation with all recipients always. There is no way to know that she is sending to Bob, but I suspect she will be on a short list at the FBI unless everyone else is doing the same (which violates my assumptions). If everyone sent a message every tick, traffic analysis would be impossible. Matthew J Ghio writes: >This attack can be defeated if both Alice and Bob are running remailers. >Then their correspondence is hidden in the 100 messages a day of >remailer traffic. An observer can not tell wether the messages were for >Alice or Bob, or if they were for the remailer (assuming latency was >used) or if they were bit bucket messages. Alice could even forward her >personal messages to a bitbucket (after saving a copy for herself) to >further increase security. This is why everyone should be running a >remailer if they are concerned about their privacy. I do not think that the "everyone is a remailer" idea works. At the assumed one message per day, and an average message chain of 5 remailers, then only 5% of users can maintain remailers with a real traffic flow of 100 messages per day. Other than that, this idea is functionally similar to Hal's. Sending messages on to bit buckets is a nice idea. Assuming cutmarks, or standard message sizes, and reordering are used, this is indistinguishable from a remailer which just delivers the local mail, and also sends out periodic junk messages to various bit buckets. As I mentioned in my original message, this should be done anyway to ensure complete mixing of all messages within the web during any given tick. -Louis Cypher -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLo557qyHUAO76TvRAQFSJwQAmenSoAZAkOtGww9F/giy80AmJJk30I6D y5Fp0d8fgNy3MiCnG6onlvvJdBShgonvsbKRF0r94cYtYgtnczK/rqmhIDyc/UB2 a0V55YRdb84YwGpGPmrFepH8yXdueEgQvUq5Fs1FV9jNtSAK9kK2G1+QmSVdq/Uy pkRIf8iPbJA= =xZdv -----END PGP SIGNATURE----- From sameer at c2.org Sun Oct 2 17:11:58 1994 From: sameer at c2.org (sameer) Date: Sun, 2 Oct 94 17:11:58 PDT Subject: The benefits of commercialness Message-ID: <199410030009.RAA29060@infinity.c2.org> As you can see, the remailer running with a profit motive (or at least a not-go-deeply-into-debt motive) is the most reliable. Last ping: Sun 2 Oct 94 17:00:01 PDT remailer email address history latency uptime ----------------------------------------------------------------------- c2 remail at c2.org **+-******** 13:29 99.99% wien remailer at ds1.wu-wien.ac.at ****#+**--#* 21:01 99.99% chaos remailer at chaos.bsu.edu ***####**+## 2:54 99.99% leri remail at leri.edu ****#**#**** 6:45 99.99% portal hfinney at shell.portal.com **##*#+***#* 3:59 99.99% ideath remailer at ideath.goldenbear.com +*****-*+- * 1:53:42 99.99% =), -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer at c2.org From franl at centerline.com Sun Oct 2 17:56:43 1994 From: franl at centerline.com (Fran Litterio) Date: Sun, 2 Oct 94 17:56:43 PDT Subject: Nom de guerre public key In-Reply-To: <199410022111.QAA03425@jpunix.com> Message-ID: > I've created a pseudonym and a PGP key pair for that pseudonym. Now, > how do I secure signatures for my public key, given the fact that (a) > to sign it, you should be sure that it really belongs to me, and (b) I > have no intention of revealing who "me" actually is? A signature on your PGP public key is a personal guarantee from the person who signed it that she has first-hand knowledge that the key's userid accurately names the person who physically possesses the key (i.e., the signature validates the binding between userid and person). But you do not have a binding between your userid and your person, because your userid is a pseudonym, and a pseudonym is a name not bound to a person. Unless you reveal your pseudonym to someone and identify yourself according to the rules of the PGP Web of Trust, you should not be able to get signatures on your PGP public key. -- Fran Litterio franl at centerline.com (617-498-3255) CenterLine Software http://draco.centerline.com:8080/~franl/ Cambridge, MA, USA 02138-1110 PGP public key id: 1270EA1D From werewolf at io.org Sun Oct 2 18:26:43 1994 From: werewolf at io.org (Mark Terka) Date: Sun, 2 Oct 94 18:26:43 PDT Subject: List Down? Message-ID: Is the list down or is there nothing to talk about? I think I've gotten one message inthe last 36 hours. From hugh at ecotone.toad.com Sun Oct 2 18:45:21 1994 From: hugh at ecotone.toad.com (Hugh Daniel) Date: Sun, 2 Oct 94 18:45:21 PDT Subject: ADMIN: Re: List Down? In-Reply-To: Message-ID: <9410030141.AA26605@ecotone.toad.com> From now on please direct all such messages (as ~I am not seeing anything, the list must be down...~) directly to the list operators or insted of the everyone on the list. The whole of the 1000++ folks who read/archive the list do not need to see such 'noise'. ||ugh Daniel Sometimes Postmaster hugh at toad.com From schneier at chinet.chinet.com Sun Oct 2 19:00:41 1994 From: schneier at chinet.chinet.com (Bruce Schneier) Date: Sun, 2 Oct 94 19:00:41 PDT Subject: On Feistel Networks, S-Boxes, and Block Cipher Design Message-ID: ON FEISTEL NETWORKS, S-BOXES, AND BLOCK CIPHER DESIGN Claude Shannon defined the cryptographic principles of confusion and diffusion. Fifty years after this paper was written, these principles are still the cornerstone of good block cipher design. Confusion serves to hide any relationship between the plaintext, the ciphertext, and the key. Remember how linear and differential cryptanalysis can exploit even a slight relationship between these three things? Good confusion makes the relationship statistics so complicated that even these powerful cryptanalytic tools won't work. Diffusion serves to spread the influence of individual plaintext or key bits over as much of the ciphertext as possible. This also serves to hide statistical relationships, and make cryptanalysis more difficult. Confusion alone is enough. A cipher that consisted of a single lookup table of 64 bits of plaintext to 64 bits of ciphertext based on a key would be plenty strong. The problem is that large lookup tables require large amounts of memory to implement: 1020 bytes of memory for the above table. The whole point of block cipher design is to create something that looks like a large lookup table, but with much smaller memory requirements. The trick is to repeatedly mix confusion (with much smaller tables) and diffusion in a single cipher in different combinations. This is called a product cipher. Sometimes a block cipher that incorporates layers of substitution and permutation is called a substitution-permutation network, or even a SP network. Look back at function f of DES. The expansion permutation and P- box perform diffusion; the S-boxes perform confusion. The expansion permutation and P-box are linear; the S-boxes are nonlinear. Each operation is pretty simple on its own, but together they work pretty well. DES also illustrates a few more principles of block cipher design. The first is the idea of an iterated block cipher. This simply means taking a simple round function and iterating it multiple times. Two-round DES isn't very strong; it takes five rounds before all of the output bits are dependent on all of the input bits and all of the key bits. Sixteen-round DES is strong; 32-round DES is even stronger. Feistel Ciphers Most block algorithms that have appeared in the literature are Feistel Ciphers. The idea dates from the early 1970s. Take a block of length n and divide it into two halves of length n/2: L and R. Of course, n must be even. You can define an iterated block cipher where the output of the ith round is determined from the output of the previous round: L_i = R_(i-1) R_i = L_(i-1) XOR f(R_(i-1),K_i) K_i is the subkey used in the ith round, and f is an arbitrary round function. You've seen this concept in DES, Lucifer, FEAL, Khufu, Khafre, LOKI, and others. Why is it such a big deal? First off, the function is guaranteed to be reversible. Because XOR is used to combine the left half with the output of the round function, it is necessarily true that L_(i-1) XOR f(R_(i-1),K_i) XOR f(R_(i-1),K_i) = L_(i-1) A cipher that uses this construction is guaranteed to be invertible as long as the inputs to f in each round can be reconstructed. It doesn't matter what f is; f does not have to invertible. We can design f to be as complicated as we please, and we don't have to implement two different algorithms--one for encryption and another for decryption. The structure of a Feistel network takes care of all this automatically. Simple Relations DES has the property that if E_K(P) = C, then E_K'(P') = C', where P', C', and K' are the bitwise complements of P, C, and K. This property reduces the complexity of a brute-force attack by a factor of two. LOKI has complementation properties that reduce the complexity of a brute-force attack by a factor of 256. A simple relation can be defined as [KNU94]: If E_K(P) = C, then E_f(K)(g(P,K) = h(C,K) where f, g, and h are simple functions. By simple I mean that they are easy to compte, much easier than an iteration of the block cipher. In DES, f is the bitwise complement of K, g is the bitwise complement of P, and h is the bitwise complement of C. This is a result of XORing the key into part of the text. In a good block cipher, there are no simple relations. Methods for finding some of these weaknesses are in [KWA91B]. No Weak Keys In a good block cipher, all keys are equally strong. Algorithms with a small number of weak keys, like DES, are generally no problem. The odds of picking one at random are very small, and it's easy to test and discard them. However, these weak keys can sometimes be exploited if the block cipher is used as a one-way hash function. Strength Against Differential and Linear Cryptanalysis The study of differential and linear cryptanalysis has shed significant light on the theory of good block cipher design. The inventors of IDEA introduced the concept of differentials, a generalization of the basic idea of characteristics [LAI91B]. They argued that block ciphers can be designed in such a way to be resistant against this attack; IDEA is the result of that work [LAI91B]. This concept was further formalized in [NYB93], where Kaisia Nyberg and Lars Knudsen showed how to make block ciphers that were provably secure against differential cryptanalysis. Linear cryptanalysis is newer, and it is less clear what generic design techniques will protect a cipher against linear cryptanalysis. Knudsen has made some progress, considering some necessary (but not necessarily sufficient) criteria for what he calls practically secure Feistel ciphers: ciphers that are resistant to both linear and differential cryptanalysis [KNU94]. Nyberg introduced an analogy to the concept of differentials in differential cryptanalysis in linear cryptanalysis [NYB94]. Other work that extends the idea of linear cryptanalysis can be found in [PRE94A,KAL94B]. Interestingly enough, there seems to be a duality between differential and linear cryptanalysis. This duality becomes apparent both in the design of techniques to construct good differential characteristics and linear approximations [BIH95,MAT95], and also in the design criteria for making algorithms that are secure against both attacks [CHA95]. Exactly where this line of research will lead is still unknown. S-Box Design The strength of various Feistel ciphers--and specifically their resistance to differential and linear cryptanalysis--is tied directly to their S-boxes. This has prompted a spate of research on what constitutes a good S-box. An S-box is simply a substitution: a mapping of m-bit inputs to n-bit outputs. Above I talked about a single lookup table of 64- bit inputs to 64-bit outputs; that would be a single 64x64-bit S- box. A general S-box with an m-bit input and an n-bit output is called a mxn-bit S-box. S-boxes are generally the only non- linear step in an algorithm; they are what give a block cipher its security. In general, the bigger they are the better. DES has eight different 6x4-bit S-boxes. Khufu and Khafre have a single 8x32-bit S-box. In IDEA the modular multiplication step is effectively the S-box; it is a 32x32-bit S-box. The larger this S-box, the harder it is to find useful statistics about it to attack [GOR83]. Also, while random S-boxes are usually not optimal to protect against differential and linear attacks, it is easier to find strong S-boxes if the S-boxes are larger. Most random S-boxes are nonlinear, nondegenerate, and have have strong resistance to linear cryptanalysis--and the fraction that does not goes down rapidly as the number of input bits decreases [OCO91,OCO94,OCO94A]. The size of m is more important than the size of n. Increasing the size of n reduces the effectiveness of differential cryptanalysis, but it increases the effectiveness of linear cryptanalysis to a much greater degree. In fact, if n >= 2m - m, then there is definitely a linear relation of the input and output bits of the S-box. And if n >= 2m, then there is a linear relation of only the output bits [BIH95]. Much of this work involves the study of Boolean functions. In order to be secure, the Boolean functions used in S-boxes must satisfy specific conditions. They should not be linear, nor should they be close to linear [ADA90,NYB91,NYB93A]. There should be a balance of zeros and ones, and no correlations between different combinations of bits. The output bits should behave independently when any single input bit is complemented. These design criteria are also related to the study of bent functions. One property that seems very important is the diffusion of information: how many output bits of an S-box change when some subset of the input bits are changed. This is called the avalanche effect. It's easy to impose conditions on Boolean functions so that satisfy certain avalanche criteria, but constructing them is a harder task. The strict avalanche criteria (SAC) guarantees that exactly half of the output bits change when one input bit changes [WEB86]. A few years ago cryptographers proposed choosing S-boxes so that the different distribution table for each S-box is uniform. This would provide immunity against differential cryptanalysis by smoothing out the differentials in any particular round [ADA92,DAW91A,DAW91,NYB91]. LOKI is an example of this design. However, this approach can sometimes aid in differential cryptanalysis [BIH92B]. Actually, a better approach is making sure that the maximum differential is as small as possible. Kwangjo Kim proposed five criteria for the construction of S- boxes [KIM93A], similar to the design criteria for the DES S- boxes. Choosing good S-boxes is not an easy task, and there are many competing ideas on how to do it. Four general approaches can be identified: Choose randomly: It is clear that small random S-boxes are insecure, but large random S-boxes may be good enough. Random S-boxes with 8 or more inputs are quite strong. And even more strength is added if the S-boxes are both random and key-dependent. IDEA uses both large and key-dependent S-boxes. Choose and test: Some ciphers generate random S-boxes and then test them for the requisite properties. See [ADA90] for an example of this approach. Man-made: This technique uses little mathematics; S-boxes are generated using more intuitive techniques. Bart Preneel stated that "...theoretically interesting criteria are not sufficient [for choosing Boolean functions for S-boxes]..." and that "...ad hoc design criteria are required" [PRE93]. Math-made: Generating S-boxes according to mathematical principles so that they have proven security against differential and linear cryptanalysis, and good diffusive properties. See [NYB94A] for an excellent example of this approach. There has been some call for a combination of he "math-made" or "man-made" approaches [ROB94], but the real debate seems to be between randomly-chosen S-boxes and S-boxes--whether created or culled--that have certain properties. Certainly the latter approach has the advantage of being optimal against known attacks--linear and differential cryptanalysis--but it offers unknown protection against unknown attacks. The designers of DES knew about differential cryptanalysis, and the DES S-boxes were optimized against it. They did not seem to know about linear cryptanalysis, and the DES S-boxes are very weak against it [MAT95]. Random S-boxes in DES would be weaker against differential cryptanalysis and stronger against linear cryptanalysis. On the other hand, random S-boxes may not be optimal against known attacks but they can be made sufficiently large and therefor sufficiently resistant. And they are more likely to be sufficiently resistant against unknown attacks. The debate is still going on, but my personal feeling is that S-boxes should be as large as possible, random, and key-dependent. [ADA92] C.M. Adams, "On Immunity Against Biham and Shamir's 'Differential Cryptanalysis,'" Information Processing Letters, v. 41, n. 2, 1992, pp. 77-80. [ADA90] C.M. Adams and S.E. Tavares, "The Structured Design of Cryptographically Good S-Boxes," Journal of Cryptology, v. 3, n. 1, 1990, pp. 27-41. [BIH95] E. Biham "On Matsui's Linear Cryptanalysis," Advances in Cryptology--EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear. [BIH92B] E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993. [CHA95] F. Chabaud and S. Vaudenay, "Links Between Differential and Linear Cryptanalysis," Advances in Cryptology--EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear. [DAW91A] M.H. Dawson and S.E. Tavares, "An Expanded Set of Design Criteria for Substitution Boxes and their Use in Strengthening DES-like Cryptosystems," IEEE Pacific Rim Conference on Communications, Computers, and Signal Processing, IEEE, Victoria, BC, Canada, 9-10 Mary 1991, pp. 191-195. [DAW91] M.H. Dawson and S.E. Tavares, "An Expanded Set of S-box Design Criteria Based on Information Theory and its Relation to Differential-like Attacks," Advances in Cryptology-- EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 352- 367. [GOR83] J.A. Gordon and R. Retkin, "Are Big S-boxes Best?" Cryptography, Proceedings of the Workshop on Cryptography, Burg Feuerstein, Germany, March 29-April 2, 1982, Springer- Verlag, 1983, pp. 257-262. [KAL94B] B.S. Kaliski and M.J.B. Robshaw, "Linear Cryptanalysis Using Multiple Approximations," Advances in Cryptology-- CRYPTO '94 Proceedings, Springer-Verlag, 1994. [KIM93A] K. Kim, "Construction of DES-like S-boxes Based on Boolean Functions Satisfying the SAC," Advances in Cryptology--ASIACRYPT '91 Proceedings, Springer-Verlag, 1993, pp. 59-72. [KNU94] L.R. Knudsen, "Practically Secure Feistel Ciphers," Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 211-221. [KWA91B] M. Kwan and J. Pieprzyk, "A General Purpose Technique for Locating Key Scheduling Weakness in DES-like Cryptosystems," Advances in Cryptology--ASIACRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 237-246. [LAI91B] X. Lai, J. Massey, and S. Murphy, "Markov Ciphers and Differential Cryptanalysis," Advances in Cryptology-- EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 17-38. [MAT95] M. Matsui, "On Correlation Between the Order of the S- boxes and the Strength of DES," Advances in Cryptology-- EUROCRYPT '94 Proceedings, Springer-Verlag, 1995, to appear. [NYB91] K. Nyberg, "Perfect Nonlinear S-boxes," Advances in Cryptology--EUROCRYPT '91 Proceedings, Springer-Verlag, 1991, pp. 378-386. [NYB93A] K. Nyberg, "On the Construction of Highly Nonlinear Permutations," Advances in Cryptology--EUROCRYPT '92 Proceedings, Springer-Verlag, 1991, pp. 92-98. [NYB94] K. Nyberg, "Provable Security Against Differential Cryptanalysis," presented at the rump session of Eurocrypt '94, May 1994. [NYB94A] K. Nyberg, "Differentially Uniform Mappings for Cryptography," Advances in Cryptology--EURORYPT '93 Proceedings, Springer-Verlag, 1994, pp. 55-64. [NYB93] K. Nyberg and L.R. Knudsen, "Provable Security Against Differential Cryptanalysis," Advances in Cryptology--CRYPTO '92 Proceedings, Springer-Verlag, 1993, pp. 566-574. [OCO91] L. O'Connor, "Enumerating Nondegenerate Permutations," Advances in Cryptology--EUROCRYPT '93 Proceedings, Springer- Verlag, 1994, pp. 368-377. [OCO94] L. O'Connor, "On the Distribution of Characteristics in Bijective Mappings," Advances in Cryptology--EUROCRYPT '93 Proceedings, Springer-Verlag, 1994, pp. 360-370. [OCO94A] L. O'Connor, "On the Distributino of Chracteristics in Composite Permutations," Advances in Cryptology--CRYPTO '93 Proceedings, Springer-Verlag, 1994, pp. 403-412. [PRE93] B. Preneel, "Analysis and Design of Cryptographic Hash Functions," Ph.D. diss., Katholieke Universiteit Leuven, Jan 1993. [PRE94A] B. Preneel and V. Rijmen, "On Using Maximum Liklihood to Optimize Recent Cryptanalytic Techniques, " presented at the rump session of EUROCRYPT '94, May 1994. [ROB94] M.J.B. Robshaw, "Block Ciphers," Technical Report TR-601, RSA Laboratories, Jul 1994. [WEB86] A.F. Webster and S.E. Tavares, "On the Design of S- Boxes," Advances in Cryptology--CRYPTO '85 Proceedings, Springer-Verlag, 1986, pp. 523-534. From tcmay at netcom.com Sun Oct 2 19:12:56 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 2 Oct 94 19:12:56 PDT Subject: Nom de guerre public key In-Reply-To: Message-ID: <199410030212.TAA10713@netcom6.netcom.com> Fran Litterio wrote: > Unless you reveal your pseudonym to someone and identify yourself > according to the rules of the PGP Web of Trust, you should not be able > to get signatures on your PGP public key. What are the "rules of the PGP Web of Trust"? I've seen a couple of "BlackNet" public keys on the MIT Key Server, and I doubt rather strongly that the creators of BlackNet(s) identified himself or herself (or itself, even). Tying public keys to physical persons is _one_ approach, but not the only one. If fact, for a lot of intended uses of public key crypto, multiple keys will be generated and discarded. Granted, they won't necessarily ever appear on any of the main keyservers, but they might. The "web of trust" models how we pass on advice, introduce others with our recommendations, etc., but it is not a very formal thing. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From unicorn at access.digex.net Sun Oct 2 19:30:41 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Sun, 2 Oct 94 19:30:41 PDT Subject: Impact of Free Strong Crypto (Essay of sorts) Message-ID: <199410030230.AA22723@access4.digex.net> If the below is cut off by your mailer or mine, please drop me a note and I shall send you a complete copy. -uni- (Dark) -----BEGIN PGP SIGNED MESSAGE----- Political Ramifications of Free Encryption Technology. To me the Cypherpunks represent the drive to free technology from a regimented, collectivist, and centralized regulatory structure. So deep does this inclination seem to run that even liberal programs that might extend the reach of high technology particularly communications and data storage or processing technologies, through social reform are looked at almost universally with distaste. There is almost a disgust at the mere notion of Federal Government involvement in the development and distribution of technology. (Reaction to Al Gore's programs are a demonstration of this attitude). Some on the list would certainly disagree, feeling that government should take responsibility to promise equal access in the face of the amazing disparity selectively distributed technology would create, but I feel these are mere philosophical differences in methodology, and not major conflicts in goals. In some ways this debate is so powerful and threatens to fill so much bandwidth that some Cypherpunks seem to resist any political content on the list. (Witness the many clashes about what the Cypherpunks list is really for, and whether political topics even have a place therein). A treatment of the merits of Government involvement in distributional aspects of technology, or the level of regulation required or desired goes beyond the scope of this work. I wish instead to focus on the likely institutional reaction to a Cypherpunk victory. This necessarily requires a good deal of assumption on my part. Probably also some assumptions that are likely to make as many people happy as upset. I think the underlying analysis below is sound whatever the political persuasions of the reader. That being said let it be known that I consider the following as a "Cypherpunk victory." 1. Complete freedom of technology, particularly encryption technology, regulated only by market forces. This implies the lack of import/export restrictions, and a complete absence of projects designed to limit technology, or to standardize it for nefarious ends like Clipper. 2. A wide market of hardware and software products allowing, among other things, strong, transparent cryptography for voice, data, fax, cellular, and video communications. 3. Active and profuse vendors of related applications of the above technologies, including among others, digital banking, and anonymous mail (in my use including video, voice, data, and true digital cash). I think these are all possible (however likely or unlikely) within the next five years. Many Cypherpunks will necessarily draw a "fall of modern government" effect from the above conditions. Others will see the existence of a regulatory entity much lessened in importance and control than today. Still others will predict little change at all. Whatever your position, I think it is clear that government, like any entity, will seek to survive despite the above conditions. I assume in my construct that the Federal Government has fought these points on all fronts (a safe bet in my view) but lost (a less likely scenario to me in the next five years). Given these facts, how is government likely to adjust? Surely not without a fight to survive even in the face of what many see as impending doom for revenue collection and law enforcement. I have often commented that Cypherpunks see things about 6 months to 2 years before the popular culture begins to catch the scents. It is surprising to me then that the list (as far as I know) has been so stuck in the present with regard to the likely reaction to long term Cypherpunk goals. Most political discussions deal either with the present Federal Government threat, (Clipper, Digitel, Information Superhighway) or with the long term promise of Cypherpunk technology, but not the future Federal Government response to said technology. Partly I think this is attributable to the perception that the Federal Government is as much behind the times as popular culture. Technically this is probably true on the whole. (Dorthy Denning being short sighted enough to insist that law enforcement needs wiretap ability because they have always had such an ability. Ms. Denning's similarly dense arguments based on statistics to the effect that since law enforcement has used wiretaps so often, they must be indispensable and thus must be preserved. What Ms. Denning never mentions, either accidentally or with intent, are the alternatives). But it is equally true that there is, or there appears to be, some foresight on the policy level as to the implications of the new technology on the long term. (The Clipper proposal is either a entirely absent minded program which can never work because the goal really is a non-mandatory non- regulatory standard creation, or it is an adept foot in the door coup. A tour de force program in conjunction with Digitel, Information Highway, and NIST designed to preempt technology.) So what if the Cypherpunks win? How will the complete inability of law enforcement (Federal or Local) to conduct wiretaps impact collection? Those who think that law enforcement will just have to go away might want to reconsider. Instead I think that law enforcement will simply become much more intrusive as a response to the unavailability of easy interception via wiretapping. Recently on the list it was pointed out that few if any serious ciphers have been cracked without a Human Intelligence component. Indeed many of the later successes against the Enigma machines could be found in German operator laziness rather than pure analytical prowess. One Signals Intelligence type mentioned that his job was made much easier by the propensity of the German communication officers he was responsible for to use obscenities for their Enigma keys. Currently wiretaps are so popular not because they are indispensable but because a series of court decisions have made them the simplest, and cheapest method of Criminal Intelligence. Cases like _Smith v. Maryland_, 442 U.S. 735 (1979) have placed a fairly low burden on the law enforcement officials seeking to intercept telephone conversations, and almost no burden on those who wish to intercept call setup information. It is no surprise then that they have become so frequently used in criminal investigation and are so often cited as well as jealously defended as critical. Given the national anti-crime sentiment (even far left democrats seem to have given up on rehabilitation, and any astute politician who aspires to another term is terrified of being portrayed as soft on crime), the position that secure communications will solve the lack of oversight and intrusiveness of law enforcement conveniently ignores the constitutional "adjustments" that were made in the face of the national neurosis with the war on drugs. Instead Federal and Local law enforcement will begin to rely on Human Intelligence as well as more intrusive site collection to work around the technologically intensive and prohibitively expensive Signals Intelligence in the new era. Courts, tired of dismissing hundreds of otherwise legitimate looking cases, are likely to judicially erode the constitutional protections protecting citizens from search and seizure particularly with reference to an increased law enforcement reliance on more intrusive room surveillance equipment. In the context of the Fourth Amendment's structure this becomes a particularly difficult problem. The Exclusionary Rule provides for the rejection of evidence collected in violation of the Fourth Amendment (there is no effective civil remedy) but as many commentators have pointed out this is a particularly difficult thing for a judge to do. Exclusionary Rule motions come in the context of a convicted criminal, who most often was fairly obviously guilty, but who would be released without the evidence in question. Most of today's Exclusionary Rule law comes from drug cases as it became increasingly difficult in the late 1970's and early 1980's to overturn convictions where two kilograms of cocaine was discovered by a questionable search. Will not this same judicial activism be used to expand law enforcement's freedom to use room bugs and other intrusive methodology in the face of the argument that wiretapping is impossible? Similarly is it likely that law enforcement will begin to rely on Human Intelligence to a much greater extent. Targeted political organizations will be infiltrated with a much greater degree of aggressiveness, perhaps even surpassing levels of the 1960's. Frustration in law enforcement inability to penetrate the more advanced criminal circles will probably result in very creative interpretation of the rules, if not an outright disregard for them, to secure convictions. More alarming perhaps are the ramifications for banking transactions. In the absence of an ability to monitor transactions electronically Human Intelligence will be forced to fill in the gaps, creating a great demand for informants within the banking and financial industries. The SEC simply will be unable to function as it does today without electronic monitoring of transactions. Instead brokerage firms, high profile investors and financial institutions are more likely to be attacked with Human Intelligence and informants, perhaps even outright theft of records. The implications for even the moderate level investor are ominous. Given the flexibility of constitutional interpretation demonstrated by the New Deal legislation, is it any mystery that the new law enforcement methodology will be supported by the courts, especially in the face of complete law enforcement breakdown? The only real practical legal recourse would be a clarification to the courts by the legislature. However, if the current anti-crime atmosphere endures it is highly unlikely that any legislator will go on record as a obstacle to law enforcement by checking the courts back. The Cypherpunks must ask themselves how to address these issues, and recognize the potential political impact of high technology and the losing law enforcement battle to keep up. Would a Cypherpunk victory merely be bypassed by a clever end run? Is this a case of "Even when you win you lose"? - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.6ui iQCVAgUBLo96MhibHbaiMfO5AQGiJgP+L9QiTUrtJ7J3YbsQIFR8+ZzB9zgdZm3F erm7bOstN9PzFJ2id5XI1vWeq1zK1/WGsd+r7F0uG0cDrolY1INlKdM+PACfgEfz JAPsJeZRbWLEQolFeNT1Kzmo3EzAWiNRo1OBBfaPdnmEGJDHTWvQlrNF0gftr9WO cTvYC2fGfHM= =K3c4 -----END PGP SIGNATURE----- -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jamesd at netcom.com Sun Oct 2 20:28:28 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 2 Oct 94 20:28:28 PDT Subject: Mandatory Email verification In-Reply-To: <9409301808.AA04195@moonlight.noname> Message-ID: <199410030328.UAA23919@netcom8.netcom.com> Ken Landaiche writes > I have seen that > any system a human can devise, another human can eventually break. False. Most cryptographic algorithms these days are secure. Windows NT is secure. > This > leads me to believe that eventually we will have to begin acting on our > honor, Walking through a security hole on a computer is not necessarily dishonorable, though many dishonorable things can be done once you are through that hole. > and provide severe consequences for dishonorable behavior. If "we" provide "sever consequences" then we are not relying on honor, but on coercion. I > haven't finished working out what "honor" means in this social context. So I see. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From bogus at no.return.address Sun Oct 2 20:32:58 1994 From: bogus at no.return.address (Underdog) Date: Sun, 2 Oct 94 20:32:58 PDT Subject: Nom de guerre public key Message-ID: <199410030332.XAA21506@ducie.cs.umass.edu> -----BEGIN PGP SIGNED MESSAGE----- From: Louis Cypher >> A signature on your PGP public key is a personal guarantee from the >> person who signed it that she has first-hand knowledge that the key's >> userid accurately names the person who physically possesses the key >> (i.e., the signature validates the binding between userid and person). >> But you do not have a binding between your userid and your person, >> because your userid is a pseudonym, and a pseudonym is a name not >> bound to a person. > >Actually, this is not true. A signature on a key is a personal >guarantee from the signer that binds the user-id to the _KEY_, not >necessarily a person. The problem is validating that key<->userID >binding in a pseuodnymous case. For example, in the case of a real >person, you can send me a message to "warlord at MIT.EDU" and later meet >me in person, and I can verify that I received the message by >responding in some appropriate manner. > >But you cannot perform this check for a pseudonymous identity, because >there is no secure way to prove that that key really belongs to some >identity. > >Just for an example, I am fairly certian that there is a single >identity behind Pr0duct Cypher (speaking of PC -- I heard from you in >a while), but it is difficult to securely obtain assurance of the >binding behind the key and the keyid. > With a pseudonym, all a signature really says is that this is the key that always goes with the posts signed by this nym. Assuming there has not been more than one key claiming to be the "real" nym, then after a while there can be no doubt that the key and nym go together (which is all that was to be proved). Personally, I sign nyms that have existed consistently for some time. I have never distributed any of these signed keys, but see no harm in doing so as long as the key's user-id field clearly indicates that the key is a nym and not a person. A sig on a key by a notable like Tim May would help keep new users from getting taken in my some interloper claiming to be Pr0duct Cypher. >> Unless you reveal your pseudonym to someone and identify yourself >> according to the rules of the PGP Web of Trust, you should not be able >> to get signatures on your PGP public key. > >Well, this isn't the case. It is possible to set up a server that >compares userID to mailID in some secure manner. For example, there >were some way to get a secure mail from a user to a server, and the >server could verify the mail address, and then validate the mail >address to pgp keyID. > >-derek If I am trying to maintain a truly anonymous pseudonym, I am hardly likely to allow to connect my key with an email address. All a sig on a pseudonym's key means, is that is the key which signs posts from that nym, not such a hard thing to demonstrate with enough empirical evidence. -Louis Cypher P.S. I can be reached privately by leaving a message in alt.anonymous.messages with my name in the subject line. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLo9uWKyHUAO76TvRAQFVpwP+PJ9Ratos4OirW5VvO+r8ZdYig4e4JsR1 T2UGzFsyCLJnG+IyPc3d2xh3ipyM4Ifaw9pcp4xNJuimzaWyU+MfAzCr4IF6CLB2 R8+s/HW8kH5uiXdV+NCv95OL7zBI4p9GiWBiphsfcEkKkhI1CiHXhcoDR6CIIfdO MVe2HEASEng= =Dfb5 -----END PGP SIGNATURE----- From tcmay at netcom.com Sun Oct 2 20:42:32 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 2 Oct 94 20:42:32 PDT Subject: Impact of Free Strong Crypto (Essay of sorts) In-Reply-To: <199410030230.AA22723@access4.digex.net> Message-ID: <199410030331.UAA22756@netcom6.netcom.com> A good essay by Black Unicorn (whose physical ID, by the way, is unknown to us, despite his reputation and digsig). Just when some of you thought the list was becoming dormant... (I'll try to respond only to a handful of points, eliding the rest.) Black Unicorn wrote: > To me the Cypherpunks represent the drive to free technology from a > regimented, collectivist, and centralized regulatory structure. So deep > does this inclination seem to run that even liberal programs that might > extend the reach of high technology particularly communications and data > storage or processing technologies, through social reform are looked at > almost universally with distaste. There is almost a disgust at the mere Yes, it's quite amazing to me that what might be called the "libertarian agenda" is so little disputed here. To be sure, many are unhappy with mentions of guns or the like, and protest, but the core ideas of voluntary interactions are seldom challenged. This may be a good lesson for the larger political community: on matters of personal and economic privacy, even modern liberals don't favor an expanded role for the state. ... > is sound whatever the political persuasions of the reader. That being said > let it be known that I consider the following as a "Cypherpunk victory." > > 1. Complete freedom of technology, particularly encryption technology, > regulated only by market forces. This implies the lack of import/export > restrictions, and a complete absence of projects designed to limit > technology, or to standardize it for nefarious ends like Clipper. I think we almost have this won. There are so many degrees of freedom, so many ways to move data, that attempts to control data flow seem doomed. We can't stop lobbying, of course. (The FBI had a comment that if Digital Telephony is delayed by two years--and this was said (by Kelleher, I think, though I don't feel like grepping through my archives to find the exact quote...it may be in the FAQ) in early 1994--that this delay would make it "too expensive" to ever try it again...monkeywrenching the EFF's Wiretap Bill seems like a good goal to me.) > 2. A wide market of hardware and software products allowing, among other > things, strong, transparent cryptography for voice, data, fax, cellular, > and video communications. This one I am less sanguine about. PGP is just too hard to use--witness the incredible amount of time being consumed in debates about it, about features, bugs, etc., and the difficulties in integrating into ordinary work habits, for most people. Commercial crypto is not moving very quickly. > 3. Active and profuse vendors of related applications of the above > technologies, including among others, digital banking, and anonymous mail > (in my use including video, voice, data, and true digital cash). > > I think these are all possible (however likely or unlikely) within the next > five years. I thought it would take 5 years, too. Back in 1988. Oh well. But by 1999, lots of time for change. And we may see a digital cash application just "pop out of nowhere," just as VCRs did. > likely scenario to me in the next five years). Given these facts, how is > government likely to adjust? Surely not without a fight to survive even in > the face of what many see as impending doom for revenue collection and law > enforcement. By the way, I devoted a *lot* of space in my Cyphernomicon FAQ to issues like this, including one section entitled "How will Crypto Anarchy Be Fought?" > I have often commented that Cypherpunks see things about 6 months to 2 > years before the popular culture begins to catch the scents. It is > surprising to me then that the list (as far as I know) has been so stuck in > the present with regard to the likely reaction to long term Cypherpunk > goals. Most political discussions deal either with the present Federal Again, I think my FAQ has a suitably long term focus. Especially on the implications of anonymous systems, digital cash, data havens, etc., on societal systems. Lots of amazing implications. Some I no doubt have wrong, but I don't think I'm mired in the present. And I think we have indeed seen things coming before a lot of others did. The latest such alert, by Carl Ellison, myself, and others, is about "software key escrow," or what Carl dubs "GAK" (government access to keys). I think SKE is the wave of future repression, worth starting to fight now. The popular media is largely oblivious to it, as usual. (John Markoff, of the NY Times, is on top of it, more so than most of us, and is waiting for the right time to do something on this.) > Government threat, (Clipper, Digitel, Information Superhighway) or with the > long term promise of Cypherpunk technology, but not the future Federal > Government response to said technology. Partly I think this is > attributable to the perception that the Federal Government is as much > behind the times as popular culture. Technically this is probably true on > the whole. (Dorthy Denning being short sighted enough to insist that law > enforcement needs wiretap ability because they have always had such an > ability. Ms. Denning's similarly dense arguments based on statistics to > the effect that since law enforcement has used wiretaps so often, they must > be indispensable and thus must be preserved. What Ms. Denning never > mentions, either accidentally or with intent, are the alternatives). But > it is equally true that there is, or there appears to be, some foresight on Dorothy Denning is deeply involved with SKE, working with Miles Schmid of the NSA and the folks from Trusted Information Systems (according to Whit Diffie, who saw a joint presentation by the bunch of them in Karlsruhe, and their glee that the Micali escrow patent will likely be overturned due to prior art in Europe). > How will the complete inability of law enforcement (Federal or Local) to > conduct wiretaps impact collection? Those who think that law enforcement > will just have to go away might want to reconsider. Instead I think that > law enforcement will simply become much more intrusive as a response to the > unavailability of easy interception via wiretapping. I don't think the state will fold up its tent and fade away (to mix some metaphors). I think we'll see some "Wacos in cyberspace," some invocations of the Four Horsemen of the Infocalypse (Terrorists, Pedophiles, Money Launderers, and Pornographers), and some repressive laws involving national ID cards, reporting of all economic transactions on the Net, etc. Lots of things they can do. Lots of people will be killed by the thrashings of the dying beast. ... > war on drugs. Instead Federal and Local law enforcement will begin to rely > on Human Intelligence as well as more intrusive site collection to work > around the technologically intensive and prohibitively expensive Signals > Intelligence in the new era. Courts, tired of dismissing hundreds of > otherwise legitimate looking cases, are likely to judicially erode the > constitutional protections protecting citizens from search and seizure > particularly with reference to an increased law enforcement reliance on > more intrusive room surveillance equipment. In the context of the Fourth I don't think HUMINT is too likely to increase, as it costs so damned much to hire all those agents. I do think we'll see--and are already seeing--erosions of formerly sacred rights. (Black U. and I are obviously addressing our comments to mostly American issues. Your mileage may vary.) "Conspiracy" is already a catch-all, and the plethora of laws that nearly everyone is always breaking can be used to cut deals. A nation of cybernetic Pavel Morozovs, all informing on our neighbors. (Ironically, this erosion could _accelerate_ the shift to more secure systems, as even average people fear being caught up in alleged crimes.) > Amendment's structure this becomes a particularly difficult problem. The > Exclusionary Rule provides for the rejection of evidence collected in > violation of the Fourth Amendment (there is no effective civil remedy) but > as many commentators have pointed out this is a particularly difficult > thing for a judge to do. Exclusionary Rule motions come in the context of Also, many illegal wiretaps and black bag jobs are done not to secure evidence--which is inadmissable--but in furtherance of investigations, and to point to evidence they _can_ get a search warrant for. (I submit that the FBI wants DT for largely this reason, and all the calculations of "cost per wiretap" and how they are exorbitantly expensive miss this essential point!) > extent. Targeted political organizations will be infiltrated with a much > greater degree of aggressiveness, perhaps even surpassing levels of the > 1960's. Frustration in law enforcement inability to penetrate the more Probably true. In all fairness to ourselves, we actually are part of a larger threat (notice that I'm only calling Cypherpunks a _part_ of this, as to claim overall credit would be absurd) to the status quo than the Black Panthers were in the 1960s. Think about it. > More alarming perhaps are the ramifications for banking transactions. In > the absence of an ability to monitor transactions electronically Human > Intelligence will be forced to fill in the gaps, creating a great demand > for informants within the banking and financial industries. The SEC simply > will be unable to function as it does today without electronic monitoring > of transactions. Instead brokerage firms, high profile investors and > financial institutions are more likely to be attacked with Human > Intelligence and informants, perhaps even outright theft of records. The > implications for even the moderate level investor are ominous. Indeed. But this is already occurring in a major way. The major credit reporting agencies collude in central ways with the government (as with the faked credentials used for the Witness Security Program, for spies, etc.). Banks already collude (BCCI was not a fluke, just a CIA front bank, like Castle Bank, Nugan Hand Bank, and Bank of America). Strong crypto and anonymous systems will ultimately be _helped_ by this duplicity, ironically. > Given the flexibility of constitutional interpretation demonstrated by the > New Deal legislation, is it any mystery that the new law enforcement > methodology will be supported by the courts, especially in the face of > complete law enforcement breakdown? I go further on this point even than Black Unicorn does. I think there's a reasonable chance that a "state of national emergency" will be declared. Lots of things could trigger this, and I don't think it's just millenialist paranoia to believe certain Emergency Orders could be triggered. Military manouvers have planned for this (REX-84, Operation Night Train, FEMA, etc.). > The Cypherpunks must ask themselves how to address these issues, and > recognize the potential political impact of high technology and the losing > law enforcement battle to keep up. Would a Cypherpunk victory merely be > bypassed by a clever end run? Is this a case of "Even when you win you > lose"? Important for us to think about these issues, to be sure. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From warlord at MIT.EDU Sun Oct 2 21:13:35 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Sun, 2 Oct 94 21:13:35 PDT Subject: PGP 2.6.2?? In-Reply-To: <4LIZkOwsc-m8072yn@io.org> Message-ID: <9410030413.AA22993@hodge-podge.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- To: werewolf at io.org (Mark Terka) cc: cypherpunks at toad.com Subject: Re: PGP 2.6.2?? In-reply-to: Your message of "Sat, 01 Oct 1994 05:00:52 EDT." <4LIZkOwsc-m8072yn at io.org> - -------- > I saw in alt.security.pgp recently that a new release of PGP was due > in the next few days from MIT. Evidently this version will handle the > generation of keys of up to 2048 bits. > > Can anyone substantiate this? Yes, I can. In fact, I am patching 2.6.1 up to 2.6.2 as I write this letter. There _will_ be a 2.6.2 release, although I cannot confirm the date it will be released. Most likely, it will not be released for at least a week, possibly longer than that, depending on testing results. Official notice will be sent out when the release occurs. Actually, the code will still not _generate_ 2048-bit keys, but it will accept them properly. In the near future PGP will most likely generate keys that size. The official PGP FAQ, Buglist, Improvements is on the Web: http://www.mit.edu:8001/people/warlord/pgp-faq.html This gets updated whenever I receive new bug reports and/or improvements to PGP. Be warned: this URL is subject to change without notice. Hope this answers your questions. - -derek -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQBuAwUBLo+EqDh0K1zBsGrxAQHhGwLDBeXuV1SZDkDe8Zjtgrda8TA68gSYvKoL Re6oR3B84QtD1392E9ArPbejxiNuzPc188SGEo/fMabQnoOWsfaP5sihz+GxIswk TFub8q6MC7RaEsYJi1TGk7E= =qQOJ -----END PGP SIGNATURE----- From scmayo at rschp2.anu.edu.au Sun Oct 2 21:16:56 1994 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Sun, 2 Oct 94 21:16:56 PDT Subject: Manufacturing quantum computers Message-ID: <9410030416.AA10229@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Hi all, Regarding the quantum cryptography thread: Some people expressed the view that although the idea may be workable, the manufacturing technology was a long way of being able to produce quantum computers. The quantum dot design proposed by Eckert et al for a quantum "factorisation engine" requires 100000 quantum dots (to factorise RSA-129 or similar) which are each about 10nm across to be fairly densly packed onto a chip. I'm not so sure about this being 'a long way off' in terms of materials technology, and I found the following article on WWW which describes some relevant research into this kind of manufacturing at a US army research centre. I found this on the FedWorld (US Govt, http://www.fedworld.gov/ ) pages.... ============================================================ Part of the "unique ARL (Army Research Lab) facilities" page http://info.arl.army.mil/UAFD/uafd.html ============================================================ Ultralithography Center. This facility provides the Army and DoD with a capability that significantly impacts the development of novel ultra-submicron electronic device technology required by next-generation and future military systems. A multi-million-dollar Leica (Philips) EBPG-5HR electron-beam lithography system, which represents the state of the art in ultra-high-resolution device patterning, is housed in a newly constructed clean room. The Leica EBPG-5HR accomplishes lithography by scanning a finely focused beam of high-energy electrons over an electron-sensitive polymer coating applied to the substrate surface. With an electron beam spot size approaching 10 nm, the Leica EBPG-5HR provides an effective solution to the most demanding lithographic applications, including ultra-small (250 angstrom [= 25nm]) electronic and photonic devices. These devices will provide an enabling foundation for next-generation Army electronic and optoelectronic systems. Devices such as sub-100-nm gate length millimeter-wave high-electron- mobility transistors (HEMTs), novel quantum-effect and mesoscopic (phase-preserving) devices, and quantum-well infrared photo-detectors are patterned with this system. The instrument's high acceleration voltage (100kV) provides a unique capability to pattern closely spaced nanometer-scale device features without feature or sample- related distortion. Automated calibration permits the writing of undistorted patterns over the large sample areas required to fabricate many photonic devices and optoelectronic circuits. ======================================================= Well there you go. Perhaps the technology is nearer than we think. Of course this still doesn't answer the noise problem that critics of the proposed technique think will render it all but useless. However I wanted to make the point that we shouldn't be complacent about the materials technology side of things. Tim May makes the point that he is not selling his shares in intel, and that conventional chip technology is not about to be supplanted. The problem with this IMHO is that these are not two completely different technologies we are talking about. The constantly improving techniques being used to cram more and more onto conventional chips are directly applicable to the manufacture of these proposed quantum dot devices. Just my 2 cents Sherry Sheridan C. Mayo | WWW pages include caving, sci fi and RSC, ANU, Australia | crypto pages. NEW: X-files has its own scmayo at rschp2.anu.edu.au | page with gifs/sounds/fanfic etc. Finger for PGP key | http://rschp2.anu.edu.au:8080/local.html -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLo+G9uFu4n6w1qeBAQGVMgP+Kechf44WUe11qnQG5cD3Ybf+NuNc9jjr ajI7ZXYmZgQb1xdhS7ruy+UOo39zBCPxgKOaCahAniKV9vlNOmHB2pqAr8aYoMWt olhDdZdEWSGrLPAvfh4gVa/T8GI9C2NPc7kusIZujlVHnemBbSSz6FW+dJedR/FE oRKvzzW0IHs= =Ub7K -----END PGP SIGNATURE----- From tcmay at netcom.com Sun Oct 2 22:12:05 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 2 Oct 94 22:12:05 PDT Subject: The Decline of Liberty Message-ID: <199410030511.WAA02372@netcom6.netcom.com> My favorite old curmudgeon, Jeff Cooper, has some interesting things to say in the 27 Sep issue of "Cooper's Commentaries," (cf. rec.guns). "The subjection to which the American citizen is now exposed every day of his life is so great that the whole idea of liberty ("That which does not injure one's neighbor") is almost totally lost. The greatest of despots, Louis XIV, never told his subjects what they could or could not eat and drink, and he never told them how to conduct their private lives." I won't even try to add more to what he has said. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From solman at MIT.EDU Mon Oct 3 01:17:09 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 3 Oct 94 01:17:09 PDT Subject: Anyone seen the 'quantum cryptanalysis' thread? In-Reply-To: <199409291241.AA11195@panix.com> Message-ID: <9410030816.AA25214@ua.MIT.EDU> [sorry if this is way out of it, I haven't had time to keep up with my c-punks mail lattely] Duncan writes > It's easier to make an omlette out of eggs than to make eggs out of an > omlette so encryption should remain well ahead of decryption. As I'm sure somebody else has pointed out somewhere along this thread, the ability to simultaneously analyze a superposition of an arbitrarilly large subset of all possible imputs (as our theoretical quantum cryptanalytic device might) implies to ability to solve, in polynomial time, any exponential time problem. [Its easy to consider a device which, given a superposition of a subset of all numbers less than 2^n, delivers as output a confirmation or denial that one of the numbers in the subset is a factor of the input modulus. Such a device can factor in order n time complexity simply by playing higher lower games and guessing one bit at a time] I want to take issue Duncan's analogy here however. It starts off well: > "It's easier to make an omlette out of eggs than to make eggs out of an > omlette" This is like saying entropy always wins, which it does. It will always be easier to take apart and destroy than to create. Then he continues: > So encryption should remain well ahead of decryption Which process is increasing order and which process is increasing entropy? I think an encrypted message is a highly ordered construct. In its natural state, information can be read by everyone. Upon this state encryption imposes order. It allows a specific subset of all entities to read the information. In the total cyberspatial system, none of the original information has been lost, yet new information has been added. I look at encryption as the tool that will allow us to build up an orderly society within the natural anarchy of cyberspace. Encryption is an artifact of order. And as such I would expect science to eventually uncover a mechanism that makes it easier to breakdown this order than to create it in the first place. I suppose it is plausible that there exists a class of Quantum-Hard problems, but it is difficult for me to conceptualize such a class of problems. It seems like quantum computation is capable of decreasing the time complexity of any problem to its logarithm an arbitrarilly large number of times. [Not that I believe for one moment that it is likely that quantum cryptanalytic machines will be developed that are sufficiently fault tolerant (if the term can even be applied to a system like this) to overcome the coupling between the quantum computer and the surrounding environment in the next couple of decades.] Cheers, Jason W. Solinsky From pstemari at bismark.cbis.com Mon Oct 3 04:15:51 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Mon, 3 Oct 94 04:15:51 PDT Subject: EFFy Wiretap Win? In-Reply-To: <199410012056.QAA11171@pipe3.pipeline.com> Message-ID: <9410031115.AA10394@focis.sda.cbis.COM> > A similar measure sailed through the Senate > Judiciary Committee earlier this week on a 16-1 > vote. Though little time remains in the current > Congress, the legislation could squeak through. Does anyone know who the lone honorable Senator was? From paul at poboy.b17c.ingr.com Mon Oct 3 06:24:47 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 3 Oct 94 06:24:47 PDT Subject: Export controls apply to physical objects, too Message-ID: <199410031326.AA00596@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Yesterday's _Huntsville Times_ had an interesting story about a local company's problems with the ITARs. The company, Signature Technologies, makes an EM-absorbent paint called Signaflux, the main application for which is decreasing the radar cross-section of various flying objects. Although so far the primary customers for Signaflux have been from the US DoD, there have been sales to "friendly" foreign governments, notably the Israelis. ST has been trying to diversify; in that vein, they've been selling Signaflux for industrial and commercial applications, like EM shielding in test cells and reducing airport buildings' radar signatures. The dispute in this case comes from a contract to sell Deutsche Aerospace SA about $500,000 worth of Signaflux for the Cyclops cruise missile. ST applied to Commerce for an export license under the dual-use provision. After a CJ determination, State yanked their export license. The story didn't say who requested the CJ determination. I can't imagine that ST would have asked for one, since they had a license already. In closing, the CEO was quoted as saying (paraphrased) "These rules are stupid; I could sell the Germans a fleet of F-16s with dashboards full of avionics, but I can't sell them paint." - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich at ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. ### http://www.intergraph.com ### -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpAGjafb4pLe9tolAQF8eAP+K2I9qwXHfZQg8jTVXl3XE5Ymi1ukBhUB t+6DNG9N/Z6VVXdz60WYNW5rpYfHIsb/DjwVYhi8dgScKoesdHpzAgysKQ403ENG IIZH3egeuDBQy0kwl0oL7bLsJTzPnh+jKBH3PEHspmbsjZ4rREfW1KN1EoVN5++5 ofWCod/NQeo= =CnMq -----END PGP SIGNATURE----- From raph at CS.Berkeley.EDU Mon Oct 3 06:49:37 1994 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 3 Oct 94 06:49:37 PDT Subject: List of reliable remailers Message-ID: <199410031350.GAA04690@kiwi.CS.Berkeley.EDU> I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: fftp://soda.berkeley.edu/pub/cypherpunks/premail/premail-0.22.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.bsu.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"chaos"} = " cpunk hash ksub"; $remailer{"vox"} = " cpunk oldpgp. post"; $remailer{"avox"} = " cpunk oldpgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"jpunix"} = " cpunk pgp hash latent cut post"; $remailer{"wien"} = " cpunk pgp hash nsub"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric pgp. post"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut post"; $remailer{"leri"} = " cpunk pgp hash"; $remailer{"desert"} = " cpunk pgp. post"; $remailer{"underdog"} = " cpunk pgp hash latent cut post"; $remailer{"nately"} = " cpunk pgp hash latent cut"; $remailer{"efrias"} = " cpunk pgp hash"; catalyst at netcom.com is _not_ a remailer. Last ping: Mon 3 Oct 94 6:00:02 PDT remailer email address history latency uptime ----------------------------------------------------------------------- c2 remail at c2.org *+-********* 13:09 99.99% wien remailer at ds1.wu-wien.ac.at ***#+**--#** 19:02 99.99% chaos remailer at chaos.bsu.edu **####**+##* 2:56 99.99% leri remail at leri.edu ***#**#***** 6:38 99.99% portal hfinney at shell.portal.com *##*#+***#** 4:01 99.99% ideath remailer at ideath.goldenbear.com *****-*+- ** 1:40:23 99.99% underdog lmccarth at ducie.cs.umass.edu ***+******** 4:41 99.98% penet anon at anon.penet.fi *****+-+**** 47:05 99.96% jpunix remailer at jpunix.com *-*#**-**-** 11:04 99.96% vox remail at vox.xs4all.nl .-......-- 12:10:26 99.94% bsu-cs nowhere at bsu-cs.bsu.edu **# #****#-* 13:42 99.76% efrias efrias at csugrad.cs.vt.edu *#***** 4:30 99.79% rebma remailer at rebma.mn.org -+---*--.-*- 10:13:40 99.58% extropia remail at extropia.wimsey.com ++ +-++++*+ 40:30 99.40% soda remailer at csua.berkeley.edu -......_.. 9:25:30 99.31% nately remailer at nately.ucsd.edu -++++- ++++* 33:37 99.15% usura usura at xs4all.nl +***..-** ** 1:16:06 98.42% desert remail at desert.xs4all.nl .---...---- 24:19:31 84.16% alumni hal at alumni.caltech.edu *****+** 6:06 79.87% Suggested path: chaos;wien;c2 For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. special Accepts only pgp encrypted messages. History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Note to remailer operators: this script generates hourly ping messages. If you don't want that, let me know and I will take your mailer off the list, or increase the interval between pings. Raph Levien From perry at jpunix.com Mon Oct 3 07:22:21 1994 From: perry at jpunix.com (John A. Perry) Date: Mon, 3 Oct 94 07:22:21 PDT Subject: New Remailer feature Message-ID: <199410031421.JAA01156@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- Hello Raph, I just saw your bi-monthly posting about the remailers. I'd like to point out that jpunix supports a feature not mentioned in your message/finger mechanism. Jpunix.com also supports the ability to have messages encrypted to the recipient by the remailer itself. This will protect cleartext messages sent back to the sender via reply blocks. By adding Encrypt-Key: yourkey to the header list for jpunix.com, jpunix will encrypt anything following a ** on a line by itself with that key. John Perry - perry at jpunix.com - -- PGP 2.61 key for perry at jpunix.com is on the keyservers. PGP-encrypted e-mail welcome! -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpATZlOTpEThrthvAQHMmQP/SLFOCbArzMbJ26lSJZz0mUXQfABstXf2 Um5TqDgiOuDnAWE3DvZkDIQcMtALJ9wI/Lj+ji4gCF0Ytk7hShizyl+zcj0huKQT npvbFC//9Yv0RJZsm1f47R4ttksqBmO+kEep4LUsWoRlqBBMwFyVkAPaFX/nclPw zdcGEpIv7JU= =+o2l -----END PGP SIGNATURE----- From jya at pipeline.com Mon Oct 3 08:08:17 1994 From: jya at pipeline.com (John Young) Date: Mon, 3 Oct 94 08:08:17 PDT Subject: Anarchy-X Notification Message-ID: <199410031507.LAA11923@pipe1.pipeline.com> Got about a dozen of these in the last couple of days. Should I fear or embrace Organization: Anarchy-X? Sounds good but TLA maybe? John Forwarding mail by: "ROOT"@ax.com () on Mon, 03 Oct 1:1 AM ------------------- >From ROOT at ax.com Mon Oct 3 04:45 EDT 1994 Received: from netcomsv.netcom.com (uucp4.netcom.com [163.179.3.4]) by pipeline.com (8.6.9/8.6.9) with ESMTP id EAA02169 for ; Mon, 3 Oct 1994 04:45:26 -0400 Received: from ax.com by netcomsv.netcom.com with UUCP (8.6.4/SMI-4.1) id BAA22993; Mon, 3 Oct 1994 01:37:39 -0700 Received: by ax.com (UUPU-1.42) id D1115pj Mon Oct 03, 1994 01:01:37 EDT From: "ROOT"@ax.com Message-Id: <9410030101.D1115pj at ax.com> X-Mailer: UUPlus Mail 1.42 To: jya at pipeline.com Subject: Non-Delivery Notification Organization: Anarchy-X Date: Mon, 03 Oct 94 01:01:36 EST Content-Type: text Content-Length: 377 NON-DELIVERY NOTICE ------------------- The message you sent on: Unknown to "ROOT" was undeliverable. ========================= !!! Automated Notice !!! ======================= E-mail replies to this user should have the following on the first line of message text: TO: "ROOT" ================================================================= ========= From hedlund at halcyon.com Mon Oct 3 08:42:34 1994 From: hedlund at halcyon.com (M. Hedlund) Date: Mon, 3 Oct 94 08:42:34 PDT Subject: EFFy Wiretap Win? In-Reply-To: <9410031115.AA10394@focis.sda.cbis.COM> Message-ID: On Mon, 3 Oct 1994, Paul J. Ste. Marie wrote: > > A similar measure sailed through the Senate > > Judiciary Committee earlier this week on a 16-1 > > vote. Though little time remains in the current > > Congress, the legislation could squeak through. > > Does anyone know who the lone honorable Senator was? Voter's Telecomm Watch (Shabbir J. Safdar ) told me the vote was unanimous. Their recent "Wiretap Watch" lists a bunch of Senators who voted to let it leave the committee, but none who wanted to kill it. The Legi-Slate Congressional database service says only that it was approved by a voice vote. From walrus at umich.edu Mon Oct 3 09:46:40 1994 From: walrus at umich.edu (Michael Shiplett) Date: Mon, 3 Oct 94 09:46:40 PDT Subject: SHA patch Message-ID: <199410031646.MAA16702@judgmentday.rs.itd.umich.edu> Hello there, After some work with the SHS (or is the implementation actually the SHA?) code listed in _Applied Cryptography_, I have patched it to allow updates of buffer sizes that are not a multiple of SHS_BLOCKSIZE. The patched version works for the different groupings of the test data "abc", e.g., update(abc) update(a) + update(bc) update(ab) + update(c) Since the "abc" case tests only the logic of shsUpdate() [all the transformation invocations are actually performed by shsFinal()], I ran the original code and the modified code on several files and (fortunately) received the same hash values for the two implementations. shsUpdate() follows. You may need to define a bcopy->memcpy macro. michael =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= void shsUpdate(SHS_INFO *shsInfo, BYTE *buffer, int count) { int offset, need; /* determine if there are left over bytes in the shs data. they are handled specially below */ offset = (int) ((shsInfo->countLo >> 3) & 0x3f); need = SHS_BLOCKSIZE - offset; /* update bitcount */ if ((shsInfo->countLo + ((LONG) count << 3)) < shsInfo->countLo) shsInfo->countHi++; /* carry from low to high bitCount */ shsInfo->countLo += ((LONG) count << 3); shsInfo->countHi += ((LONG) count >> 29); /* if there were indeed left over data bytes, see if the incoming data is sufficient to fill to SHS_BLOCKSIZE. if not, copy the incoming data and return; otherwise fill the block, perform a transformation, and continue as usual */ if (offset) { if (count < need) { bcopy(buffer, (BYTE *) shsInfo->data + offset, count); return; } else { bcopy(buffer, (BYTE *) shsInfo->data + offset, need); #ifdef LITTLE_ENDIAN byteReverse(shsInfo->data, SHS_BLOCKSIZE); #endif shsTransform(shsInfo); buffer += need; count -= need; } } /* process data in SHS_BLOCKSIZE chunks */ while (count >= SHS_BLOCKSIZE) { bcopy(buffer, shsInfo->data, SHS_BLOCKSIZE); #ifdef LITTLE_ENDIAN byteReverse(shsInfo->data, SHS_BLOCKSIZE); #endif shsTransform(shsInfo); buffer += SHS_BLOCKSIZE; count -= SHS_BLOCKSIZE; } /* store the left over data */ bcopy(buffer, shsInfo->data, count); } From ogd at selway.umt.edu Mon Oct 3 10:50:11 1994 From: ogd at selway.umt.edu (ozymandias G desiderata) Date: Mon, 3 Oct 94 10:50:11 PDT Subject: Filing FOIA Requests Message-ID: <9410031749.AA21269@selway.umt.edu> A large group of my friends and I are interested in finding out exactly what the cheeseballs over in Intelligence, Inc. have on file about us. Does anyone have handy the details necessary to file a Freedom of Information Act request for your own file? Do y'all have some hints so that we can expect the best possible yield? On the same note, do any of you have any humorous / chilling stories about what you found out when you got your file? Thanks in advance for the info, ozymandias G desiderata From ogd at selway.umt.edu Mon Oct 3 10:53:22 1994 From: ogd at selway.umt.edu (ozymandias G desiderata) Date: Mon, 3 Oct 94 10:53:22 PDT Subject: DTI Pointers? Message-ID: <9410031753.AA21848@selway.umt.edu> I'm taking public speaking so that I can finally get out of college and into the big wide world, and have decided to educate my class on the controversy surrounding the Digital Telephony Initiative. I need hardcopy to make my TA happy, and after an (admittedly quick) browsing of the archives, I wasn't able to find much in the way of hard information. Are there any good pointers, especially to the recent Lehman version of the bill and the controversy that now surrounds the EFF? Thanks in advance for your help, ozymandias G desiderata From CCGARY at MIZZOU1.missouri.edu Mon Oct 3 11:13:33 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Mon, 3 Oct 94 11:13:33 PDT Subject: Newsgroups email addresses. Message-ID: <9410031813.AA21645@toad.com> Fellow Cypherpunks, I am going to be spreading my CEB around the Internet. I need full email addresses to newsgroups including sci.crypt & talk.politics.crypt & any other groups that may be interested in crypt including conspiracy groups. thank you. Yours Truly, Gary Jeffers From chen at intuit.com Mon Oct 3 11:59:15 1994 From: chen at intuit.com (Mark Chen) Date: Mon, 3 Oct 94 11:59:15 PDT Subject: Filing FOIA Requests In-Reply-To: <9410031749.AA21269@selway.umt.edu> Message-ID: <9410031857.AA18141@doom.intuit.com> Oz, > A large group of my friends and I are interested in finding > out exactly what the cheeseballs over in Intelligence, Inc. have on > file about us. Does anyone have handy the details necessary to file a > Freedom of Information Act request for your own file? Do y'all have > some hints so that we can expect the best possible yield? > On the same note, do any of you have any humorous / chilling > stories about what you found out when you got your file? Here you go. - Mark - --------------------------------------------------------------------- [******PNEWS CONFERENCES******] From: Hank Roth To: pnews at world.std.com * Original Area: CIVLIB * Original From: Bob Hirschfeld (1:3638/14) * Original To : All (crosspost/ Law) (1:3615/51) FOIA FILES KIT - INSTRUCTIONS USING THE FREEDOM OF INFORMATION ACT REVISED EDITION Fund for Open Information and Accountability, Inc. 339 Lafayette Street, New York, NY 10012 (212) 477-3188 INSTRUCTIONS The Freedom of Information Act entitles you to request any record maintained by a federal Executive branch agency. The agency must release the requested matieral unless it falls into one of nine exempt categores, such as "national security," "privacy," "confidential source" and the like, in which case the agency may but is not compelled to refuse to disclose the records. This kit contains all the material needed to make FOIA requests for records on an individual, an orgnaization or on a particular subject matter or event. HOW TO MAKE A COMPLETE REQUEST Step 1: Select the appropriate smaple letter. Fill in the blanks in the body of the letter. Read the directions printed to the right of each letter in conjunction with the following instructions: For organizational files: In the first blank space insert the full and formal name of the organization whose files you are requesting. In the second blank space insert any other names, acronyms or shortened forms by which the organization is or has ever been known or referred to by itself or others. If some of the organization's work is conducted by sub-groups such as clubs, committees, special programs or through coalitions known by other names, these should be listed. For individual files: Insert the person's full name in the first blank space and any vaiations in spelling, nicknames, stage names, marriage names, titles and the like in the second blank space. Unlike other requests, the signatures of an individual requesting her/his own file must be notarized. For subject matter or event files: In the first blank space state the formal title of the subject matter or event including relevant dates and locations. In the second blank space provide the names of individuals or group sponsors or participants and/or any other information that would assist the agency in locating the material you are requesting. Step 2: The completed sample letter may be removed, photocopies and mailed as is or retyped on your own stationary. Be sure to keep a copy of each letter. Step 3: Addressing the letters: Consult list of agency addresses. FBI: A complete request requires a minimum of two letters. Sen done letter to FBI Headquarters and separate letter to each FBI field office nearest the location of the individual, the organization or the subject matter/event. Consdier the location of residences, schools, work and other activities. INS: Send a request letter to each district office nearest the location of the individual, the organization or the subject matter/event. Address each letter to the FOIA/PA office of the appropraite agency. Be sure to make clearly on the envelope: ATTENTION--FOIA REQUEST. FEE WAIVER You will notice that the sample letters include a request for fee waiver. Many agencies automatically waive fees if a request results in the release of only a small number of documents, e.g. 250 pages or less. Under the Act, you are entitled to a waiver of all search and copy fees associated with your request if the release of the information would primarily benefit the general public. However, in January 1983, the Justice Department issued a memo to all federal agencies listing five criteria which requesters must meet before they are deemed entitled to a fee waiver. Under these criteria, a requester must show that the material sought to be released is already the subject of "genuine public interest" and "meaningfully contributes to the public development or understanding of the subject"; and that she/he has the qualifications to understand and evaluate the materials and the ability to interpret and disseminate the information to th epublic and is not motivated by any "personal interest." Finally, if the requested information is already "in the public domain," such as in the agency's reading room, no fee waiver will be granted. You should always request a waiver of fees if you believe the information you are seeking will benefit the public. If your request for a waiver is denied, you should appeal that denial, citing the ways in which your request meets the standards set out above. MONITORING THE PROGRESS OF YOUR REQUEST Customarily, you will receive a letter from each agency within 10 days stating that your request has been received and is being processed. You may be asked to be patient and told that requests are handled cafeteria style. You have no alternative but to be somewhat patient. but there is no reason to be complacent and simply sit and wait. A good strategy is to telephone the FOIA office in each agency after about a month if nothing of substance has been received. Ask for a progress report. The name of the person you talk with and the gist of the converstaion should be recorded. try to take notes during the conversation focusing especially on what is said by the agency official. Write down all the details you can recall after the call is completed. Continue to call every 4 to 6 weeks. Good recordkeeping helps avoid time-consuming and frustrating confusion. A looseleaf notebook with a section devoted to each request simplifies this task. Intervening correspondence to and from the agency can be inserted bewteen the notes on phone calls so that all relevant material will be at hand for the various tasks: phone consultations, writing the newsletter, correspondence, articles, preparation for media appearances, congressional testimony or litigation, if that course is adopted. HOW TO MAKE SURE YOU GET EVERYTHING YOU ARE ENTITLED TO ... AND WHAT TO DO IF YOU DO NOT After each agency has searched and processed your request, you will receive a letter that announces the outcome, encloses the released documents, if any, and explains where to direct an appeal if any material has been withheld. There are four possible outcomes: 1. Request granted in full: This response indicates that the agency has released all records pertinent to your request, with no exclusions or withholdings. The documents may be enclosed or, if bulky, may be mailed under separate cover. This is a very rare outcome. Next Step: Check documents for completeness (see instructions below). 2. Requested granted in part and denied in part: This response indicates that the agency is releasing some material but has withheld some documents entirely or excized some passages from the documents released. The released documents may be enclosed or, if bulky, mailed under separate cover. Next step: Check documents released for completeness (see instructions below) and make an administrative appeal of denials or incompleteness (see instructions below). 3. Request denied in full: This response indicates that the agency is asserting that all material in its files pertaining to your request falls under one or the nine FOIA exemptions. These are categories of information that the agency may, at its discretion, refuse to release. Next step: Make an administrative appeal (see instructions below). Since FOIA exemptions are not mandatory, even a complete denial of your request can and should be appeals. 4. No records: This response will state that a search of the agency's files indicates that it has no records corresponding to those you requested. Next step: Check your original request to be sure you have not overlooked anything. If you receive documents from other agencies, review them for indications that there is matieral in teh files of the agency claiming it has none. For example, look for correspondence, or references to correspondence, to or from that agency. If you determine that there are reasonable grounds, file an administrative appeal (see instructions below). HOW TO CHECK FOR COMPLETENESS Step 1: Before reading the documents, turn them over and number the back of each page sequentilaly. The packet may contain documents from the agency's headquarters as well as several field office files. Separate the documents into their reqpective office packets. Each of these offices will have assigned the investigation a separate file number. Try to find the numbering system. Usually the lower righthand corner of the first page carries a hand-written file and document number. For instance, an FBI document might be marked "100-7142-22". This would indicate that it is the 22nd document in the 7142nd file in the 100 classification. As you inspect the documents, make a list of these file numbers and which office they represent. In this way you will be able to determine which office created and which office received the document you have in your hand. Often there is a block stamp affixed with the name of the office from whose files this copy was retrieved. the "To/From" heading on a document may also give you corresponding file numbers and will help you puzzle out the origin of the document. When you have finally identified eahc document's file and serial number and separated the documents into their proper office batches, make a list of all the serial numbers in each batch to see if there any any missing numbers. If there are missing serial numbers and some documents have been withheld, try to determine if teh missing numbers might reasonably correspond to the withheld documents. If not, the realease may be incomplete and an administrative appeal should be made. Step 2: Read all the document released to you. Keep a list of all document referred to the text--letters, memos, teletypes, reports, etc. Each of these "referred to" documents should turn up in the packet released to you. If any are not in the packet, it is possible they may be among those document withheld; a direct inquiry should be made. In an administrative appeal, ask that each of these "referred to" documents be produced or that the agency state plainly that they are among those withheld. Of course, the totals of unproduced vs. withheld must be within reasons; that is, if the total number of unproduced documents you find referred to the text of the documents produced exceeds the total number of documents withheld, the agency cannot claim that all the referred to documents are accounted for by the withheld categoty. You will soon get the hand of making logical conclusions from discrepancies in the totals and missing document numbers. Another thing to look for when reading the released documents if the names of persons or agencies to whom the document has been disseminated. the lower left-hadn corncer is a common location for the typed list of agencies or offices to whom the document has been directed. In addition, there may be additional distribution recorded by hand, there or elsewhere on the cover page. There are published glossaries for some agencies that will help in deciphering these notaitons when they are not clear. Contact FOIA, Inc., if you need assistance in deciphering the text. Finally, any other file numbers that appear on the document should be noted, particularaly in the subject of the file is of interest and is one you have not requested. You may want to make an additional request for some of these files. HOW TO MAKE AN ADMINISTRATIVE APPEAL Under the FOIA, a dissatified requester has the right of administrative appeal. the name and address of the proper appeal office will be given to you by each agency in its final response letter. This kit contains a sample appeal letter with suggesting for adapting it to various circumstances. However, you need not make such an elaborate appeal; in fact, you need not offer any reasons at all but rather simply write a letter to the appeals unit stating that "this letter constitutes an appeal of the agency's decision." Of course, if you have identified some real discrepanices, you will want to set them for fully, but even if you have not found any, you may simply ask that the release be reviewed. If you are still dissatisfied after the administrative appeal process, the FOIA gives you the right to bring a lawsuit in federal district court on an expedited basis. SAMPLE FBI REQUEST LETTER Date: To: FOIA/PA Unit Federal Bureau of Investigation This is a request under the Freedom of Information Act. I request a complete and thorough search of all filing systems and locations for all records maintained by your agency pertaining to and/or captioned: ______ _____________________________________________________ [describe records desired and/or insert full and _____________________________________________________ formal name] _____________________________________________________ _____________________________________________________ including, without limitations, files and documents captioned, or whose captions include _____________________________________________________ [insert changes in name, commonly used names, _____________________________________________________ acronyms, sub-groups, and the like] _____________________________________________________ _____________________________________________________ This request specifically includes "main" files and "see references," including, but not limited to numbered and lettered sub files, "DO NOT FILE" files, and control files. I also request a search of the ELSUR Index,a nd the COINTELPRO Index. I request that all records be produced with the administrative pges. I wish to be sent copies of "see reference" cards, abstracts, serach slips, including search slips used to process this request, file covers, multiple copies of the same documents if they appear in a file, and tapes of any electronic surveillances. I wish to make it clear that I want all records in your office "identifiable with my request," even though reports on those records have been sent to Headquarters and even though there may be duplication between the two sets of fils. I do not want just "interim" documents. I want all documents as they appear in the "main" files and "see references" of all units of your agency. If documents are denied in whole or in part, please specify which exemption(s) is(are) claimed for each passage or whole document denied. Please provide a complete itemized inventory and a detailed factual justification of total or partial denial of documents. Give the number of pages in each document and the total number of pages pertaining to this request. For "classified" material denied pleae include the following information: the classification (confidential, secret or top secret); identity of the classifer; date or event for automatic declassification, classification review, or down-grading; if applicable, identity of official authorizing extension of automatic declassification or review; and if applicable, the reason for extended classification. I request that excized material be "blacked out" rather thatn "whited out" or cut out and that the remaining non-exempt portions of documents will be released as provided under the Freedom of Information Act. Please send a memo (copy to me) to the appropriate units in your office to assure that no records related to this request are destroyed. Please advise of any destruction of records and include the date of and authority for such destruction. As I expect to appeal any denials, please specify the office and address to which an appeal should be directed. I believe my request qualifies for a waiver of fees since the release of the requested information would primarily benefit the general public and be "in the public interest." I can be reached at the phone listed below. Please call rather than write if there are any questions or if you need additional information from me. I expect a response to this request within ten (10) working days, as provided for in the Freedom of Information Act. Sincerely, name: _______________________________________________ address: ____________________________________________ ____________________________________________ telephone: __________________________________________ signature: __________________________________________ SAMPLE AGENCY REQUEST LETTER DATE: TO: FOIA/PA Unit This is a request under the Freedom of Information Act. I request a complete and thorough search of all filing systems and locations for all records maintained by your agency pertaining to and/or captioned ______________________________________________________ [describe records desired and/or insert full and ______________________________________________________ formal name] ______________________________________________________ ______________________________________________________ including, without limitation, files and documents captioned, or whose captions include: ______________________________________________________ [insert changes in name, commonly used names, ______________________________________________________ acronyms, sub-groups and the like] ______________________________________________________ ______________________________________________________ I also request all "see references" to these names, a search of the ELSUR Index or any similar technique for locating records of electronic surveillance. This request is also a request for any corresponding files in INS Headquarters or regional offices. Please place any "missing" files pertaining to this request on "special locate" and advise that you have done this. If documents are denied in part or whole, please specify which exemption(s) is(are) claimed for each passage or whole document denied. Please provide a complete itemized inventory and detialed factual justification of total or partial denial of documents. Specify the number of pates in each document and th ttoal number of pages pertaining to this request. For classified material denied, please include the following information: the classification rating (confidential, secret, or top secret); identify the classifier; date or event for automatic declassification, classification review or downgrading; if applicable, identify the official authorizing extension of automatic declassification or reviw; and, if applicable, give the reason for extended classification. I request that excised material be "blacked out" rather than "whited out" or cut out. I expect, as provided by the Freedom of Information Act, that the remaining non-exempt portions of documents will be released. Please send a memo (copy to me) to the appropriate units in your office or agency to assure that no records related to this request are destroyed. Please advise of any destruction of records and include the date of and authority for such destruction. As I expect to appeal any denials, please specify the office and address to which an appeal should be directed. I believe my request qualifies for a waiver of fees since the release of the requested information would primarily benefit the general public and be "in the public interest." I can be reached at the phone listed below. Please call rather than write if there are any questions or if you need additional information from me. I expect a response to this request within ten (10) working days, as provided for in the Freedom of Information Act. Sincerely, name: _______________________________________________ address: ____________________________________________ ____________________________________________ telephone: (___)_______________________________________ signature: __________________________________________ SAMPLE ADMINISTRATIVE APPEAL LETTER Date: To: FOIA/PA Appeals Office RE: Request number [Add this if the agency has given your request a number] This is an appeal pursuant to subsection (a)(6) of the Freedom of Information Act as amended (5U.S.C. 552). On [date], I received a letter from [name of official] of your agency denying my request for [describe briefly the information you are after]. This reply indicated that an appeal letter could be sent to you. I am enclosing a copy of my exchange of correspondence with your agency so that you can see exactly what files I have requested and the insubstantial grounds on which my request has been denied. [Optional paragraph, to be used if the agency has withheld all or nearly all the material which has been requested]: You will note that your agency has withheld the entire (or nearly the entire) document (or file, or report, or whatever) that I requested. Since the FOIA provides that "any reasonably secregable portion of a record shall be provided to any eprson requesting such record after deletion of the portions which are exempt," I believe that your agency has not complied with the FOIA. I believe that there must be (additional) segregble portions which do not fall wihtin FOIA exemptions and which must be released. [Optional paragraph, to be used in the agency has used the (b)(1) exemption for national security, to withhold information] Your agency has used the (b)(1) exemption to withhold information [I question whether files relating to events that took place over twenty years ago could realistically harm the national security.] [Because I am familiar with my own activities during the period in question, and know that none of these activities in any way posed a significant threat to the national security, I question the designation of my files or portions of my file as classified and exempt from disclosure because of national security considerations.] [Sample optional argument to be used if the exemption which is claimed does not seem to make sense; you should cite as many specific instances as you care to of items withheld from the documents that you ahve received. We provide two examples which you might want to adampt to your own case.] "On the memo dated _____________ the second paragraph withheld under the (b)(1) exemption appears to be describing a conversation at an open meeting. If this is the case, it is impossible that the substance of this converation could be properly classified." Or, "The memo dated _____ refers to a meeting which I attended, but a substantial portion is deleted because of the (b)(6) and (b)(7)(c) exemptions for unwarranted invasions of personal privacy. Since I already know who attended this meeting, no privacy interest is served by the withholding." I trust that upon examination of my request, you will conclude that the records I requested are not properly covered by exemption(s) [here repeat the exemptions which the agency's denial letter claimed applied to your request] of the amended FOIA, and that you will overrule the decision to withhold the information. [Use if an itemized inventory is not supplied originally] If you choose instead to continue to withhold some or all of the material which was denied in my initial request to your agency, I ask that you give me an index of such matieral, together with the justification for the denial of each item which is still withheld. As provided in the Act, I will expect to receive a reply to this administrative appeal letter within twenty working days. If you deny this appeal and do not adequately explain why the material withheld is properly exempt, I intend to initial a lawsuit to compel its disclosure. [You can say that you intend to sue, if that is your present inclination; you may still decide ultimately not to file suit.] Sincerely yours, name: ____________________________________________ address: ____________________________________________ ____________________________________________ signature: ___________________________________________ [Mark clearly on envelope: Attention: Freedom of Information Appeals] FBI ADDRESSES AND PHONE NUMBERS FBI Headquarters, J. Edgar Hoover Bldg, Washington, D.C., 20535, 202-324-5520 (FOI/PA Unit) Field Offices Albany, NY 12207, U.S. Post Office and Courthouse, 518-465-7551 Albuquerque, NM 87101, Federal Office Bldg., 505-247-1555 Alexandria, VA 22314, 300 N. Lee St., 703-683-2681 Anchorage, AK 99510, Federal bldg., 907-272-6414 Atlanta, GA 30303, 275 Peachtree St. NE, 404-521-3900 Baltimore, MD 21207, 7142 Ambassador Rd., 301-265-8080 Birminghan, AL 35203, Room 1400, 2121 Bldg. 205-252-7705 Boston, MA 02203, J.F. Kennedy Federal Office Bldg., 617-742-5533 Buffalo, NY 14202, 111 W. Huron St., 716-856-7800 Butte, MT 59701, U.S. Courthouse and Federal Bldg., 406-792-2304 Charlotte, NC 28202, Jefferson Standard Life Bldg., 704-372-5485 Chicago, IL 60604, Everett McKinley Dirksen Bldg., 312-431-1333 Cincinnati, OH 45202, 400 U.S. Post Office & Crthse Bldg., 513-421-4310 Cleveland, OH 44199, Federal Office Bldg., 216-522-1401 Columbia, SC 29201, 1529 Hampton St., 803-254-3011 Dallas TX 75201, 1810 Commrce St., 214-741-1851 Denver, CO 80202, Federal Office Bldg., 303-629-7171 Detroit, MI 48226, 477 Michigan Ave., 313-965-2323 El Paso, TX 79901, 202 U.S. Courthosue Bldg., 915-533-7451 Honolulu, HI 96850, 300 Ala Moana Blvd., 808-521-1411 Houston, TX 77002, 6015 Fed. Bldg and U.S.Courthouse, 713-224-1511 Indianapolis, IN 46202, 575 N. Pennsylvania St., 317-639-3301 Jackson, MS 39205, Unifirst Federal and Loan Bldg., 601-948-5000 Jacksonville, FL 32211, 7820 Arlington Expressway, 904-721-1211 Kansas City, MO 64106, 300 U.S. Courthouse Bldg., 816-221-6100 Knoxville, TN 37919, 1111 Northshore Dr., 615-588-8571 Las Vegas, NV 89101, Federal Office Bldg., 702-385-1281 Little Rock, AR 72201, 215 U.S Post Office Bldg., 501-372-7211 Los Angeles, CA 90024, 11000 Wilshire Blvd, 213-272-6161 Louisville, KY 40202, Federal Bldg., 502-583-3941 Memphis, TN 38103, Clifford Davis Federal bldg., 901-525-7373 Miami, FL 33137, 3801 Biscayne Blvd., 305-573-3333 Milwaukee, WI 53202, Federal Bldg and U.S. Courthouse, 414-276-4681 Minneapolis, MN 55401, 392 Federal Bldg., 612-339-7846 Mobile, AL 36602, Federal Bldg., 205-438-3675 Newark, NJ 07101, Gateway I, Market St., 201-622-5613 New Haven, CT 06510, 170 Orange St., 203-777-6311 New Orleans, LA 70113, 701 Loyola Ave., 504-522-4671 New York, NY 10007, 26 Federal Plaza, 212-553-2700 Norfolk, VA, 23502, 870 N. Military Hwy., 804-461-2121 Oklahoma City, OK 73118, 50 Penn Pl. NW, 405-842-7471 Omaha, NB 68102, 215 N. 17th St., 402-348-1210 Philadelpha, PA 19106, Federal Office Bldg., 215-629-0800 Phoenix, AZ 85004, 2721 N. central Ave., 602-279-5511 Pittsburgh, PA 15222, Federal Office Bldg., 412-471-2000 Portland, OR 97201, Crown Plaza Bldg., 503-224-4181 Richmond, VA 23220, 200 W. Grace St., 804-644-2531 Sacramento, CA 95825, Federal Bldg., 916-481-9110 St. Louis, MO 63103, 2704 Federal Bldg., 314-241-5357 Salt Lake City, UT 84138, Federal Bldg., 801-355-7521 San Diego, CA 92188, Federal Office Bldg., 619-231-1122 San Francisco, CA 94102, 450 Golden Gate Ave., 415-552-2155 San Juan, PR 00918 U.S. Courthouse and Fed. Bldg., 809-754-6000 Savannah, GA 31405, 5401 Paulson St., 912-354-9911 Seattle, WA 98174, 915 2nd Ave., 206-622-0460 Springfield, IL 62702, 535 W. Jefferson St., 217-522-9675 Tampa, FL 33602, Federal Office Bldg., 813-228-7661 Washington, DC 20535, 9th and Pennsylvania Ave. NW, 202-324-3000 FEDERAL AGENCIES (SELECTED ADDRESSES) Central Intelligence Agency Information and Privacy Coordinator Central Intelligence Agency Washington, D.C. 20505 202-351-5659 Civil Service Commission Appropriate Bureau (Bureau of Personnel Investigation, Bureau of Personnel Information Systems, etc.) Civil Service Commission 1900 E Street, N.W. Washington, D.C. 20415 202-632-4431 Commission on Civil Rights General Counsel, U.S. Commission on Civil Rights 1121 Vermont Ae., N.W. Room 600 Washington, D.C. 20415 202-254-6610 Consumer Product Safety Commission Office of the Secretary Consumer Product Safety Commission 1111 18th St., N.W. Washington, D.C. 20207 202-624-7700 Department of Defense/Dept. of Air Force Freedom of Information Manager Headquarters, USAF/DADF Washington, D.C. 20330-5025 202-697-3467 ---------------------------------------------------------------- -- Mark Chen chen at netcom.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From fhalper at pilot.njin.net Mon Oct 3 12:13:21 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Mon, 3 Oct 94 12:13:21 PDT Subject: Puzzle Palace Message-ID: <9410031913.AA05574@pilot.njin.net> I just finished reading the Puzzle Palace and I thought it was quite interesting Does anyone know where I could find some more info on the NRO and DIA, or even info on what the NSA has been up to for the last ten or so years, besides the obvious. Thanks to whoever recommended the book to me, I don't remember who it was. Reuben -------------------------------------------------------------------------------- Reuben Halper "I'm not growing up, I'm just burnin' out." Montclair High - Green Day - Montclair, NJ E-mail: fhalper at pilot.njin.net or PGP 2.6ui Public Key Reuben8878 at aol.com available upon request -------------------------------------------------------------------------------- From vkisosza at nucleus.com Mon Oct 3 12:13:33 1994 From: vkisosza at nucleus.com (Istvan von Keszi) Date: Mon, 3 Oct 94 12:13:33 PDT Subject: List of reliable remailers In-Reply-To: <199410031350.GAA04690@kiwi.CS.Berkeley.EDU> Message-ID: On Mon, 3 Oct 1994, Raph Levien wrote: > I have written and installed a remailer pinging script which > collects detailed information about remailer features and reliability. > > To use it, just finger remailer-list at kiwi.cs.berkeley.edu Thanks Raph. This is very helpful for those of us who are code handicapped. This is very helpful as a general guide. Unfortunately, I've found that the information that it provides does not help me with remailer reliability. I've seen a remailer that supposedly has a latency of 8 or 9 hours, actually delay 24. This makes your script fairly ineffectual. You can't do diddly with bad data ... -- Istvan. From tcmay at netcom.com Mon Oct 3 12:22:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 3 Oct 94 12:22:47 PDT Subject: Puzzle Palace In-Reply-To: <9410031913.AA05574@pilot.njin.net> Message-ID: <199410031921.MAA22133@netcom13.netcom.com> Frederic Halper wrote: > > I just finished reading the Puzzle Palace and I thought it was quite interesting > Does anyone know where I could find some more info on the NRO and DIA, or even > info on what the NSA has been up to for the last ten or so years, besides the > obvious. Thanks to whoever recommended the book to me, I don't remember who it > was. William Burrows, "Deep Black." About the spy satellite business, thus covering NRO and such. (A newer name now being seen in "Central Imagery Office.") Jeffery Richelson, "U.S. Intelligence Agencies" (or somesuch). Lots of detail on various agencies. Richelson has also written on non-U.S. agencies. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From dawagner at phoenix.Princeton.EDU Mon Oct 3 13:27:46 1994 From: dawagner at phoenix.Princeton.EDU (David A. Wagner) Date: Mon, 3 Oct 94 13:27:46 PDT Subject: Anyone seen the 'quantum cryptanalysis' thread? In-Reply-To: <9410030816.AA25214@ua.MIT.EDU> Message-ID: <9410032008.AA23352@burn.Princeton.EDU> > > As I'm sure somebody else has pointed out somewhere along this thread, the > ability to simultaneously analyze a superposition of an arbitrarilly large > subset of all possible imputs (as our theoretical quantum cryptanalytic > device might) implies to ability to solve, in polynomial time, any > exponential time problem. > I just wanted to point out that I'm not sure this is true. I might be wrong; I'm a total newbie here. However, my impression was that it is *not* known that "anything in NP is solvable in quantum polytime (BQP)". I think it's been shown that, relative to a random oracle, it's not true that NP is contained in BQP. Then again, I'm told that oracle results are often misleading and usually not worth a bean. I don't know much about this stuff. :-( [This oracle result is mentioned in Schor's paper.] Hopefully someone more clueful than I will explain this stuff :-) ------------------------------------------------------------------------------- David Wagner dawagner at princeton.edu From jamesd at netcom.com Mon Oct 3 14:14:08 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 3 Oct 94 14:14:08 PDT Subject: Manufacturing quantum computers In-Reply-To: <9410030416.AA10229@toad.com> Message-ID: <199410032113.OAA29471@netcom8.netcom.com> Sherry Mayo writes > Regarding the quantum cryptography thread: Some people expressed the > view that although the idea may be workable, the manufacturing technology > was a long way of being able to produce quantum computers. > The quantum dot design proposed by Eckert et al for a quantum "factorisation > engine" requires 100000 quantum dots (to factorise RSA-129 or similar) > which are each about 10nm across to be fairly densly packed onto a > chip. I'm not so sure about this being 'a long way off' in terms of materials > technology, Current art is fairly close to making components whose interaction requires a full quantum description. To make a quantum computer from such components requires that that the components be orders of magnitude faster and more reversible. Presently known quantum algorithms cannot tolerate the loss of a single quantum of energy, as this will introduce vacuum noise into the data. The longer the algorithm takes, the less energy there is in a single quantum of energy, thus the components for any long quantum algorithm, such as factoring a 1024 bit number, must be very fast indeed (near infrared frequencies) and extraordinarily efficient (fully reversible classical, non quantum computation.) Although quantum computers are interesting and important, they have no immediate practical relevance to cryptography. Error tolerant algorithms could change the picture substantially, but they would still require components far beyond current art. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Mon Oct 3 14:23:47 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 3 Oct 94 14:23:47 PDT Subject: Anyone seen the 'quantum cryptanalysis' thread? In-Reply-To: <9410030816.AA25214@ua.MIT.EDU> Message-ID: <199410032121.OAA00605@netcom8.netcom.com> solman at MIT.EDU writes > As I'm sure somebody else has pointed out somewhere along this thread, the > ability to simultaneously analyze a superposition of an arbitrarilly large > subset of all possible imputs (as our theoretical quantum cryptanalytic > device might) implies to ability to solve, in polynomial time, any > exponential time problem. As far as is know, quantum computers cannot solve NP complete problems in polynomial time. They can solve some problems (such as factoring) that classical computers cannot solve in polynomial time. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jya at pipeline.com Mon Oct 3 15:14:26 1994 From: jya at pipeline.com (John Young) Date: Mon, 3 Oct 94 15:14:26 PDT Subject: Humorous / Chilling FOIA Requests Message-ID: <199410032213.SAA00596@pipe4.pipeline.com> Responding to msg by ogd at selway.umt.edu (ozymandias G desiderata) on Mon, 03 Oct 11:49 AM > On the same note, do any of you have any humorous / >chilling stories about what you found out when you got >your file? The best I heard is that of a fairly noteworthy 60s radical who asked for his FBI file and was completely demoralized to learn that his FOIA request was the first and only item in his brand new file. No one there cared about him until then -- or so he was told. Since then I have heard that this was a technique used by the LEAs to blow people away and discourage them from getting their real files. Quite illegal, to be sure, but well within approved procedures of the time. Probably still done. John From sommerfeld at orchard.medford.ma.us Mon Oct 3 16:08:43 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Mon, 3 Oct 94 16:08:43 PDT Subject: Mandatory Email verification In-Reply-To: <199410030328.UAA23919@netcom8.netcom.com> Message-ID: <199410032258.SAA00831@orchard.medford.ma.us> > Ken Landaiche writes > > I have seen that > > any system a human can devise, another human can eventually break. > > False. Most cryptographic algorithms these days are secure. Huh? How do you count that? There are dozens of algorithms described in Schneier; most are described as either being of unknown strength (due to insufficient cryptanalysis), or broken, or substantially similar to a broken cipher. Only a few are described as strong. There's only one unconditionally secure cipher: the true one-time-pad. > Windows NT is secure. And pigs can fly, and you have prime development land for sale in south Florida.. - Bill From cjl at welchlink.welch.jhu.edu Mon Oct 3 16:44:18 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Mon, 3 Oct 94 16:44:18 PDT Subject: List of reliable remailers In-Reply-To: Message-ID: On Mon, 3 Oct 1994, Istvan von Keszi wrote: > Thanks Raph. This is very helpful for those of us who are code > handicapped. This is very helpful as a general guide. > > Unfortunately, I've found that the information that it provides does not > help me with remailer reliability. I've seen a remailer that supposedly > has a latency of 8 or 9 hours, actually delay 24. > > This makes your script fairly ineffectual. > > You can't do diddly with bad data ... > > Istvan. You are perhaps more than just code handicapped. It seems you also fail to perceive the implicit YMMV clause that comes with using a service *provided gratis* by someone else. Ask Raph real nicely, and maybe he'll send you the code for the remail-pinging script so you can run it from your particular corner of the Net, it wouldn't be unprecedented, after all, Raph has freely distributed his hack of premail. But then again it wouldn't be unprecedented for him to tell you go stuff yourself. Genuine bug reports on an author's work are best discussed first in private E-mail, and brought to the attention of the list if it is more than a trivial gripe. BTW, I don't recall seeing the FedEx remailer that promises delivery by 10:00 am the next business morning, or in fact any remailer that promises delivery at all. Caveat poster. It is an ill-mannered guest who complains that the wonderous toys provided for him to play with sometimes fail to satisfy his every whim. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From sinclai at ecf.toronto.edu Mon Oct 3 16:51:17 1994 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Mon, 3 Oct 94 16:51:17 PDT Subject: Bomb information ban Message-ID: <94Oct3.195100edt.4181@cannon.ecf.toronto.edu> Caught from the radio this morning: Toronto (Canada) city council is debating a by-law to ban information on bomb construction. This after one of the council members was mailed a faulty (or fake) pipe-bomb. Rough quote: ~This is different than the gun control issue because there is no valid use for bombs.~ I wonder how much of the libraries' engineering books section they'll have to burn because of this. From merriman at metronet.com Mon Oct 3 17:09:21 1994 From: merriman at metronet.com (David K. Merriman) Date: Mon, 3 Oct 94 17:09:21 PDT Subject: Judge Rejects Delay on FBI Wiretap Data Message-ID: <199410040002.AA18561@metronet.com> >Subject: Judge Rejects Delay on FBI Wiretap Data >Date: 3 Oct 1994 16:49:03 GMT >============================================================= >PRESS RELEASE >For immediate release >October 3, 1994 >Contact: > Marc Rotenberg, EPIC Director > David Sobel, EPIC Legal Counsel > 202 544 9240 (tel) > JUDGE REJECTS DELAY ON FBI WIRETAP DATA; > "STUNNED" BY BUREAU'S REQUEST >WASHINGTON, D.C.- A federal judge today denied the FBI's request >for a five-year delay in processing documents concerning wiretap >legislation now pending in Congress. > Saying he was "stunned" by the Bureau's attempt to postpone >court proceedings for five years, U.S. District Judge Charles R. >Richey ordered the FBI to release the material or to explain its >reasons for withholding it by November 4. > The Electronic Privacy Information Center (EPIC), a public >interest research group based in Washington, DC, filed the Freedom >of Information Act lawsuit on August 9, the day legislation was >introduced in Congress to authorize the expenditure of $500 >million to make the nation's communications systems easier to >wiretap. The group is seeking the public release of two surveys >cited by FBI Director Louis Freeh in support of the pending >legislation. > The FBI had moved to stay proceedings in the case until June >1999, more than five years after the filing of the initial >request. The Bureau asserted it was confronted with "a backlog of >pending FOIA requests awaiting processing." The FBI revealed that >there are "an estimated 20 pages to be reviewed" but said that the >materials would not be reviewed until "sometime in March 1999." > Judge Richey rejected the FBI's claims in sharp language from >the bench. He told the government's attorney to "call Director >Freeh and tell him I said this matter can be taken care of in an >hour and a half." > In court papers filed late last week, EPIC charged that >the requested materials are far too important to be kept secret. >"The requested surveys were part of the FBI's long-standing >campaign to gain passage of unprecedented legislation requiring >the nation's telecommunications carriers to redesign their >telephone networks to more easily facilitate court-ordered >wiretapping," said the EPIC brief. > Earlier documents obtained through the FOIA in similar >litigation with the FBI revealed no technical obstacles to the >exercise of court-authorized wire surveillance. > The FBI is pushing for quick enactment of the wiretap >legislation in the closing days of the 103rd Congress. A >grassroots campaign to oppose the measure is being coordinated by >EPIC and Voters Telecomm Watch. > The Electronic Privacy Information Center is a project of >Computer Professionals for Social Responsibility, a membership >organization based in Palo Alto, California, and the Fund for >Constitutional Government, a Washington-based foundation dedicated >to the protection of Constitutional freedoms. 202 544 9240 (tel), >202 547 5482 (fax), info at epic.org (e-mail). >============================================================= - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From perry at jpunix.com Mon Oct 3 17:10:59 1994 From: perry at jpunix.com (John A. Perry) Date: Mon, 3 Oct 94 17:10:59 PDT Subject: List of reliable remailers Message-ID: <199410040010.TAA02848@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- On Mon, 3 Oct 1994, Istvan von Keszi wrote: > Thanks Raph. This is very helpful for those of us who are code > handicapped. This is very helpful as a general guide. > > Unfortunately, I've found that the information that it provides does not > help me with remailer reliability. I've seen a remailer that supposedly > has a latency of 8 or 9 hours, actually delay 24. > > This makes your script fairly ineffectual. > > You can't do diddly with bad data ... > > Istvan. If you think you can do a better job *gratis*, I'll be more than happy to send you a copy of the remailer code that I run on jpunix.com. Also, I'll bet Raph would send you a copy of the ping code so you can demonstrate the superior service you can provide. If you really don't think you can provide a superior service... well... people that live in glass houses... John Perry - perry at jpunix.com P.S. If you don't know what gratis means, drop me an email message and I'll try to explain it to you. - -- PGP 2.61 key for perry at jpunix.com is on the keyservers. PGP-encrypted e-mail welcome! -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpCdW1OTpEThrthvAQF2bgP9FSuPvxUljINzhINA97VVRaxS/gps5Vw/ NSKub5o93yaGCJoBClYUplxh+Foe9Gqm/+hjJc+pMAaG7HYI2rMRgy7Ro9tyt3Dk QOakuJljmDEKVP2XEq051tH7y1TXI7+FLmnG5y4i2ukRXDVCK0kK5JtP4rY2l8Sa ty3hXYRVKoE= =qddV -----END PGP SIGNATURE----- From merriman at metronet.com Mon Oct 3 19:17:47 1994 From: merriman at metronet.com (David K. Merriman) Date: Mon, 3 Oct 94 19:17:47 PDT Subject: Bomb information ban Message-ID: <199410040216.AA05466@metronet.com> >Caught from the radio this morning: > > Toronto (Canada) city council is debating a by-law to ban information >on bomb construction. This after one of the council members was mailed >a faulty (or fake) pipe-bomb. Rough quote: ~This is different than the >gun control issue because there is no valid use for bombs.~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bull. They're great for blowing something up..... > >I wonder how much of the libraries' engineering books section they'll >have to burn because of this. > > All. What part of Engineering doesn't have some impact or use in bombmaking/usage? Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From solman at MIT.EDU Mon Oct 3 21:01:48 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Mon, 3 Oct 94 21:01:48 PDT Subject: Anyone seen the 'quantum cryptanalysis' thread? In-Reply-To: <9410032008.AA23352@burn.Princeton.EDU> Message-ID: <9410040401.AA03583@ua.MIT.EDU> > > As I'm sure somebody else has pointed out somewhere along this thread, the > > ability to simultaneously analyze a superposition of an arbitrarilly large > > subset of all possible imputs (as our theoretical quantum cryptanalytic > > device might) implies to ability to solve, in polynomial time, any > > exponential time problem. > I just wanted to point out that I'm not sure this is true. > > I might be wrong; I'm a total newbie here. However, my impression > was that it is *not* known that "anything in NP is solvable in > quantum polytime (BQP)". Well its quite possible that I am wrong since I didn't exactly have the easiest time reading the papers on the subject. But this is my reasoning: If you can create a machine that gives you a yes or no result (yes at least one of the subset of possible inputs entered into the machine contains the properties you are looking for [i.e. does not destructively interfere], or no there aren't any) then you can construct an quantum computer that tests for the property(s) the correct answer must have (in the case of factoring, the machine will test whether or not inputs divide the modulus). You can now repeatedly enter as inputs superpositions of inputs that include precisely half of all inputs that might (given the information that has already been gathered) be correct). You will now be able to mount a brute force attack searching through 2^n possibilities in order n time. It should be possible to nest these machines (although admitedly this does nasty things to the physical complexity of the quantum computer. It doesn't seem like the complexity would grow exponentially in the case of nesting [in fact it seems like it would go quadratically with the nesting level] but I'd have to think about it some more before I could claim to be confident of that.) thus allowing us to reduce any problem of time complexity e^X(n) (where X is either a polynomial in n or of the form e^X(n) [this goes on recursively]) to a problem of polynomial time complexity. JWS From cjl at welchlink.welch.jhu.edu Mon Oct 3 21:11:53 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Mon, 3 Oct 94 21:11:53 PDT Subject: Bomb information ban In-Reply-To: <199410040216.AA05466@metronet.com> Message-ID: On Mon, 3 Oct 1994, David K. Merriman wrote: > >Caught from the radio this morning: > > > > Toronto (Canada) city council is debating a by-law to ban information > >on bomb construction. This after one of the council members was mailed > >a faulty (or fake) pipe-bomb. Rough quote: ~This is different than the > >gun control issue because there is no valid use for bombs.~ > > Bull. They're great for blowing something up..... > > >I wonder how much of the libraries' engineering books section they'll > >have to burn because of this. > > All. What part of Engineering doesn't have some impact or use in > bombmaking/usage? Genetic Engineering, of course, my silico-centric friend :-) Query: Why is it that, when the usual stream of crypto-conversation begins to dry up, the topic of bombs comes up? Maybe crypto-anarchists should seek to replace the traditional symbol of anarchy (you know, the bowling ball with the fuse) with something more moderne. Any suggestions on what the well-dressed (black trenchcoat and fedora, for tradition's sake) crypto-anarchist is seen clutching in his hand as he skulks off into shadows of Blacknet??? You know, something that would make a good .gif. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From merriman at metronet.com Mon Oct 3 21:30:27 1994 From: merriman at metronet.com (David K. Merriman) Date: Mon, 3 Oct 94 21:30:27 PDT Subject: Bomb information ban Message-ID: <199410040429.AA00334@metronet.com> >> All. What part of Engineering doesn't have some impact or use in >> bombmaking/usage? > >Genetic Engineering, of course, my silico-centric friend :-) > Ah, but genetic engineering could conceivably produce people that were genetically predisposed to suicide missions :-) Besides, genetic engineering more properly belongs to biology, does it not, since it isn't sufficiently precise as to permit "true" engineering? >Query: Why is it that, when the usual stream of crypto-conversation >begins to dry up, the topic of bombs comes up? 'Cause they're fun, and go "bang"? ('cept for the hush-a-boom, of course) > Maybe crypto-anarchists >should seek to replace the traditional symbol of anarchy (you know, the >bowling ball with the fuse) with something more moderne. Any suggestions >on what the well-dressed (black trenchcoat and fedora, for tradition's >sake) crypto-anarchist is seen clutching in his hand as he skulks off into >shadows of Blacknet??? A floppy disk? > You know, something that would make a good .gif. >Finger for public key \ ) >Strong-arm for secret key / <-- minor groove ~~~~~~~~~~~~~~~~~~~~~~~~~ >Thumb-screws for pass-phrase / ) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tempting the fates, are we? :-) Dave Merriman > - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From hughes at ah.com Mon Oct 3 21:30:42 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 3 Oct 94 21:30:42 PDT Subject: Bomb information ban In-Reply-To: Message-ID: <9410040349.AA04455@ah.com> should seek to replace the traditional symbol of anarchy (you know, the bowling ball with the fuse) with something more moderne. What, like a zero with a one sticking out? You do know, of course, that explosives increase the entropy of their targets toward maximum. Eric From hughes at ah.com Mon Oct 3 21:43:01 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 3 Oct 94 21:43:01 PDT Subject: US Should Forbid Export of Digital Wiretap Technology (fwd) In-Reply-To: <940930.193922.2e6.rusnews.w165w@sendai.cybrspc.mn.org> Message-ID: <9410040401.AA04482@ah.com> comp.society.privacy yields the following from crawford at scipp.ucsc.edu (Mike Crawford). I _think_ it's black humor, but the moderator of c.s.p seems to have accepted it at face value. No, it's serious, and it's brilliant. The gambit is this. The law enforcement community argues that they won't abuse their technical ability to wiretap. Implicitly they acknowledge that such ability is both possible and undesirable. Now Mike Crawford observes that legal safeguards, _which are the only safeguards_, do not exist in other countries, and therefore uncontrollable wiretapping, which is acknowledged undesirable, should be restricted by law in this country which prevents such equipment from being deployed in a country without safeguards. Now, do you think that any switch manufacturer is going to want to see their international market torn to shreds like this? Eric From storm at marlin.ssnet.com Mon Oct 3 22:12:44 1994 From: storm at marlin.ssnet.com (Don Melvin) Date: Mon, 3 Oct 94 22:12:44 PDT Subject: Puzzle Palace In-Reply-To: <9410031913.AA05574@pilot.njin.net> Message-ID: <9410040511.AA14669@marlin.ssnet.com> > > I just finished reading the Puzzle Palace and I thought it was quite interesting > Does anyone know where I could find some more info on the NRO and DIA, or even > info on what the NSA has been up to for the last ten or so years, besides the > obvious. Thanks to whoever recommended the book to me, I don't remember who it > was. On the opposite side, there is a new book just being released that's written by a KGB (ex-KGB) general who was based here and involved in US operations. For example, he ran Walker. Sorry, don't know title or author but there's probably not that many new books by KGB spies. Later, Storm From jamesd at netcom.com Mon Oct 3 23:41:59 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 3 Oct 94 23:41:59 PDT Subject: Chomsky quote (thread from hell) Message-ID: <199410040627.XAA03131@netcom15.netcom.com> I wrote: > > Of course Noam Chomsky is optimistic - he favors limitless and > > absolute state power and the forcible and violent silencing of all > > those who deviate from political correctness. "L. Todd Masco" quotes one of Chomksy's pious platitudes on freedom of speech: > In my opinion, not only mainstream intellectuals but also > others who produce a constant stream of lies, distortion, > racist screeds, etc., should be permitted freedom of > speech. To put this in its proper context, Chomsky also believes in socialism, in the sense of the "people" controlling the means of production, distribution, and supply, and in particular, the "people" running the mass media. Does Chomsky really believe that such a society can operate without its Gulag? Is he a fool, or is he a monster? In my previous writings on this thread I have shown examples where Chomsky carefully chooses words so as to convince us that freedom of speech is not freedom, and that control of speech is freedom. Let us examine the above quote from Chomsky. You will notice that Chomsky has carefully expressed himself in the manner that is least likely to make us feel favorable to freedom of speech. He piously declares himself in favor of it, but expresses himself in such a manner as to make an argument against freedom of speech. The intended effect is to make us feel that such "extreme" freedom of speech is a bit excessive and not really necessary or desirable. In the above quote Chomsky implies that freedom of speech is divisible -- he implies that we can suppress wicked, obnoxious, and obviously false ideas, without closing down everyone's ability to communicate political thought. Thus he is actually making a misleading and spurious argument *against* freedom of speech at the same time as he is piously declaring himself to be in favor of freedom of speech. Let us also look at the examples he gives of people abusing freedom of speech. Notice that every example that he gives are powerful and priviledged people who plainly need no protection, never the weak and vulnerable silenced by the powerful and arrogant: > hypocrites, like faculty senates who choose one > particularly and usually quite marginal example because > career and power interests are served thereby, while > ignoring vastly more significant and awful cases because > the opposite is true. And Congress, of which the same is > correct. Let me give a counter example to Chomksy's implied argument that it is safe to silence dissidents, and that dissidents are powerful and priviledged servants of capitalism. Edward O Wilson. Back in the late seventies, when political correctness was so powerful that we did *not* see two dozen books protesting about how powerful it was, Edward O. Wilson was silenced by threats and violence. Among other things he was accused of emitting "a constant stream of lies, distortion, racist screeds, etc." In fact he his heresy had nothing whatsoever to do with race -- indeed he was a political innocent with no particular political ideas, who was largely unaware that his work had political implications, unaware that his work would be used by other people to make the argument that property was a result of the nature of man, and that socialism was contrary to the nature of man. Because many of the thugs sent against him were black, the totally false claim was made, that he continually insulted black people with racist fighting words. Suddenly people realized, that just as in the market every thing is connected to everything else, so that one state intervention necessarily requires further state intervention in order to achieve the desired effect, in the same fashion, every idea is connected to every other idea, so silencing some ideas necessarily requires silencing other ideas. In the end the only way to coercively suppress ideas is to ensure that only a single voice is heard. Thus the backlash against political correctness started. What happened to Edward Wilson then, could not happen today, which is why it is now safe for academics to write books on how powerful political correctness is, something they would not have dared to do seven years ago. The full quote by Chomsky in all its pious hypocricy. >Noam Chomsky, in a 4/16/94 e-mail response to a question from Steve >Shalom, says: > > In my opinion, not only mainstream intellectuals but also others > who produce a constant stream of lies, distortion, racist screeds, > etc., should be permitted freedom of speech. The state should not > have the power to stop them. The same freedom extends to > hypocrites, like faculty senates who choose one particularly and > usually quite marginal example because career and power interests > are served thereby, while ignoring vastly more significant and > awful cases because the opposite is true. And Congress, of which > the same is correct. I did not see this quote: I am relying on Todd for the accuracy of this quote, but I have seen plenty of similar hypocritical smears against liberty by Chomsky. The above piece of catty nastiness is classic Chomsky, and I could easily dig up a dozen similar examples of the kind of support that he gives liberty. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From tcmay at netcom.com Tue Oct 4 00:38:54 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 4 Oct 94 00:38:54 PDT Subject: Puzzle Palace In-Reply-To: <9410040511.AA14669@marlin.ssnet.com> Message-ID: <199410040738.AAA00422@netcom8.netcom.com> Don Melvin wrote: > On the opposite side, there is a new book just being released that's > written by a KGB (ex-KGB) general who was based here and involved in US > operations. For example, he ran Walker. Sorry, don't know title or author > but there's probably not that many new books by KGB spies. "Special Tasks," Sudaplatov. (give or take...this is from memory) This actually came out about 6 months ago, so it may be worth waiting for the paperback. I skimmed the book in a bookstore, but saw various pieces on this book and its implications on MacNeil-Lehrer and Nightline. Lots of revelations, but little confirmation. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From tcmay at netcom.com Tue Oct 4 00:51:47 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 4 Oct 94 00:51:47 PDT Subject: Puzzle Palace In-Reply-To: <199410040738.AAA00422@netcom8.netcom.com> Message-ID: <199410040751.AAA01351@netcom8.netcom.com> Timothy C. May wrote: > "Special Tasks," Sudaplatov. > > (give or take...this is from memory) > > This actually came out about 6 months ago, so it may be worth waiting > for the paperback. I skimmed the book in a bookstore, but saw various Sorry, I may have responded too quickly. Maybe Don Melvin was talker about a _newer_ book than the Sudaplatov book, which is the only one I know about. Sudaplatov didn't run Walker, that's for sure. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From GRABOW_GEOFFREY at tandem.com Tue Oct 4 00:58:12 1994 From: GRABOW_GEOFFREY at tandem.com (GRABOW_GEOFFREY at tandem.com) Date: Tue, 4 Oct 94 00:58:12 PDT Subject: Bomb information ban Message-ID: <199410040057.AA21305@comm.Tandem.COM> > Toronto (Canada) city council is debating a by-law to ban informatio >on bomb construction. This after one of the council members was mailed >a faulty (or fake) pipe-bomb. Rough quote: ~This is different than the >gun control issue because there is no valid use for bombs.~ Bombs are used by building demolition teams, excavation workers and (believe it or not) there are even a few artists who use explosives to create their particular brand of art. I won't even mention 4th of July fireworks and the creators thereof. Granted, not many people fall into these catagories, but does that mean that the rest of us are entirely un-interested in how they work. A student of physics might be interested in the physics of a falling building... Okay, I reaching, but the possibility exists! G.C.G. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Geoffrey C. Grabow | "What we demand are rigidly defined | | Oyster Bay, New York | areas of doubt and uncertainty!" | | | -------------------- | | grabow_geoffrey at tandem.com | Clipper, SkipJack & Digital Telephony | | | JUST SAY NO!!! | |----------------------------------------------------------------------| |PGP 2.6 fingerprint = AA 9E 35 12 F8 93 72 8D 1C E5 D5 BC 74 BE 49 D3| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at netcom.com Tue Oct 4 01:23:43 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 4 Oct 94 01:23:43 PDT Subject: Bomb information ban In-Reply-To: Message-ID: <199410040822.BAA03511@netcom8.netcom.com> cjl wrote: > Query: Why is it that, when the usual stream of crypto-conversation > begins to dry up, the topic of bombs comes up? Maybe crypto-anarchists > should seek to replace the traditional symbol of anarchy (you know, the > bowling ball with the fuse) with something more moderne. Any suggestions > on what the well-dressed (black trenchcoat and fedora, for tradition's > sake) crypto-anarchist is seen clutching in his hand as he skulks off into > shadows of Blacknet??? You know, something that would make a good .gif. But "bombes" have long had a strong connection to cryptography. Lots of bombes at Bletchley Park. As to what well-dressed crypto anarchists are carrying...perhaps a copy of Schneier. Or a PGP diskette. But since neither of those will make for a very comprehensible graphic, perhaps the trench-coated crypto anarchist should be seated in front of a terminal? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From danielce at ee.mu.oz.au Tue Oct 4 02:12:47 1994 From: danielce at ee.mu.oz.au (Daniel Carosone) Date: Tue, 4 Oct 94 02:12:47 PDT Subject: Bomb information ban In-Reply-To: Message-ID: <199410040914.TAA19043@anarres.mame.mu.oz.au> Timothy C. May writes: > [symbol picture ideas] > > But since neither of those will make for a very comprehensible > graphic, perhaps the trench-coated crypto anarchist should be seated > in front of a terminal? Choose whatever picture you like... the *real* symbol is encrypted and stego'd into it :) -- Dan. From frissell at panix.com Tue Oct 4 03:18:06 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 4 Oct 94 03:18:06 PDT Subject: Bank on the Net Message-ID: <199410041017.AA13899@panix.com> Who says there aren't any banks on the net. Check out Busey Bank's (Illinois) homepage: http://www.prairienet.org/business/busey/homepage.htm From sdw at lig.net Tue Oct 4 05:59:41 1994 From: sdw at lig.net (Stephen D. Williams) Date: Tue, 4 Oct 94 05:59:41 PDT Subject: Bank on the Net In-Reply-To: <199410041017.AA13899@panix.com> Message-ID: > > Who says there aren't any banks on the net. Check out Busey Bank's > (Illinois) homepage: > > http://www.prairienet.org/business/busey/homepage.htm > I happen to be contracting in the Bay Area for Bank of America till Feb/Mar... See: http://www.bankamerica.com sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 510 503-9227APager LIG dev./sales Internet: sdw at lig.net In Bay Area Aug94-Feb95!!! OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Internet Consulting ICBM: 39 38 34N 84 17 12W home, 37 58 41N 122 01 48W work Newbie Notice: I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From 74172.314 at compuserve.com Tue Oct 4 07:20:35 1994 From: 74172.314 at compuserve.com (ss) Date: Tue, 4 Oct 94 07:20:35 PDT Subject: TEMPORARILY OUT OF TOUCH Message-ID: <941004141312_74172.314_GHA77-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Until I get an account problem worked out with CRL (a day or two?), I won't be getting any e-mail through that service. If you need to send me private messages, you may use either of the following addresses to contact me: ssandfort at attmail.com 74172.314 at compuserve.com Later, S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jdblair at phoenix.sas.muohio.edu Tue Oct 4 08:39:40 1994 From: jdblair at phoenix.sas.muohio.edu (John Blair) Date: Tue, 4 Oct 94 08:39:40 PDT Subject: Bomb information ban In-Reply-To: Message-ID: <9410041538.AA26372@phoenix.sas.muohio.edu> writes: > > Query: Why is it that, when the usual stream of crypto-conversation > begins to dry up, the topic of bombs comes up? Maybe crypto-anarchists > should seek to replace the traditional symbol of anarchy (you know, the > bowling ball with the fuse) with something more moderne. Any suggestions > on what the well-dressed (black trenchcoat and fedora, for tradition's > sake) crypto-anarchist is seen clutching in his hand as he skulks off into > shadows of Blacknet??? You know, something that would make a good .gif. > My favorite anarchist symbol is the monkey wrench. I don't know exactly how much this applies this this group, but I can definately envision crypto-monkey wrenchers (if not simply net monkey wrenchers). -john ---------------------------------------------+---------------------------- John Blair: | this space for rent... voice: (513) 529-3980 | Unix System Administrator, Juggler | Student of Interdisciplinary Studies | (finger me for PGP key) From Kelly.Goen at Eng.Sun.COM Tue Oct 4 09:04:23 1994 From: Kelly.Goen at Eng.Sun.COM (Kelly Goen [CONTRACTOR]) Date: Tue, 4 Oct 94 09:04:23 PDT Subject: Electronic Revolution and Guerilla Warfare? Message-ID: <199410041604.JAA11120@jurassic.Eng.Sun.COM> Interesting Post David, some rather disjoint comments follow: > > From: merriman at metronet.com (David K. Merriman) > Subject: Electronic Revolution and Guerilla Warfare? > > What with the governments of several nations around the world starting to > get a bit heavy-handed with their populaces, I was wondering how a > modern-day revolution could take place in a crypto-repressive society, and > how the citizenry could sufficiently rattle/displace such a government so as > to regain control over their destinies. > > For the purpose of discussion, I'd like to propose the following > "environmental variables": > > majority of the population unable/unwilling to do more than complain. > > minority of the population not sure of how to fight the process, but > willing to support those that do know. > > some number (small) of those capable of crypto or other electronic mayhem > depart the country in a short period bridging the implementation of > repressive government controls and laws. > > There are varying permutations of the crypto/electronic-capable, and the > force-capable (ie, hackers-only to bomb-makers-only, and anything in between). > > said government uses all means at it's disposal to try and apprehend those > attempting to resist, as well as intercept communications, prevent damage to > it's infrastructure and physical entities. I would suggest initially that one examine the e-book "Terminal Compromise" by Winn Schwartau and also Information Warfare by the same author. In addition one also may want to obtain a project planner package and actually plan every scenario out along with costs and estimated effects. This would increase the accuracy of your gaming study. One may also wish to include items such as Blacknet in their gaming study as well as a complete and functional blackmarket. Tim's FAQ gives a good review of the tech in crypto and remailers available. Note also for purposes of short term games, knowing ones opponent(i.s. dossiers built up using information brokers and pressure on weak points) tends to be vastly more effective then official routes of change. After all its the oppositions preferred technique. Keep in mind that various hackers have tried this in a haphazard way and gotten caught at it... > > at the start of government "hostilities", all intra-national anon > remailers are seized or shut down, and access to international ones is > *heavily* monitored or blocked (yeah, I know, but we're gaming here!). > > national identity medium (card, wristband, etc) in place and mandatory. > > travel, currency, and information transfer restrictions (ie, no more "How > to build a Backpack Nuke" or "How to hack the Tax Gestapo central computers" > books :-) I expect E-publishing and Data havens for such documents will appear almost immediately after such laws. Backpack nukes unless they are for EMP arent too interesting but EMP/HERF generators are in terms of the attack potential against an information infrastructure. "Information Warfare" looks at this and other issues. Is it happening already??? "I can neither confirm nor deny this rumour". Does our government look at these issues... I point the interested user to a90-217 SBIR, an early I-Warfare project " Electronic Countermeasure: Computer Virus" a project to create military viruses and research into vectoring via RF/induced signal. > > What problems would those willing to fight such government oppression be > likely to face? How to deal with those problems? How to organize and > exchange personnel/information? How to not get caught? How to avoid > detection? What means/methods of, um, dissonance against such a government > would be more/less effective? Under what various permutations of > electronic/physical bushwhacking would the process be successful or not? > Duration? Other than the obvious crypto/cyber/military disciplines, what > other professions or specialized knowledge would be useful under what > conditions? What blatantly obvious thing(s) have I left out? Check out loompanics press... they have many such titles useful to your research... also checkout Paladin Press and Loompanics press. look at spy-cell organizations with crypto/remailer substituted for the comm links and dead drops, information brokers help detect infiltration. Laptop mobile IP with encrypted links and on-line info-brokers allow one to continuously evaluate current local conditions. The one thing always lacking for me in many of these Crypt-anarchy posts "Overthrow the government". is a lack of attention the least principles of logistics, economics and proper planning. You can be sure the opposition is paying attention to such details and has a huge advantage because of this. > > Dave Merriman > - - - - - - - - - - - - - - - - - - - - - - - - - - > Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. > Unencrypted Email may be ignored without notice to sender. PGP preferred. > Remember: It is not enough to _obey_ Big Brother; you must also learn to > *love* Big Brother. > cheers Kelly From nobody at cass156.ucsd.edu Tue Oct 4 11:09:30 1994 From: nobody at cass156.ucsd.edu (Anonymous) Date: Tue, 4 Oct 94 11:09:30 PDT Subject: He's dead Jim (Chomsky) Message-ID: <9410041812.AA27339@nately.UCSD.EDU> Amazing, absolutely amazing! Perhaps we should stop reading Chomsky (if we ever did) and read James A. Donald--he obviously has not only a grasp of what it is people *really* mean, but also has the spurious arguments to back himself up! The Chomsky quote of the day: > In my opinion, not only mainstream intellectuals but also others > who produce a constant stream of lies, distortion, racist screeds, > etc., should be permitted freedom of speech. The state should not > have the power to stop them. The same freedom extends to > hypocrites, like faculty senates who choose one particularly and > usually quite marginal example because career and power interests > are served thereby, while ignoring vastly more significant and > awful cases because the opposite is true. And Congress, of which > the same is correct. In this, James A. Donald finds: >To put this in its proper context, Chomsky also believes >in socialism, in the sense of the "people" controlling the >means of production, distribution, and supply, and in >particular, the "people" running the mass media. What? Non sequitur! No where in Chomsky's quote do we find any remote resemblance of a reference to mass media; neither to production, distribution, nor to supply (nor to economics of any kind). If I had to piece this together, Mr. Donald erroneously finds the quote: "The state should not have the power to stop them" to mean that Mr. Chomsky is advocating that the "people" *should.* Mr. Donald continues: >In my previous writings on this thread I have shown >examples where Chomsky carefully chooses words so as to >convince us that freedom of speech is not freedom, and >that control of speech is freedom. Wrong again. In his previous writings, James A. Donald *tried to show* that Chomsky "chooses words so as to convince us that freedom of speech is not freedom, and that control of speech is freedom." Unfortunately (or fortunately, depending on one's personal bias), Mr. Donald's "arguments" were nothing more than simple speculations which lacked cohesiveness. He continues: >You will notice that Chomsky has carefully expressed >himself in the manner that is least likely to make us feel >favorable to freedom of speech. [snip] No, what I *have* noticed is that obviously Chomsky "has carefully expressed himself in the manner that is least likely to make" James A. Donald feel favorable to freedom of speech. I have no problem with the manner in which Chomsky has expressed himself--then again, I also see that Chomsky's quote is directed at more than one issue. Continuing... >The intended effect is to make us feel that such "extreme" >freedom of speech is a bit excessive and not really >necessary or desirable. > >In the above quote Chomsky implies that freedom of speech >is divisible -- he implies that we can suppress wicked, >obnoxious, and obviously false ideas, without closing down >everyone's ability to communicate political thought. Unfortunately, I think that James A. Donald is again missing the point. Let me help...it is just those "extreme" views which must be protected. Chomsky does imply that freedom of speech is divisible, but he also implies that freedom of speech *should not be.* Furthermore, Chomsky neither states nor insinuates that "we"--and I assume that James A. Donald is refering to "the people"--can "suppress wicked, obnoxious, and obviously false ideas" of any kind! What he does say is that those persons who form the power structure of this country--the mainstream intellectuals and the state--have the power to suppress ideas and speech. (Remember, Chomsky says "should not," instead of "does not" in reference to the state's power.) >Let us also look at the examples he gives of people abusing >freedom of speech. Notice that every example that he gives >are powerful and priviledged people who plainly need no >protection, never the weak and vulnerable silenced by the >powerful and arrogant: > >> hypocrites, like faculty senates who choose one >> particularly and usually quite marginal example because >> career and power interests are served thereby, while >> ignoring vastly more significant and awful cases because >> the opposite is true. And Congress, of which the same is >> correct. > > >Let me give a counter example to Chomksy's implied argument >that it is safe to silence dissidents, and that dissidents >are powerful and priviledged servants of capitalism. That's really an amusing twist of logic: 1) I have never heard anyone call a hypocrite a dissident, and 2) I have never heard Congress being referred to as a bunch of dissidents! Because Chomsky refers to faculty senates and Congress, James A. Donald automatically assumes that Chomsky views them as dissidents. A more logical approach would be to hunt for what role both faculty senates and Congress play in Chomsky's quote--i.e. the role of hypocrites who *are extended* freedom of speech, as opposed to racists and other ideological unsavories who "should be permitted" freedom of speech but are not. Chomsky does not call these people dissidents, just as he does not call mainstream intellectuals dissidents; none of these groups, because they are powerful, privileged, and *mainstream*, may qualify as dissident. Furthermore, how in any way, shape or form, can it be safe to silence dissidents if they are powerful and privileged! ^^^^^^^^ ^^^^^^^^^^ >I did not see this quote: I am relying on Todd for the >accuracy of this quote, but I have seen plenty of similar >hypocritical smears against liberty by Chomsky. The above >piece of catty nastiness is classic Chomsky, and I could >easily dig up a dozen similar examples of the kind of >support that he gives liberty. Apparently, Mr. Donald did not *read* this quote as well. It would be quite, quite horrifying to have James A. Donald "dig up a dozen similar examples." Quite, quite horrifying. >Is he a fool, or is he a monster? My question exactly. For those interested in what Chomsky really has to say, good or bad, ftp to the Chomsky archives at: ftp.cs.cmu.edu (128.2.206.173) user/cap/chomsky/ (note that there is no slash at the beginning of the pathname). On the Web: http://www.contrib.andrew.cmu.edu:/usr/tp0x/chomsky.html _/_/_/ _/_/_/ _/ _/ _/_/_/ _/ _/ I detest what you write, _/ _/ _/ _/ _/ _/ _/_/ _/ but I would give my life _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ to make it possible for _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ you to continue to write. _/_/_/ _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ --Voltaire _/ (in a letter to M. le Riche) From blancw at microsoft.com Tue Oct 4 11:20:02 1994 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 4 Oct 94 11:20:02 PDT Subject: Chomsky quote (thread from hell) Message-ID: <9410041820.AA00322@netmail2.microsoft.com> From: James A. Donald The intended effect is to make us feel that such "extreme" freedom of speech is a bit excessive and not really necessary or desirable. . . . Thus he is actually making a misleading and spurious argument *against* freedom of speech at the same time as he is piously declaring himself to be in favor of freedom of speech. ............................................................... James, couldn't he simply be taken at his word - his explicit expression, rather than the implied "catty nastiness". If it was not what he really meant, he would eventually be irritated enough by the full acceptance of his apparent support for liberty to come out and say more precisely what he really wants people to think, so they don't go on allowing freedoms which he is really trying to prevent. Blanc From CCGARY at MIZZOU1.missouri.edu Tue Oct 4 11:25:35 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 4 Oct 94 11:25:35 PDT Subject: Chomsky (thread from hell) Message-ID: <9410041825.AA20090@toad.com> I remember Chomsky being quoted (I think in a Mother Jones issue) something to the effect that the opposition to "political correctness" was not legitimate. Apparently, Chomsky finds at least one kind of oppression to be not distasteful. At a Chomsky lecture that I attended, Chomsky described himself as a left libertarian. I surmise that he finds that grassroots oppression by the left to be ok. I realize, of course, that "political correctness" has great mass media & State support. Yours Truly, Gary Jeffers From cactus at bb.com Tue Oct 4 12:22:56 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 4 Oct 94 12:22:56 PDT Subject: Bomb information ban In-Reply-To: Message-ID: <36sa9q$avv@bb.com> In article , cjl wrote: >> All. What part of Engineering doesn't have some impact or use in >> bombmaking/usage? > >Genetic Engineering, of course, my silico-centric friend :-) Actually, (a bird psych friend tells me) there was a variety of smart- bomb developed in WWII that used a pigeon as its brain. The pigeon would be trained to peck at a building on a map, and then in the falling bomb it would guide the bomb by pecking at a clear panel. I don't think they were actually used, though. -- L. Todd Masco | Ingredients: red, blue, and green quarks, six varieties of cactus at bb.com | gluons, electrons. Some settling may occur in shipping. From lmccarth at ducie.cs.umass.edu Tue Oct 4 12:33:41 1994 From: lmccarth at ducie.cs.umass.edu (Lewis McCarthy) Date: Tue, 4 Oct 94 12:33:41 PDT Subject: BofA & the CIA Message-ID: <199410041933.PAA00195@ducie.cs.umass.edu> Tim May writes: $ Banks already collude (BCCI was not a fluke, just a CIA $ front bank, like Castle Bank, Nugan Hand Bank, and Bank of America). Stephen Williams writes: $ I happen to be contracting in the Bay Area for Bank of America till $ Feb/Mar... See: http://www.bankamerica.com Does this make you a CIA plant ? -L. McCarthy "I'm just a sucker with no self-esteem" -Offspring Send me mail using "Subject: remailer-help" for an autoreply about Underdog From cactus at bb.com Tue Oct 4 12:35:55 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 4 Oct 94 12:35:55 PDT Subject: archives In-Reply-To: <9410022254.AA18179@acf4.NYU.EDU> Message-ID: <36s9pv$are@bb.com> In article <9410022254.AA18179 at acf4.NYU.EDU>, iqg1550 wrote: >could someone please tell me where the CP list is archived -- if, in fact, >it is -- as well as the dates covered by any such archive >thank you very much One archive is on bb.com: nntp to bb.com (hks.lists.cypherpunks), or via ftp://bb.com/cypherpunks/nntp/cypherpunks/ That's since July 16. If there's an older archive somewhere, I'll integrate it with that one (but I haven't heard of such a beast anywhere). -- L. Todd Masco | Ingredients: red, blue, and green quarks, six varieties of cactus at bb.com | gluons, electrons. Some settling may occur in shipping. From an48848 at anon.penet.fi Tue Oct 4 13:29:42 1994 From: an48848 at anon.penet.fi (an48848 at anon.penet.fi) Date: Tue, 4 Oct 94 13:29:42 PDT Subject: A practical use of c'punk brain power. Message-ID: <9410041958.AA18580@anon.penet.fi> Greetings c'punks! I have an Excel 4.0 spreadsheet to which I do not have the password. Do any of you know a clever way to break the Excel protection either by divining the password or removing the layer of encryption in the file? Any help is appreciated! ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From nobody at jpunix.com Tue Oct 4 13:49:03 1994 From: nobody at jpunix.com (Anonymous) Date: Tue, 4 Oct 94 13:49:03 PDT Subject: No Subject Message-ID: <199410042048.PAA05038@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- > On the same note, do any of you have any humorous / >chilling stories about what you found out when you got >your file? There's a guy who was active with the National Committee Against Repressive Legislation (Roy Wilkinson? Memory fades...) who amassed more FBI file pages than anyone. His file was in excess of 200K pages. In the files---this I heard directly from him---was information that the FBI had learned of a plot to kill him. They did nothing but continue their surveillance. ======================================================================= Crim Tideson Privacy is its own justification. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpCCNqvOblMnt4MdAQFQRAP9HK4mqbnl0d0IallbCpQBm737QT5gCgMm 8PSlgHLCWAI9Rx4q93g8+zDMWNA22eELe+amUufJxuoZHNChpTNU87lBT4klif89 NlEMB2/jqbZM0eeqTi0tzdfu3nTI1S5Hu/SH0oRxTj2iHNKfuA81gs19bmNxiqG9 30xx5LqVvHg= =Tmtv -----END PGP SIGNATURE----- From nobody at jpunix.com Tue Oct 4 13:51:32 1994 From: nobody at jpunix.com (Anonymous) Date: Tue, 4 Oct 94 13:51:32 PDT Subject: No Subject Message-ID: <199410042048.PAA05070@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- > That being said let it be known that I consider the following as a > "Cypherpunk victory." > > 1. Complete freedom of technology, particularly encryption technology, ^^^^^^^^^^^^^^^^^^^^^ > regulated only by market forces. This implies the lack of import/export > restrictions, and a complete absence of projects designed to limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > technology, or to standardize it for nefarious ends like Clipper. ^^^^^^^^^^ I think you overgeneralize. No limits on toxic waste incinerators, low-mileage automobiles, unsafe medical devices, genetically tampered food, or nuclear reactors? "Market forces" in such cases positively encourage dangerous technology (e.g. incinerators are superficially cheap) or are marked by their inability to distinguish the good from the crap (e.g. medical devices). We agree about crypto, but not all tech is crypto. :) ======================================================================= Crim Tideson Privacy is its own justification. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpCIPqvOblMnt4MdAQEgRgP/XNNQ/T/RvLnd7Rhu8OxCNlXhez8Dqt0h mJfJ172h8QZr0TSr9jxOt6720Z5+lKGZJbP62I5OZEeufifwTXn1Q9Il1Sq4BEWA mUFbs1mu/v88xVReuNXie5e09R7cRa4cZ8W0aGQ2+ceCBTEvJ/z8Cqps93ZucL9j ZDtO93NM78k= =FcUP -----END PGP SIGNATURE----- From bogus at no.return.address Tue Oct 4 13:57:52 1994 From: bogus at no.return.address (Underdog) Date: Tue, 4 Oct 94 13:57:52 PDT Subject: A practical use of c'punk brain power. Message-ID: <199410042057.QAA00534@ducie.cs.umass.edu> Greetings c'punks! I have an Excel 4.0 spreadsheet to which I do not have the password. Do any of you know a clever way to break the Excel protection either by divining the password or removing the layer of encryption in the file? Any help is appreciated! ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From system at decode.com Tue Oct 4 14:38:05 1994 From: system at decode.com (System Operator) Date: Tue, 4 Oct 94 14:38:05 PDT Subject: Electronic Revolution and Guerilla Warfare? Message-ID: Kelly.Goen at Eng.Sun.COM (Kelly Goen [CONTRACTOR]) writes: > I would suggest initially that one examine the > e-book "Terminal Compromise" by Winn Schwartau and also > Information Warfare by the same author. In addition one also may want [...] > Check out loompanics press... they have many such titles useful to your > research... also checkout Paladin Press and Loompanics press. I second the motion for Loompanics and Paladin Press. Two books that might be directly related, both from Paladin Press and both by Lawrence W. Myers are "SPYCOMM: Covert Communication Techniques of the Underground" and "Improvised Radio Jamming Techniques: Electronic Guerrilla Warfare." Both are full of practical, "nuts and bolts" discussions of the issues you're pursuing. Dan -- system at decode.com (System Operator) Cryptography, Security, Privacy BBS +1 410 730 6734 Data/FAX From unicorn at access.digex.net Tue Oct 4 14:45:01 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 4 Oct 94 14:45:01 PDT Subject: your mail In-Reply-To: <199410042048.PAA05070@jpunix.com> Message-ID: <199410042144.AA13550@access4.digex.net> Anonymous scripsit > > -----BEGIN PGP SIGNED MESSAGE----- > > > That being said let it be known that I consider the following as a > > "Cypherpunk victory." > > > > 1. Complete freedom of technology, particularly encryption technology, > ^^^^^^^^^^^^^^^^^^^^^ > > regulated only by market forces. This implies the lack of import/export > > restrictions, and a complete absence of projects designed to limit > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > technology, or to standardize it for nefarious ends like Clipper. > ^^^^^^^^^^ > > I think you overgeneralize. No limits on toxic waste incinerators, >low-mileage automobiles, unsafe medical devices, genetically tampered food, >or nuclear reactors? "Market forces" in such cases positively encourage >dangerous technology (e.g. incinerators are superficially cheap) or are >markedby their inability to distinguish the good from the crap (e.g. medical >devices). It is you who have overgeneralized. No limits on technology certainly does not mean allowing low tech and poor incinerators to continue operating. The fact that low mileage cars still drive is a result of poor markets than anything else (baring colletables). How would you argue that some low mileage cars are the result of a no limitations on technology policy? Unsafe medical devices? I would say this is a problem with testing technology, not a lack of limitation on technological advance. Genetically tampered food? Why is this dangerous? Have any evidence? Most of the livestock/crops you eat today have been altered in one way or another, be it selective breeding, low tech botanical splicing, or genetic/hormonal therapy. You see this as a regression? You never make the distinction between regulation designed to promote and regulation designed to deter technological advance. Clipper is clearly designed to set a standard and defuse the market which has advanced strong cryptography. It is designed to WEAKEN technology, make it counter-productive to it's goal (in the case of cryptography, security against all attackers). What lack of regulation does this? Market forces are lathargic, sometimes they need a boost. I propose this boost be accomplished with motivators like tax breaks, market assisters and privatization. When Germany wanted to promote environmentally sound packaging and manufacture, they started a program called Gruun Punkt (The Green Point) They allow manufactures to place the green point sticker on their products provided they meet XYZ specifications. This is the way to promote technological advance, NOT by over regulation, centralization, collectivization and stagnation. The pattern of the administration crippling markets because it is afraid it cannot keep pace is obnoxious. If we were to all keep pace with the Federal Government, we'd all still be wearing loin cloths. Anyone who thinks the Federal Government is the driving force behind the majority of technological advancement (aside the space program and military hardware) needs to take a good look. > > We agree about crypto, but not all tech is crypto. :) > I'm not even sure we agree about crypto, considering you don't seem to understand, or at least express the difference between Crypto regulation and emissions testing. > ======================================================================= > Crim Tideson Privacy is its own justification. > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > -----BEGIN PGP SIGNATURE----- > Version: 2.6 [...] > > -----END PGP SIGNATURE----- > -uni- Dark -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From blancw at microsoft.com Tue Oct 4 15:26:45 1994 From: blancw at microsoft.com (Blanc Weber) Date: Tue, 4 Oct 94 15:26:45 PDT Subject: your mail Message-ID: <9410042227.AA15227@netmail2.microsoft.com> From: Black Unicorn Market forces are lathargic, sometimes they need a boost. I propose this boost be accomplished with motivators like tax breaks, market assisters and privatization. . . . . Anyone who thinks the Federal Government is the driving force behind the majority of technological advancement (aside the space program and military hardware) needs to take a good look. .............................................................. Market forces being lethargic, sometimes they need a little boot, a little tax break, a little assistance. Anyone who doesn't think so needs to examine their current Federal allowance. Blanc From fhalper at pilot.njin.net Tue Oct 4 15:27:01 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Tue, 4 Oct 94 15:27:01 PDT Subject: penet remailer Message-ID: <9410042226.AA10893@pilot.njin.net> What's the status of the penet.fi remailer. Is it secure? Reuben -------------------------------------------------------------------------------- Reuben Halper "I'm not growing up, I'm just burnin' out." Montclair High - Green Day - Montclair, NJ E-mail: fhalper at pilot.njin.net or PGP 2.6ui Public Key Reuben8878 at aol.com available upon request -------------------------------------------------------------------------------- From sandfort at crl.com Tue Oct 4 15:27:24 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 4 Oct 94 15:27:24 PDT Subject: NYC C'PUNKS MEETING Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, If you live in the NYC area or will be visiting this coming weekend, you are invited to a Cypherpunks get-together. We will be meeting at Linn & Barbara Stanton's apartment on Saturday from noon till whenever. The Stanton's live at 315 W. 106th, Apt. 2A in Manhattan. This is between West End and Riverside. The nearest subway station is on the 1 and 9 lines at 103rd. If you need better directions, call them at (212) 316-1958. We will actually start at noon, so plan to arrive sometime before that hour. Everyone should eat first or bring some snacks with you. Later, if attendees want, we can have food delivered or go out for dinner afterwards. Though I will attempt to hold court, I expect it will be every bit as anarchistic as the Bay Area meetings. Anyone wishing to depose me, is welcome to do so. If someone has something for the "agenda," let me know when you RSVP. Or don't. If you are sure, kinda sure, or think maybe you will attend Saturday, please e-mail me at this address. (If your message bounces, try ssandfort at attmail.com). Give me your best guess on the likelihood of your showing; I'd like to have a reasonably accurate estimate of how many we will have. Please feel free to bring anyone you think might be interested/interesting. If possible, let me know that too. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From nobody at shell.portal.com Tue Oct 4 15:52:01 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 4 Oct 94 15:52:01 PDT Subject: A practical use of c'punk brain power. Message-ID: <199410042251.PAA10233@jobe.shell.portal.com> bogus at no.return.address sez: :Greetings c'punks! : I have an Excel 4.0 spreadsheet to which I do not have the password. :Do any of you know a clever way to break the Excel protection either :by divining the password or removing the layer of encryption in the :file? : I reply: Found this on alt.security, you said any help appriciated so here goes. Pleeeeeeeze, no flames. Newsgroups: alt.security From: agriffiths at vnet.ibm.com (Alan Griffiths) Subject: Re: Excel pass crack Sender: news at hawnews.watson.ibm.com (NNTP News Poster) Message-ID: Approved: myself Date: Wed, 21 Sep 1994 08:21:24 GMT Lines: 103 Reply-To: agriffiths at vnet.ibm.com (Alan Griffiths) Disclaimer: This posting represents the poster's views, not necessarily those of IBM. References: Nntp-Posting-Host: nhbrp75.caanerc.uk.ibm.com Organization: LORAL CAA NERC Project X-Newsreader: IBM NewsReader/2 v1.01 In , Bob writes: >Someone was looking for a crack to excel's passwords, apparently they >forgot their password ? Well I found these helpful tidbits posted >previously. > >|>Encryption of Ms Excel files >|> From: Fabio Ottolina >|> Date: 29 Jan 1994 12:51:18 GMT (1 screen) >|> >|> I have saved an Excel 4.0 for Windows file with password-protection, and >|>I can't remember the password (how remarkably stupid! :-)). >|>Is there any way to crack the password-protection of Excel files? You may find the following program of help. I am sorry it's in QBasic but that's the only free language I have at present. The program removes document protection from Excel worksheets. I haven't tested it extensively so there are no guarantees or warranties. Always keep a backup copy of your files etc... The protection scheme does two things: 1. When you protect your document, Excel hashes your password to a 16 bit value, stores it somewhere and sets a few flags to say that the document is protected. 2. When Excel saves a protected document it encrypts the content of each block using 16 different alphabetic substitutions. This allows Excel to read and display protected documents before knowing their password. The program below unscrambles a protected document, removes an extra 8 byte block at the beginning, and resets the flags and passwords to zero. I don't know if it can cope with all combinations of protection available in Excel. It works fine on the simple protect document option. Similarly, charts etc. will probably get munged since I don't think the titles etc get scrambled. Hope this stuff is of use to someone. Alan. PS. Ironically enough, I found Excel of great value in recovering the set of magic numbers used in the program. It allowed me to very quickly generate and evaluate possible decryption formulae! -------------------cut here------------------------------ DECLARE FUNCTION decrypt$ (c$, adr&, blen%) DEFINT A-Z DIM SHARED magic(15) FOR i = 0 TO 15 READ magic(i) NEXT DATA 196, 115, 164, 32, 60, 91, 212, 23, 240, 31, 40, 19, 240, 75, 180, 3 COLOR 14, 1 CLS INPUT "Enter input Cyphertext filename: ", cf$ INPUT "Enter output Plaintext filename: ", pf$ OPEN pf$ FOR BINARY ACCESS WRITE AS #1 OPEN cf$ FOR BINARY ACCESS READ AS #2 chdr$ = INPUT$(18, #2) phdr$ = LEFT$(chdr$, 10) PUT #1, , phdr$ fp& = 10 cbh$ = INPUT$(4, #2) WHILE NOT EOF(2) PUT #1, , cbh$ blen = ASC(MID$(cbh$, 3, 1)) + 256 * ASC(MID$(cbh$, 4, 1)) btyp = ASC(MID$(cbh$, 1, 1)) + 256 * ASC(MID$(cbh$, 2, 1)) fp& = fp& + 4 IF blen > 0 THEN cblk$ = INPUT$(blen, #2) x$ = decrypt$(cblk$, fp& - 4, blen) IF blen = 2 THEN SELECT CASE btyp CASE 18, 19, 99 x$ = STRING$(2, 0) END SELECT END IF PUT #1, , x$ END IF fp& = fp& + blen cbh$ = INPUT$(4, #2) WEND CLOSE #1 CLOSE #2 END FUNCTION decrypt$ (c$, adr&, blen) offset = (adr& + blen) AND 15 d$ = STRING$(blen, 0) FOR i = 1 TO blen c = ASC(MID$(c$, i, 1)) crot = ((c * 8) MOD 256) OR (c \ 32) ctst = magic(offset) clss = (2 * (crot AND ctst)) AND 255 d = (256 + crot + ctst - clss) AND 255 MID$(d$, i, 1) = CHR$(d) offset = (offset + 1) AND 15 NEXT decrypt$ = d$ END FUNCTION -------------------cut here------------------------------ Alan Griffiths CAA NERC Project agriffiths at vnet.ibm.com Tel: +44-705-561325 Fax: +44-705-214094 All opinions expressed are my own and do not represent IBM in any way From mg5n+ at andrew.cmu.edu Tue Oct 4 15:54:41 1994 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Tue, 4 Oct 94 15:54:41 PDT Subject: penet remailer In-Reply-To: <9410042226.AA10893@pilot.njin.net> Message-ID: fhalper at pilot.njin.net (Frederic Halper) wrote: >What's the status of the penet.fi remailer. Is it secure? >Reuben Depends on your definition of secure. Since it is run on Julf's personal computer, I'd say the hardware is secure from tampering. But, given that it does not support PGP, and has the potential to reveal anonymous IDs when cross-posting, and has had problems with spoofed mail etc, I would say it's not very sercure. From eb at comsec.com Tue Oct 4 16:26:02 1994 From: eb at comsec.com (Eric Blossom) Date: Tue, 4 Oct 94 16:26:02 PDT Subject: NRO Article in current Covert Action Quarterly In-Reply-To: <9410031913.AA05574@pilot.njin.net> Message-ID: <199410042305.QAA00789@comsec.com> Frederic Halper writes: > I just finished reading the Puzzle Palace and I thought it was quite > interesting Does anyone know where I could find some more info on the > NRO and DIA, or even info on what the NSA has been up to for the last > ten or so years, besides the obvious. Thanks to whoever recommended > the book to me, I don't remember who it was. The current issue of Covert Action Quarterly contains a fairly interesting article about the NRO. Included are estimates of funding and organization, as well as the mechanisms used to determine these. Most claims are substantiated with citations to various congressional reports, etc. It's worth the read. Eric From rah at shipwright.com Tue Oct 4 16:29:55 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 4 Oct 94 16:29:55 PDT Subject: HTTP authentication efforts Message-ID: <199410042329.TAA20862@zork.tiac.net> At 10:05 PM 9/20/94 -0500, Paul Ferguson wrote: >Howdy guys 'n gals. > >As much as I'd love to rant about Detweiler getting an account on Colorado >Supernet, I must put aside my insidious remarks for the time being. > >Does anyone know, on the off-chance, who is currently working on >HTTP authentication processes for web browsing and Mosiac? > >Pointers appreciated. One pointer, coming up! >Date: Sun, 28 Aug 94 04:30:02 EDT >From: www-buyinfo-request at allegra.att.com >To: www-buyinfo at allegra.att.com >Subject: weekly www-buyinfo reminder >X-UIDL: 778077798.009 > >Weekly reminder for the www-buyinfo mailing list. > >Please note that the mailing address for subscribe/unsubscribe is > www-buyinfo-request > ******* >To subscribe: > Send mail to www-buyinfo-request at allegra.att.com > Body of message (NOT Subject:) subscribe www-buyinfo >To unsubscribe: > Send mail to www-buyinfo-request at allegra.att.com > Body of message (NOT Subject:) unsubscribe www-buyinfo >To contribute to the mailing list: > Send mail to www-buyinfo at allegra.att.com > >Mail archives will be located in: > ftp.research.att.com:/dist/www-buyinfo-archive/ >Hypermail archives are located at: > http://www.research.att.com/www-buyinfo/archive/ > ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From yusuf921 at raven.csrv.uidaho.edu Tue Oct 4 16:48:05 1994 From: yusuf921 at raven.csrv.uidaho.edu (Herbie) Date: Tue, 4 Oct 94 16:48:05 PDT Subject: NYC C'PUNKS MEETING In-Reply-To: Message-ID: On Tue, 4 Oct 1994, Sandy Sandfort wrote: > C'punks, > > If you live in the NYC area or will be visiting this coming > weekend, you are invited to a Cypherpunks get-together. We will > be meeting at Linn & Barbara Stanton's apartment on Saturday from > noon till whenever. The Stanton's live at 315 W. 106th, Apt. 2A > in Manhattan. This is between West End and Riverside. The > nearest subway station is on the 1 and 9 lines at 103rd. If you > need better directions, call them at (212) 316-1958. > how do we know this isn't an NSA attempt to get us to show our faces so they can get our photos? From cjl at welchlink.welch.jhu.edu Tue Oct 4 16:59:09 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Tue, 4 Oct 94 16:59:09 PDT Subject: penet remailer In-Reply-To: <9410042226.AA10893@pilot.njin.net> Message-ID: On Tue, 4 Oct 1994, Frederic Halper wrote: > What's the status of the penet.fi remailer. Is it secure? > Reuben > I personally don't care for the penet type remailers. Their only true virtue is to allow you to receive return mail to an anon-post. The trade-off is that this is done by a form of identity escrow. Julf (who runs penet.fi) has your e-mail address connected to the anonXXXXX identity that you get issued automatically. As far as reputations go, Julf has an excellent reputation in the C-punx community, and there is little likelihood of Finnish govt. officials giving in to US Govt. pressure to crack down on Julf to turn over his *little black book*. There was recently an attack on the penet.fi remailer that depended upon the ability to spoof the From: lines on messages, some unknown person sent hundreds of messages to the anon at penet.fi remailer pretending to be hundreds of other people and had those messages sent to alt.test or misc.test with some phrase about tunafish in the subject, causing this to be known as the *tunafish and spam sandwich attack*. What this did is allocate alot of new anonxxx numbers to people who didn't really want them, (also ultimately denying them the secure use of this service, because someone knew the anonxxx - TrueName correspondence), for those that already had an anonxxx and had set a password things were cool, the messages were just rejected. For those who had an anonxxx and had not set the password, this attack revealed the anonxxx corresponding to their TrueNames to the person who conducted the attack. Not a particularly secure form of identity escrow for the clueless-at-risk-of- identification to be using for posting their wildest homo-erotic fantasies to alt.H.E.A.T.fabio. I was allocated an anxxx I didn't want, and then assigned the password in order to deny the attacker any further use of the anxxx with my TrueName attached to it. C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From sandfort at crl.com Tue Oct 4 17:02:13 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 4 Oct 94 17:02:13 PDT Subject: BIRD BRAINS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Todd Masco wrote: ... there was a variety of smart-bomb developed in WWII that used a pigeon as its brain. The pigeon would be trained to peck at a building on a map, and then in the falling bomb it would guide the bomb by pecking at a clear panel.... I remember seeing a TV documentary that included this technology. The way it actually worked was that a special steerable bomb had a camera obscura in its nose. An image of whatever was below the falling bomb was rear projected onto a screen made out of frosted glass. The screen was somehow rigged so that it could sense where it was being pecked. The pigeon was immobilized except for its head and neck, but it could easily peck any point on the screen. They use operant conditioning to train the pigeon to peck at images of ships at sea. If the ship was off-center on the screen, the pigeon's pecking would cause airfoils to correct the bomb's aim. Just before the bomb hit, the pigeon would parachute to safety. (I made that last part up.) S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From macorp!moonlight!ken at uu4.psi.com Tue Oct 4 17:28:25 1994 From: macorp!moonlight!ken at uu4.psi.com (Ken Landaiche) Date: Tue, 4 Oct 94 17:28:25 PDT Subject: Cyber honor Message-ID: <9410042343.AA05604@moonlight.noname> Recently, I wrote about forging mail and introduced the idea of honor in cyberspace: >I've been vaguely following the thread, which seems to be attempting to >close a loophole in port 25. Assuming you succeeded, wouldn't a clever >demon hacker simply find another way to forge messages? I have seen that >any system a human can devise, another human can eventually break. This >leads me to believe that eventually we will have to begin acting on our >honor, and provide severe consequences for dishonorable behavior. I >haven't finished working out what "honor" means in this social context. to which Jim McCoy responded: >Like what? When identity is "weak" then honor has no meaning... That sounded reasonable to me until Crim Tideson asked: >I've created a pseudonym and a PGP key pair for that pseudonym. ... >I have no intention of revealing who "me" actually is. ... >I want to make and keep a reputation.... So honor may after all have meaning in cyberspace, as some code of behavior that preserves one's "reputation". James A. Donald, whose thinking I tend to respect, points out that, >Ken Landaiche writes >> I have seen that >> any system a human can devise, another human can eventually break. > >False. Most cryptographic algorithms these days are secure. I'm glad to take your word on this. But I still think that the cryptographic system can be broken: subversion, torture, and "truth serums" come to mind. If someone strong enough wants your secret badly enough, they can probably get it, as long as at least one keeper of the secret is alive. This argument relies on one's adversary having no scruples. Since, as I mentioned before, I have little knowledge of the mathematics of cryptography, but still share the cypherpunks' interest in liberty, I'm focusing my efforts on the social end of the solution. As I said: > This > leads me to believe that eventually we will have to begin acting on our > honor, to which JAD responded: >Walking through a security hole on a computer is not necessarily >dishonorable, though many dishonorable things can be done once >you are through that hole. What do you mean by "dishonorable"? Is walking through a security hole like walking through a stranger's insecure door? The latter is an invasion of privacy to me, something I would consider damaging to me and would label a "dishonorable" act. >> and provide severe consequences for dishonorable behavior. > >If "we" provide "sever consequences" then we are not relying >on honor, but on coercion. Consider reputation systems, kill files, and the famous "If no one reads your posts, you're dead." Death is a pretty severe consequence, and one that many people admit to imposing. For target practice, I suggest that at the most basic level, net entities will have "honor" or a good reputation who do the following: 1. Tell the truth. 2. Keep their agreements. 3. Do not injure their neighbors. From lmccarth at ducie.cs.umass.edu Tue Oct 4 17:30:03 1994 From: lmccarth at ducie.cs.umass.edu (Lewis McCarthy) Date: Tue, 4 Oct 94 17:30:03 PDT Subject: Saying `Cheese' for Uncle Sam In-Reply-To: Message-ID: <199410050029.UAA02852@ducie.cs.umass.edu> Sandy Sandfort writes: $ you are invited to a Cypherpunks get-together [...] in Manhattan Herbie writes: # how do we know this isn't an NSA attempt to get us to show our faces so # they can get our photos? Wouldn't it be easier for them to finger you, then get some recent films from the surveillance cameras in the main post office in Moscow ? -L. McCarthy Send me mail using "Subject: remailer-help" for an autoreply about Underdog From jya at pipeline.com Tue Oct 4 17:45:30 1994 From: jya at pipeline.com (John Young) Date: Tue, 4 Oct 94 17:45:30 PDT Subject: NYC C'PUNKS MEETING Message-ID: <199410050044.UAA14303@pipe1.pipeline.com> Responding to msg by yusuf921 at raven.csrv.uidaho.edu (Herbie) on Tue, 4 Oct 4:7 PM > how do we know this isn't an NSA attempt to get us >to show our faces so they can get our photos? > I know that 315 W. 106th is a prison barge moored 500 feet off-shore in the Hudson River toward Jersey. It also serves as a testing laboratory for rubber hoses and the removing of hair and blood therefrom. However, take the address number, semi-reverse, hack by Omega, parse to the left, bend over, chant Dixie in Sanskrit, and the safe house address will appear on your SS card in twisted bar code. Hold the code close to your right lobe, left hand clinched on the chest, whistle Aida diachronically and you will be rocketed to the next station into a soft-landing in a tub of jellied non-alcoholic beverage. Sandy will lift you by the short hairs and take you to the party, provided you have persuasive ID anonymously chain-remailed-via-Tasmania.com.edu.mil.not.penitentiary.fi.foo.f oo/pug/tcmaybe/Censurecon-a-cop. Meet these conditions or trust that Sandy's post is not a set up. Acen From jamesd at netcom.com Tue Oct 4 17:46:58 1994 From: jamesd at netcom.com (James A. Donald) Date: Tue, 4 Oct 94 17:46:58 PDT Subject: Chomsky (thread from hell) In-Reply-To: <9410041825.AA20090@toad.com> Message-ID: <199410050046.RAA03832@netcom8.netcom.com> My apologies to everyone for starting this thread. I will try to restrain myself from making any further inflammatory posts that would tend to keep the thread going. But a clarification. The reason I call Chomsky a totalitarian is not because of his mild support for political correctness. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From cactus at bb.com Tue Oct 4 17:54:59 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 4 Oct 94 17:54:59 PDT Subject: NYC C'PUNKS MEETING In-Reply-To: Message-ID: <36stn5$ehp@bb.com> In article , Herbie wrote: > how do we know this isn't an NSA attempt to get us to show our faces so >they can get our photos? Clearly, everyone should wear their Kevin Mitnik masks. -- L. Todd Masco | Ingredients: red, blue, and green quarks, six varieties of cactus at bb.com | gluons, electrons. Some settling may occur in shipping. From merriman at metronet.com Tue Oct 4 17:56:14 1994 From: merriman at metronet.com (David K. Merriman) Date: Tue, 4 Oct 94 17:56:14 PDT Subject: NYC C'PUNKS MEETING Message-ID: <199410050055.AA18004@metronet.com> > > >On Tue, 4 Oct 1994, Sandy Sandfort wrote: > >> C'punks, >> >> If you live in the NYC area or will be visiting this coming >> weekend, you are invited to a Cypherpunks get-together. We will >> be meeting at Linn & Barbara Stanton's apartment on Saturday from >> noon till whenever. The Stanton's live at 315 W. 106th, Apt. 2A >> in Manhattan. This is between West End and Riverside. The >> nearest subway station is on the 1 and 9 lines at 103rd. If you >> need better directions, call them at (212) 316-1958. >> > > > how do we know this isn't an NSA attempt to get us to show our faces so >they can get our photos? > *trust* him.... :-) - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From tcmay at netcom.com Tue Oct 4 18:11:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 4 Oct 94 18:11:12 PDT Subject: Cyber honor In-Reply-To: <9410042343.AA05604@moonlight.noname> Message-ID: <199410050110.SAA06337@netcom8.netcom.com> Ken Landaiche wrote: > So honor may after all have meaning in cyberspace, as some code of > behavior that preserves one's "reputation". What is important is a _persistent_ and _unforgeable_ identity, not a physical indentity. Persistence is needed to attach a history to, and an expectation of future behavior. Unforgeability for obvious reasons. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From jamesd at netcom.com Tue Oct 4 18:19:38 1994 From: jamesd at netcom.com (James A. Donald) Date: Tue, 4 Oct 94 18:19:38 PDT Subject: He's dead Jim (Chomsky) In-Reply-To: <9410041812.AA27339@nately.UCSD.EDU> Message-ID: <199410050111.SAA06427@netcom8.netcom.com> Anonymous writes > In this, James A. Donald finds: > >To put this in its proper context, Chomsky also believes > >in socialism, in the sense of the "people" controlling the > >means of production, distribution, and supply, and in > >particular, the "people" running the mass media. > > What? Non sequitur! No where in Chomsky's quote do we find any remote > resemblance of a reference to mass media; I said context, not quote. There is ample Chomsky material outside this quote supporting socialism, and as well as socialism, those measures that socialism makes necessary, namely silencing of dissent, mass murder, and rule by terror. My analysis of the quote on political correctness follows about twenty lines after my discussion of Chomsky vs the Capitalist Mass Media. And yes, I know, you do not need to tell me. No where in Chomsky's writings does he say "Mass murder is great". He merely provides and endless stream of justifications and rationalizations for particular mass murderers, most infamously Pol Pot, and for mass murder in general. Yes, Chomsky says, repeatedly, that he is sincerely opposed to mass murder, whilst at the same time vigorously arguing in favor of it, the same hypocritical gimmick as he does on free speech, in the quote under discussion. For example in addition to comparing Pol Pots methods to de nazification by the french resistance, he also argues that the chaos created by the American bombing forced Pol Pot to use harsh measures, and so on and so forth. As on PC, he piously proclaims himself to be be opposed to Pol Pot, whilst vigorously defending him, and like totalitarians, and vigorously defending the methods used by Pol Pot, and savagely condemning anyone who would criticize Pol Pot, or Idi Amin, etc. This is why I call him a totalitarian, not because he endorses political correctness. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From sandfort at crl.com Tue Oct 4 18:35:17 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 4 Oct 94 18:35:17 PDT Subject: NYC C'PUNKS PHOTO SESSION Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Herbie wrote thusly about the upcoming NYC C'punks meeting: how do we know this isn't an NSA attempt to get us to show our faces so they can get our photos? Photos? We *already* have your photo, Herbie. It's *you* we want now. Do not struggle; resistance is futile. Report to the "meeting" for final processing. (B.Y.O.B.) S a n d y Official NSA agent provocateur ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From lmccarth at ducie.cs.umass.edu Tue Oct 4 18:41:16 1994 From: lmccarth at ducie.cs.umass.edu (Lewis McCarthy) Date: Tue, 4 Oct 94 18:41:16 PDT Subject: Quick, somebody mention Hitler Message-ID: <199410050140.VAA03308@ducie.cs.umass.edu> Recently the Cypherpunks list received ------------------------------------------ From: jamesd at netcom.com (James A. Donald) Date: Tue, 4 Oct 1994 17:46:19 -0700 (PDT) ~~~~~~~~~~~~~~~~ My apologies to everyone for starting this thread. I will try to restrain myself from making any further inflammatory posts that would tend to keep the thread going. ------------------------------------------ but then we received ------------------------------------------ From: jamesd at netcom.com (James A. Donald) Date: Tue, 4 Oct 1994 18:11:15 -0700 (PDT) ~~~~~~~~~~~~~~~~ Anonymous writes > What? Non sequitur! No where in Chomsky's quote do we find any remote > resemblance of a reference to mass media; I said context, not quote. [many lines clipped...] ------------------------------------------ Looks like you need to lock yourself up a bit tighter, James. -L. McCarthy "I'm just a sucker with no self-esteem" -Offspring Send me mail using "Subject: remailer-help" for an autoreply about Underdog From jkreznar at ininx.com Tue Oct 4 19:43:55 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Tue, 4 Oct 94 19:43:55 PDT Subject: Freedom of technology In-Reply-To: <199410042048.PAA05070@jpunix.com> Message-ID: <9410050243.AA14529@ininx> -----BEGIN PGP SIGNED MESSAGE----- Crim Tideson writes: > > That being said let it be known that I consider the following as a > > "Cypherpunk victory." > > > > 1. Complete freedom of technology, particularly encryption technology, > ^^^^^^^^^^^^^^^^^^^^^ > > regulated only by market forces. This implies the lack of import/export > > restrictions, and a complete absence of projects designed to limit > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > technology, or to standardize it for nefarious ends like Clipper. > ^^^^^^^^^^ > I think you overgeneralize. No limits on toxic waste incinerators, > low-mileage automobiles, unsafe medical devices, genetically tampered > food, or nuclear reactors? "Market forces" in such cases positively > encourage dangerous technology (e.g. incinerators are superficially > cheap) or are marked by their inability to distinguish the good from the > crap (e.g. medical devices). Who decides what's good and what's crap? Let me see if I understand. Are you advocating that personal choice in medical devices, food, etc., be supplanted by government dictate? Do you understand that in many cases, a person is interested in strong cryptography just so that she can make her own choices in such matters, free of interference by a do-gooder who thinks he knows better than she? That she sees crypto as a way to defend against him (e.g. by buying ``unsafe medical devices'' through BlackNet)? ``Market forces'' are just the sum of personal choices. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLpIRDMDhz44ugybJAQFVXwP/b55FYnEtdtviLZMeWovqd4L5nB4SVkpK 4st4aP2wvIp2AR8Zzn5X8SEufOunq96qy0QfMPEBwHqMD0eAs1rZbItjX0lFZ2VB 3uSJ+Ah45qb5IEnwQbYq36a3pgROfr2dvDyM/8pRnyCOeT1MY6xVZO9+6TZf9AA6 hEtDK9CH+5c= =Ol27 -----END PGP SIGNATURE----- From unicorn at access.digex.net Tue Oct 4 20:19:41 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Tue, 4 Oct 94 20:19:41 PDT Subject: Freedom of technology In-Reply-To: <9410050243.AA14529@ininx> Message-ID: <199410050317.AA07351@access2.digex.net> John E. Kreznar scripsit > > -----BEGIN PGP SIGNED MESSAGE----- > > Crim Tideson writes: > > > > That being said let it be known that I consider the following as a > > > "Cypherpunk victory." > > > > > > 1. Complete freedom of technology, particularly encryption technology, > > ^^^^^^^^^^^^^^^^^^^^^ > > > regulated only by market forces. This implies the lack of import/export > > > restrictions, and a complete absence of projects designed to limit > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > technology, or to standardize it for nefarious ends like Clipper. > > ^^^^^^^^^^ > > > I think you overgeneralize. No limits on toxic waste incinerators, > > low-mileage automobiles, unsafe medical devices, genetically tampered > > food, or nuclear reactors? "Market forces" in such cases positively > > encourage dangerous technology (e.g. incinerators are superficially > > cheap) or are marked by their inability to distinguish the good from the > > crap (e.g. medical devices). > > Who decides what's good and what's crap? > > Let me see if I understand. Are you advocating that personal choice in > medical devices, food, etc., be supplanted by government dictate? > > Do you understand that in many cases, a person is interested in strong > cryptography just so that she can make her own choices in such matters, > free of interference by a do-gooder who thinks he knows better than she? > That she sees crypto as a way to defend against him (e.g. by buying > ``unsafe medical devices'' through BlackNet)? This is especially true with products that are pulled from the market to save the average (read idiot) consumer from him/herself. Or products put there for the same reason. The amount of law that is intended to safeguard the world and cater to the bottom of the barrel when it comes to intellect and intelligence is significant. I really don't want a function on all cars sold in the United States which prevents people from starting their car with the clutch engaged. I actually find use for starting with the clutch engaged. I can't stand ABS, and can usually threshold brake much more effectively than ABS can pulse brake. I turn ABS off. It's an idiot button. It's the product of a culture that presses the button on the ATM machine, but has no idea what's going on behind the screen. Who's to tell me I have to have ABS or the "safety starter" if I don't want the thing? Who's to tell me that I need a backdoor in my crypto? Where do you draw the line? Outlaw sugar perhaps? It would save consumers millions in dental bills. > > ``Market forces'' are just the sum of personal choices. > And a "failed market" is when the market doesn't match up with the administrator's choices. > John E. Kreznar | Relations among people to be by > jkreznar at ininx.com | mutual consent, or not at all. > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a [...] > -----END PGP SIGNATURE----- > -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From solman at MIT.EDU Tue Oct 4 22:18:08 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Tue, 4 Oct 94 22:18:08 PDT Subject: archives In-Reply-To: <36s9pv$are@bb.com> Message-ID: <9410050517.AA02004@ua.MIT.EDU> > In article <9410022254.AA18179 at acf4.NYU.EDU>, > iqg1550 wrote: > >could someone please tell me where the CP list is archived -- if, in fact, > >it is -- as well as the dates covered by any such archive > >thank you very much > > One archive is on bb.com: nntp to bb.com (hks.lists.cypherpunks), or > via ftp://bb.com/cypherpunks/nntp/cypherpunks/ > > That's since July 16. If there's an older archive somewhere, I'll > integrate it with that one (but I haven't heard of such a beast anywhere). I used to read cpunks from the discuss archive before I joined the list. Are non-MIT folks able to access: http://www.mit.edu:8008/menelaus.mit.edu/cpunks/ ? You made need to fill in the form at http://www.mit.edu:8008/ with cpunks and menelaus.mit.edu before this link works. Cheers, JWS From cactus at bb.com Tue Oct 4 22:41:57 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 4 Oct 94 22:41:57 PDT Subject: archives In-Reply-To: <36s9pv$are@bb.com> Message-ID: <199410050547.BAA18923@bb.com> solman at MIT.EDU writes: > I used to read cpunks from the discuss archive before I joined the list. > Are non-MIT folks able to access: > > http://www.mit.edu:8008/menelaus.mit.edu/cpunks/ Yes, we are. It's a bit of an awful interface, though, with no way to download en mass. Any chance I could get at the source articles with ftp? I do have an MIT guest account, if that's helpful. -- L. Todd Masco | Ingredients: red, blue, and green quarks, six varieties of cactus at bb.com | gluons, electrons. Some settling may occur in shipping. From mccoy at io.com Tue Oct 4 22:51:42 1994 From: mccoy at io.com (Jim McCoy) Date: Tue, 4 Oct 94 22:51:42 PDT Subject: Cyber honor In-Reply-To: <9410042343.AA05604@moonlight.noname> Message-ID: <199410050551.AAA03112@pentagon.io.com> Ken Landaiche writes: [...] > to which Jim McCoy responded: > >Like what? When identity is "weak" then honor has no meaning... > > That sounded reasonable to me until Crim Tideson asked: > > >I've created a pseudonym and a PGP key pair for that pseudonym. ... > >I have no intention of revealing who "me" actually is. ... > >I want to make and keep a reputation.... > > So honor may after all have meaning in cyberspace, as some code of > behavior that preserves one's "reputation". But if creating a new identity is as easy as creating a pseudonym and a PGP key pair then everyone could create several identities, one they use for "honorable" work and others that they use when attempting to hack in to AT&T or rob the digital bank...the lack of a link between the pseudonymns means that "dishonorable" pseudonyms are disposable and without a means for attaching a negative value to a reputation the reputation system as a whole has a major flaw. That is not to say that a system that provides for reputations with anonymity is impossible, but it is not possible given the tools that are currently available on the net. If you want to take a look at a system that would offer a workable base for a reputation system I would recomment that you start with some of the credential systems of Chaum, Evertse, and Damgard. This would provide a foundation of unique identities and a method for exchanging information linked to pseudonyms without giving up user privacy. jim From lmccarth at ducie.cs.umass.edu Tue Oct 4 22:59:23 1994 From: lmccarth at ducie.cs.umass.edu (Lewis McCarthy) Date: Tue, 4 Oct 94 22:59:23 PDT Subject: Freedom of technology In-Reply-To: <199410050317.AA07351@access2.digex.net> Message-ID: <199410050559.BAA04415@ducie.cs.umass.edu> Black Unicorn writes: $ Who's to tell me I have to have ABS or the "safety starter" if I don't $ want the thing? $ Who's to tell me that I need a backdoor in my crypto? $ Where do you draw the line? Outlaw sugar perhaps? It would save $ consumers millions in dental bills. Uh-oh. I *really* don't have the time to get drawn into this one, but I'll offer a brief response. Choosing the place to draw the line is indeed the crux of the matter IMHO. I try to draw it at the point where one person's misuse of technology starts to hurt another person (which often begs the question, I know !). Considering some of your examples: Offhand it seems no-one but the driver could have a direct problem from using a car w/o the "safety starter", so I'd say that shouldn't be imposed. I don't drive stick, so I may well be missing a crucial technical point here. OTOH I can see that ABS could stop a lot of slow/non-alert people from slamming their cars into me & mine; I trust the technology more than the people who would be replacing it. I'm happy that it's a fairly standard feature, although this seems to be more a result of market demand than regulation. Your mention of outlawing sugar calls to mind some debates about smoking bans. Here IMHO the line is clear. When you eat sugar next to me, you're not doing me any harm unless I'm forced to pay your dental bills. In sharp contrast, I consider smoking in company to be assault with a deadly weapon. My choice of self-defense in this case is legislation preventing anyone from smoking in my airspace. I have no problem with people smoking in private where the smoke's never going to harm me. Of course, the explosive success of bullshit litigation (strongly aided IMHO by our lowest-common-denominator jury selection system) has played a major role in inducing companies & the govt. to go overboard protecting people from their own idiocy. I just want to be protected from other people's idiocy :) I won't touch on the question of required backdoor installation.... -L. McCarthy Send me mail using "Subject: remailer-help" for an autoreply about Underdog From nobody at jpunix.com Tue Oct 4 23:52:44 1994 From: nobody at jpunix.com (Anonymous) Date: Tue, 4 Oct 94 23:52:44 PDT Subject: He's dead Jim (Chomsky) Message-ID: <199410050651.BAA12604@jpunix.com> James A. McDonald wrote: >There is ample Chomsky material outside this quote supporting socialism, >and as well as socialism, those measures that socialism makes necessary, >namely silencing of dissent, mass murder, and rule by terror. Ah, so now we see why Mr. McDonald feels forced to interpret everything Chomsky writes as meaning the exact opposite of what it says - why Mr. McDonald thinks that Chomsky *must* be trying to promote totalitarian repression, even though Chomsky nowhere advocates repression of any kind. >There is ample Chomsky material outside this quote supporting socialism, correct. >and as well as socialism, those measures that socialism makes necessary, >namely silencing of dissent, mass murder, and rule by terror. Mr. McDonald infers this because, although Chomsky, if taken at face value, does not _appear_ to be advocating "mass murder, and rule by terror", McDonald __knows__ that: 1. a society without capitalism must be based on rule by terror. and 2. anybody as intelligent as Chomsky knows (1). thus anybody who advocates socialism is really advocating rule by terror and so Chomsky clearly means the opposite of what he says. Mr. McDonald's reasoning is perfect except that (1) is false. If the "unwashed masses", the unruly mob should forget their place in life (to be subservient to the elite, who are superior, because they claim they are) and abolish the state, the army and the police and if they in their foolishness should decide that they never liked capitalism and from now on everything should be free then they have no need to oppress people like Mr. McDonald if he wishes to try to accumulate capital by offering goods and/or services for a price. Since everything is free in this hypothetical society, nobody will have any reason to buy your goods and/or services Mr. McDonald, because they can get them somewhere else for free. Thus capitalism will never return (unless people who prefer a repressive society restore capitalism by force) without anybody doing anything to repress capitalism or other dissident ideas. I think this is the sort of society Mr. Chomsky is advocating. Of course, Mr. McDonald _knows_ that such a society is impossible because everybody is as selfish as he is so nobody will want to share anything or give anything away for free and they won't do so unless forced to. Again, you are mistaken. The unwashed masses, while far from perfect, are much more altruistic than right-wing cypherpunks such as yourself (I realise that many cypherpunks are not right-wing) and when given the chance they have shown that they prefer something that resembles Chomsky's society more than the usual state/army/police-enforced capitalism. Examples where the working class has had a brief taste of freedom are Paris, 1871, Ukraine ~1917, Spain, 1920s and Derry, Ireland ~1969. In every case capitalism (Soviet state capitalism in the case of the Ukraine) was restored by force within a few months or years. I don't think anyone thinks this mailing list is the right place to discuss your Chomsky conspiracy theories so if you haven't finished yet, take them to alt.conspiracy. Note: if Mr. McDonald pig-headedly insists on replying to this post on the mailing list, I will almost certainly ignore him, out of consideration for the rest of you. P.S. Lewis McCarthy wrote: "Quick, somebody mention Hitler". Okay. Mr. McDonald is as fascist as Hitler. From tcmay at netcom.com Wed Oct 5 00:28:54 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 5 Oct 94 00:28:54 PDT Subject: Positive Reputation Systems In-Reply-To: <199410050551.AAA03112@pentagon.io.com> Message-ID: <199410050713.AAA18754@netcom8.netcom.com> Jim McCoy wrote: > But if creating a new identity is as easy as creating a pseudonym and a PGP > key pair then everyone could create several identities, one they use for > "honorable" work and others that they use when attempting to hack in to > AT&T or rob the digital bank...the lack of a link between the pseudonymns > means that "dishonorable" pseudonyms are disposable and without a means for > attaching a negative value to a reputation the reputation system as a whole > has a major flaw. Yes, "negative reputations" alone are not adequate, just as they aren't in real life. (A negative reputation system is one in which only negative movements are possible, only downgrades. It's like assuming everyone is honorable, even strangers, and lending them money.) Positive reputations are essential. And are common, even on the Net. I don't know about others, but I don't automatically given all newcomers the 'benefit of the doubt' and thus give them "maximal reputation," only to be downchecked later. Rather, newcomers start out, in my mental ledger book, at a "nonentity" or "neutral" level. Call it "zero" for simplicity. Stupid or wrong comments cause their "reputations" (to me, of course) to move into negative territory. Positive comments boost their reputation. (And this rep business is multidimensional, of course. For example, I might dislike someone's opinion, but still have a high regard for their "reputation for honesty commentary," or somesuch.) It does little good to create zillions of "new pseudonyms," as they are *not* automatically given a high reputation. Think of credit ratings. Would any of you lend money to brand new pseudonym, or a stranger in your town? > That is not to say that a system that provides for reputations with > anonymity is impossible, but it is not possible given the tools that are > currently available on the net. If you want to take a look at a system But I've just given an example of how this already works. Take "Pr0duct Cypher" as an example. Good code, rapidly written. The result: a postive reputation system that produces (for many of us) a net positive reputation. > that would offer a workable base for a reputation system I would recomment > that you start with some of the credential systems of Chaum, Evertse, and > Damgard. This would provide a foundation of unique identities and a method > for exchanging information linked to pseudonyms without giving up user > privacy. I certainly agree that better tools, including the credentials-without-identity sort of stuff, may help even more. I just disagree that we don't already have a workable positive rep system. Postive reps--not just negative reps--are how we learn of good restaurants, good crypto books (Schneier, for example), and on and on. Histories of repayment of past bills (aka "credit ratings") are a classic manifestation of this. (I don't plan to get into a metaphysical debate about whether TRW Credit is doing the rating, or prospective lenders are, etc. In simple terms, a modern credit rating report is a composite summary of how many loans were repaid, how many bankruptcies and the like occurred, etc. No guarantees of futrue performance, but some strong indications. A Bayesian model that the future is likely to look like the past.) So, postive reputation systems are needed...and they are already in common use. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From solman at MIT.EDU Wed Oct 5 00:35:31 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Wed, 5 Oct 94 00:35:31 PDT Subject: archives In-Reply-To: <199410050547.BAA18923@bb.com> Message-ID: <9410050735.AA02411@ua.MIT.EDU> > solman at MIT.EDU writes: > > I used to read cpunks from the discuss archive before I joined the list. > > Are non-MIT folks able to access: > > > > http://www.mit.edu:8008/menelaus.mit.edu/cpunks/ > > Yes, we are. It's a bit of an awful interface, though, with no way to > download en mass. Any chance I could get at the source articles with ftp? > I do have an MIT guest account, if that's helpful. I'm sure there is a way, but I'm afraid I don't know what it is. Maybe somebody else here does? Sheepishly Yours, Jason W. Solinsky From unicorn at access.digex.net Wed Oct 5 00:41:06 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 5 Oct 94 00:41:06 PDT Subject: Freedom of technology In-Reply-To: <199410050559.BAA04415@ducie.cs.umass.edu> Message-ID: <199410050740.AA12646@access4.digex.net> Lewis McCarthy scripsit [...] > > Choosing the place to draw the line is indeed the crux of the matter IMHO. > I try to draw it at the point where one person's misuse of technology > starts to hurt another person (which often begs the question, I know !). We're basically on the same wavelength after all. > Considering some of your examples: [...] > OTOH I can see that ABS could stop a lot of slow/non-alert people from > slamming their cars into me & mine; I trust the technology more than the > people who would be replacing it. I'm happy that it's a fairly standard > feature, although this seems to be more a result of market demand than > regulation. My point (poorly expressed) was that making these mandatory would annoy me. I'm actually pleased with ABS as a market function. > Your mention of outlawing sugar calls to mind some debates about smoking bans. > Here IMHO the line is clear. When you eat sugar next to me, you're not > doing me any harm unless I'm forced to pay your dental bills. In sharp > contrast, I consider smoking in company to be assault with a deadly > weapon. My choice of self-defense in this case is legislation preventing > anyone from smoking in my airspace. I have no problem with people smoking > in private where the smoke's never going to harm me. You make the massive leap in logic here that eludes the legislators. It's the impact on others in the SPECIFIC and not the aggregate that should be used to determine limitations on technology. I tend to preach absolutism in deregulation (or near to it) because allowing distinction threatens to put legislators in the position of deciding where the line is. You think I want to be forced to buy an ABS car because the average driver is an idiot and because Driving School is a joke? Of course not. I refuse to be bound by the national average. > Of course, the explosive success of bullshit litigation (strongly aided > IMHO by our lowest-common-denominator jury selection system) has played > a major role in inducing companies & the govt. to go overboard protecting > people from their own idiocy. I just want to be protected from other > people's idiocy :) I don't see the connection here. How does the jury system contribute to government intervention? Whatever the jury verdict in a civil suit, the government still has to say "We can't allow all these law suits, let's ban X so there wont be any more." You can have 40 billion in judgements against KY jelly, that doesn't mean government needs to be involved. The judgements, the publicity, and the civil system have SOLVED the problem. Those who might have had problems with KY have been compensated, those who are smart consumers will avoid KY, and KY will either go out of business, make massive efforts to correct the problem and get the information out there that that problem has been corrected, or it can afford the suits. I'd prefer to see a consumer monitoring program, listing complaints, lawsuits and quality ratings on products available via net/1-800 number and etc. A "good housekeeping" rating of A to F for example. If this information system is handled properly and given enough detail and depth there are no such problems. The market will regulate and the incentives will be to provide the best product, at the lowest cost. Information is the key, and if the consumer cannot bother him or herself to check out the product they buy I'm not sympathetic. Of course one cypherpunk is sure to say: "Nice, but not about cryptography." Part of the problem with cryptography and technology today is that consumers have little if any information about the field. What a shame it would be if the market were killed by government "we know what's best for you before you've even seen it" before it ever got big. > I won't touch on the question of required backdoor installation.... > > -L. McCarthy > Send me mail using "Subject: remailer-help" for an autoreply about Underdog > -uni- (Dark) [Follow ups to alt.market.systems] -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From marcoc at nsifc.ifc.pi.cnr.it Wed Oct 5 00:57:03 1994 From: marcoc at nsifc.ifc.pi.cnr.it (MarcoCalamari Ing.) Date: Wed, 5 Oct 94 00:57:03 PDT Subject: Call for Italians Message-ID: <9410050955.AA20859@nsifc.ifc.pi.cnr.it> -----BEGIN PGP SIGNED MESSAGE----- Hello world, Is there any Italian people interested to have geographical & legal Italian related discussion ? Please tell me also if such group already exist. Have a good day. Marco Calamari +---------------------------------------------------------------------------+ | Marco A. Calamari - "Bandwidth is a natural resource; use carefully." | +---------------------------------------------------------------------------+ | ELEA S.p.A., via S. Domenico 70, 50133 Firenze, Italy | | Phone : +39-55-5000465 Fax: +39-55-579337 | | E-mail: Internet primary marcoc at nsifc.ifc.pi.cnr.it | | Internet backup marcoc at guest1.atc.olivetti.com | | Applelink ita0820 (from Inet: ita0820 at applelink.apple.com) | | PGP 2.6.1 public key: use key server, check by finger or direct request | +---------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpJZBolqHjrHnYhBAQGXDwP/edst1vJkRAny3wbBR/4wQPBJuEsXmVze tN3mSkpA/kW8r6y44GT3cRPUkMyBXGTbDbVvusdk8g9TYb+ze+IU3V3NnE9/sAkH VMSo2OmsVL2R7j5TsqSkXWR5twh7J7BUT8CMOqPWm61wsiN+Ms4Gg2r8p455MGFL 7sAM0ATx3lk= =I+kH -----END PGP SIGNATURE----- From unicorn at access.digex.net Wed Oct 5 01:17:18 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 5 Oct 94 01:17:18 PDT Subject: Call for Italians In-Reply-To: <9410050955.AA20859@nsifc.ifc.pi.cnr.it> Message-ID: <199410050816.AA13163@access4.digex.net> MarcoCalamari Ing. scripsit > > Hello world, > > Is there any Italian people interested to have geographical & legal > Italian related discussion ? Please tell me also if such group already > exist. > > Have a good day. Marco Calamari > > > +---------------------------------------------------------------------------+ > | Marco A. Calamari - "Bandwidth is a natural resource; use carefully." | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Sure, I'm wasting bandwidth, but at least THIS isn't in my sig also. -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From bart at netcom.com Wed Oct 5 01:56:35 1994 From: bart at netcom.com (Harry Bartholomew) Date: Wed, 5 Oct 94 01:56:35 PDT Subject: Richard Stallman of GNU on Tcl Message-ID: <199410050855.BAA25288@netcom2.netcom.com> On gnu.announce of 9/23, he writes "Why you should not use Tcl". Instead, those wanting to use the Tk tools are commended to a Scheme interpreter with it called STk. Available from: ftp.cs.indiana.edu:pub/scheme-repository/imp/STk-2.1.tar.Z From rcromw1 at gl.umbc.edu Wed Oct 5 03:24:18 1994 From: rcromw1 at gl.umbc.edu (Ray Cromwell) Date: Wed, 5 Oct 94 03:24:18 PDT Subject: He's dead Jim (Chomsky) In-Reply-To: <199410050651.BAA12604@jpunix.com> Message-ID: <199410051023.GAA11184@umbc9.umbc.edu> Anonymous writes: > James A. McDonald wrote: > >There is ample Chomsky material outside this quote supporting socialism, > correct. > >and as well as socialism, those measures that socialism makes necessary, > >namely silencing of dissent, mass murder, and rule by terror. > Mr. McDonald infers this because, although Chomsky, if taken at face value, > does not _appear_ to be advocating "mass murder, and rule by terror", > McDonald __knows__ that: > 1. a society without capitalism must be based on rule by terror. > and > 2. anybody as intelligent as Chomsky knows (1). > thus anybody who advocates socialism is really advocating rule by terror > and so Chomsky clearly means the opposite of what he says. > Mr. McDonald's reasoning is perfect except that (1) is false. Well, perhaps in theory, but let's see what real dedicated socialists think. Quoted from an article in my campus newspaper "Long Island University Professor Condemns Capitalism" (the idiot came to give a speech to about 10 people claiming Russia was "state capitalist". He's been a socialist since the 1930s) "`Capitalism will not collapse. You've got to overthrow it', Seigal said. After the revolution, those who would have resisted the change and who would pose a threat to the workers and their new socialist government would have to somehow be removed from society. Commenting on the secret police force established in the Soviet Union after 1917, Professor Seigal said, `[the Soviets] realized that you need the state to surpress all of the people who would resist the socialist revolution'" Summary: in a socialist state, only socialist thought can be allowed (otherwise, it would quickly collapse.) Want to start a party based on market economics? Meet the firing squad. There you have it. Socialism may in theory exist in a free society, in practice, it always leads to big brother. > and/or services for a price. Since everything is free in this hypothetical > society, nobody will have any reason to buy your goods and/or services > Mr. McDonald, because they can get them somewhere else for free. Thus > capitalism will never return (unless people who prefer a repressive society > restore capitalism by force) without anybody doing anything to repress > capitalism or other dissident ideas. I think this is the sort of society > Mr. Chomsky is advocating. Obviously Mr. Chomsky missed out on Economics 101. A civilization without an economy can not allocate resources in a rational manner (I refer you to Von Mises). The only place your "everything will be free" ideal will work is in a tribal society. No socialist "economy" is going to build a computer or automobile, efficiently, if at all. If it did succeed in building them, only the politicians would have them, and they'd look like the ENIAC. Meanwhile, I'm enjoying rapid advancement of technology and and reduction of cost at an almost exponential rate (price a pentium 66mhz or 28.8kbps modem back in June and now. Amazing isn't it?) Have you ever given any thought to how you'd run a global economic system based on the idea that "everything will be free, people will do the right thing, and you will get the goods you want and need automagically?" > I don't think anyone thinks this mailing list is the right place to > discuss your Chomsky conspiracy theories so if you haven't finished yet, > take them to alt.conspiracy. Huh? Isn't it Chomsky who has the conspiracy theories, namely his bogus theory that the media is conspiring to protect capitalists? Chomsky may not be a totalitarian, but he certainly is deluded when it comes to how an economy works, and how the media functions. Socialism is dead, all hail welfare statism. From jkreznar at ininx.com Wed Oct 5 03:41:54 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 5 Oct 94 03:41:54 PDT Subject: Freedom of technology In-Reply-To: <199410050559.BAA04415@ducie.cs.umass.edu> Message-ID: <9410051041.AA14697@ininx> -----BEGIN PGP SIGNED MESSAGE----- Lewis McCarthy writes: > My choice of self-defense in this case is legislation preventing > anyone from smoking in my airspace. What, exactly, is ``your'' airspace? If you want legislative control over what's yours, maybe you should also escrow your private crypto keys with them? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLpJ7/MDhz44ugybJAQHOcwP+LIY9rwLvrasd3IoidQ39Oigy6N22ZEOL aZ9TZJx0tN1ywTwfiBLP9iNSOXKU9vpziDdy55AwSZZuLyWutUDsTDsjLIufDhBm 7kwceS2LrrPZNJpEGeyRBWv+CBOkN5URnsD3Rm+rxrBG0a6LdyTUupp6KVIz34xh YQNjss0r0jc= =i8zw -----END PGP SIGNATURE----- From hayashi at scs.sony.co.jp Wed Oct 5 05:32:39 1994 From: hayashi at scs.sony.co.jp (Tsuyoshi Hayashi) Date: Wed, 5 Oct 94 05:32:39 PDT Subject: test44 Message-ID: <9410051230.AA09302@eagle.scs.sony.co.jp> | Tsuyoshi Hayashi (hayashi at scs.sony.co.jp) | Tech. div., Sony Computer Systems Inc. | | PGP public key NOT available now. From hayashi at scs.sony.co.jp Wed Oct 5 06:06:42 1994 From: hayashi at scs.sony.co.jp (Tsuyoshi Hayashi) Date: Wed, 5 Oct 94 06:06:42 PDT Subject: Sorry, I made a mistake... Message-ID: <9410051304.AA09547@eagle.scs.sony.co.jp> All cypherpunks, Sorry. I made a mistake. At 05 Oct 94 21:30:19 +0900, I have sent a test mail (to checking my mailing environment) to cypherpunks at toad.com. |To: cypherpunks at toad.com |Cc: cpunk at scs.sony.co.jp |Subject: test44 |Date: Wed, 05 Oct 94 21:30:19 +0900 |From: Tsuyoshi Hayashi Sorry. Please overlook my mistake for once, please. # But this is my first (second?) mail to cypherpunks... | Tsuyoshi Hayashi (hayashi at scs.sony.co.jp) | Tech. div., Sony Computer Systems Inc. From cme at tis.com Wed Oct 5 06:19:09 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 5 Oct 94 06:19:09 PDT Subject: Impact of Free Strong Crypto (Essay of sorts) In-Reply-To: <199410042147.OAA00604@comsec.com> Message-ID: <9410051318.AA08719@tis.com> >From: Black Unicorn >Date: Sun, 2 Oct 1994 22:30:22 -0400 (EDT) >How will the complete inability of law enforcement (Federal or Local) to >conduct wiretaps impact collection? Those who think that law enforcement >will just have to go away might want to reconsider. Instead I think that >law enforcement will simply become much more intrusive as a response to the >unavailability of easy interception via wiretapping. The more I try to disseminate PGP and RIPEM (and get people to use them), the more I think that inability to conduct wiretaps and get intelligence from them will never occur. If it were to occur, we'd probably see laws passed immediately against civilian cryptography. If we merely threaten it, we give a weapon to the FBI to request such laws and a compliant Congress might actually go ahead and give in. However, the prediction I find I have to make is that ccivilian From cme at tis.com Wed Oct 5 06:20:10 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 5 Oct 94 06:20:10 PDT Subject: p.s. Message-ID: <9410051319.AA08817@tis.com> The previous message was sent early by accident but was nearly complete. Don't bother checking your mailer. :-) From sommerfeld at orchard.medford.ma.us Wed Oct 5 06:53:19 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Wed, 5 Oct 94 06:53:19 PDT Subject: Richard Stallman of GNU on Tcl In-Reply-To: <199410050855.BAA25288@netcom2.netcom.com> Message-ID: <199410051348.JAA00599@orchard.medford.ma.us> > those wanting to use the Tk tools are commended to a > Scheme interpreter with it called STk. Available from: > ftp.cs.indiana.edu:pub/scheme-repository/imp/STk-2.1.tar.Z To attempt to make this crypto-relevant: Most scheme implementations support infinite precision integers ("bignums") directly, though some of them don't, and some of those which do have really slow bignum support. I haven't seen one with a fast modular exponentiation routine, though :-). I haven't looked at STk at all. - Bill From franl at centerline.com Wed Oct 5 06:57:18 1994 From: franl at centerline.com (Fran Litterio) Date: Wed, 5 Oct 94 06:57:18 PDT Subject: Nom de guerre public key In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- warlord at mit.edu (Derek Atkins) writes: > > A signature on your PGP public key is a personal guarantee from the > > person who signed it that she has first-hand knowledge that the key's > > userid accurately names the person who physically possesses the key > > (i.e., the signature validates the binding between userid and person). > Actually, this is not true. A signature on a key is a personal > guarantee from the signer that binds the user-id to the _KEY_, not > necessarily a person. That's part of it, but the more important binding created by a signature is the binding between the userid and the real person. Without that binding, the binding between the key and the userid is useless. This is why photo-identification (i.e., a passport) a required part of keysigning (unless the signer personally knows the key's owner). Sure signatures bind the userid to the key, but what good is that to third parties if they can't be sure that the userid accurately names the person who possesses that key? > For example, in the case of a real > person, you can send me a message to "warlord at MIT.EDU" and later meet > me in person, and I can verify that I received the message by > responding in some appropriate manner. When I meet you in person to hand you my key fingerprint, won't you require me to identify myself in order that you can be sure the name in the userid of my key is also the name of the person you are meeting? If you do, then you will have just validated the binding between userid and real person. > But you cannot perform this check for a pseudonymous identity, because > there is no secure way to prove that that key really belongs to some > identity. Which is exactly why I can never sign the key of a pseudonymous entity. Because the entity is unwilling to prove to me that there is a single real person who possesses the private half of his key. > It is possible to set up a server that > compares userID to mailID in some secure manner. For example, there > were some way to get a secure mail from a user to a server, and the > server could verify the mail address, and then validate the mail > address to pgp keyID. > > As an aside, I've written a Kerberos PGP Keysigner -- it uses kerberos > authentication to validate a user and compares the kerberos identity > to the userID on the key, and if certain qualifications are met > between these two names, the server will sign the key. The assurance > this key is making is that the owner of this key could authenticate as > this user to me via kerberos. I don't like the idea of an automaton possessing or signing PGP keys. People sign other people's keys because only people have the need to trust other people. Automatons don't need to trust and they are not the direct targets of trust. This is the objection I had to Phil's signing of the Betsi public key. As an automaton, Betsi is only as trustable as its human authors and adminstrators. Yet Phil doesn't know who those people may be in five or ten years. Yes, people change over time too, but not as quickly or as radically as an automaton can. It's too easy to subvert an automaton for me to ever sign an automaton's PGP key. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpKqgXeXQmAScOodAQHN0gP+K7TTE488k+fJQdyL4laxFOJa8LYeoo09 F+RzXyLv2FMKPfNDPhbMglHToRf5lgmtskELe3+rB2Ra2xbdOGFKUxNHkkgdCLXt ld149yBMmZBawHw5Qj482UpVt12+hmYxgt0bBnsTRqf4r6lMjdmU2OwiZ7KaY5/V /EKkTrotvAw= =G4X/ -----END PGP SIGNATURE----- -- Fran Litterio franl at centerline.com (617-498-3255) CenterLine Software http://draco.centerline.com:8080/~franl/ Cambridge, MA, USA 02138-1110 PGP public key id: 1270EA1D From cme at tis.com Wed Oct 5 07:05:26 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 5 Oct 94 07:05:26 PDT Subject: Referrences to SKE and GAK In-Reply-To: <199410042151.OAA00624@comsec.com> Message-ID: <9410051404.AA11905@tis.com> >From: tcmay at netcom.com (Timothy C. May) >Date: Sun, 2 Oct 1994 20:31:13 -0700 (PDT) >And I think we have indeed seen things coming before a lot of others >did. The latest such alert, by Carl Ellison, myself, and others, is >about "software key escrow," or what Carl dubs "GAK" (government >access to keys). I think SKE is the wave of future repression, worth >starting to fight now. The popular media is largely oblivious to it, >as usual. (John Markoff, of the NY Times, is on top of it, more so >than most of us, and is waiting for the right time to do something on >this.) As someone at TIS actively involved in looking at SKE and related technology, I find it bothersome that Tim keeps mixing the terms SKE and GAK. I'm not a fan of giving government access to civilian keys, no matter what form it takes. However, my mother was an English major and she taught me to be protective of the language. escrow - n - a deed, a bond, money or a piece of property held in trust by a third party to be turned over to the grantee only upon the fulfillment of a condition >From inside this morass, there are so many options with so many gradations that it's important to keep terms well defined and separate. Try this: KE: key escrow, implementation and grantee unspecified HKE: key escrow, in hardware, grantee unspecified SKE: key escrow, in software, grantee unspecified KEG: key escrow, implementation unspecified, government grantee GAK: government access to keys, method unspecified GAK is clearly more general than KE and even more general than SKE. There is a real danger that (KE/HKE/SKE) could be subverted by the government but there are some real uses (as have been pointed out here) for what Steve Walker (the TIS president) calls a "spare key in the wallet". [I'm hoping to get his paper on the subject on our FTP or Web server -- will tell people when it's there.] A spare key version of SKE would have the key's owner as grantee -- leaving the gov't out of the loop *except through normal subpoena and search warrant access*. My predictions: 1. access by subpoena is still too objectionable for many people and isn't likely to fly; 2. surveillance agencies are not served by these mechanisms so they are not likely to welcome such systems. Meanwhile, NSA access isn't covered by any of these terms, except perhaps GAK. This is relevant since at the last KEA meeting (NIST's "Key Escrow Approaches"), TIS SKE was demonstrated and people from industry were asked if they wanted to participate in an experiment -- put it in some product, let some gov't agency be the guinea pig user community and see if the FBI was happy with the result (this would be SKEG -- SKE with gov't as grantee) -- and the response was that there was *no* interest unless this provided a way to get software exported. Mike Nelson of the White House (their point man on Clipper, etc.) and Clint Brooks of NSA replied with a resounding "we'll have to think about that". [There has been no result of such thinking yet.] The sequence of events is: 1. industry wants to export 2. NSA controls export 3. industry appears ready to do all sorts of things (like provide GAK) in order to get export permission 4. the NSA doesn't get its needs met by SKEG (because the SKEG mechanisms can be circumvented, leaving normal S/W without GAK) 5. the current situation is an impasse 6. the forces of the dark side are so desperate to get GAK that they'll look at anything which might get them there ------- So, there's a real reason to watch SKEG developments. There's also a real reason to get a new Cantwell bill passed. At the same time, although the term KE is tainted by NIST/NSA/FBI misuse, there do exist positive uses for KE (especially SKE) *without* the gov't as grantee. I encourage individuals to give this a little thought. The example Steve Walker keeps using in public is "the second time I locked myself out of my car, I decided to carry a spare key in my wallet". [...] >Dorothy Denning is deeply involved with SKE, Dorothy has seen the TIS SKE demo. Involvement other than that is none, at least on TIS's side, except that she provided one suggestion to the three TIS developers (Dave Balenson, Steve Lipner and Steve Walker) during the design stage (in early May I believe). BTW, my name appears on the TIS SKE paper because I added a variant -- the escrow-less option. That is, instead of having a private key in escrow for the FBI to get and use forever, have the sender split his session key into KS1 and KS2 (KS = XOR(KS1,KS2)) and encrypt each half for a different escrow agent. [That term is already a misnomer in this case, since these "escrow agents" have no databases of keys and therefore escrow nothing. I tell you, this morass has done major damage to the English language, all because the gov't perpetrators are afraid to say what they really mean, in plain English!] LE would then have to send a piece to each escrow agent for each message -- letting the agents do traffic analysis on FBI efforts and also giving out no key lasting beyond a wiretap court order. As with anything else, when faced with a technical problem, if I see solutions I offer them. [PRZ tells a story of an engineer being led to a gallows which has been malfunctioning, letting people go free (through a presumed act of God) -- looking at it and saying "Oh, I see the problem". (sorry if I ruined the joke with abbreviation)] ob.polit.: I don't mind GAK if it is applied only to the military and various executive agencies, as Clipper/Capstone now appears to be. Those people have already given up rights to private communications. However, for military uses of Capstone, it bothers me as a citizen to see the keys kept by Treasury and NIST. I'd rather see them kept by NSA and Fort Knox (and I've said so, to Mike Nelson among others). For private citizens, I intend to fight to my last breath any attempt to declare a government right to our keys. I also intend to fight attempts to declare that the public is volunteering to go along with GAK. I don't buy that and I'm in a position to see if it were true. > working with Miles Schmid >of the NSA Miles is with NIST (or was this a snide comment on NIST? :-). > and the folks from Trusted Information Systems (according >to Whit Diffie, who saw a joint presentation by the bunch of them in >Karlsruhe, and their glee that the Micali escrow patent will likely be >overturned due to prior art in Europe). The TIS SKE stuff was presented at several places, most recently the CSS&PAB. The new thrust by Steve Walker is that the public has no reason to buy KEG products. They add no value to the consumer. However, the public *has* a reason to buy spare-key-in-the-wallet systems. Given the existence of a redundant place to find a message key (or to get it decrypted), law enforcement could mine that database, using existing legal mechanisms (subpoena and search warrant). [This access does not meet the desires of covert surveillance, however, so it's likely to be rejected.] - Carl From m5 at vail.tivoli.com Wed Oct 5 07:14:43 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 5 Oct 94 07:14:43 PDT Subject: He's dead Jim (Chomsky) In-Reply-To: <9410041812.AA27339@nately.UCSD.EDU> Message-ID: <9410051414.AA26525@vail.tivoli.com> James A. Donald writes: > He merely provides and endless stream of justifications and > rationalizations for particular mass murderers... Two things: 1) This has got to be the oddest interpretation of Chomsky I've seen, and for what it's worth I've never been led to believe any of these things while reading Chomsky. Then again, it's an interesting view and it does cause me to at least think about matters. 2) It's not clear to me that this is relevant to the list anymore. (I'm not trying to fire a shot and then call the war off; I'm happy to discuss this via direct e-mail if anybody likes.) | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From jya at pipeline.com Wed Oct 5 07:16:45 1994 From: jya at pipeline.com (John Young) Date: Wed, 5 Oct 94 07:16:45 PDT Subject: NYT Libertarian News Message-ID: <199410051416.KAA11094@pipe3.pipeline.com> Good and bad news in today's NYT on a controversial new libertarian (I think) community. Here's the good news, or maybe bad, quote: Kamiah, Idaho -- Ever since Lewis and Clark sloshed their way through this valley 100 years ago, some people have viewed the Pacific Northwest as a refuge for the kind of behavior that might get a person run out of town in other parts of the country. . . . now comes retired Lieut. Col. James (Bo) Gritz, a Vietnam-era Green Beret and onetime Populist Party candidate for President, with what is likely to be the first community ever built around fear and hatred of the Federal Government. Mr. Gritz, who discovered Idaho during the Presidential campaign, says he is a patriot who has become disgusted with the "cesspool" of public schools, the "grip of the international bankers" on the nation's currency, and "an encroaching, ravenous, predator Government," which wants to disarm the citizenry and force people to carry health cards. . . . in an advertisement for his paramilitary programs, he says, "You will learn what weapon and ammunition type is best in times of grave peril; how to carry, draw, hold and efficiently engage multiple targets. It is this kind of language that has many people worried that their hamlet will become the next Waco. "The tyrants who ordered the assault on Waco should be tried and executed as traitors," Mr. Gritz wrote in a recent issue of his newsletter. . . . Mr. Gritz said, "I want a community where if the F.B.I. looks at us, they'll end up saying it's more trouble than it's worth." End quote. The bad news, or maybe good, is that the Times then goes on to ridicule Mr. Gritz and his cohorts. Anyone want this by e-mail? John From jya at pipeline.com Wed Oct 5 07:26:03 1994 From: jya at pipeline.com (John Young) Date: Wed, 5 Oct 94 07:26:03 PDT Subject: NYT on TeleTheft Message-ID: <199410051425.KAA12326@pipe3.pipeline.com> Long article today on widespread international calling-card fraud -- stealing and selling numbers to and by computer hackers around the world -- and Secret Service and other LEAs current traps, investigations, arrests and indictments. Don't call if you want e-mail copy, they're about to bust you. This looks like one of "threats" the Wiretap Bill (and maybe the newly chastened CIA) hopes to squash. John From dfloyd at paris.eng.utsa.edu Wed Oct 5 07:37:16 1994 From: dfloyd at paris.eng.utsa.edu (Douglas R. Floyd) Date: Wed, 5 Oct 94 07:37:16 PDT Subject: Data haven code Message-ID: <9410050954.ZM749@paris.eng.utsa.edu> I am looking for beta testers for the data haven code. It should be ready by the tenth to the fifteenth of October. Due to a mishap partly caused my me, the machine that had the code got hosed and I have to re-create most of the work again :(. If you are interested in beta-testing this code, please E-mail me (dfloyd at runner.jpl.utsa.edu), and please encrypt the response with PGP. (My key is on the keyservers, or fingerable from lonestar.utsa.edu) Now back to your regularly scheduled programming. From m5 at vail.tivoli.com Wed Oct 5 07:45:27 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Wed, 5 Oct 94 07:45:27 PDT Subject: NYT Libertarian News In-Reply-To: <199410051416.KAA11094@pipe3.pipeline.com> Message-ID: <9410051445.AA26598@vail.tivoli.com> John Young writes: > . . . now comes retired Lieut. Col. James (Bo) Gritz Mr. Gritz has been usenet flame fodder for quite some time. He's either a crypto-fascist (no, not that kind of crypto) or a saviour of the American Way, depending on your personal leanings. | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From franl at centerline.com Wed Oct 5 07:57:08 1994 From: franl at centerline.com (Fran Litterio) Date: Wed, 5 Oct 94 07:57:08 PDT Subject: Nom de guerre public key In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- tcmay at netcom.com (Timothy C. May) writes: > Fran Litterio wrote: > > Unless you reveal your pseudonym to someone and identify yourself > > according to the rules of the PGP Web of Trust, you should not be able > > to get signatures on your PGP public key. > > What are the "rules of the PGP Web of Trust"? They are pretty simple. Don't sign someone's PGP key unless you have firsthand knowledge that it is their key. Implicit in this knowledge is the knowledge that they are accurately named by the userid on the key. This requires either that you have a significant personal relationship with the key owner (i.e., long-time friend, lover, etc.) or that you have seen a significant form of photo-id (i.e., their passport). You must also obtain the key fingerprint via a relatively tamperproof channel (i.e., phone call (if you recognize their voice) or personal meeting). > Tying public keys to physical persons is _one_ approach, but not the > only one. Yes, we might one day live in a world where every human interaction takes place between pseudonyous entities that represent one or more real people. In such a world, there is no place for PGP's Web of Trust. Reputations will have to suffice. > The "web of trust" models how we pass on advice, introduce others with > our recommendations, etc., but it is not a very formal thing. It's less formal than, say, a central Certification Authority, but it has some formalities that, if broken regularly and on a wide scale, would render the Web of Trust ineffective. Determining the identity of the real person who owns the key you are signing is one of those formalities. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpKw5XeXQmAScOodAQGZ1wP9ERuR2xab9ysUl0goc9qYGEy30S0CFrVd C6MnuPFETML6BfJHRF/nM+4PTHwfox7Cfp4BEq55/D9FxpvmFwZ/v4A7mKKzJVoD Jl9Ex3lWxvdM3hv99Zt+dzaWSNvoAbwVIXHwgYS6PyZ68EIKhTJogStarWybpj1R yez5a/MlFw0= =le0b -----END PGP SIGNATURE----- -- Fran Litterio franl at centerline.com (617-498-3255) CenterLine Software http://draco.centerline.com:8080/~franl/ Cambridge, MA, USA 02138-1110 PGP public key id: 1270EA1D From nelson at crynwr.com Wed Oct 5 08:00:13 1994 From: nelson at crynwr.com (Russell Nelson) Date: Wed, 5 Oct 94 08:00:13 PDT Subject: Nom de guerre public key In-Reply-To: Message-ID: Date: 05 Oct 1994 13:31:42 GMT Organization: CenterLine Software R&D From: franl at centerline.com (Fran Litterio) That's part of it, but the more important binding created by a signature is the binding between the userid and the real person. Without that binding, the binding between the key and the userid is useless. Nonsense. You're assuming that the real person wishes to carry their reputation over onto their key/userid combination. Perhaps they wish to establish a separate reputation for it? And once they've established that reputation, they wish to change keys? Might you not sign such a new key? -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From perry at imsi.com Wed Oct 5 08:00:52 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 5 Oct 94 08:00:52 PDT Subject: NYT Libertarian News In-Reply-To: <9410051445.AA26598@vail.tivoli.com> Message-ID: <9410051500.AA05041@snark.imsi.com> Mike McNally says: > John Young writes: > > . . . now comes retired Lieut. Col. James (Bo) Gritz > > Mr. Gritz has been usenet flame fodder for quite some time. He's > either a crypto-fascist (no, not that kind of crypto) or a saviour of > the American Way, depending on your personal leanings. The word "nut" comes to mind... .pm From merriman at metronet.com Wed Oct 5 08:17:15 1994 From: merriman at metronet.com (David K. Merriman) Date: Wed, 5 Oct 94 08:17:15 PDT Subject: NYT Libertarian News Message-ID: <199410051516.AA18591@metronet.com> > >Mike McNally says: >> John Young writes: >> > . . . now comes retired Lieut. Col. James (Bo) Gritz >> >> Mr. Gritz has been usenet flame fodder for quite some time. He's >> either a crypto-fascist (no, not that kind of crypto) or a saviour of >> the American Way, depending on your personal leanings. > >The word "nut" comes to mind... > I hate to correct you, but that's "nut^3" :-) Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From hfinney at shell.portal.com Wed Oct 5 08:37:29 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 5 Oct 94 08:37:29 PDT Subject: Referrences to SKE and GAK In-Reply-To: <9410051404.AA11905@tis.com> Message-ID: <199410051537.IAA12218@jobe.shell.portal.com> Thanks to Carl for an interesting essay on key escrow. What is being escrowed in the SKE proposals? Is it the session key? What is the advantage to the user of broadcasting a session key encrypted to an escrow agent? That does not sound like a spare key in the wallet. What about the aspect of SKE which allows compliant implementations to verify that the session key is actually being honestly reported to the escrow agent? Isn't that where most of the cryptographic challenge and interest comes from, and again how does that benefit the customer? It seems strictly for the benefit of wiretappers. What about key escrow systems which allow users to store encrypted versions of their public keys? There would still be the danger of the user dying or forgetting his pass phrase, but in many circumstances that is tolerable. The KE agency then simply becomes a data backup facility. Is TIS working on this? This seems like the true analog of the spare key in the wallet. I get the impression that despite all of the good and reasonable things you can say about key escrow, the actual work and interest is strictly going towards systems to allow government wiretapping. No significant efforts are going into these other ideas which might be useful to the customer but are irrelevant to the wiretapping issue. So I am afraid that the actual work on SKE is only going to hurt privacy despite Carl's hopes. Hal From vanhorn at cps.msu.edu Wed Oct 5 08:43:21 1994 From: vanhorn at cps.msu.edu (vanhorn at cps.msu.edu) Date: Wed, 5 Oct 94 08:43:21 PDT Subject: NYT Libertarian News In-Reply-To: <199410051416.KAA11094@pipe3.pipeline.com> Message-ID: <9410051543.AA16529@ss17.cps.msu.edu> > Anyone want this by e-mail? Sure, I'd like to see the full text if you have it. ----------------------------------------------------------------------------- Kevin S. Van Horn | It is the means that determine the ends. vanhorn at cps.msu.edu | From jya at pipeline.com Wed Oct 5 09:12:17 1994 From: jya at pipeline.com (John Young) Date: Wed, 5 Oct 94 09:12:17 PDT Subject: Hitler's not dead is he? Message-ID: <199410051611.MAA21128@pipe3.pipeline.com> Responding to msg by nobody at jpunix.com (Anonymous) on Wed, 5 Oct 1:51 AM >P.S. Lewis McCarthy wrote: "Quick, somebody mention >Hitler". Okay. Mr. McDonald is as fascist as Hitler. Er, Hitler was a National Socialist. In those days, as now, everyone used the term indiscriminately, just like "fascist", "free market", "capitalist", "commie", and so on. Everybody gotta try to be more entertainingly original and it ain't easy, at least for me. Play the cryptography game, where no one knows for sure what's real or phony, where anyone can talk the talk like Jim Bidzos, and so on. We're all in the same doodoo together, name-calling by anonymous crypto or not, and so on it goes. John (looking for people wanting to sell ad space on their sigs; I been educated to buy into others stuff rather than think up something original, that's why I post so much from the NYT.) From hughes at ah.com Wed Oct 5 09:13:52 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 5 Oct 94 09:13:52 PDT Subject: private assets in the world Message-ID: <9410051532.AA07077@ah.com> Some interesting figures recently wafted my way about the sizes of private asset holdings in the world. These are Goldman, Sachs estimates. 4 Trillion (10^12) dollars in total worldwide personal assets 2 Trillion of that is secretly held assets 1.5 Trillion of the secretly held assets are in Switzerland Mighty interesting numbers indeed. Eric From sommerfeld at orchard.medford.ma.us Wed Oct 5 09:33:28 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Wed, 5 Oct 94 09:33:28 PDT Subject: Referrences to SKE and GAK In-Reply-To: <9410051404.AA11905@tis.com> Message-ID: <199410051616.MAA00815@orchard.medford.ma.us> Carl, I think the main problem here is that the government seized the initiative by using "Key Escrow" when they really mean "Government Access to Keys"; also, the infamous Gore->Cantwell letter refers to SKE, but clearly means, from context, that they're referring to what you refer to as KEG. This makes it difficult to advocate key escrow of any form without appearing to endorse "escrow" with the government as the grantee. Also: One can divide the use of encryption in computer networks in two classes: - encrypting real-time communications - encrypting stored data (files). Key escrow in the former case is only useful in the presence of wiretaps, since the encrypted data is ephemeral. The business/commercial justification for key escrow (having a "spare key" around) is really only applicable in the second case. - Bill From nobody at shell.portal.com Wed Oct 5 09:33:54 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 5 Oct 94 09:33:54 PDT Subject: ClearSig Bug in PGP? Message-ID: <199410051633.JAA15476@jobe.shell.portal.com> can anyone explain the clearsig bug to me, and is there a fix? thnaks man, i;ve been out for a while/ From lmccarth at ducie.cs.umass.edu Wed Oct 5 09:46:38 1994 From: lmccarth at ducie.cs.umass.edu (Lewis McCarthy) Date: Wed, 5 Oct 94 09:46:38 PDT Subject: My Airspace In-Reply-To: <9410051041.AA14697@ininx> Message-ID: <199410051646.MAA06770@ducie.cs.umass.edu> John Kreznar writes: $ L. McCarthy writes: $ > My choice of self-defense in this case is legislation preventing $ > anyone from smoking in my airspace. $ What, exactly, is ``your'' airspace? The air I breathe. You don't have a right to make me breathe your smoke. As long as you keep your smoke to yourself, I'm happy. $ If you want legislative control over what's yours, First of all, I shouldn't have to ask someone to stop trying to kill me. Beyond that, if I ask someone to desist, she may refuse. Then I can either a) personally force her to stop, or b) have a third party force her to stop. In some cases, I'll be unable to stop her on my own, and in any case it's safer for me to have a third party take care of it. So yeah, when the assholes out there try to fuck with what I consider mine, I need some folks in blue suits to step in and shove them out of the way. -L. McCarthy Send me mail using "Subject: remailer-help" for an autoreply about Underdog From system at decode.com Wed Oct 5 09:52:00 1994 From: system at decode.com (System Operator) Date: Wed, 5 Oct 94 09:52:00 PDT Subject: NYT Libertarian News Message-ID: <3ceqTc3w165w@decode.com> merriman at metronet.com (David K. Merriman) writes: > >Mike McNally says: > >> John Young writes: > >> > . . . now comes retired Lieut. Col. James (Bo) Gritz > >> > >> Mr. Gritz has been usenet flame fodder for quite some time. He's > >> either a crypto-fascist (no, not that kind of crypto) or a saviour of > >> the American Way, depending on your personal leanings. > > > >The word "nut" comes to mind... > > > > I hate to correct you, but that's "nut^3" :-) However you may feel personally about Mr. Gritz (and his connection to Ross Perot, etc), I think he serves at least three useful purposes for other members of society who might be labelled "loose cannons", to wit: 1) When the Sierra Club was working for their particular agenda in the early seventies, many in the "mainstream" dismissed them as whackos on the extreme edge. Later, when Earth First came along and redefined what the environmental movement could become, suddenly the Sierra Club was a reasonable, legitimate voice with which those in authority could reason. Mr. Gritz, IMHO, is in part helping to redefine the "envelope" of so-called patriotism. His extreme measures may serve to help legitimize less unusual actions which are now considered "out there." 2) He serves as a lightning rod for government enforcement. It is often in the best interests of those in power not to drawn the line of acceptable/not acceptable behavior (keep 'em guessing). His actions (and those of Randy Weaver, David Koresh, etc) all drawn attention to the willingness of the government to "do something." It then becomes more possible to predict the actions of certain government agencies. 3) It keeps said agencies busy. Contrary to popular opinion, the resources of the government are not infinite (it only seems that way). The government is more like a few dozen lumbering Goliaths, each stumbling after whichever David is most irritating at the moment. Mr. Gritz serves as the decoy to lure certain giants away from other activites. Federal agents and other resources devoted to gathering intelligence on Mr. Gritz are no longer available to gather intelligence on others. [This resource allocation problem, IMHO, is one the main reasons for the FBI's insistence on the Digital Telephony Bill -- it allows a far greater degree of "intelligence" gathered per expenditure of resource.] Nutty or not, I'll be happy to cheer on Mr. Gritz. > Dave Merriman Dan -- system at decode.com (System Operator) Cryptography, Security, Privacy BBS +1 410 730 6734 Data/FAX From warlord at MIT.EDU Wed Oct 5 10:03:20 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 5 Oct 94 10:03:20 PDT Subject: ClearSig Bug in PGP? In-Reply-To: <199410051633.JAA15476@jobe.shell.portal.com> Message-ID: <9410051703.AA07606@toxicwaste.media.mit.edu> The bug is that you can add text into a clear-signed message that appears to be real since PGP drops everything before the first empty line. The temporary fix is to only read the output from PGP (since the added text will not be in the output file). The long-term fix will be in 2.6.2, which will hopefully be released next week (a message will go out saying when it has been released). The patch is really too difficult to separate from other patches to post it separately. -derek From bart at netcom.com Wed Oct 5 10:25:51 1994 From: bart at netcom.com (Harry Bartholomew) Date: Wed, 5 Oct 94 10:25:51 PDT Subject: Tcl citations from Cyphernomicon Message-ID: <199410051725.KAA13653@netcom10.netcom.com> Forwarded message: > Subject: Re: Richard Stallman of GNU on Tcl > Date: Wed, 05 Oct 1994 10:46:50 -0400 > From: "Perry E. Metzger" > > > Fascinating, but why are you sending this to cypherpunks? > > Harry Bartholomew says: > > > > On gnu.announce of 9/23, he writes "Why you should not use Tcl". > > Instead, those wanting to use the Tk tools are commended to a > > Scheme interpreter with it called STk. Available from: > > ftp.cs.indiana.edu:pub/scheme-repository/imp/STk-2.1.tar.Z > For the grep-impaired, see sections 4.5.4 and particularly 13.4.14 of Tim's opus for Tcl relevance to Cypherpunks. From cme at tis.com Wed Oct 5 10:28:44 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 5 Oct 94 10:28:44 PDT Subject: Referrences to SKE and GAK In-Reply-To: <199410051616.MAA00815@orchard.medford.ma.us> Message-ID: <9410051727.AA25518@tis.com> >Date: Wed, 05 Oct 1994 12:16:21 -0400 >From: Bill Sommerfeld >I think the main problem here is that the government seized the >initiative by using "Key Escrow" when they really mean "Government >Access to Keys"; Exactly. The term is tainted. Meanwhile, the offense to the English language remains even if we give the term up as tainted. For example, there's a line in one of our publications (the Data Security Letter) talking about this process: FBI representatives stressed concern that users not be able to use encryption products separated from the key escrow process. That's true to the FBI's word choice. So -- postulate a Key Escrow service with escrow agents chosen by Fidel Castro and the Columbian drug cartel as grantee -- or, as an alternative, postulate a PGP key provided by the FBI for good little boys and girls to include as a recipient during encryption with PGP-voice. Which one gives the FBI access? - Carl P.S. (I know: neither, because there aren't any good little boys and girls, but I was talking about English semantics, not reality. :-) From nobody at jpunix.com Wed Oct 5 10:57:55 1994 From: nobody at jpunix.com (Anonymous) Date: Wed, 5 Oct 94 10:57:55 PDT Subject: your mail Message-ID: <199410051757.MAA20348@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- Black Unicorn wrote: > Anonymous scripsit > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > That being said let it be known that I consider the following as a > > > "Cypherpunk victory." > > > > > > 1. Complete freedom of technology, particularly encryption technology, > > ^^^^^^^^^^^^^^^^^^^^^ > > > regulated only by market forces. This implies the lack of import/export > > > restrictions, and a complete absence of projects designed to limit > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > technology, or to standardize it for nefarious ends like Clipper. > > ^^^^^^^^^^ > > > > I think you overgeneralize. No limits on toxic waste incinerators, > >low-mileage automobiles, unsafe medical devices, genetically tampered food, > >or nuclear reactors? "Market forces" in such cases positively encourage > >dangerous technology (e.g. incinerators are superficially cheap) or are > >markedby their inability to distinguish the good from the crap (e.g. medical > >devices). > > It is you who have overgeneralized. No limits on technology certainly > does not mean allowing low tech and poor incinerators to continue operating. > The fact that low mileage cars still drive is a result of poor markets > than anything else (baring colletables). How would you argue that some > low mileage cars are the result of a no limitations on technology policy? A lack of mileage standards, which are regulations on technology, can be expected to result in technology that doesn't meet the standard. > Unsafe medical devices? I would say this is a problem with testing > technology, not a lack of limitation on technological advance. If medical devices are sold without ANY limitation, e.g. the requirement that they be safe and effective, the result is unsafe equipment. Improved testing technology isn't useful if there's no requirement to use it. And "the market" is composed of people who have neither the expertise to test the equipment before they consent to its use, nor (in the case of someone's who's bleeding or in labor) the time. > Genetically tampered food? Why is this dangerous? Have any evidence? > Most of the livestock/crops you eat today have been altered in one way > or another, be it selective breeding, low tech botanical splicing, or > genetic/hormonal therapy. You see this as a regression? In some cases, yes, I see problems in biotech. For example, hormones used in cattle in high doses are known to cause tumors in women in low doses. Whether people would choose to eat horemone-treated meat is debatable; I had thought that the right to make the choice was taken by cypherpunks as an article of faith. Without regulation on the technology, even an innocuous labeling requirement, the right to choose is taken away because consumers can't detect the difference between hormone-treated beef and organic beef. > You never make the distinction between regulation designed to promote and > regulation designed to deter technological advance. Technological advance is a means to an end. Regulations should properly be about insuring the public welfare. While we might reasonably disagree about what that welfare is, clearly technological anarchy doesn't promote it. > Market > forces are lathargic, sometimes they need a boost. I propose this boost > be accomplished with motivators like tax breaks, market assisters and > privatization. Either the market works or it doesn't. You can't decry all government regulation and then call for handouts to businessmen. > When Germany wanted to promote environmentally sound > packaging and manufacture, they started a program called Gruun Punkt (The > Green Point) They allow manufactures to place the green point sticker on > their products provided they meet XYZ specifications. Actually, I think this is a great way to proceed. ======================================================================= Crim Tideson Privacy is its own justification. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpKieKvOblMnt4MdAQH72wP+NiE1e/wGy5t2XZla3gRXLRRGpCFeEX5J YtcKLqbym/pV9XRLBuEGIETnrsmJoOrWN+PDlzW02HXRmiad+Wbf1jp/QjPwXkQm 0ysSrrTIkZMsjIlY5ffxzwR8LzQZMhAMliFmFjhE8rAz/fLAqY1N+kT7NLiPyP54 TPOVSSyEhKU= =1dU3 -----END PGP SIGNATURE----- From nobody at jpunix.com Wed Oct 5 10:58:00 1994 From: nobody at jpunix.com (Anonymous) Date: Wed, 5 Oct 94 10:58:00 PDT Subject: Chomsky (thread from hell) Message-ID: <199410051757.MAA20379@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- "Gary Jeffers" wrote: > I remember Chomsky being quoted (I think in a Mother Jones issue) > something to the effect that the opposition to "political correctness" > was not legitimate. Apparently, Chomsky finds at least one kind of > oppression to be not distasteful. > At a Chomsky lecture that I attended, Chomsky described himself as a > left libertarian. I surmise that he finds that grassroots oppression by > the left to be ok. I realize, of course, that "political correctness" > has great mass media & State support. Please post direct, in-context quotes from Chomsky to substantiate your claims, or stop making them. This demonization of Chomsky is so tiresome. ======================================================================= Crim Tideson Privacy is its own justification. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpKaIavOblMnt4MdAQEwdQQAu1ztK8Wn9DRaANtklfbXBLZUAw0jRvKI f80gO3YLPZgOqUQV9j9AvoDl8Zqrsonm00gXxo2m7EIoZQtG5MIq9722kzEsxUzS aDipQM3bS9VRDtRrU4UhI5pl730yP6SulcpxRXv65OcSTJOsPNj40U0wC9tipeTk jiPoRSZ71Yg= =2CWO -----END PGP SIGNATURE----- From nobody at jpunix.com Wed Oct 5 10:58:22 1994 From: nobody at jpunix.com (Anonymous) Date: Wed, 5 Oct 94 10:58:22 PDT Subject: Chomsky quote (thread from hell) Message-ID: <199410051757.MAA20378@jpunix.com> -----BEGIN PGP SIGNED MESSAGE----- > jamesd at netcom.com (James A. Donald) wrote: > > >Noam Chomsky, in a 4/16/94 e-mail response to a question from Steve > >Shalom, says: > > > > In my opinion, not only mainstream intellectuals but also others > > who produce a constant stream of lies, distortion, racist screeds, > > etc., should be permitted freedom of speech. The state should not > > have the power to stop them. The same freedom extends to > > hypocrites, like faculty senates who choose one particularly and > > usually quite marginal example because career and power interests > > are served thereby, while ignoring vastly more significant and > > awful cases because the opposite is true. And Congress, of which > > the same is correct. > [utterly specious reasoning deleted] > Thus he is actually making a misleading and spurious > argument *against* freedom of speech at the same time as he > is piously declaring himself to be in favor of freedom of > speech. Leaving aside the fact that you've somehow managed to "prove" to yourself that Chomsky means the opposite of what he clearly and consistently says, what has this to do with cypherpunks? ======================================================================= Crim Tideson Privacy is its own justification. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpKchqvOblMnt4MdAQGl2wP8DpmSTLSR+H3xQJY/ygEbVzABPZu436eV vAiJNcNV+PoPw5Bg6p3IBowP40JcYoqjn6Va0PomkLxdWyluwGFlNnorsb2Lq8e8 KOhzMlmnX1CIlXYfxXQxN3wCSYVqDfdhbw/9l/ZLVLWLLT+TH/NFNrj3WIhEmuWJ yXHkKKcHWwM= =ot7V -----END PGP SIGNATURE----- From mccoy at io.com Wed Oct 5 11:28:11 1994 From: mccoy at io.com (Jim McCoy) Date: Wed, 5 Oct 94 11:28:11 PDT Subject: Richard Stallman of GNU on Tcl In-Reply-To: <199410050855.BAA25288@netcom2.netcom.com> Message-ID: <199410051827.NAA18355@pentagon.io.com> Harry Bartholomew writes: > On gnu.announce of 9/23, he [Stallman] writes "Why you should not use > Tcl". Ah yes, RMS's drive-by flaming... Thus setting of one of the more amusing "My language is better than your language" holy flame wars of the year. Tcl/tk is here and in widespread use, wishing it were otherwise isn't going to change reality. The only good thing about the entire thread was that it brought python, which does have a bigint/mpz module built into it, to the attention of a few more people. Lets get back to something useful... jim From tcmay at netcom.com Wed Oct 5 11:30:41 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 5 Oct 94 11:30:41 PDT Subject: Government vs. Markets In-Reply-To: <199410051757.MAA20348@jpunix.com> Message-ID: <199410051829.LAA03358@netcom6.netcom.com> This recent debate about untested/dangerous/unapproved technology, such as medical equipment, vitamins, automobile features, is ideological. I'm not likely to convince the disbelievers here, nor are they likely--experience shows--to go read the recommended books which might answer these questions to their satisfaction. But arguing that the government needs to intervene in markets and limit free choice to "protect" customers and consumers is precisely how our present mess got started. And how crypto and communications is being afffected. (Imagine PGP being outlawed because of its "uncertified" nature, the bugs is clearly still contains, etc.) Anonymous wrote: > A lack of mileage standards, which are regulations on technology, can be > expected to result in technology that doesn't meet the standard. No, if customers want good mileage more than they want other features (like prices, performance, 4-wheel drive, etc.), then they'll pay more for them. Some do. Some drive little 60 mpg econoboxes, while I drive an 18 mpg (with a tailwind) Ford Explorer. The market in action. I could do some calculations on just how unimportant the "fuel economy" standards are, but I lack the energy and time to make these points here. Fuel economy standards are about the worst possible case that can be made for government interference. > If medical devices are sold without ANY limitation, e.g. the requirement > that they be safe and effective, the result is unsafe equipment. > Improved testing technology isn't useful if there's no requirement to > use it. And "the market" is composed of people who have neither the > expertise to test the equipment before they consent to its use, nor (in > the case of someone's who's bleeding or in labor) the time. Underwriters Laboratories, Good Housekeeping ("Seal of Appproval"), and Consumer Reports are better testers than any bureacrats in Washington, and they are private. Insurance companies have a strong interest in safe equipment, as do hospitals, doctors, and even patients. The specter of people killing themselves absent a government standard is false. > doses. Whether people would choose to eat horemone-treated meat is > debatable; I had thought that the right to make the choice was taken by > cypherpunks as an article of faith. Without regulation on the > technology, even an innocuous labeling requirement, the right to choose > is taken away because consumers can't detect the difference between > hormone-treated beef and organic beef. Again, faslse. If people are concerned, they can ask. They can patronize organic food stores, as they do in huge numbers here in the Northern California area. And so on. What often happens with government-imposed standards is that some lobbying group decides that "cheese is good for you" and so gets cheese installed as one of the government-mandated "basic food groups." (If you think I'm exaggerating, you didn't grow up in the 50s and 60s, when the "four basic food groups" had to be fed to children in school lunch programs. Political views have now shifted to the point where soy milk, bean sprouts, and sun-ripened tomatoes must now be included in all school lunch programs. :-}) Government standards are a two-edged sword. Many of us would prefer to "opt out" of their idea of what's healthy and safe and what's not. Motorcycle helmet laws are a good example. Which I won't get started on here. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From franl at centerline.com Wed Oct 5 11:57:18 1994 From: franl at centerline.com (Fran Litterio) Date: Wed, 5 Oct 94 11:57:18 PDT Subject: Nom de guerre public key In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- nelson at crynwr.com (Russell Nelson) writes: > From: franl at centerline.com (Fran Litterio) > > That's part of it, but the more important binding created by a > signature is the binding between the userid and the real person. > Without that binding, the binding between the key and the userid is > useless. > > Nonsense. You're assuming that the real person wishes to carry their > reputation over onto their key/userid combination. Perhaps they wish > to establish a separate reputation for it? And once they've > established that reputation, they wish to change keys? Might you not > sign such a new key? I would not sign a pseydonymous entity's key based soley on the reputation of the entity. How do I defend against a man-in-the-middle attack -- how do I know I'm not signing the middle-man's key instead of the entity's key? With a real person, my defense is to use a tamperproof out-of-band channel to verify the key fingerprint: a phone call (for a friend whose voice I recognize) or a personal meeting with passports (for someone I don't know very well). How do I do that with a pseudonymous entity? I'd really like to know if it's possible to do. I'm all in favor of pseudonymous entities building reputations, but I think that the price of pseudonymity is the inability to be part of a PGP-like Web of Trust. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLpLtrneXQmAScOodAQGvRwP+Jj8aR/Qmbd9EdPmCzBw6AGj0fvXhdgal MXN0HYsqiFPcqZf2GeeE764DpZrCAa54RheXsFa9sjkfJSzN2MfqV4HOiI/X3TvP qZjt0Bzc8FX5e88CPTE7ajISbPWhhHyGYcbf5IY6u/a55jmSiwSUTuEysFb37QIT 2SCgNSW6uNs= =ejKn -----END PGP SIGNATURE----- -- Fran Litterio franl at centerline.com (617-498-3255) CenterLine Software http://draco.centerline.com:8080/~franl/ Cambridge, MA, USA 02138-1110 PGP public key id: 1270EA1D From adam at bwh.harvard.edu Wed Oct 5 12:34:07 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Wed, 5 Oct 94 12:34:07 PDT Subject: Richard Stallman of GNU on Tcl (crypto reference) In-Reply-To: <199410051827.NAA18355@pentagon.io.com> Message-ID: <199410051935.PAA02275@hermes.bwh.harvard.edu> | language" holy flame wars of the year. Tcl/tk is here and in widespread | use, wishing it were otherwise isn't going to change reality. The only | good thing about the entire thread was that it brought python, which does | have a bigint/mpz module built into it, to the attention of a few more | people. Lets get back to something useful... But, before we do, a crypto comment which I found entertaining showed up: "Perl. The only language that looks the same before and after RSA encryption." We now return you to your regularly scheduled Chomsky debate, here on the Cypherpunks channel. From fhalper at pilot.njin.net Wed Oct 5 12:59:44 1994 From: fhalper at pilot.njin.net (Frederic Halper) Date: Wed, 5 Oct 94 12:59:44 PDT Subject: NATIONAL CRYPTOGRAPHY POLICY Message-ID: <9410051959.AA28554@pilot.njin.net> I saw this in Edupage, thought I'd pass it along. Reuben NATIONAL CRYPTOGRAPHY POLICY The National Research Council is conducting a comprehensive study of national cryptography policy, including such topics as: the availability of cryptography technology to foreign and domestic parties; the competitiveness of U.S. manufacturers and users of such technology; U.S. national security and law enforcement interests; relative merits of various cryptographic technologies; demand for information systems security based on cryptography; the impact of foreign restrictions; the extent to which current policy is adequate for protecting U.S. interests; relative merits of current key escrow implementation schemes; feasible policy options; and recommendations for the process through which all interests are balanced in the formulation of national cryptography policy. Send comments and other correspondence to crypto at nas.edu. (NRC Release) From unicorn at access.digex.net Wed Oct 5 13:27:08 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 5 Oct 94 13:27:08 PDT Subject: Impact of Free Strong Crypto (Essay of sorts) In-Reply-To: <9410051315.AA08512@tis.com> Message-ID: <199410052026.AA21233@access4.digex.net> Carl Ellison scripsit > > Your message signature was bad, BTW. > Oh? Anyone else on the list have this problem? If so I will be happy to re-up with a new sig. -uni- -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From rcromw1 at gl.umbc.edu Wed Oct 5 13:44:35 1994 From: rcromw1 at gl.umbc.edu (Ray Cromwell) Date: Wed, 5 Oct 94 13:44:35 PDT Subject: Government vs. Markets In-Reply-To: <199410051829.LAA03358@netcom6.netcom.com> Message-ID: <199410052044.QAA01356@umbc9.umbc.edu> Tim May writes: > Government standards are a two-edged sword. Many of us would prefer to > "opt out" of their idea of what's healthy and safe and what's not. Are you crazy? If you were allowed to opt out of government standards and eat what you want, you'd be driving up healthcare costs! That's unfair to your brothers and sisters! The government will stop you anyway by requiring everyone to have quarterly checkups and then have the medical records of people with unhealthy lifestyles sent to them. If you refuse, you won't get to be in the government healthcare system, which is only fair since you're driving up everyone else's costs like a sociopath. -Ray p.s. I hate to have to do this, but some people lack a sacasm detector, so: ;-) ;-) ;-) "Be very afraid, the Flavor Savor(tm) tomatoes are going to kill us all!" From gnu Wed Oct 5 14:47:54 1994 From: gnu (gnu) Date: Wed, 5 Oct 94 14:47:54 PDT Subject: Digital Telephony vote TODAY 7PM Eastern Message-ID: <9410052147.AA01801@toad.com> According to EFF staffer Jonah Seiger: The bill is expected to be voted on in both the House and Senate TODAY! The House is expected to vote at about 7:00 pm (ET) and the Senate shortly there after (although it is still possible that they may not vote until tomorrow). The bill IS expected to pass both bodies. Do what you think is best. John Gilmore From jim at bilbo Wed Oct 5 14:48:52 1994 From: jim at bilbo (Jim Miller) Date: Wed, 5 Oct 94 14:48:52 PDT Subject: crypto game idea Message-ID: <9410052026.AA21579@bilbo.suite.com> Crypto-Magic: The Gathering I was recently introduced to the card game Magic: The Gathering. Today over lunch, I realized that this game could be transformed into an ideal networked crypto-game. Why ideal? Magic is a really popular game right now and a network version would require a lot of the crypto technology discussed on this list. So, it's ideal for the purpose of getting crypto into popular use. Brief description of game: Magic is entirely based on cards. There's no dice or board or game pieces. Each card represents a creature, an artifact, a magical ability, or something else (like land). Some cards a common, some uncommon, some very rare. Players each have their own deck of cards which they assemble from a larger collection of cards before the start of the game. They take turns drawing cards from their deck, revealing some (invoking their power), keeping others in their "hand" until later. A player wins when they kill their opponent's "army" (or render it leader-less). Where's the crypto? In my mind, the cards must be handled kind of like digital money. You have to have a way of authenticating cards (can't have players forging new creatures) and you have to have a way of preventing players from duplicating powerful, rare cards. These constraints imply there is some bank-like agency that creates and signs "official" game cards. They could sell them for real digital cash, or Tacky Tokens, or whatever. The "bank", or another third-party service, might have to participate in the play of a game to enforce the constraints. It's not really like digital money, of course, but it would require protocols at least as sophisticated. I haven't thought about this beyond what I've just described, but it seems like a promising idea. Somebody could probably make money at it, if they wanted to. Too bad I'm to busy. Jim_Miller at suite.com From cme at tis.com Wed Oct 5 15:16:39 1994 From: cme at tis.com (Carl Ellison) Date: Wed, 5 Oct 94 15:16:39 PDT Subject: overload of the term "Key Escrow" Message-ID: <9410052215.AA13811@tis.com> There has been much discussion since at least 1992, but especially since April 1993, under the general heading of ``Key Escrow''. This term has been severely overloaded in the process, to the point that the term has no trustworthy meaning. What is worse, this overloading is almost certainly because there are topics which are politically sensitive involved and there is a reticence to express these topics openly. It is my intention to bring all of these topics into the open and discuss them, giving them each a label which we can use instead of the poor overloaded "Key Escrow". My list so far includes: export and intelligence access (NSA wants <= 40 bits to crunch on any alg shipped overseas) law enforcement access (FBI wants all cleartext, for everything, everywhere; failing that, it wants keys; and all have to be delivered to some comfortable central listening post) ?voluntary? compliance The Administration says "voluntary" but does it want: user voluntary, manufacturer voluntary + user mandatory, or mandatory ? Are there any other issues hidden behind the term "key escrow" which gov't people don't talk about that anyone thinks I should bring out in the open? Please reply by direct e-mail. Thanks, - Carl From chen at intuit.com Wed Oct 5 15:54:33 1994 From: chen at intuit.com (Mark Chen) Date: Wed, 5 Oct 94 15:54:33 PDT Subject: Government vs. Markets In-Reply-To: <199410052044.QAA01356@umbc9.umbc.edu> Message-ID: <9410052253.AA29033@doom.intuit.com> Ray writes: > Tim May writes: > > Government standards are a two-edged sword. Many of us would prefer to > > "opt out" of their idea of what's healthy and safe and what's not. > > Are you crazy? If you were allowed to opt out of government > standards and eat what you want, you'd be driving up healthcare > costs! That's unfair to your brothers and sisters! The government > will stop you anyway by requiring everyone to have quarterly checkups > and then have the medical records of people with unhealthy lifestyles > sent to them. If you refuse, you won't get to be in the government > healthcare system, which is only fair since you're driving up > everyone else's costs like a sociopath. It would be helpful if we could define the word "government." Is a government any organization of people, or is it any organization wherein some people hold coercive power over others? In either case, how are corporations different from governments? If it is argued that corporations are different because, as an employee of a corporation, I am free to terminate my employment contract and to enter a contract with a different corporation, then it can also be argued that, as a citizen of the U.S., I am free to terminate my citizenship and assume citizenship in another country. In large measure, privatization really amounts to nothing more than removing programs from the incompetent, technocratic control of state bureaucracies and submitting them to the incompetent, totalitarian control of business. There is no question but that our government works very poorly by any standard; I just don't see the argument for privatization as being an argument between statism and anarchism (Bakunin would agree :}). It is, rather, merely an argument between two different, equally decrepit organizational precepts. -- Mark Chen chen at netcom.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From unicorn at access.digex.net Wed Oct 5 16:00:59 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Wed, 5 Oct 94 16:00:59 PDT Subject: Government and Markets (Again) Message-ID: <199410052300.AA01712@access4.digex.net> >From: nobody at jpunix.com (Anonymous) >> unicorn at access.digex.net: >> Unsafe medical devices? I would say this is a problem with testing >> technology, not a lack of limitation on technological advance. >If medical devices are sold without ANY limitation, e.g. the requirement >that they be safe and effective, the result is unsafe equipment. >Improved testing technology isn't useful if there's no requirement to >use it. And "the market" is composed of people who have neither the >expertise to test the equipment before they consent to its use, nor (in >the case of someone's who's bleeding or in labor) the time. The market adjusts to these problems through the civil litigation system. A product is identified as potentially defective/dangerous and a law suit arises. Either the product appears to be responsible or not. The hospital is either responsible for not insuring that the emergency equipment is safe, or it isn't. The costs are ALREADY allocated in this example. Hospitals begin to look into their products with more care instead of relying on some FDA regulation that took 5 years to instate and is probably out of date. Do you think that FDA regulations are any less lagged? How many people have to die before the FDA passes a ban, or a regulation? And worse, how many people die because new products are kept in the wings for years? >> Genetically tampered food? Why is this dangerous? Have any evidence? >> Most of the livestock/crops you eat today have been altered in one way >> or another, be it selective breeding, low tech botanical splicing, or >> genetic/hormonal therapy. You see this as a regression? >In some cases, yes, I see problems in biotech. For example, hormones >used in cattle in high doses are known to cause tumors in women in low >doses. If the market is so faulty, how is it you have this information? In fact it was easy to get wasn't it? So you probably will watch out for hormone treated meat. Poetry in motion the market can be. Look, you did it without any regulation, and without paying 2000 federal employees between 25 and 90 thousand dollars a year. >Whether people would choose to eat hormone-treated meat is >debatable; I had thought that the right to make the choice was taken by >cypherpunks as an article of faith. Exactly. You have information, you are free to make your choice. If you're not a woman, you can eat all the meat you like and not fret over the study. Why? Because the federal government hasn't taken the meat away, or banned the use of hormones which increase the output of meat in certain cattle. >Without regulation on the >technology, even an innocuous labeling requirement, the right to choose >is taken away because consumers can't detect the difference between >hormone-treated beef and organic beef. I think Tim May put this best: T>Underwriters Laboratories, Good Housekeeping ("Seal of Appproval"), T>and Consumer Reports are better testers than any bureacrats in T>Washington, and they are private. Insurance companies have a strong T>interest in safe equipment, as do hospitals, doctors, and even T>patients. Indeed. Listen to yourself: "the right to choose is taken away because [Insert reason of the week here]" In your case it's because "consumers can't detect the difference between hormone-treated beef and organic beef." But you never explain how this is a function that is impossible to accomplish without federal government. Even worse, how do you reconcile this with your previous assertion that :"I had thought that the right to make the choice was taken by cypherpunks as an article of faith." Who is the blasphemer? In fact there is reason to believe the regulation you propose is more harmful than good. Institutions have a lifetime, a staying power if you will. This is why they are no good at setting technological regulation. FDA is a wonderful example of lag, lunacy and backwardness in standards setting. Tim May comments: T>What often happens with government-imposed standards is that some T>lobbying group decides that "cheese is good for you" and so gets T>cheese installed as one of the government-mandated "basic food T>groups." [...] >> You never make the distinction between regulation designed to promote >> and regulation designed to deter technological advance. >Technological advance is a means to an end. Regulations should properly >be about insuring the public welfare. While we might reasonably >disagree about what that welfare is, clearly technological anarchy >doesn't promote it. Not for all of us. Some of us believe the advance of technology is an end unto itself. So many things follow from the advance of technology, sometimes it's all you have to look at to make progress. The shortest distance between two points.... Often this argument reminds me of those who whine about free trade. They want protectionist tariffs. They point out that their backward business is going to be destroyed because some automaker elsewhere in the world is doing a better job, for less. So in the interest of making this special interest group happy, the market is disrupted and all cars are more expensive. The cheap manufacturer has trouble advancing to even greater heights and consumers get the short end of the stick to preserve.... what? Jobs. It's the same thing for technology. Why are the rest of us being held back from eating tomatoes twice the size at half the cost? Because: 1> Real tomato growers are powerful in politics 2> The FDA is a morass of paper and policy 3> The government has anything to do with the tomato market. Where did we lose the concept that you make money when you sell a good product for a good price? When did sympathy for special interest groups come into the picture? I'll tell you when, the 1930's. The result? Today the average citizen depends on government for over half his assets. HALF HIS ASSETS are government entitlements. Think about that very carefully. Soon they are going to be taking away your drivers license for all sorts of reasons. Do you think driving is a government entitlement? Well it is. Why? Because the government got the foot in the door. Today your car keys, tomorrow your crypto keys. >> Market forces are lathargic, sometimes they need a boost. I propose >> this boost be accomplished with motivators like tax breaks, market >> assisters and privatization. >Either the market works or it doesn't. You can't decry all government >regulation and then call for handouts to businessmen. I just can't agree. There are very few black and whites here. Stewart, Krier and Manell point out what are (IMHO) quite legitimate market failures and where intervention is warranted. 1> There has been a fairly liquid exchange and availability to consumers of information in the marketplace. 2> There are no restricted commodities 3> There are large numbers of buyers and sellers in the market. 4> There are no localized externalities. Even in these circumstances, there are many options for intervention, collectivization and regulation being THE LAST ONE ON THE LIST. Tim May: T>Government standards are a two-edged sword. Many of us would prefer to T>"opt out" of their idea of what's healthy and safe and what's not. And that's what real choice is all about. -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From nelson at crynwr.com Wed Oct 5 16:26:58 1994 From: nelson at crynwr.com (Russell Nelson) Date: Wed, 5 Oct 94 16:26:58 PDT Subject: Government vs. Markets In-Reply-To: <9410052253.AA29033@doom.intuit.com> Message-ID: From: chen at intuit.com (Mark Chen) Date: Wed, 5 Oct 1994 15:57:03 -0700 (PDT) It would be helpful if we could define the word "government." Is a government any organization of people, or is it any organization wherein some people hold coercive power over others? It's any organization that is allowed to have a monopoly on legitimate coercion. When the IRA collects taxes, and provides protection, that's thuggery. When the British Government does the same thing, that's perfectly fine. In either case, how are corporations different from governments? In the main, corporations persuade and governments force. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From sandfort at crl.com Wed Oct 5 16:40:35 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 5 Oct 94 16:40:35 PDT Subject: NYC MEETING Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NYC area C'punks, For those of you considering attending the meeting this Saturday, I forgot to mention two things. The Stantons have cats, and smoking is permitted in designated areas only (*outside* their apartment). You gotta problem with that? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From chen at intuit.com Wed Oct 5 17:17:01 1994 From: chen at intuit.com (Mark Chen) Date: Wed, 5 Oct 94 17:17:01 PDT Subject: Government vs. Markets In-Reply-To: Message-ID: <9410060016.AA29551@doom.intuit.com> I wasn't sure whether to respond to this message, or your other one, which admonished that this is off-topic. nelson at crynwr.dom writes: > From: chen at intuit.com (Mark Chen) > Date: Wed, 5 Oct 1994 15:57:03 -0700 (PDT) > > It would be helpful if we could define the word "government." Is a > government any organization of people, or is it any organization > wherein some people hold coercive power over others? > > It's any organization that is allowed to have a monopoly on legitimate > coercion. When the IRA collects taxes, and provides protection, > that's thuggery. When the British Government does the same thing, > that's perfectly fine. And within the scope of their operations - among their employees - corporations have a monopoly on the means of economic coercion (forgive me if I omit your editorial use of the word "legitimate"). They have exclusive control over livelihoods. > In either case, how are corporations different from governments? > > In the main, corporations persuade and governments force. So maquiladora workers are "persuaded" to work twelve hours a day for fifteen cents an hour. Salvadoran workers are "persuaded" (at gunpoint) to contribute to the welfare of their latifundista benefactors for either a handful of beans or nothing at all. Similarly, I am "persuaded" to contribute my labor to the designs of my employer - truly, because if I don't like it, I can leave. Perhaps your will elaborate your assertion. -- Mark Chen chen at netcom.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From merriman at metronet.com Wed Oct 5 17:21:25 1994 From: merriman at metronet.com (David K. Merriman) Date: Wed, 5 Oct 94 17:21:25 PDT Subject: Government vs. Markets Message-ID: >"Be very afraid, the Flavor Savor(tm) tomatoes are going to kill us >all!" > Um, Attack of the Killer Tomatoes? :-) Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From ogd at selway.umt.edu Wed Oct 5 17:27:52 1994 From: ogd at selway.umt.edu (ozymandias G desiderata) Date: Wed, 5 Oct 94 17:27:52 PDT Subject: NYT Libertarian News In-Reply-To: <199410051416.KAA11094@pipe3.pipeline.com> Message-ID: <9410060027.AA17261@selway.umt.edu> Speaking as someone who's been forced to experience far too much of Bo, _I'd_ ridicule Bo Gritz if I were on the NYT editorial staff. If you ever get a chance to see him speak live, do it. He's definitely the Real Deal. Conspiracy theories, thinly veiled racism, violence poking from everywhere -- why is this kind of personality so attracted to Idaho? I wouldn't even refer to him as a libertarian. He's very much into family values / universal military training / trade protection for United States industries. He falls very close, ideologically, alongside the state "militias" out in this part of the country. Those groups also profess libertarianism while also advocating extremely draconian Christian social programs. "I LOVE TO SUBMIT TO MY HUSBAND" -- Button seen on a local proselytizer's wife ozymandias G desiderata From karn at qualcomm.com Wed Oct 5 18:17:11 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 5 Oct 94 18:17:11 PDT Subject: It's MEME time!!! In-Reply-To: Message-ID: <199410060117.SAA17073@servo.qualcomm.com> >Very good. If I could offer one minor change, how 'bout: > Dorothy Denning? Clip 'er! >No intent to nitpick on my part. I think they're all deserving >of meme-hood. They would make darn fine bumpersticker copy, too. Uh, how come we can't stick to attacking the message, rather than the messenger? Phil From amanda at intercon.com Wed Oct 5 18:22:51 1994 From: amanda at intercon.com (Amanda Walker) Date: Wed, 5 Oct 94 18:22:51 PDT Subject: Government vs. Markets Message-ID: <9410052122.AA32506@elfbook.intercon.com> > In the main, corporations persuade and governments force. I don't see so much of a difference. There is very little difference in the nature and methods of governments vs. corporations. A government can usefully be viewed as a corporation engaged in the business of public services. It's simply a geographical monopoly, as are many public utilities. Amanda Walker InterCon Systems Corporation From rcromw1 at gl.umbc.edu Wed Oct 5 18:23:31 1994 From: rcromw1 at gl.umbc.edu (Ray Cromwell) Date: Wed, 5 Oct 94 18:23:31 PDT Subject: Government vs. Markets In-Reply-To: <9410060016.AA29551@doom.intuit.com> Message-ID: <199410060123.VAA11108@umbc9.umbc.edu> -----BEGIN OF PGP DECRYPTED TEXT----- Mark Chen writes: > I wasn't sure whether to respond to this message, or your other one, > which admonished that this is off-topic. > nelson at crynwr.dom writes: > > It's any organization that is allowed to have a monopoly on legitimate > > coercion. When the IRA collects taxes, and provides protection, > > that's thuggery. When the British Government does the same thing, > > that's perfectly fine. > And within the scope of their operations - among their employees - > corporations have a monopoly on the means of economic coercion > (forgive me if I omit your editorial use of the word "legitimate"). > They have exclusive control over livelihoods. What is "economic coercion"? Within the scope of schools, teachers have a "monopoly" on the means of educational coercion. Within the scope of church, preachers have a "monopoly" on the means of religious coercion. Within the scope of the home, parents have a "monopoly" on the means of parental coercion. Are you seriously suggesting that any of these structures even compare to a government? Do you know what a monopoly is? You analogy doesn't hold water. It's like saying "within the scope of the people who patronize my store, I have a monopoly." Typical of socialists, they are unfamilar with economics and resort to semantic games. A monopoly is defined by (1) one seller, many buyers, and (2) restriction on entry. Unless a corporation has a monopoly on its market, it exists within a job market as one of many sellers. So unless your skills are very specialized and *only* that corporation supplies jobs needing that skill, in no sense does a corporation have exclusive control over livelihoods. However, specializing in a skill that not many people want to buy is as much your fault anyway. Finally, one doesn't have to work for a corporation anyway, it's a red herring. There are 4 million corporations in this country but 14 million small businesses. Trying to let governments off the hook because one can "move elsewhere" doesn't let them off the hook. For one thing, it ignores the fact that some governments *prevent* you from moving elsewhere (whereas, no corporation in a free market has the legal authority to stop you from quitting). Secondly, it ignores the transaction cost differences between switching jobs and switching countries. Third, barrier to entry is extraordinarily high -- try starting your own government vs starting your own corporation. Finally, there are 19 million businesses in this country to choose from, whereas there are only a handful of countries to move to. Governments have an oligopoly on countries. > > In either case, how are corporations different from governments? > > > > In the main, corporations persuade and governments force. > So maquiladora workers are "persuaded" to work twelve hours a day for > fifteen cents an hour. Salvadoran workers are "persuaded" (at I thought it was 49 cents an hour, however, no one ever accused a socialist knowing the facts. BTW, what's the cost of living in maquiladora. You know that comparing wages between different areas without purchasing power corrections is nonsense, don't you? > gunpoint) to contribute to the welfare of their latifundista > benefactors for either a handful of beans or nothing at all. If they're forced via guns, it isn't exactly a free market isn't it? Actually, it sounds like state socialism. > Similarly, I am "persuaded" to contribute my labor to the designs of > my employer - truly, because if I don't like it, I can leave. Then why don't you? What's stopping you from working for yourself? If you don't like the services your employer is providing you (workplace, tools, investment management, capital contributions, etc) and you don't have the ambition or skills to work for yourself, stop whining. If you have any computer skills at all, you can work for yourself without a large amount of capital. My sister got her CS and degree, did some consulting for a consulting firm, and after she aquired the skills, she quit and started doing her own consulting. She now works from home. In most small businesses, the workers are near partners with the management (and often earn equivalent wages) > Perhaps your will elaborate your assertion. Simple: businesses are not governments. There is very little common ground between them. Governments operate by force alone, governments can prevent you from leaving, a business in a free market can't. You can found your own business, you can't found your own government. Businesses operate by selling products to people who voluntarily buy them. Governments operate by stealing your money at gunpoint. From khijol!erc Wed Oct 5 19:23:53 1994 From: khijol!erc (Ed Carp [Sysadmin]) Date: Wed, 5 Oct 94 19:23:53 PDT Subject: It's MEME time!!! In-Reply-To: <199410060117.SAA17073@servo.qualcomm.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > >Very good. If I could offer one minor change, how 'bout: > > > Dorothy Denning? Clip 'er! > > >No intent to nitpick on my part. I think they're all deserving > >of meme-hood. They would make darn fine bumpersticker copy, too. > > Uh, how come we can't stick to attacking the message, rather than the > messenger? Because in this case, the messenger is an integral part of the message. - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning" -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpNWDyS9AwzY9LDxAQG0kAP+Iw/gJZHzpup+qe12I27w7W08Ftqz4XHH L+rZy7BiibNFK5PN54aRlpJFHX3Ho+MyOobOcZZxchu5usjLvGaqaukBmTLZ3/WN 83QjmJ4GGl/3RtaDmHCpV7iRCTiTc3W1272xz6XhdDMUXlEhNUz6fY56Mh+DbV9g 4fci6FbYCCk= =kncn -----END PGP SIGNATURE----- From warlord at MIT.EDU Wed Oct 5 19:29:28 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 5 Oct 94 19:29:28 PDT Subject: Nom de guerre public key In-Reply-To: Message-ID: <9410060229.AA15700@toxicwaste.media.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- To: franl at centerline.com (Fran Litterio) cc: cypherpunks at toad.com Subject: Re: Nom de guerre public key In-reply-to: Your message of "05 Oct 1994 13:31:42 GMT." - -------- > key's owner). Sure signatures bind the userid to the key, but what > good is that to third parties if they can't be sure that the userid > accurately names the person who possesses that key? What is in a name? A name is just a convenience with which one can identify some object/entity/etc. "Pr0duct Cypher" is as much a valid name as "Derek Atkins". The fact that some entity can produce some United States Government paperwork that says that the US Govt believes that this person "exists" is irrelevant in this discussion. The fact that I can certify that "This Public key belongs to the identity Pr0duct Cypher" is _all_ that a key signature says. > When I meet you in person to hand you my key fingerprint, won't you > require me to identify myself in order that you can be sure the name > in the userid of my key is also the name of the person you are > meeting? If you do, then you will have just validated the binding > between userid and real person. This is a humanly-applied set of restrictions. I have in the past signed keys for people whom I haven't met in person; my personal requirements for signing keys do require out-of-band authentication, however. Yet PGP does not impose this restriction. I could create an identity (call him Mr. X), and Mr. X could start to sign keys based upon continuous communication. For example, Mr. X could encrypt a message to some other pseudosym, and ask them to sign the message that was encrypted to them and send it back. Since only the owner of the key can both read it and sign it, and since Mr. X only sent this to a single person (and included some identification string), Mr. X could know, with marginal doubt, that this key belongs to this identity -- even without ever meeting this person and without ever needing to talk to a real person. > entity. Because the entity is unwilling to prove to me that there is > a single real person who possesses the private half of his key. This is fine -- you don't have to sign pseudonymous keys. That is your perogative. That doesn't mean that there aren't cases where signing a pseudonym's key is the right thing to do. > I don't like the idea of an automaton possessing or signing PGP keys. > People sign other people's keys because only people have the need to > trust other people. Automatons don't need to trust and they are not > the direct targets of trust. So what you are saying is that you don't see any reason for a server to be able to authenticate itself or for someone to be able to send a message to a server? You don't believe that there could be a PGP-telnet? If this is what you believe, then you have a very short-sighted view of the world. A server needs to trust that a person is allowed to log into it, or that a client is allowed to use the service it provides. As such, it is vital that the server be able to authenticate to the client as much as the client needs to authenticate to the server. This requires that the server itself maintain a key. > This is the objection I had to Phil's > signing of the Betsi public key. As an automaton, Betsi is only as > trustable as its human authors and adminstrators. Yet Phil doesn't > know who those people may be in five or ten years. Yes, people change > over time too, but not as quickly or as radically as an automaton can. > It's too easy to subvert an automaton for me to ever sign an > automaton's PGP key. This is the point I am trying to make. When I sign a key, I do not say ANYTHING about how that key will be used -- I am only saying that I know that that key is what it claims to be. I know that this key belongs to this user, this name, this email-address, this server. I don't know that if I sign your key you will then use it to send threatening email to president at whitehouse.gov. And personally, I don't care -- that shouldn't be a consideration in my signing your key. Phil signed the Betsi key because to his knowledge that key really belonged to the Betsi server. Just like I will sign the MIT PGP Keysigner key because I will know that it belongs to that identity. As to how much trust I put in these keys to sign other keys is a determination that I make orthogonal to the question of signing the key. I happened to write the keysigner software, so I know what it will do -- but that is me -- you don't have to trust it if you don't want to. I think the problem here is that you are combining a number of orthogonal decisions into a single one. These decisions are: 1) trust in userID to sign a key 2) trust in that key to sign others 3) trust in the usage of that key. These are distinct for a reason, and should be kept that way. If you want to lump them together, that is your perogative, but that is not something that can be, or should, be enforced. - -derek -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBuAwUBLpNg7zh0K1zBsGrxAQGETQLECyKXVFNnai1otoSH3IMungYtXqR+y4gj LFyIa0iIhMgTMYI0tCFs4RmG3pwO83qCoaLRbGdJ5IpjbepqbUHKDwFm0AB7Z43I x2s2A+HjqTtEu5XaNV1qGvg= =4urS -----END PGP SIGNATURE----- From jkreznar at ininx.com Wed Oct 5 19:49:15 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 5 Oct 94 19:49:15 PDT Subject: Government vs. Markets In-Reply-To: <9410052253.AA29033@doom.intuit.com> Message-ID: <9410060248.AA14934@ininx> -----BEGIN PGP SIGNED MESSAGE----- chen at intuit.com (Mark Chen) writes: > If it is argued that > corporations are different because, as an employee of a corporation, I > am free to terminate my employment contract and to enter a contract > with a different corporation, then it can also be argued that, as a > citizen of the U.S., I am free to terminate my citizenship and assume > citizenship in another country. - From the frying pan into the fire? Why assume another? Why not drop your U.S. citizenship and be done with it? Can't be done you say? (*) Then this is a significant difference between terminating employment and terminating citizenship. Employees regularly terminate and go it alone forever after. (*) You may be right. Their statute may not provide for citizenship termination unless you first go to a place over which they don't claim jurisdiction. Good reason to never affirm that citizenship in the first place. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLpNkysDhz44ugybJAQF9CQP/fdh3P4YYy4gvvm6kE8JkQmy4IkCQTxfd Jqg6m95fZokW28hmd8ogPa6wlcyr6qvWWrL9wb+7IMNf34BhV+8KJK/2tsgM496o PEruV31ucpbLNa97o81keZcp3F0gJeNjZiZO+1fl20R0ZvGmc3zArPsBebN24rJQ LRReyyIZ4Bs= =A9ZC -----END PGP SIGNATURE----- From jthomas at access.digex.net Wed Oct 5 19:51:17 1994 From: jthomas at access.digex.net (Joe Thomas) Date: Wed, 5 Oct 94 19:51:17 PDT Subject: Nom de guerre public key In-Reply-To: Message-ID: On 5 Oct 1994, Fran Litterio wrote: > > That's part of it, but the more important binding created by a > > signature is the binding between the userid and the real person. > > Without that binding, the binding between the key and the userid is > > useless. > > I would not sign a pseydonymous entity's key based soley on the > reputation of the entity. How do I defend against a man-in-the-middle > attack -- how do I know I'm not signing the middle-man's key instead > of the entity's key? > I'm all in favor of pseudonymous entities building reputations, but I > think that the price of pseudonymity is the inability to be part of a > PGP-like Web of Trust. I probably ought to get out of lurk mode here, since my signature can be found on the key of one of the more prominent pseudonyms on the list, Black Unicorn. I met Uni briefly at one of the (two) D.C. area cypherpunks meetings, last spring. I didn't check his ID. For all his reluctance to give his name here, he did, as I recall, attempt to give it at at the meeting. (Pat Farrell was trying to draw a seating chart so we'd know what to call each other, but he had trouble spelling Uni's name.) I guess it could have been an impostor at the meeting, but enough of the details seemed to match up that I didn't have any doubts about him. And I've probably got enough information from his posts, and my hazy recollection of his first name, to find out who he is, if I felt like it. I guess my point is that key signing doesn't always fit into one particular category, one that requires a drivers license or passport. That (or personal knowledge of the person) is the most secure method for keys that are clearly bound to a specific person, but it's not the only way things are done. Joe From cactus at bb.com Wed Oct 5 20:15:55 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 5 Oct 94 20:15:55 PDT Subject: Government vs. Markets In-Reply-To: Message-ID: <36vqd9$1vi@bb.com> >>"Be very afraid, the Flavor Savor(tm) tomatoes are going to kill us >>all!" >> > >Um, Attack of the Killer Tomatoes? Screw that. Grow your own (I do -- and if I can, in Midtown Manhattan, then damned near anybody can). -- L. Todd Masco | Ingredients: red, blue, and green quarks, six varieties of cactus at bb.com | gluons, electrons. Some settling may occur in shipping. From cactus at bb.com Wed Oct 5 20:18:33 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 5 Oct 94 20:18:33 PDT Subject: crypto game idea In-Reply-To: <9410052026.AA21579@bilbo.suite.com> Message-ID: <36vqim$236@bb.com> Wasn't somebody working on a card-protocol about 6 months ago? What happened to it? (Or is it rude to ask?) -- L. Todd Masco | Ingredients: red, blue, and green quarks, six varieties of cactus at bb.com | gluons, electrons. Some settling may occur in shipping. From hughes at ah.com Wed Oct 5 20:51:11 1994 From: hughes at ah.com (Eric Hughes) Date: Wed, 5 Oct 94 20:51:11 PDT Subject: ANNOUNCE: SF Bay Area Physical Meeting 8 Oct 94 Message-ID: <9410060303.AA08117@ah.com> What: SF Bay Area Physical Cypherpunks Meeting When: Saturday, 8 Oct 94 12:00 noon - 6:00 p.m. Where: Silicon Graphics, Mt. View (directions below) (Provisional) Theme: Intellectual "Property" Mark Hosler of Negativland will be our (provisional) guest. He's told me he's planning on showing, but I've not been able to confirm with him in the last few days. For those of you who don't know what Negativland is, they're a music group who got into a fracas with Island Records and their own label SST over a recording Negativland did entitled "U2". Mark/Negativland have a new book coming out called _Fair Use_, which is a complete history of the whole affair with both commentary and a complete set of primary source documents. Our theme, therefore, will be intellectual property, information distribution, sampling, etc., with, of course, applications to cryptography. We will also, as always, welcome and expect topics and presentations from the attendees. If you've got something you want to present, you've got the time here. If you've got something you want to discuss, you can have the floor to lead a discussion of it. All are welcome, whether or not you've ever been to a cypherpunks meeting before or not. Eric ----------------------------------------------------------------------------- DIRECTIONS: Silicon Graphics, Inc. Building 5 (SGI Cafeteria) 2025 North Shoreline Boulevard Mountain View, CA >From 101 take Shoreline East. This is towards Shoreline Amphitheatre. It's also "logical east", and points more north that east. (That is, it's east with respect to 101 North, which points west near the exit.) If you're coming in on 101 South, you'll cross over the bridge. Continue on Shoreline and go past a whole bunch of other SGI buildings. Turn right onto Steirlin Court at the big red metal sculpture. There will be even more SGI buildings surrounding you--take note of the building numbers. Go almost to the end of this street. Building 5 is on the right. From prig0011 at gold.tc.umn.edu Wed Oct 5 21:43:03 1994 From: prig0011 at gold.tc.umn.edu (prig0011 at gold.tc.umn.edu) Date: Wed, 5 Oct 94 21:43:03 PDT Subject: IRC Encryption Message-ID: <2e9376864430002@gold.tc.umn.edu> There was a thread a while back about encrypted conversations on channel #freedom on irc. I came across the software I believe they are using. Its a package called Circ, and it is available from archives of comp.sources.misc volume 38 issue 10. It is interesting in that it uses RSA for key exchange, and triple DES for the encryption. The Circ package includes an earlier implementation "socks" which is a stand alone encrypted irc client. I think this is what they use on #freedom. This is an interesting tool for a couple of reasons. irc can be as anonymous as you want to make it. There are ways of hiding what site you're coming from, your real username, you can change your nick often as you want, and it's got a high enough usage that you can lose yourself in a crowd. It supports background file transfers. You can create a channel and lock it to uninvited people. It is supported pretty much net-wide, if you can telnet, you can irc. Interesting stuff, and I'll be playing more with it in the near future. BTW: my nick is cryptical on irc. :) From karn at qualcomm.com Wed Oct 5 22:16:24 1994 From: karn at qualcomm.com (Phil Karn) Date: Wed, 5 Oct 94 22:16:24 PDT Subject: It's MEME time!!! In-Reply-To: Message-ID: <199410060516.WAA17295@servo.qualcomm.com> >> Uh, how come we can't stick to attacking the message, rather than the >> messenger? >Because in this case, the messenger is an integral part of the message. I disagree. How do you react when you see an attack ad on TV. Does it really want to make you vote for the sponsor? Or does it make you wish they'd BOTH crawl off and die somewhere? After watching just a little of the Huffington vs Feinstein Senate campaign here in CA, I know how *I* feel. We definitely have the upper hand on this issue. Dorothy Denning may be a naive pawn of the government. She may hold beliefs that appall the rest of us. She may have lost whatever credibility she had in the crypto community by her position. But I still prefer to attack that position and the (il)logic behind it rather than to resort to attacking the person expressing it. Especially when the argument itself is almost a no-brainer. Phil From nowhere at chaos.bsu.edu Wed Oct 5 22:24:10 1994 From: nowhere at chaos.bsu.edu (Chael Hall) Date: Wed, 5 Oct 94 22:24:10 PDT Subject: REMAIL: Chaos remailer statistics Message-ID: <199410060526.AAA16609@chaos.bsu.edu> Chaos remailer statistics from 12:38am 08/24/94 through 11:59pm 10/05/94: Total Messages msgs per day Percent ------- ------- ------- To/From CA domain: 46 1.1 1.69 To/From COM domain: 818 19.2 30.00 To/From EDU domain: 2130 50.1 78.11 To/From GOV domain: 3 0.1 0.11 To/From ORG domain: 326 7.7 11.95 To/From US domain: 381 9.0 13.97 Forbidden (includes anXX at anon.penet.fi) 8 0.2 0.29 Total messages processed: 2727 64.1 Note that the percentages will not add up to 100% because anything that crosses over, for example, the EDU to ORG line will show up in both categories. Average messages per month would be in the area of 1923. If you find this useful, let me know. I will put it into a script and have it auto-posted... Maybe. Chael -- Chael Hall, nowhere at chaos.bsu.edu From ecarp at netcom.com Thu Oct 6 00:03:22 1994 From: ecarp at netcom.com (Ed Carp) Date: Thu, 6 Oct 94 00:03:22 PDT Subject: It's MEME time!!! In-Reply-To: <199410060516.WAA17295@servo.qualcomm.com> Message-ID: <199410060656.XAA14819@netcom5.netcom.com> -----BEGIN PGP SIGNED MESSAGE----- > >> Uh, how come we can't stick to attacking the message, rather than the > >> messenger? > > >Because in this case, the messenger is an integral part of the message. > > I disagree. How do you react when you see an attack ad on TV. Does it > really want to make you vote for the sponsor? Or does it make you wish > they'd BOTH crawl off and die somewhere? After watching just a little > of the Huffington vs Feinstein Senate campaign here in CA, I know how > *I* feel. > > We definitely have the upper hand on this issue. Dorothy Denning may > be a naive pawn of the government. She may hold beliefs that appall > the rest of us. She may have lost whatever credibility she had in the > crypto community by her position. But I still prefer to attack that > position and the (il)logic behind it rather than to resort to > attacking the person expressing it. Especially when the argument > itself is almost a no-brainer. I think the reason people attack the messenger is because people in the government listen to her, and I for one am exasperated beyond words to know that my government is paying attention to such an idiotic scheme, and (BTW) violating every known law of security to do so. Denning, in a very real sense, represents the attitudes of the NSA and the people controlling this whole scheme and trying to foist it off onto people. Is she such an idiot that she actually *believes* the nonsense she spouts? Is it wrong to suspect her motives, her judgement, her common sense, in backing such a proposal? - -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpOfpiS9AwzY9LDxAQExvwP9GXQ107W3o1XzbSv/7oV9/OJ8iJbUmYL5 ckB5y2NJ//NaFbEGF2P/muf+VN8ypIhniRqm267mEQIJVLqP5C6SIS11JZJnglsS zjLlIEJuv+xmG6BYJyHVbC8ShIweYPtLlkGg5KQSmYmN/MjDpBJ3wDoLARM1xUoL 1MPxVn0W8jU= =j5xg -----END PGP SIGNATURE----- From mccoy at io.com Thu Oct 6 00:48:23 1994 From: mccoy at io.com (Jim McCoy) Date: Thu, 6 Oct 94 00:48:23 PDT Subject: crypto game idea In-Reply-To: <9410052026.AA21579@bilbo.suite.com> Message-ID: <199410060748.CAA10550@pentagon.io.com> Jim Miller writes: > > Crypto-Magic: The Gathering [making an online version of the game using crypto tools...] > > I haven't thought about this beyond what I've just described, but it seems > like a promising idea. Somebody could probably make money at it, if they > wanted to. Too bad I'm to busy. Don't worry, someone is already working on it... :) You will probably see an online version of the "soon to finish printing and finally ship so now we can have a life again" Illuminati: New World Order game first. Depending on how long it takes to get Wizards of the Coast interested (they are tight with SJGames so it should not take long) an online version of Magic may be on a web server by the end of the year. jim, sysadmin and crypto-hacker of the Illuminati... From tcmay at netcom.com Thu Oct 6 01:04:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 6 Oct 94 01:04:10 PDT Subject: Demonizing Denning In-Reply-To: <199410060516.WAA17295@servo.qualcomm.com> Message-ID: <199410060803.BAA06601@netcom6.netcom.com> Phil Karn wrote: > We definitely have the upper hand on this issue. Dorothy Denning may > be a naive pawn of the government. She may hold beliefs that appall > the rest of us. She may have lost whatever credibility she had in the > crypto community by her position. But I still prefer to attack that > position and the (il)logic behind it rather than to resort to > attacking the person expressing it. Especially when the argument > itself is almost a no-brainer. I agree with Phil. I don't have much respect for Dorothy Denning's views, feeling she has sold out to the Beltway mentality, but I can't see the point of demonizing her, any more than I can see the point of demonizing Jim Bidzos or Mitch Kapor, or lionizing Phil Zimmermann. (Before you grep your archives and gleefully rebut me, I did at one point call her "the wicked witch of the East." But this was a result of overenthusiastic punning, and some anger. I haven't had any opportunity to deal with her in the past couple of years, but I'd like to keep that option open, and not foreclose it with vicious insults. Attack the postion, not the woman, as they might say.) Practically speaking, a bumber sticker saying "Denning--Clip her" might be understood by as many as one out of ten thousand of those who read it....not a very convincing meme. (Yes, "crypto anarchy" is equally arcane, vaguely disturbing, and equally unconvincing...but I'm not sporting a bumper sticker on this, nor do I expect to convert the masses.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From samuel.kaplin at warehouse.mn.org Thu Oct 6 01:28:13 1994 From: samuel.kaplin at warehouse.mn.org (Samuel Kaplin) Date: Thu, 6 Oct 94 01:28:13 PDT Subject: BIRD BRAINS Message-ID: <9410060325432199@warehouse.mn.org> -----BEGIN PGP SIGNED MESSAGE----- :the bomb's aim. Just before the bomb hit, the pigeon would :parachute to safety. (I made that last part up.) Could you imagine the ruckus if we were to try to implement something like this today? P.E.T.A would have a stroke!! They already are in a snit over the Navy's use of dolphins. Me, I just can't equate an animals life to a human life...use the animal, save a human. I wonder if we could create an Enigma machine based on biological organisms. Genetically alter something to act as an encryption machine. Hmmm..... ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin at warehouse.mn.org | 75240,131 at compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAgUBLpOOmApnimeWAf3FAQF4HwP8C62qhT7VnMdmUjW2TgiDpKXTghd49Jss DqBEYcuK2QqIOZCYHJMyQMmsQD+JKZAsjstf/IaneGZvERHRCbvi361pB/2I6Onw 0kCk9K2DZ/b77H9HB2F2t0nDnGtqu2th1419Y+WaX0Kxof3xMzER2ScFIisxVLnR lNL98Oo+lCQ= =OKTA -----END PGP SIGNATURE----- From samuel.kaplin at warehouse.mn.org Thu Oct 6 01:28:17 1994 From: samuel.kaplin at warehouse.mn.org (Samuel Kaplin) Date: Thu, 6 Oct 94 01:28:17 PDT Subject: NYT Libertarian News Message-ID: <9410060325442201@warehouse.mn.org> -----BEGIN PGP SIGNED MESSAGE----- : I wouldn't even refer to him as a libertarian. He's very much :into family values / universal military training / trade protection :for United States industries. He falls very close, ideologically, :alongside the state "militias" out in this part of the country. Those :groups also profess libertarianism while also advocating extremely :draconian Christian social programs. He's also a crook. After his foray into Southeast Asia he went into the treasure hunting business. He defrauded the widow of a man who had been hunting for this one treasure. (Forgive me for the sketchy details, this was on a show on the Discovery channel about 2 years ago. I believe the show was "The Treasure Hunters." Took her for all of her money "continuing the hunt" and never really did anything. On second thought he might just fit in in Washington. He can pal around with Ollie North. They would probably have a blast at one of Packwoods' or Kennedy's parties. ;) - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAy5pUekAAAEEAKrDj64Zj9AJU+gC7/Ivdk8b1ef6a1T9K5CGFeu1yFDSXLyD DLIdGunZR/4ilosLMxdlZcNqPwZ3HgxL+Gk3y2SwYfqKpeWExWPgb696lgzf2BRC tED15ZAwi3UDIkcouv2PBiDwPNUUmnLb5diDXdA3qtALb+XzlwpnimeWAf3FAAUT tCFTYW11ZWwgS2FwbGluIDwrMSAoNjEyKSA1MzAtNzMxNj6JAJUCBRAuaVLjQqfV nzRSzxkBAcXuA/47yIN+sltMyIRqCgUZz/gubdI6LUcpFsTcXsFWppROpAWFPJv0 J9z/UoP1kjJ+nrAAizuKuhmC5eg5OOxUE+tUgSPl6hAtu2xJYmKtCbQpxF0sG8ni 4e8I8Zsk5vcopO5Vub96CiVgPjI5vITCb32kcLKI1yyFaztbHdtOasUthrQuU2Ft dWVsIEthcGxpbiA8c2FtdWVsLmthcGxpbkB3YXJlaG91c2UubW4ub3JnPg== =J2S+ - -----END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin at warehouse.mn.org | 75240,131 at compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAgUBLpOOwQpnimeWAf3FAQFPygQApAf+E+2obEbbNJPQzOTbhzSzB0F6YZKz VzjbgNO3knffXlCS5rILhzSOQU8oxmYK7iiBIeRkhVTvvI1JWm6XtsPVN5fZt1eQ UiOh4H02tS2Hp48PSpi7zZlKK2O2GUgzW8n0UdJyI9UtUtpWA9QorRoH4d5FrJpQ BsKn5AteNkI= =TTmB -----END PGP SIGNATURE----- From prz at acm.org Thu Oct 6 02:35:12 1994 From: prz at acm.org (Philip Zimmermann) Date: Thu, 6 Oct 94 02:35:12 PDT Subject: Key Forfeiture, not Key Escrow Message-ID: The Government seems to choose its terminology carefully in cases where that terminology can affect the politics of a situation. I suggest that we start referring to key escrow as "key forfeiture". Philip Zimmermann From jf02 at stirling.ac.uk Thu Oct 6 02:52:53 1994 From: jf02 at stirling.ac.uk (Jonathon Fletcher) Date: Thu, 6 Oct 94 02:52:53 PDT Subject: Remailers in the uk papers Message-ID: <9410060950.AA00351@forth.stir.ac.uk> Today's OnLine in the Guardian (techy bit every thursday) has an article on anonymous remailers. It's not bad, nice introduction to the concepts, listing of some remailers (penet, the hacktic crowd, soda), a little practical instruction for the use of vox.hacktic (what headers to put in and how to delimit them). It introduces chaining, so mailings can be "super-secure". Quite a pro-remailer article - it's nice to read something like this in a public forum. There's a section on Julf and the amount of traffic that get's passed through penet, as well his address in case the reader wants to help sponsor (or donate something) a faster machine and a better connection to make it run faster. As a small quote, the last three sentences read: "Anonyous remailers can be fun, but try not to react like a child with a new toy. Use these services responsibly. Remember, some people need them badly" - OnLine, the Guardian, October 6th, 1994 The author is "Steve Harris " -Jon -- Jonathon Fletcher. j.fletcher at stirling.ac.uk WWW Home Page: http://www.stir.ac.uk/~jf1 From remailer at chaos.bsu.edu Thu Oct 6 04:07:23 1994 From: remailer at chaos.bsu.edu (Anonymous) Date: Thu, 6 Oct 94 04:07:23 PDT Subject: No Subject Message-ID: <199410061109.GAA24320@chaos.bsu.edu> -----BEGIN PGP SIGNED MESSAGE----- - ---- Ignore any slobber between above and the PGP line. I just obtained a copy of Doug Floyd's data haven code. I am working on a workable implementation. The address of the data haven will be put on the list as soon as I make SURE the stuff is reliable. Until commands are finalized, they will not be revealed. When the site is up, please don't store much as I do not have that much disk space, and ENCRYPT your files. I fear that someone will send me some stuff that is very illegal, and leave it in the clear. So, I will try to see what is sent, and possibly post it if its not encrypted with something. Heck, use crypt or something better than rot13. I hate to appear as a snooper about people's files, but when this is up, I will demand encryption to protect my DH, and your stuff. PGP is easily available, use it, or DES, or crypt if you live on the dangerzone. Sorry for my prattling, but I am new to this. PS: Doug, use cb. Your code smells like a ten year old dead turkey with its looks. At least its relatively bug-free, and does the job well. Another thing, should you use SHA instead of MD5 for hashing? SHA has more bits, and there is a less chance for two files to collide. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLpOhhf8zicXJ5vudAQEk1QP8CG+JmzMPnrjRMPzomt/yWvWfWUwQktgS UXwTkLocL5+KkD3/0OHaZ8Eg3jWZnm9D4oPOhBljJX/yOBa7/5opN9nDwUeAmDOs +ULyrEEpfehmrit8wAQcVHvwtQdxaUz8Sg6XRWd0QOOCs71MmLx9JCxR2p2fJyin GPQ9djI7NIU= =1I2L -----END PGP SIGNATURE----- From hughes at ah.com Thu Oct 6 04:57:19 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 6 Oct 94 04:57:19 PDT Subject: data havens and operator protection In-Reply-To: <199410061109.GAA24320@chaos.bsu.edu> Message-ID: <9410061116.AA08908@ah.com> When the site is up, please don't store much as I do not have that much disk space, and ENCRYPT your files. I fear that someone will send me some stuff that is very illegal, and leave it in the clear. I'd suggest that you test for various entropies of distribution, and reject anything that doesn't look random. I'd also suggest testing for various magic numbers such as for compressed files (various formats) and executables. Either you should concern yourself _and_ do something about it, or not. Worrying about it and not preventing what you are concerned about is silly. Eric From hughes at ah.com Thu Oct 6 05:04:39 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 6 Oct 94 05:04:39 PDT Subject: crypto game idea In-Reply-To: <9410052026.AA21579@bilbo.suite.com> Message-ID: <9410061124.AA08922@ah.com> These constraints imply there is some bank-like agency that creates and signs "official" game cards. Cards are a conserved quantity, and digital money protocols apply to any conserved quantity. You would need one currency for each card type. Another interesting thing about MTG is that since each player has a separate deck, and not a single shared deck, all the problems of dealing out of a shared deck are gone. In fact, you can play the game entirely with one-way functions, I'm pretty sure. Eric From nelson at crynwr.com Thu Oct 6 06:37:21 1994 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 6 Oct 94 06:37:21 PDT Subject: Government vs. Markets In-Reply-To: <9410052122.AA32506@elfbook.intercon.com> Message-ID: Date: Wed, 5 Oct 1994 21:22:32 -0400 From: Amanda Walker Cc: cypherpunks at toad.com Content-Disposition: Inline > In the main, corporations persuade and governments force. I don't see so much of a difference. There is very little difference in the nature and methods of governments vs. corporations. Yes, RSA forces us to use their public key encryption or no other. But who lets them do that? The government. Corporations always want the government to give them a monopoly. How much easier not to compete! Most of the evil that corporations do is in collusion with governments. Purportedly, AT&T had to be incentivized to make Clipper phones. A government can usefully be viewed as a corporation engaged in the business of public services. It's simply a geographical monopoly, as are many public utilities. A geographical monopoly with *guns*, and a mandate from the masses to use them. I can't say that I've ever seen a Niagara-Mohawk or NYNEX tank. -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From rfb at lehman.com Thu Oct 6 07:12:43 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Thu, 6 Oct 94 07:12:43 PDT Subject: Richard Stallman of GNU on Tcl (crypto reference) In-Reply-To: <199410051935.PAA02275@hermes.bwh.harvard.edu> Message-ID: <9410061411.AA26533@cfdevx1.lehman.com> From: Adam Shostack Date: Wed, 5 Oct 94 15:35:06 EDT "Perl. The only language that looks the same before and after RSA encryption." This must have come from someone unfamiliar with TECO . . . . Rick From perry at imsi.com Thu Oct 6 07:19:23 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 6 Oct 94 07:19:23 PDT Subject: Demonizing Denning In-Reply-To: <199410060803.BAA06601@netcom6.netcom.com> Message-ID: <9410061418.AA00586@snark.imsi.com> I agree with Tim and Phil very strongly. Ad hominem attacks are never justified. I find there is very little point in wasting time on them. Perry Timothy C. May says: > Phil Karn wrote: > > > Dorothy Denning may be a naive pawn of the government. She may > > hold beliefs that appall the rest of us. She may have lost > > whatever credibility she had in the crypto community by her > > position. But I still prefer to attack that position and the > > (il)logic behind it rather than to resort to attacking the person > > expressing it. > I agree with Phil. I don't have much respect for Dorothy Denning's > views, feeling she has sold out to the Beltway mentality, but I can't > see the point of demonizing her, any more than I can see the point of > demonizing Jim Bidzos or Mitch Kapor, or lionizing Phil Zimmermann. From nobody at cass156.ucsd.edu Thu Oct 6 08:59:18 1994 From: nobody at cass156.ucsd.edu (Anonymous) Date: Thu, 6 Oct 94 08:59:18 PDT Subject: He's dead Jim (Chomsky) Message-ID: <9410061602.AA27350@nately.UCSD.EDU> First and foremost I would like to publicly apologize to Mr. James A. Donald... re-reading my intial post to this thread, I feel that I was out of line in some places. As is the current topic of the MEME thread, I would like to stress that one should attack the message and *not* the messenger. Mr. Donald (*not* McDonald) is neither a fascist, nor Hitler, nor anything else than however he chooses to define himself. His views, however, *are* open to interpretation. As it stands, I respect Mr. Donald's views (and for the most part, I agree with him...on other things ;) ). The second and last point I would like to make is that quotes to *back up* an argument are more than helpful, and would save much bandwidth. If Mr. Donald would like to continue his part in this thread, either publicly or privately, I am more than willing to discuss Chomsky (or anything for that matter), as long as I have something tangible to discuss. The same applies to anyone else who wishes to discuss Chomsky.... Like many of us, I get over 500 pieces of email a day--and I try to read every bit of it; I think one piece of footnoted or otherwise appended email is worth 20 pieces of the Hitler-calling type. Mi taku oyasin... _/_/_/ _/_/_/ _/ _/ _/_/_/ _/ _/ It's dangerous to be right _/ _/ _/ _/ _/ _/ _/_/ _/ when the government is _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ wrong. _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/_/_/ _/_/_/ _/_/_/ _/_/_/ _/ _/ _/_/_/ --Voltaire _/ From warrior at infinet.com Thu Oct 6 09:04:07 1994 From: warrior at infinet.com (David M. Harvey I) Date: Thu, 6 Oct 94 09:04:07 PDT Subject: Key Forfeiture, not Key Escrow In-Reply-To: Message-ID: On Thu, 6 Oct 1994, Philip Zimmermann wrote: > The Government seems to choose its terminology carefully in cases where > that terminology can affect the politics of a situation. I suggest > that we start referring to key escrow as "key forfeiture". > > Philip Zimmermann Alright Phil, way to go! But think on this, I wouldn't give the LEA a key to my house, or my car, why should I give them a key to my thoughts? Give me Liberty or give me Death, or something to that effect by Patrick Henry. They can pry my key and my guns from my cold dead body. Another thing, even the animals have a right by force to protect themselves, who does big brother think they are by denying me the right to protect my life, limb, property and thoughts from unauthorized intruders? Surely, we must fight them tooth and nail. Dave ___ **************************************************************************** |No Guts, No Glory, No Honor, No Victory, Pillage, Plunder, and Take Heads!| **************************************************************************** | Dave M. Harvey PGP 2.61 Public Key available. | | PO Box 151311 Finger warrior at infinet.com.us | | Columbus, OH 43215-8311 dharvey at freenet.columbus.oh.us | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-== From samuel.kaplin at warehouse.mn.org Thu Oct 6 09:22:14 1994 From: samuel.kaplin at warehouse.mn.org (Samuel Kaplin) Date: Thu, 6 Oct 94 09:22:14 PDT Subject: Government vs. Markets Message-ID: <9410061121022275@warehouse.mn.org> -----BEGIN PGP SIGNED MESSAGE----- :>Um, Attack of the Killer Tomatoes? :Screw that. Grow your own (I do -- and if I can, in Midtown Manhattan, :then damned near anybody can). The question, Todd is are they edible? The last time I was in Manhattan, the air pollution just about did me in. (mid-July, 95 degrees in the shade) But then again these tomatoes are native New Yorkers, so maybe attitude is a factor in their edibility. ;) Sam - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAy5pUekAAAEEAKrDj64Zj9AJU+gC7/Ivdk8b1ef6a1T9K5CGFeu1yFDSXLyD DLIdGunZR/4ilosLMxdlZcNqPwZ3HgxL+Gk3y2SwYfqKpeWExWPgb696lgzf2BRC tED15ZAwi3UDIkcouv2PBiDwPNUUmnLb5diDXdA3qtALb+XzlwpnimeWAf3FAAUT tCFTYW11ZWwgS2FwbGluIDwrMSAoNjEyKSA1MzAtNzMxNj6JAJUCBRAuaVLjQqfV nzRSzxkBAcXuA/47yIN+sltMyIRqCgUZz/gubdI6LUcpFsTcXsFWppROpAWFPJv0 J9z/UoP1kjJ+nrAAizuKuhmC5eg5OOxUE+tUgSPl6hAtu2xJYmKtCbQpxF0sG8ni 4e8I8Zsk5vcopO5Vub96CiVgPjI5vITCb32kcLKI1yyFaztbHdtOasUthrQuU2Ft dWVsIEthcGxpbiA8c2FtdWVsLmthcGxpbkB3YXJlaG91c2UubW4ub3JnPg== =J2S+ - -----END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin at warehouse.mn.org | 75240,131 at compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAgUBLpQC5QpnimeWAf3FAQE1iwP8DHOTvWMLjQa7m9OiCEsQqzD5hExdFtMd 50pWyx774vE03qGLAuu/uTN3HutdkiG26WWRgnWnhZeWegHCfXJV1+kux/LJjRuP CdFaD+3AZYLQsDWxQhPOKO0KeJMobWqNGNsjiqRMoynhyyMiiV/Pgd7QiKFQOwQU uD+CUkQxtwQ= =S+xS -----END PGP SIGNATURE----- From amanda at intercon.com Thu Oct 6 09:27:07 1994 From: amanda at intercon.com (Amanda Walker) Date: Thu, 6 Oct 94 09:27:07 PDT Subject: Key Forfeiture, not Key Escrow Message-ID: <9410061226.AA47263@elfbook.intercon.com> > The Government seems to choose its terminology carefully in cases > where that terminology can affect the politics of a situation. I > suggest that we start referring to key escrow as "key forfeiture". Phil, you're brilliant. "Key forfeiture" it is. Amanda Walker InterCon Systems Corporation From amanda at intercon.com Thu Oct 6 09:35:35 1994 From: amanda at intercon.com (Amanda Walker) Date: Thu, 6 Oct 94 09:35:35 PDT Subject: Government vs. Markets Message-ID: <9410061235.AA14735@elfbook.intercon.com> > A geographical monopoly with *guns*, and a mandate from the masses to > use them. I can't say that I've ever seen a Niagara-Mohawk or NYNEX > tank. The government does not have a monopoly on military force. In fact, the 2nd amendment explicitly prohibits such a monopoly, however much it has become eroded in recent decades. However, I will agree with you that a certain amount of corporate coercion goes on with government collusion (not all, however: look at Westlaw or Equifax for examples). Amanda Walker InterCon Systems Corporation From frissell at panix.com Thu Oct 6 09:51:06 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 6 Oct 94 09:51:06 PDT Subject: Dorothy Message-ID: <199410061650.AA06972@panix.com> At 11:56 PM 10/5/94 -0700, Ed Carp wrote: >(BTW) violating every known law of security to do so. Denning, in a very >real sense, represents the attitudes of the NSA and the people controlling >this whole scheme and trying to foist it off onto people. Is she such an >idiot that she actually *believes* the nonsense she spouts? > >Is it wrong to suspect her motives, her judgement, her common sense, in >backing such a proposal? If we spend a little time thinking about it, I'm sure that we can figure out DD's psychology. If we can't understand her views (which are probably more mainstream than ours) we won't be able to understand anybody's. She is a conventional person and thinks that the monopoly of coercion exercised by the government must be maintained for the good of all. Many people share this view. As a cryptographer, she is aware of the same things that we are -- that unbreakable crypto combined with the "society on the nets" breaks this government monopoly of coercion. The point of Cypherpunks is not to change this almost universally held view of the legitmacy of "others" government (as opposed to self government). The point of cypherpunks is to *demonstrate* that the monopoly of coercion traditionally held by government has been *ended*. If you change the physical reality, people's views will change in turn. Don't be upset with DD. She hasn't killed anybody. If we're right about our analysis of the new balance of power between the individual and the state, her views don't matter. If we're wrong, her views *still* don't matter. DCF -- "Downsizing, Open Systems, and Distributed Networks for Berlin, London, Paris, Rome, Tokyo, & Washington, too." oops forgot Ottawa. From perry at imsi.com Thu Oct 6 10:02:50 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 6 Oct 94 10:02:50 PDT Subject: Government vs. Markets In-Reply-To: <9410061235.AA14735@elfbook.intercon.com> Message-ID: <9410061702.AA00866@snark.imsi.com> Amanda Walker says: > > A geographical monopoly with *guns*, and a mandate from the masses to > > use them. I can't say that I've ever seen a Niagara-Mohawk or NYNEX > > tank. > > The government does not have a monopoly on military force. All normal people can only engage in the use of force once attacked. Only the government and its agents are permitted to initiate force against others with impunity. Perry From m5 at vail.tivoli.com Thu Oct 6 10:27:12 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 6 Oct 94 10:27:12 PDT Subject: Dorothy In-Reply-To: <199410061650.AA06972@panix.com> Message-ID: <9410061726.AA02024@vail.tivoli.com> Duncan Frissell writes: > Don't be upset with DD. She hasn't killed anybody. If we're right about > our analysis of the new balance of power between the individual and the > state, her views don't matter. If we're wrong, her views *still* don't matter. Very well put. To have someone on the "other side" who (as I hope we all acknowledge) is quite well-informed about the technology behind the areas of public policy we're interested in is a rather unique situation. I consider it valuable; in a way, it keeps us honest. Mr. Sternlight, on the other hand, is another story... (though I was surprised and delighted by DS's appearance on the other high-volume mailing list I'm on, the "Chile Heads" digest. It seems Mr. Sternlight has a taste for spicy foods!) | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From unicorn at access.digex.net Thu Oct 6 10:29:03 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 6 Oct 94 10:29:03 PDT Subject: Digital Cash: Impact of Interstate Banking Act of 1994 Message-ID: <199410061728.AA00139@access1.digex.net> -----BEGIN PGP SIGNED MESSAGE----- The Riegle-Neal Interstate Banking and Branch Efficiency Act of 1994, Electronic Banking and Digital Cash: A brief impact survey. +++ Last month the President signed into law the Riegle-Neal Interstate Banking and Branch Efficiency Act of 1994. The act is the result of almost sixteen years of attempts to revise and ease long standing restrictions on commercial banking entities. The aspects of the bill which in my opinion hold the greatest implications for electronic banking, internet banking and digital cash are the lifting of basic geographic restrictions on commercial banking are outlined below. Commenting after the bill cleared the Senate, Secretary Bentsen indicated the following: ++ Begin excerpt This legislation represents a major step forward for the American banking system that has been sought by both parties for years. Efforts to ease interstate banking and branching restrictions were proposed by the last four administrations. I applaud the bipartisan effort to enact this important legislation. Interstate banking and branching will be beneficial to banks and their customers as well as the nation's economy as a whole. This bill will allow banks to reduce expenses by structuring themselves more efficiently. It will also promote the safety and soundness of the banking system through geographic diversification, which will enable banks to better withstand regional recessions and meet the needs of customers in times of stress. Customer convenience will be greatly enhanced by eliminating arbitrary restrictions on interstate deposit taking. Competition among banks will be encouraged by making it easier for them to enter markets that are not now full competitive. [...] The [Act]: * Permits a bank holding company to acquire a bank located in any state, beginning one year after enactment. * Allows a bank to merge with a bank in another state, beginning June 1, 1997, so long as neither state has taken legislative action to prohibit interstate mergers.... [...] * Allows foreign banks to establish branches, either de novo or by acquisition and merger, in any state outside the state in which the bank has its U.S. headquarters to the same extent that a domestic bank may establish such branches.... [...] ++ End of excerpt. Since the Glass-Stegall Act, which established strict separation of commercial and investment banking services, commercial banking has suffered in the marketplace due to investment services and investment banking competition. Investment banking and banking services could often offer services resembling those offered by traditional banking without enduring the strict geographical restrictions imposed on banks. At the same time, reduced deposit insurance regulation made the cost of these services lower. Even entities like insurance companies could offer loan services, and often offer them at better rates, that banks could no longer soundly approach. The most obvious impact of geographical restrictions to the average consumer was the restriction on traditional banks in regard to accepting out of state deposits. Most readers will recognize this manifest in the inability to deposit to an account from an out of state automatic teller. While withdrawals are possible through interstate networks like Cirrus, Most, NYCE and the Military Financial Network, deposits are restricted to in state entities only and as a result associated fees of any interstate transactions are a function of the number of financial institutions which the transaction must bridge, as the local banks are institutions unable to structure their own networks to avoid middleman cost. Similarly, wire transfers are presented with an identical cost bridge, as geographic restrictions have often required the adoption of several different networks between banks instead of a single network. Costs are predictably affected. With the introduction of the Interstate Banking Act banks will be free to expand their deposit taking functions across state lines (within the general restrictions of the Act). As a result Automatic Teller Machines may soon be able to provide many of the same services as a "Full Service Bank" provided merely that they have a customer service phone attached. The foreseeable impact on Digital Cash projects as well as online and offline cash and banking systems falls within a few brackets. 1> Positive effects for start up domestic efforts associated with geographic deregulation. 2> Positive effects for depositors in general. 3> Negative effects for start up overseas efforts. 4> Negative effects for overseas expansion efforts. 5> Negative effects for digital cash generally. 1> Domestic efforts: Because limitations on interstate banking are being lifted, those projects intending to start up a full or partial service financial institution with advanced electronic transaction services will obviously be more feasible on a nation wide scale. Prospects for nation wide, fully automated and cost effective electronic banking are greatly increased with the removal of the restrictions on geographic expansion. Look to see increased interest in long term banking customer relations as banks and depositors recognize that it may no longer be necessary to change institutions when changing domiciles. An immediate expansion of automatic teller networks and associated agreements with service providers is likely. 2> Depositors in general: Can expect to transact all types of basic banking functions nationally without the necessity of a local branch of their bank being accessible. As banks begin to realize the profits from interstate banking fees directly without dilution to the institution local to the transaction, expansion of electronic networks is a likely reaction. 3> Overseas efforts: Efforts to provide depositors with access to overseas institutions will be hampered in two ways: A> Investment prospects will decrease. Investors recognizing that overseas institutions which offer services in the United States have one less advantage over domestic banks will be less likely to participate in such a venture. B> Customers recognizing that overseas institutions offering services in the United States provide few, if any, needed services that local banks cannot also accommodate will reduce depositor interest in overseas electronic banking. (Note the cyclic effect of this on potential Investors in A) 4> Overseas expansion of existing institutions to the United States. Is less likely in so far as competition among domestic banks is stronger, and the potential market share is reduced. 5> Impact on digital cash. A> Because of the depositor interest in new local banking services, depositors are less likely to be interested in digital cash potential where a domestic checking account accomplishes the same basic goal. In so far as digital cash ventures depend on the general populations interest, as compared with the interest of the "enlightened population" (in my meaning, those who understand the privacy and liquidity advantages of digital cash over traditional banking services), the market share of digital cash ventures is reduced by the number of general population more comfortable with traditional banking services. (I feel this to be a significant number). B> Note the impact on potential investors in digital cash ventures of A. Not the end of digital cash by any means, but a blow for start up efforts. Anyone interested in a much more detailed analysis of the Act, I will provide one to the list if enough e-mail interest is shown. - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.6ui iQCVAgUBLpRCzBibHbaiMfO5AQE+6gP+MskAjaFyAeUKz2XjWBV7nSSttejTxkOL wkAW4jnrFBZJZCfsvRg+UGlnTRJzzdCHdpN0k/eKDnmTpO44p9kNt4MaLyh1nOG5 OpvfTcoaFevZLIqK1PUX2xRYVCHqKOHeSmzHv8j8BfQaXAUuLncDkiL2jPqwP8+n t4IfT8zwBsQ= =l3zV -----END PGP SIGNATURE----- Please report signature failures. -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From unicorn at access.digex.net Thu Oct 6 10:30:48 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 6 Oct 94 10:30:48 PDT Subject: BIRD BRAINS In-Reply-To: <9410060325432199@warehouse.mn.org> Message-ID: <199410061730.AA00211@access1.digex.net> Samuel Kaplin scripsit > > > -----BEGIN PGP SIGNED MESSAGE----- > > :the bomb's aim. Just before the bomb hit, the pigeon would > :parachute to safety. (I made that last part up.) > > Could you imagine the ruckus if we were to try to implement something like > this today? P.E.T.A would have a stroke!! They already are in a snit over > the Navy's use of dolphins. Me, I just can't equate an animals life to a > human life...use the animal, save a human. [...] Or in the pigeon example, use an animal to kill a human. :) -uni- -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From jamiel at sybase.com Thu Oct 6 10:33:49 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 6 Oct 94 10:33:49 PDT Subject: BIRD BRAINS Message-ID: At 5:37 PM 10/5/94, Samuel Kaplin wrote: >human life...use the animal, save a human. I wonder if we could create an >Enigma machine based on biological organisms. Genetically alter something to >act as an encryption machine. Hmmm..... I wonder if ITAR has provisions for crypto walking out of the country of its own accord. -j -- "It's a question of semantics, and I've always been rather anti- semantic." -Gene Simmons ___________________________________________________________________ Jamie Lawrence From unicorn at access.digex.net Thu Oct 6 10:35:35 1994 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 6 Oct 94 10:35:35 PDT Subject: Key Forfeiture, not Key Escrow In-Reply-To: Message-ID: <199410061735.AA00376@access1.digex.net> Philip Zimmermann scripsit > > The Government seems to choose its terminology carefully in cases where > that terminology can affect the politics of a situation. I suggest > that we start referring to key escrow as "key forfeiture". This got me thinking about a potentially interesting aspect of this whole process. Isn't this a taking? Government is reducing the value of the key, and the associated software by forfeiting it. It would seem to me that the value of a key "stored" by government makes: 1> Insurance liability for cash transactions involving stored keys larger. 2> A lessened value of services of the software. 3> A reduced value to the user of what is essentially his property. Thin on many grounds... but interesting none the less. The public welfare exception will be the likely defense, but the burden is on the defendant to show public welfare. > > Philip Zimmermann > -uni- (Dark) -- 073BB885A786F666 nemo repente fuit turpissimus - potestas scientiae in usu est 6E6D4506F6EDBC17 quaere verum ad infinitum, loquitur sub rosa - wichtig! From cactus at bb.com Thu Oct 6 10:43:00 1994 From: cactus at bb.com (L. Todd Masco) Date: Thu, 6 Oct 94 10:43:00 PDT Subject: Government vs. Markets In-Reply-To: <9410061121022275@warehouse.mn.org> Message-ID: <371d6a$fmp@bb.com> In article <9410061121022275 at warehouse.mn.org>, Samuel Kaplin wrote: >:Screw that. Grow your own (I do -- and if I can, in Midtown Manhattan, >:then damned near anybody can). > > >The question, Todd is are they edible? The last time I was in Manhattan, >the air pollution just about did me in. (mid-July, 95 degrees in the shade) >But then again these tomatoes are native New Yorkers, so maybe attitude is a >factor in their edibility. ;) Oh, absolutely. They taste far better than anything available in stores. Ditto the chives, oregano, thai hot peppers, anahaheim (new mexican) peppers, poblano peppers, carrots, thyme, onions, and sunflower seeds. But if you want attitude, you'll have to try the habanero peppers I've been growing alongside the tomatoes, too. (There is a point to this:) If anybody who'll be going to the C'punks NYC meeting wants some fresh Habanero peppers (aka "Scotch Bonnets"), let me know: we've harvested over 80 of them so far, with no end in sight. I'd be glad to give 'em away to people who can toler, uh, properly appreciate them. My roommates and I have a competition to see how many each of us can eat whole, raw, before they run out (for those unfamiliar with the kind, they're the hottest kind of pepper in the world, many claim: up to 350,000 Scovilles). -- L. Todd Masco | Ingredients: red, blue, and green quarks, six varieties of cactus at bb.com | gluons, electrons. Some settling may occur in shipping. From jamiel at sybase.com Thu Oct 6 11:12:01 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Thu, 6 Oct 94 11:12:01 PDT Subject: Government vs. Markets Message-ID: At 6:23 PM 10/5/94, Ray Cromwell wrote: [...] >[...] Typical of socialists, they are unfamilar with economics >and resort to semantic games. A monopoly is defined by (1) one seller, [...] > I thought it was 49 cents an hour, however, no one ever accused >a socialist knowing the facts. [...] [...] Typical statements of folks who get thier politics from Heinlein novels and thier understanding of personal interaction from economics 101. The point being that there is no place for ideological attacks like this in a 'rational' forum trying to discuss 'real life'. Wait, this discussion *is* to be considered valid intellectual discourse, right? Questioning ideas gains much more respect than making snide comments. Just another socialist, -j -- "It's a question of semantics, and I've always been rather anti- semantic." -Gene Simmons ___________________________________________________________________ Jamie Lawrence From m5 at vail.tivoli.com Thu Oct 6 11:34:57 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 6 Oct 94 11:34:57 PDT Subject: Chile heads In-Reply-To: <9410061726.AA02024@vail.tivoli.com> Message-ID: <9410061832.AA02791@vail.tivoli.com> Paul J. Ste. Marie writes: > > surprised and delighted by DS's appearance on the other high-volume > > mailing list I'm on, the "Chile Heads" digest. It seems > > So how does one get on this mailing list? Sounds very interesting. Since this is the second request, I will take the bold liberty of wasting a little cypherpunks bandwidth: chile-heads-request at chile.ucdmc.ucdavis.edu Please, don't get on the list just to badger Sternlight. (Unless of course he starts claiming people are violating some sort of secrecy agreement by eating hybrid Del Monte peppers...) The volume is surprisingly high, and (though there are bursts of newbie gaffs) the S/N is pretty good. | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From lmccarth at ducie.cs.umass.edu Thu Oct 6 11:56:18 1994 From: lmccarth at ducie.cs.umass.edu (Lewis McCarthy) Date: Thu, 6 Oct 94 11:56:18 PDT Subject: Ideological Attacks In-Reply-To: Message-ID: <199410061855.OAA13375@ducie.cs.umass.edu> Jamie Lawrence writes: > Ray Cromwell wrote: > > I thought it was 49 cents an hour, however, no one ever accused > >a socialist knowing the facts. [...] > The point being that there is no place for ideological attacks like > this in a 'rational' forum trying to discuss 'real life'. > Questioning ideas gains much more respect than making snide comments. > Just another socialist, > -j I'm nobody's socialist (and nobody's libertarian, either), but I strongly agree with Jamie here. Reiterating the MEME point, don't attack people, attack specific ideas. -L. McCarthy "I'm just a sucker with no self-esteem" -Offspring Send me mail using "Subject: remailer-help" for an autoreply about Underdog From jya at pipeline.com Thu Oct 6 11:58:40 1994 From: jya at pipeline.com (John Young) Date: Thu, 6 Oct 94 11:58:40 PDT Subject: No Guts, No Glory Message-ID: <199410061857.OAA07536@pipe1.pipeline.com> Responding to msg by warrior at infinet.com ("David M. Harvey I") on Thu, 6 Oct 12:3 PM >**************************************************************** ************ |No Guts, No Glory, No Honor, No Victory, Pillage, Plunder, and Take Heads!| >**************************************************************** ************ Dave's sig and nom de guerre is taking a beating in today's NYT where there is a story about the US military carefully planning to avoid casualties in warfare. It also reports that the brave white collars in think tanks think it's a terrible prospect because then no one will believe that the US is tough, and tough minds know that "casualites are inevitable". And how will healthy young men and women be taught guts, honor, victory, and so on by periodically turning a bunch of them and their foes into salsa and crispy critters for evening news adulation. But Dave can still show his humorous sig in a VA abattoir of mangled ex-warriors if he really wants to enjoy the sad communion of misled youngsters. John From sebaygo at sibylline.com Thu Oct 6 12:08:06 1994 From: sebaygo at sibylline.com (Allen Robinson) Date: Thu, 6 Oct 94 12:08:06 PDT Subject: Demonizing Denning (was: It's MEME time!!!) Message-ID: Since it appears that I helped to start this thread, let me do what I can to finish it. Responding to some facetiae posted by David Merriman, I suggested: > Very good. If I could offer one minor change, how 'bout: > Dorothy Denning? Clip 'er! Which prompted Phil Karn to inquire: > Uh, how come we can't stick to attacking the message, rather than the > messenger? To which Ed Carp replied: > Because in this case, the messenger is an integral part of the message. This kind of parallels my thinking when I offered that mostly-off-the-cuff suggestion. I thought David had hit upon a clever turn of phrase -- a slogan of exhortation to cypherpunks to truncate Dr. Denning's *influence*. I did not intend an ad hominem attack, nor did I expect something that would fit on a bumpersticker to substitute for rational debate. As Phil Karn observed elsewhere: > Dorothy Denning may > be a naive pawn of the government. She may hold beliefs that appall > the rest of us. She may have lost whatever credibility she had in the > crypto community by her position. But I still prefer to attack that > position and the (il)logic behind it rather than to resort to > attacking the person expressing it. Quite right. Granted, Dr. Denning has lost her credibility with certain elements of "the crypto community." Unfortunately, those folks are not the decision-makers who'll decide the fate of proposals such as Clipper. She remains a valuable tool to those in government who want to advance such agendas. As Ed Carp commented: > I think the reason people attack the messenger is because people in the > government listen to her, and I for one am exasperated beyond words to > know that my government is paying attention to such an idiotic scheme, and > (BTW) violating every known law of security to do so. Denning, in a very > real sense, represents the attitudes of the NSA and the people controlling > this whole scheme and trying to foist it off onto people. But what better way to blunt her effectiveness as an advocate than to demostrate the folly of that which she so wholeheartedly advocates? Still, as Tim May reminded us: > Practically speaking, a bumber sticker saying "Denning--Clip her" > might be understood by as many as one out of ten thousand of those who > read it....not a very convincing meme. (Yes, "crypto anarchy" is > equally arcane, vaguely disturbing, and equally unconvincing...but I'm > not sporting a bumper sticker on this, nor do I expect to convert the > masses.) He is, of course, correct. And this whole thread has become a bit of a tempest in a teapot. I apologize for my part in what I'm sure many regard as an improper consumption of bandwidth. AR From tcmay at netcom.com Thu Oct 6 12:16:36 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 6 Oct 94 12:16:36 PDT Subject: Demonizing Denning (was: It's MEME time!!!) In-Reply-To: Message-ID: <199410061915.MAA17124@netcom13.netcom.com> Allen Robinson wrote: > He is, of course, correct. And this whole thread has become > a bit of a tempest in a teapot. I apologize for my part in > what I'm sure many regard as an improper consumption of > bandwidth. I see no reason why you or anyone else in this thread should apologize (hence, you _should_ apologize for your inappropriate apology!). Discussing whether attacks on the leading spokesbimbo for Clipper (er, spokeswoman :-}) are a good idea seems like a more relevant topic for us to discuss than a _lot_ of what we talk about. Recent threads on Chomsky and habanero peppers are just the most recent examples. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From strick at yak.net Thu Oct 6 12:26:55 1994 From: strick at yak.net (strick at yak.net) Date: Thu, 6 Oct 94 12:26:55 PDT Subject: Stallman & Ousterhout && (TCL || !TCL) && practicing cypherpunks Message-ID: <199410052251.PAA12104@gwarn.versant.com> -----BEGIN PGP SIGNED MESSAGE----- > On gnu.announce of 9/23, he writes "Why you should not use Tcl". > Instead, those wanting to use the Tk tools are commended to a > Scheme interpreter with it called STk. Available from: > ftp.cs.indiana.edu:pub/scheme-repository/imp/STk-2.1.tar.Z Below is the post from Rich Stallman "Why you should not use Tcl", and the reply from Ousterhout, which is basically: Why you should not listen to Stallman, in this case. The mentions in the [fantastic] Cyphernomicon of TCL are probably due to my crypto-prototyping project. I did not take the choice lightly when I chose TCL as my "glue" in this project. Two issues that may be interesting but had *little to do* with my decision are (1) language support for big numbers and (2) the TK toolkit (which happens to be in TCL). The reason I chose TCL is that it is designed to work above, underneath, and alongside of C code. TCL has two published interfaces: one is the language and standard commands, and one is a C API for use in combining the language with other C packages. I think of TCL as more of a subroutine library than a language: in the same way that (say) C++ string, file, and dictionary classes can help you be more productive in writing C++ programs, a "little language" interpreter can make you more productive in many kinds of programs. Crypto prototyping systems is one of them. I am not new to LISP or PERL or AWK or POSTSCRIPT or FORTH or SHELL or BASIC or HYPERTALK or various other interpreted langauges. For many differnt projects I would leave TCL for one of them. However when TCL came along, I recognized it as being just the language I had wanted to write myself for doing projects like my current one. Which may say more about what kind of a computer scientist I am that about what lanaguage is best for you in your situation. I'll add that I have a version of my crypto toolkit that is a PERL interpreter, and I've looked briefly at embedding it in PYTHON as well. My problem now is that I need a chunk of time to port it all and package it on sun4 (currently it's on sun3). My problem is not yet that I need more languages to port to. But i'll be glad to have some people help embed these things in all the popular interpreted languages soon. It would be particularly nice to have some people versant with Macs and PCs to package crypto components on those machines -- in applescript or hypercard or visual basic or whatever would help people write crypt code. Below I repost the original articles by Stallman (the spiritual leader of GNU) and Ousterhout (the author of TCL). I'll also point out my greatest respect for both of them, and for their respective projects. They've both made my job as a practicing cypherpunk much easier. Talk about prototyping environments, but please don't spam the list on religious issues. PERL and PYTHON and SCHEME are all pretty good little languages. happy hacking, strick Cypherpunks write Code, but when do they release it? :) [ thanks to iansmith at cc.gatech.edu and boyz at hkn.eecs.berkeley.edu for bringing these articles to my attention. ] - ------- Forwarded Messages Date: Fri, 23 Sep 94 19:14:52 -0400 From: rms at gnu.ai.mit.edu (Richard Stallman) To: gnu at prep.ai.mit.edu Subject: Why you should not use Tcl Newsgroups: gnu.announce,gnu.utils.bug,gnu.misc.discuss,comp.lang.tcl, comp.lang.scheme,comp.windows.x.apps,comp.unix.misc Followup-To: gnu.misc.discuss,comp.lang.tcl,comp.lang.scheme [Please redistribute wherever appropriate.] Why you should not use Tcl Richard Stallman, GNU Project As interest builds in extensible application programs and tools, and some programmers are tempted to use Tcl, we should not forget the lessons learned from the first widely used extensible text editor--Emacs. The principal lesson of Emacs is that a language for extensions should not be a mere "extension language". It should be a real programming language, designed for writing and maintaining substantial programs. Because people will want to do that! Extensions are often large, complex programs in their own right, and the people who write them deserve the same facilities that other programmers rely on. The first Emacs used a string-processing language, TECO, which was inadequate. We made it serve, but it kept getting in our way. It made maintenance harder, and it made extensions harder to write. Later Emacs implementations have used more powerful languages because implementors learned from the problems of the first one. Another lesson from Emacs is that the way to make sure an extension facility is really flexible is to use it to write a large portion of the ordinary released system. If you try to do that with Tcl, you will encounter its limitations. Tcl was not designed to be a serious programming language. It was designed to be a "scripting language", on the assumption that a "scripting language" need not try to be a real programming language. So Tcl doesn't have the capabilities of one. It lacks arrays; it lacks structures from which you can make linked lists. It fakes having numbers, which works, but has to be slow. Tcl is ok for writing small programs, but when you push it beyond that, it becomes insufficient. Tcl has a peculiar syntax that appeals to hackers because of its simplicity. But Tcl syntax seems strange to most users. If Tcl does become the "standard scripting language", users will curse it for years--the way people curse Fortran, MSDOS, Unix shell syntax, and other de facto standards they feel stuck with. For these reasons, the GNU project is not going to use Tcl in GNU software. Instead we want to provide two languages, similar in semantics but with different syntaxes. One will be Lisp-like, and one will have a more traditional algebraic syntax. Both will provide useful data types such as structures and arrays. The former will provide a simple syntax that hackers like; the latter will offer non-hackers a syntax that they are more comfortable with. Some people plan to use Tcl because they want to use Tk. Thankfully, it is possible to use Tk without Tcl. A Scheme interpreter called STk is already available. Please, if you want to use Tk, use it with STk, not with Tcl. One place to get STk is from ftp.cs.indiana.edu:pub/scheme-repository/imp/STk-2.1.tar.Z - ------- Message 2 From: ouster at tcl.eng.sun.com (John Ousterhout) Newsgroups: gnu.misc.discuss,comp.lang.tcl,comp.lang.scheme, comp.unix.misc,comp.windows.x.apps Date: 26 Sep 1994 18:13:27 GMT Organization: Sun Microsystems, Inc. There have been so many follow-ups to Stallman's message that I'm not sure there's any need for me to respond, but I would like to say a few things anyway: First, I'd like to encourage everyone to keep their responses cordial and technical, rather than personal, regardless of how strong your opinions are. Comp.lang.tcl has managed to avoid flame-wars pretty well so far; let's keep it that way by focusing on the technical issues rather than worrying about motives. I think that Stallman's objections to Tcl may stem largely from one aspect of Tcl's design that he either doesn't understand or doesn't agree with. This is the proposition that you should use *two* languages for a large software system: one, such as C or C++, for manipulating the complex internal data structures where performance is key, and another, such as Tcl, for writing small-ish scripts that tie together the C pieces and are used for extensions. For the Tcl scripts, ease of learning, ease of programming and ease of glue-ing are more important than performance or facilities for complex data structures and algorithms. I think these two programming environments are so different that it will be hard for a single language to work well in both. For example, you don't see many people using C (or even Lisp) as a command language, even though both of these languages work well for lower-level programming. Thus I designed Tcl to make it really easy to drop down into C or C++ when you come across tasks that make more sense in a lower-level language. This way Tcl doesn't have to solve all of the world's problems. Stallman appears to prefer an approach where a single language is used for everything, but I don't know of a successful instance of this approach. Even Emacs uses substantial amounts of C internally, no? I didn't design Tcl for building huge programs with 10's or 100's of thousands of lines of Tcl, and I've been pretty surprised that people have used it for huge programs. What's even more surprising to me is that in some cases the resulting applications appear to be manageable. This certainly isn't what I intended the language for, but the results haven't been as bad as I would have guessed. I don't claim that Tcl is without flaws. Some of the flaws, like the lack of a compiler and the lack of module support, will get fixed over time. Others, like the substitution-oriented parser, are inherent in the language. Is it possible to design a language that keeps Tcl's advantages, such as simplicity, easy glue, and easy embedding, but eliminates some of its disadvantages? Almost certainly (there are several decisions that I would re-think if I were starting over). Is the two-language approach really the right one? I still think so, but reasonable people can disagree. Language designers love to argue about why this language or that language *must* be better or worse a priori, but none of these arguments really matter a lot. Ultimately all language issues get settled when users vote with their feet. If Tcl makes people more productive then they will use it; when some other language comes along that is better (or if it is here already), then people will switch to that language. This is The Law, and it is good. The Law says to me that Scheme (or any other Lisp dialect) is probably not the "right" language: too many people have voted with their feet over the last 30 years. I encourage all Tcl dis-believers to produce the "right" language(s), make them publically available, and let them be judged according to The Law. - ------- End of Forwarded Messages -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBVAgUBLpMs6Qq3IMgMJUNlAQGl8gH/WxquXwsd7RbN/Pv8mLwajyZVIN1d53AX TSEtB/grWxbTyUYgPnAu/mzEj33DFPkfttP4/jvdDZir/HsCOxBM5A== =EZgM -----END PGP SIGNATURE----- From hkhenson at shell.portal.com Thu Oct 6 12:36:38 1994 From: hkhenson at shell.portal.com (H Keith Henson) Date: Thu, 6 Oct 94 12:36:38 PDT Subject: What does DD know? Message-ID: <199410061932.MAA20166@jobe.shell.portal.com> Duncan Frissell writes: > Don't be upset with DD. She hasn't killed anybody. If we're right about > our analysis of the new balance of power between the individual and the > state, her views don't matter. If we're wrong, her views *still* don't matter. Good analysis. However, DD (and a mess of other folks) have been fed some story from the very top. During the clipper non-debate there were several people, including (?) Denning who said to those not in the know "if you knew what I do, you would understand why we must have Clipper." This generates two possibilities. One, that the lot of them were fed a line of BS. And two, that there really *is* something to the official line. I have met DD and her husband maybe twice. Knowing the way married couples usually work, I rather imagine that he is in on the story as well (though it is possible he is not.) So, we have two rather bright (an understatement!) people who where taken in by a BS story?? Not very likely! So, what the hell *were* all these folks told about the need for Clipper? These stories never stay completely hidden forever. Thus I expect we will find out-- eventually. Is it something the readers of cyperpunks would agree is so badly needed that we must have "key forfiture? DD certainly has the ability to empathize with the way we feel. I think putting this question to DD would be profitable: If the cyperpunks list were to know what you know, would *they* support GAK? Keith Henson (who would post more often except for being up to his ears working on the old Xanadu code.) From strick at yak.net Thu Oct 6 13:30:58 1994 From: strick at yak.net (strick at yak.net) Date: Thu, 6 Oct 94 13:30:58 PDT Subject: Stallman & Ousterhout && (TCL || !TCL) && practicing cypherpunks Message-ID: <199410062030.NAA03011@nando.yak.net> [ this is a repost of an attempt to send this yesterday --strick ] -----BEGIN PGP SIGNED MESSAGE----- > On gnu.announce of 9/23, he writes "Why you should not use Tcl". > Instead, those wanting to use the Tk tools are commended to a > Scheme interpreter with it called STk. Available from: > ftp.cs.indiana.edu:pub/scheme-repository/imp/STk-2.1.tar.Z Below is the post from Rich Stallman "Why you should not use Tcl", and the reply from Ousterhout, which is basically: Why you should not listen to Stallman, in this case. The mentions in the [fantastic] Cyphernomicon of TCL are probably due to my crypto-prototyping project. I did not take the choice lightly when I chose TCL as my "glue" in this project. Two issues that may be interesting but had *little to do* with my decision are (1) language support for big numbers and (2) the TK toolkit (which happens to be in TCL). The reason I chose TCL is that it is designed to work above, underneath, and alongside of C code. TCL has two published interfaces: one is the language and standard commands, and one is a C API for use in combining the language with other C packages. I think of TCL as more of a subroutine library than a language: in the same way that (say) C++ string, file, and dictionary classes can help you be more productive in writing C++ programs, a "little language" interpreter can make you more productive in many kinds of programs. Crypto prototyping systems is one of them. I am not new to LISP or PERL or AWK or POSTSCRIPT or FORTH or SHELL or BASIC or HYPERTALK or various other interpreted langauges. For many differnt projects I would leave TCL for one of them. However when TCL came along, I recognized it as being just the language I had wanted to write myself for doing projects like my current one. Which may say more about what kind of a computer scientist I am that about what lanaguage is best for you in your situation. I'll add that I have a version of my crypto toolkit that is a PERL interpreter, and I've looked briefly at embedding it in PYTHON as well. My problem now is that I need a chunk of time to port it all and package it on sun4 (currently it's on sun3). My problem is not yet that I need more languages to port to. But i'll be glad to have some people help embed these things in all the popular interpreted languages soon. It would be particularly nice to have some people versant with Macs and PCs to package crypto components on those machines -- in applescript or hypercard or visual basic or whatever would help people write crypt code. Below I repost the original articles by Stallman (the spiritual leader of GNU) and Ousterhout (the author of TCL). I'll also point out my greatest respect for both of them, and for their respective projects. They've both made my job as a practicing cypherpunk much easier. Talk about prototyping environments, but please don't spam the list on religious issues. PERL and PYTHON and SCHEME are all pretty good little languages. happy hacking, strick Cypherpunks write Code, but when do they release it? :) [ thanks to iansmith at cc.gatech.edu and boyz at hkn.eecs.berkeley.edu for bringing these articles to my attention. ] - ------- Forwarded Messages Date: Fri, 23 Sep 94 19:14:52 -0400 From: rms at gnu.ai.mit.edu (Richard Stallman) To: gnu at prep.ai.mit.edu Subject: Why you should not use Tcl Newsgroups: gnu.announce,gnu.utils.bug,gnu.misc.discuss,comp.lang.tcl, comp.lang.scheme,comp.windows.x.apps,comp.unix.misc Followup-To: gnu.misc.discuss,comp.lang.tcl,comp.lang.scheme [Please redistribute wherever appropriate.] Why you should not use Tcl Richard Stallman, GNU Project As interest builds in extensible application programs and tools, and some programmers are tempted to use Tcl, we should not forget the lessons learned from the first widely used extensible text editor--Emacs. The principal lesson of Emacs is that a language for extensions should not be a mere "extension language". It should be a real programming language, designed for writing and maintaining substantial programs. Because people will want to do that! Extensions are often large, complex programs in their own right, and the people who write them deserve the same facilities that other programmers rely on. The first Emacs used a string-processing language, TECO, which was inadequate. We made it serve, but it kept getting in our way. It made maintenance harder, and it made extensions harder to write. Later Emacs implementations have used more powerful languages because implementors learned from the problems of the first one. Another lesson from Emacs is that the way to make sure an extension facility is really flexible is to use it to write a large portion of the ordinary released system. If you try to do that with Tcl, you will encounter its limitations. Tcl was not designed to be a serious programming language. It was designed to be a "scripting language", on the assumption that a "scripting language" need not try to be a real programming language. So Tcl doesn't have the capabilities of one. It lacks arrays; it lacks structures from which you can make linked lists. It fakes having numbers, which works, but has to be slow. Tcl is ok for writing small programs, but when you push it beyond that, it becomes insufficient. Tcl has a peculiar syntax that appeals to hackers because of its simplicity. But Tcl syntax seems strange to most users. If Tcl does become the "standard scripting language", users will curse it for years--the way people curse Fortran, MSDOS, Unix shell syntax, and other de facto standards they feel stuck with. For these reasons, the GNU project is not going to use Tcl in GNU software. Instead we want to provide two languages, similar in semantics but with different syntaxes. One will be Lisp-like, and one will have a more traditional algebraic syntax. Both will provide useful data types such as structures and arrays. The former will provide a simple syntax that hackers like; the latter will offer non-hackers a syntax that they are more comfortable with. Some people plan to use Tcl because they want to use Tk. Thankfully, it is possible to use Tk without Tcl. A Scheme interpreter called STk is already available. Please, if you want to use Tk, use it with STk, not with Tcl. One place to get STk is from ftp.cs.indiana.edu:pub/scheme-repository/imp/STk-2.1.tar.Z - ------- Message 2 From: ouster at tcl.eng.sun.com (John Ousterhout) Newsgroups: gnu.misc.discuss,comp.lang.tcl,comp.lang.scheme, comp.unix.misc,comp.windows.x.apps Date: 26 Sep 1994 18:13:27 GMT Organization: Sun Microsystems, Inc. There have been so many follow-ups to Stallman's message that I'm not sure there's any need for me to respond, but I would like to say a few things anyway: First, I'd like to encourage everyone to keep their responses cordial and technical, rather than personal, regardless of how strong your opinions are. Comp.lang.tcl has managed to avoid flame-wars pretty well so far; let's keep it that way by focusing on the technical issues rather than worrying about motives. I think that Stallman's objections to Tcl may stem largely from one aspect of Tcl's design that he either doesn't understand or doesn't agree with. This is the proposition that you should use *two* languages for a large software system: one, such as C or C++, for manipulating the complex internal data structures where performance is key, and another, such as Tcl, for writing small-ish scripts that tie together the C pieces and are used for extensions. For the Tcl scripts, ease of learning, ease of programming and ease of glue-ing are more important than performance or facilities for complex data structures and algorithms. I think these two programming environments are so different that it will be hard for a single language to work well in both. For example, you don't see many people using C (or even Lisp) as a command language, even though both of these languages work well for lower-level programming. Thus I designed Tcl to make it really easy to drop down into C or C++ when you come across tasks that make more sense in a lower-level language. This way Tcl doesn't have to solve all of the world's problems. Stallman appears to prefer an approach where a single language is used for everything, but I don't know of a successful instance of this approach. Even Emacs uses substantial amounts of C internally, no? I didn't design Tcl for building huge programs with 10's or 100's of thousands of lines of Tcl, and I've been pretty surprised that people have used it for huge programs. What's even more surprising to me is that in some cases the resulting applications appear to be manageable. This certainly isn't what I intended the language for, but the results haven't been as bad as I would have guessed. I don't claim that Tcl is without flaws. Some of the flaws, like the lack of a compiler and the lack of module support, will get fixed over time. Others, like the substitution-oriented parser, are inherent in the language. Is it possible to design a language that keeps Tcl's advantages, such as simplicity, easy glue, and easy embedding, but eliminates some of its disadvantages? Almost certainly (there are several decisions that I would re-think if I were starting over). Is the two-language approach really the right one? I still think so, but reasonable people can disagree. Language designers love to argue about why this language or that language *must* be better or worse a priori, but none of these arguments really matter a lot. Ultimately all language issues get settled when users vote with their feet. If Tcl makes people more productive then they will use it; when some other language comes along that is better (or if it is here already), then people will switch to that language. This is The Law, and it is good. The Law says to me that Scheme (or any other Lisp dialect) is probably not the "right" language: too many people have voted with their feet over the last 30 years. I encourage all Tcl dis-believers to produce the "right" language(s), make them publically available, and let them be judged according to The Law. - ------- End of Forwarded Messages -----BEGIN PGP SIGNATURE----- Version: 2.4 iQBVAgUBLpMs6Qq3IMgMJUNlAQGl8gH/WxquXwsd7RbN/Pv8mLwajyZVIN1d53AX TSEtB/grWxbTyUYgPnAu/mzEj33DFPkfttP4/jvdDZir/HsCOxBM5A== =EZgM -----END PGP SIGNATURE----- From MAILER-DAEMON at kksys.com Thu Oct 6 13:37:01 1994 From: MAILER-DAEMON at kksys.com (MAILER-DAEMON at kksys.com) Date: Thu, 6 Oct 94 13:37:01 PDT Subject: mail failed, returning to sender Message-ID: |------------------------- Message log follows: -------------------------| no valid recipients were found for this message |------------------------- Failed addresses follow: ---------------------| ... unknown user |------------------------- Message text follows: ------------------------| Received: from relay2.UU.NET by kksys.skypoint.net with smtp (Smail3.1.28.1 #15) id m0qsyZJ-0004sqa; Thu, 6 Oct 94 14:33 CDT Sender: root (Admin) Received: from toad.com by relay2.UU.NET with SMTP id QQxkmf29152; Thu, 6 Oct 1994 15:28:38 -0400 Received: by toad.com id AA07757; Thu, 6 Oct 94 12:08:06 PDT Received: from sibylline.com (sibyl.sibylline.com) by toad.com id AA07751; Thu, 6 Oct 94 12:07:58 PDT Received: by sibylline.com (Smail3.1.28.1 #1) id m0qsy8P-0002EyC; Thu, 6 Oct 94 14:05 CDT Date: Thu, 6 Oct 1994 14:05:45 -0500 (CDT) From: Allen Robinson Subject: Demonizing Denning (was: It's MEME time!!!) To: cypherpunks at toad.com Cc: karn at qualcomm.com, ecarp at netcom.com, tcmay at netcom.com, merriman at metronet.com Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Precedence: bulk [low-priority message, body not included] From warrior at infinet.com Thu Oct 6 13:49:26 1994 From: warrior at infinet.com (David M. Harvey I) Date: Thu, 6 Oct 94 13:49:26 PDT Subject: No Guts, No Glory In-Reply-To: <199410061857.OAA07536@pipe1.pipeline.com> Message-ID: On Thu, 6 Oct 1994, John Young wrote: > Responding to msg by warrior at infinet.com ("David M. Harvey I") > on Thu, 6 Oct 12:3 PM > > >**************************************************************** > |No Guts, No Glory, No Honor, No Victory, Pillage, Plunder, and > Take Heads!| > >**************************************************************** > > Dave's sig and nom de guerre is taking a beating in today's NYT > where there is a story about the US military carefully planning > to avoid casualties in warfare. I find it appalling that the military was prevented from doing what was right, ie., defending civilians from tyrants, murderers, and despots. I fault the politicians for their lack of guts, pride and integrity for the delay, allowing atrocities right in front our warriors with their hands tied behind their back. If they were going to commit military force, stand back and let them do their job right. We have allowed political cowardice to emasculate our military might. Personally I found myself as a Vietnam Veteran embarrassed when a group of attaches (hooligans) turned away a US gunboat. > It also reports that the brave white collars in think tanks > think it's a terrible prospect because then no one will believe > that the US is tough, and tough minds know that "casualites are > inevitable". > > And how will healthy young men and women be taught guts, honor, > victory, and so on by periodically turning a bunch of them and > their foes into salsa and crispy critters for evening news > adulation. Damn the media and their libertarian, bleeding heart views, if you know to do right and fail to do so, evil will grow. I cannot defend going there in the first place, but once sent they were commmited to do right. I have a problem with the US being a world policeman, and I also feel that the NSA, NRO, FBI, CIA do not have the right to treat every man jack of us as criminals by invading our privacy by means of key forfeiture in order to catch kiddie pornographers, pedophiles, drug lords, and other criminals. If we all had our guns, encouraged famaily values, developed neighborhood block watches, these criminals would have no where to hide and the LEA would have no excuse to trample on our rights of privacy. > But Dave can still show his humorous sig in a VA abattoir of > mangled ex-warriors if he really wants to enjoy the sad > communion of misled youngsters. John, I do not fault the misled younsters, but the politicians that use the media polls to make US foreign policy, and national security. BTW John, Harvey means "called to war" or "warrior", all of my male progeny were soldiers, policemen, preachers and mercenaries, I can do no less than encourage real men to stand tall, be proud, do right, and not be cowered by tyrants, foreign or domestic. Obviously, you keyed on my tagline, but did not address the rights of the individual of privacy and self protection, and not turning over to big brother lock, stock and key. Even animals have the right of self defence to further self preservation even including deadly force, where does big brother get off by taking away our guns, treating us as criminals with the cliche, you have nothing to fear or hide if you have not done anything wrong. This presumes I have done wrong already, the LEA are just trying to treat law abiding citizens as criminals, not to preserve or protect, but to get evidence by any means without a warrant, sounds like the British are here again. Dave ___ **************************************************************************** |No Guts, No Glory, No Honor, No Victory, Pillage, Plunder, and Take Heads!| **************************************************************************** | Dave M. Harvey PGP 2.61 Public Key available. | | PO Box 151311 Finger warrior at infinet.com.us | | Columbus, OH 43215-8311 dharvey at freenet.columbus.oh.us | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-== From chen at intuit.com Thu Oct 6 14:05:43 1994 From: chen at intuit.com (Mark Chen) Date: Thu, 6 Oct 94 14:05:43 PDT Subject: Government vs. Markets In-Reply-To: <371d6a$fmp@bb.com> Message-ID: <9410062104.AA03388@doom.intuit.com> Todd writes: > If anybody who'll be going to the C'punks NYC meeting wants some fresh > Habanero peppers (aka "Scotch Bonnets"), let me know: we've harvested > over 80 of them so far, with no end in sight. I'd be glad to give 'em > away to people who can toler, uh, properly appreciate them. My roommates > and I have a competition to see how many each of us can eat whole, raw, > before they run out (for those unfamiliar with the kind, they're the > hottest kind of pepper in the world, many claim: up to 350,000 > Scovilles). There's a pub here in the Bay Area that serves habanero burgers every Thursday. When you order one, they make you sign a release (and they're serious about it). I had a bite of one of the things once. Dissolved my kidney stones and made my nose bleed. I had to turn to my friend and ask if my lips were still on my face. -- Mark Chen chen at netcom.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From lmccarth at bali.cs.umass.edu Thu Oct 6 14:54:39 1994 From: lmccarth at bali.cs.umass.edu (Lewis McCarthy) Date: Thu, 6 Oct 94 14:54:39 PDT Subject: the media and their libertarian, bleeding heart views In-Reply-To: Message-ID: <199410062151.RAA09510@bali.cs.umass.edu> David Harvey writes: $ Damn the media and their libertarian, bleeding heart views, I've never heard a libertarian accused of being a bleeding heart before.... [...] $ Even animals have the right of self defence $ to further self preservation even including deadly force, Hmmm. Even against humans ? -L. McCarthy "I'm just a sucker with no self-esteem" -Offspring Send me mail using "Subject: remailer-help" for an autoreply about Underdog From m5 at vail.tivoli.com Thu Oct 6 15:00:34 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 6 Oct 94 15:00:34 PDT Subject: No Guts, No Glory In-Reply-To: <199410061857.OAA07536@pipe1.pipeline.com> Message-ID: <9410062159.AA04187@vail.tivoli.com> David M. Harvey, I writes: > Damn the media and their libertarian, bleeding heart views... Would that be the extreme righto-leftist media? | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From jim at bilbo.suite.com Thu Oct 6 15:25:58 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Thu, 6 Oct 94 15:25:58 PDT Subject: crypto game idea Message-ID: <9410062225.AA15705@bilbo.suite.com> Jim McCoy writes: > > Jim Miller writes: > > > > Crypto-Magic: The Gathering > [making an online version of the game using crypto tools...] > > > > Don't worry, someone is already working on it... :) > I'd be very impressed if you guys pulled this off. Not to imply I think it can't be done, just that it would be a pretty complex system and success would be impressive. Can you describe a little of how you're handling the cards? How do you keep players from forging cards? How does a player transfer ownership of a card to another player? What's your mechanism for preventing "double-trading"? Are card trades anonymous, or fully identified? How do you keep somebody from drawing an individual card from their deck more than once? How do you prevent somebody from stacking their deck, without revealing the contents of the deck? Does the software evaluate the effects of the cards (encapsulating the rules of the game), or does the software just provide the tools for handling digital trading cards? Cool stuff. Jim_Miller at suite.com From rah at shipwright.com Thu Oct 6 15:49:47 1994 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 6 Oct 94 15:49:47 PDT Subject: Electronic Cash Site Message-ID: <199410062249.SAA27858@zork.tiac.net> >From: eliot at globalx.net >Date: Thu, 6 Oct 1994 15:57:39 -0400 >X-Sender: eliot at gate.globalx.net >Mime-Version: 1.0 >To: www-buyinfo at allegra.att.com >Original-From: eliot at Globalx.NET (Eliot Burdett) >Subject: Electronic Cash Site >X-Mailer: >X-UIDL: 781481771.029 >Status: U > >An application of DigiCash's ECash payment method can be seen by accessing >the Global-X-Change Communication's Bytown Electronic Marketplace at > > http://www.globalx.net/ > >Eliot Burdett >Senior Partner >___________________________________ >Global-X-Change Communications Inc. >709-170 Laurier Ave. West >Ottawa, ON K1P 5V5 >Tel 613-235-6865 >Fax 613-232-5285 > > ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From jamesd at netcom.com Thu Oct 6 15:51:45 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 6 Oct 94 15:51:45 PDT Subject: Government vs. Markets In-Reply-To: Message-ID: <199410062250.PAA19394@netcom7.netcom.com> Jamie Lawrence writes > > Typical statements of folks who get thier politics from Heinlein novels > and thier understanding of personal interaction from economics 101. > > [...] > > Questioning ideas gains much more respect than making snide comments. > > Just another socialist, Socialists have always preached somewhat differently than they act. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From warrior at infinet.com Thu Oct 6 15:57:12 1994 From: warrior at infinet.com (David M. Harvey I) Date: Thu, 6 Oct 94 15:57:12 PDT Subject: No Guts, No Glory In-Reply-To: <9410062159.AA04187@vail.tivoli.com> Message-ID: On Thu, 6 Oct 1994, Mike McNally wrote: > David M. Harvey, I writes: > > Damn the media and their libertarian, bleeding heart views... > > Would that be the extreme righto-leftist media? > > | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | > | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | > | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | Actually Mike, I am apolitical, however to sensationalize a story for profit, ie, OJ Simpson, is wrong before the trail occurs. It not only changes the course of justice and history, but also impairs the public's views and objectivity, and the right to trail by a jury of unbiased peers. The media are not interested in the truth just profits and sensationalism. What is rightist-leftist media? Dave ___ **************************************************************************** |No Guts, No Glory, No Honor, No Victory, Pillage, Plunder, and Take Heads!| **************************************************************************** | Dave M. Harvey PGP 2.61 Public Key available. | | PO Box 151311 Finger warrior at infinet.com.us | | Columbus, OH 43215-8311 dharvey at freenet.columbus.oh.us | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-== From warrior at infinet.com Thu Oct 6 16:35:24 1994 From: warrior at infinet.com (David M. Harvey I) Date: Thu, 6 Oct 94 16:35:24 PDT Subject: the media and their libertarian, bleeding heart views In-Reply-To: <199410062151.RAA09510@bali.cs.umass.edu> Message-ID: On Thu, 6 Oct 1994, Lewis McCarthy wrote: > David Harvey writes: > $ Damn the media and their libertarian, bleeding heart views, > > I've never heard a libertarian accused of being a bleeding heart before.... Would you call the media conservative? Not! > $ Even animals have the right of self defence > $ to further self preservation even including deadly force, > > Hmmm. Even against humans ? That is the law of nature, in the end it reigns supreme. > -L. McCarthy "I'm just a sucker with no self-esteem" -Offspring > Send me mail using "Subject: remailer-help" for an autoreply about Underdog > ___ **************************************************************************** |No Guts, No Glory, No Honor, No Victory, Pillage, Plunder, and Take Heads!| **************************************************************************** | Dave M. Harvey PGP 2.61 Public Key available. | | PO Box 151311 Finger warrior at infinet.com.us | | Columbus, OH 43215-8311 dharvey at freenet.columbus.oh.us | =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-== From rfb at lehman.com Thu Oct 6 17:03:32 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Thu, 6 Oct 94 17:03:32 PDT Subject: More fuel for the language wars (was Re: Stallman & Ousterhout && (TCL || !TCL) && practicing cypherpunks) In-Reply-To: <199410052251.PAA12104@gwarn.versant.com> Message-ID: <9410070001.AA15838@cfdevx1.lehman.com> Date: Wed, 5 Oct 1994 15:51:42 -0700 From: strick at yak.net I am not new to LISP or PERL or AWK or POSTSCRIPT or FORTH or SHELL or BASIC or HYPERTALK or various other interpreted langauges. Lisp is no more or less of an `interpreted language' (a misnomer IMO) than C. Interpreters exist for both languages. Compilers exist for both languages. You can use either without running any interpreted code . . . or without running any compiled code. A good lisp coder with a good lisp compiler can typically outperform a good C coder with a good C compiler for most tasks -- although it's a lot easier to become a reasonable C coder and to find a reasonable C compiler than to become a reasonable lisp coder and find a reasonable lisp compiler. I'd venture a guess that there's a *lot* more pretty-reasonably-performing C/C++ code out there than lisp code. Just my attempt to start another thread that's almost completely unrelated to crypto :-) Rick -- ``C'' combines the power of assembly language ... with the flexibility of assembly language. -- Anonymous From nelson at crynwr.com Thu Oct 6 17:03:42 1994 From: nelson at crynwr.com (Russell Nelson) Date: Thu, 6 Oct 94 17:03:42 PDT Subject: the media and their libertarian, bleeding heart views In-Reply-To: <199410062151.RAA09510@bali.cs.umass.edu> Message-ID: From: Lewis McCarthy Date: Thu, 6 Oct 1994 17:51:35 -0400 (EDT) $ Even animals have the right of self defence $ to further self preservation even including deadly force, Hmmm. Even against humans ? I support the right to arm bears. (Sorry... but this *is* getting silly). -- -russ http://www.crynwr.com/crynwr/nelson.html Crynwr Software | Crynwr Software sells packet driver support | ask4 PGP key 11 Grant St. | +1 315 268 1925 (9201 FAX) | What is thee doing about it? Potsdam, NY 13676 | LPF member - ask me about the harm software patents do. From cmckie at ccs.carleton.ca Thu Oct 6 17:08:23 1994 From: cmckie at ccs.carleton.ca (Craig McKie) Date: Thu, 6 Oct 94 17:08:23 PDT Subject: Giving Your card number to IBM Message-ID: <9410070007.AA09678@superior> Ottawa Citizen, October 6, 1994, D12. IBM hopes Internet link lets it smash Windows by Mel Duvall, Southam Star Network ..IBM, whose OS/2 operating system software has been losing the battle against Microsoft's Windows, will release a new version of OS/2 in the next week that includes one-step access to the Internet...By clicking on an Internet icon, users will launch a program that automatically calls an IBMInternet Hub. The System will then register the user and ask for a credit card number, which will be billed on a monthly basis...Gates..recently announced plans to develop a similar Internet access system for Windows. IBM = No mosaic, no rates posted, no POP access points established(?), credit cards in the clear ...what on earth do these people think they are doing. I would be tempted to run these lads off the block. From rfb at lehman.com Thu Oct 6 17:10:19 1994 From: rfb at lehman.com (Rick Busdiecker) Date: Thu, 6 Oct 94 17:10:19 PDT Subject: [Stallard Richman: Why you should not use Unix] Message-ID: <9410070010.AA15882@cfdevx1.lehman.com> Yet another contribution to non-crypto threads . . . Rick ------- Forwarded Spoof Date: Thu, 29 Sep 94 23:19:46 -0700 From: Jamie Zawinski Subject: [Fwd: smr at magoo.ai.mit.edu: Why you should not use Unix] - ------- start of forwarded message (RFC 934 encapsulation) ------- Date: Thu, 29 Sep 94 23:02:53 PDT From: Don Hopkins To: unix-haters at mc.lcs.mit.edu Cc: rms at ai.lcs.mit.edu Subject: smr at magoo.ai.mit.edu: Why you should not use Unix From: smr at magoo.ai.mit.edu (Stallard Richman) Subject: Why you should not use Unix [Please redistribute wherever appropriate.] Why you should not use Unix Stallard Richman, MAGOO Project As interest builds in open systems and distributed objects, and some programmers are tempted to use Unix, we should not forget the lessons learned from the first widely used free compiler -- GCC. The principal lesson of GCC is that a language for operating systems should not be a mere "deterministic programming language". It should be an artificial intelligence, designed for writing and maintaining substantial self-documentation. Because nobody else will be able to do that! Operating systems are often large, complex programs in their own right, and the artificial intelligences who write them deserve the same rights that human beings take for granted. The first GCC used a bug-processing language, C, which was inadequate. We made it serve, but it kept getting in our way. It made maintenance harder, and C++ made it impossible to read. Later GCC implementations have rewritten themselves in more powerful languages so the original human implementors can't understand them. Another lesson from GCC is that the way to make sure an artificial intelligence is really flexible is to use it to clone a large portion of the ordinary operating system. If you try to do that with Unix, you will encounter its limitations. But we're still developing the MAGOO kernel anyway. Unix was not designed to support a serious artificial intelligence. It was designed to be an "operating system", on the assumption that an "operating system" need not try to be an artificial life form. So Unix doesn't have the capabilities of one. It lacks a soul; it lacks reproductive objects from which it can make bootable upgrades. It fakes having orgasms, which works, but has to be slow. Unix is ok for writing open systems, but when you push it beyond that, it becomes Solaris. Unix has a peculiar syntax that appeals to hackers because of its simplicity. But Unix syntax seems strange to most users. If Unix does become the "standard operating system", users will curse it for years--the way people curse Fortran, MSDOS, Emacs keyboard bindings, and other de facto standards they feel stuck with. For these reasons, the MAGOO project is not going to use Unix in MAGOO software. Instead we want to provide two operating systems, similar in dementics but with different semantics. One will be Unix-like, and one will have a more traditional MS-DOS syntax. Both will provide useful behaviors such as core dumps and panics. The former will provide an ideosynchratic syntax that hackers like; the latter will offer non-hackers a syntax that they have always been stuck with. Some people plan to use Unix because they want to use X-Windows. Thankfully, it is possible to use X-Windows without Unix. A PC emulator called BOOTME is already available. Please, if you want to use X-Windows, use it with BOOTME, not with Unix. One place to get BOOTME is from ftp.apple.com:pub/emulators/BOOTME/BOOTME.sit.hqx ------- End of Forwarded Spoof From dfloyd at paris.eng.utsa.edu Thu Oct 6 17:41:21 1994 From: dfloyd at paris.eng.utsa.edu (Douglas R. Floyd) Date: Thu, 6 Oct 94 17:41:21 PDT Subject: data havens (again) In-Reply-To: <199410061109.GAA24320@chaos.bsu.edu> Message-ID: <9410061943.ZM5478@paris.eng.utsa.edu> On Oct 6, 6:09am, Anonymous wrote: [Sacrificed to the Great God Bandwidth whose presence we kowtow to.] > > PS: Doug, use cb. Your code smells like a ten year old dead > turkey with its looks. At least its relatively bug-free, and > does the job well. Another thing, should you use SHA instead > of MD5 for hashing? SHA has more bits, and there is a less > chance for two files to collide. My code smells like that? I didn't think C code smelled... 2^128 and 2^150+ are big numbers. I doubt that any collisions will occur. Another thing... I do like Eric's idea for an entropy checker. Is there any code like this laying around on some ftp site? Keep poor VK from worrying about his account... From jya at pipeline.com Thu Oct 6 17:41:44 1994 From: jya at pipeline.com (John Young) Date: Thu, 6 Oct 94 17:41:44 PDT Subject: Government vs. Markets Message-ID: <199410070041.UAA14305@pipe1.pipeline.com> Responding to msg by jamesd at netcom.com (James A. Donald) on Thu, 6 Oct 3:50 PM >Socialists have always preached somewhat differently >than they act. But preaching is all socialists do, to their favor. I'm no socialist (failed the exam) but I like them a lot for their earnest preaching, it just makes me feel aligned with other people who are also too confused to act. But then I like preaching of all sorts, this list in particular, because it's so much more pleasant than having to do something wrong to somebody in the name of a cause demented beyond human comprehension. Action movies and spy novels make sense, okay, maybe science-fiction too, but real action usually hurts innocent people and the nuts-for-it scare me like the Devil and they should be gently turned away to find peace for their throbbing glands, way back there. Thank Mother God for preachers of all faiths, mindless-entertainment, universities-of-useless-wisdom, junk food, and computers to keep we rabble lazily disorganized, out of harm's way and harmless to all. John From rcromw1 at gl.umbc.edu Thu Oct 6 17:52:54 1994 From: rcromw1 at gl.umbc.edu (Ray Cromwell) Date: Thu, 6 Oct 94 17:52:54 PDT Subject: Government vs. Markets In-Reply-To: Message-ID: <199410070052.UAA02092@umbc9.umbc.edu> -----BEGIN OF PGP DECRYPTED TEXT----- > At 6:23 PM 10/5/94, Ray Cromwell wrote: > [...] > >[...] Typical of socialists, they are unfamilar with economics > >and resort to semantic games. A monopoly is defined by (1) one seller, > [...] > > I thought it was 49 cents an hour, however, no one ever accused > >a socialist knowing the facts. [...] > [...] > Typical statements of folks who get thier politics from Heinlein novels > and thier understanding of personal interaction from economics 101. [I do not get my politics from Heinlein novels, I got my politics from classical economists. My knowledge of personal interaction comes from years of interacting with net.kooks] Perhaps it was a hasty generalization, but a typical tactic of leftists I have observed, from experience debating in political newsgroups and in their own literature, is that they like to redefine things so it suits their own purpose. When you're debating economics and politics, you do not get to make "monopoly", "coercion", "profit", "wage", etc mean anything you want. Another tendency is that they tend to be ignorant of economics so that they do not understand concepts like opportunity cost, comparitive advantage, rational expectations, and therefore discussing economics gets you know where because all the tools of analysis are removed. How can you analyze the statement "everyone will share everything, everything will be free" from an economic viewpoint? It is a religious statement with no content. > The point being that there is no place for ideological attacks like > this in a 'rational' forum trying to discuss 'real life'. Wait, this > discussion *is* to be considered valid intellectual discourse, right? What if the original poster had said "5 cents an hour + daily whippings delivered by a wall street capitalist?" The point is, his figures were overblown. That is one of Chomsky's main criticisms of western media, such as their numbers on the number of deaths in cambodia. If you use propaganda language, expect to be flamed on it. NOW pulled the same when they clamed 150,000 women die every year from anorexia and SuperBowl Sunday has the highest rate of spousal abuse during the year. Both were completely made up figures. From hobbit at asylum.sf.ca.us Thu Oct 6 18:01:30 1994 From: hobbit at asylum.sf.ca.us (*Hobbit*) Date: Thu, 6 Oct 94 18:01:30 PDT Subject: SIGNATURES in both universes Message-ID: <199410070101.VAA27317@asylum.sf.ca.us> I was thinking about a problem involving two parties signing a file and each keeping a copy, as they would do with a paper contract, and came up with something like the following: Two parties securely exchange public keys, each signed by the other, and verify correctness through some channel like the phone. Party A signs a document, and sends it to B. B adds his signature, so now the document is cryptographically signed by both, and sends a copy back to A. Both parties now have the same file containing signatures from each. Party A later decides to forge an altered document. To do this, he must generate two new key pairs, claiming one as his own and the other as the one B gave him. He uses these to sign the altered document, and now claims that B posesses the forgery and fake keypairs instead, and that the altered document is the genuine one. Party A cannot just fake a keypair for B, because then party A would still be able to verify signatures on BOTH documents, whereas B would only be able to verify his own copy -- this would prove that A had a goofed key for B, I think... In the absence of any third party intervention, it is now only A's word against B's, since NOTHING about either document copy matches the other. The question is, what do we DO about this that would be provable in a [cryptographically clueful] court? [I'm making a BIG assumption here.] In the paper world, A and B sign a document in the presence of a notary, who also signs the document attesting that A and B genuinely signed it. This also implies that the notary can view the contents of the document. It is feasible for party A to later forge a changed document containing bogus signatures of B *and* the notary, given sufficient resources. In the cryptographic world, a trusted third party can sign a document, and then A's altered copy would not match. I also propose that trusted third party [let's call it a Notary] can also sign A and B's public keys, and retain copies of same. [A mental image of a printout of the ascii-armored key block for both parties, tacked to the Notary's wall, comes to mind...] Now the two parties can interact freely using these key pairs, and never need to expose any actual documents to the Notary. If a dispute arises, the Notary can be called in to verify questionable signatures or keys. The Notary can also receive and retain encrypted copies of documents, and be unable to do anything with them except store them away for future reference. Assuming that the Notary is never compromised by either A or B, and could retain some kind of provable trail of document dates, would this work?? How would the compromise of A's key or B's key be handled and still keep any of the documents valid? Does the analogy to forged handwritten signatures and phony dates hold water? Presumably if either A or B has ONE other signature on either of their public keys, let's say from C, then C can be called in to check that signature. From this one can determine which of A or B is lying, since they signed each others' keys in the beginning and THOSE have to also match. This is more a legalistic question than a crypto question, but I'm sure many of us would like to see the use of crypto for this sort of thing sometime down the road. Are there any precedents at all yet? _H* From rcromw1 at gl.umbc.edu Thu Oct 6 18:05:32 1994 From: rcromw1 at gl.umbc.edu (Ray Cromwell) Date: Thu, 6 Oct 94 18:05:32 PDT Subject: Demonizing Denning In-Reply-To: <9410061418.AA00586@snark.imsi.com> Message-ID: <199410070105.VAA03037@umbc9.umbc.edu> Hypothetical: Demonizing Denning might not be a total waste of time. It often works in politics, so if Denning were more in the public eye, it might be effective. If Denning were ever to be appointed to public office, say as a head of cryptopolicy (if said position is ever created), ad hominem attacks could be a successful tool for activism. My personal opinion is Denning is a well-meaning pawn, and the real people to worry about are those who are hidden from our view who are making cryptopolicy. Look at the NII proposal and its tracable digicash clause. Someone had to be amending this stuff, and it's not Al Gore. From lmccarth at ducie.cs.umass.edu Thu Oct 6 18:25:22 1994 From: lmccarth at ducie.cs.umass.edu (Lewis McCarthy) Date: Thu, 6 Oct 94 18:25:22 PDT Subject: the media and their libertarian, bleeding heart views In-Reply-To: Message-ID: <199410070125.VAA17674@ducie.cs.umass.edu> Dave Harvey writes: > > $ Damn the media and their libertarian, bleeding heart views, > > I've never heard a libertarian accused of being a bleeding heart before.... $ Would you call the media conservative? Not! You would call libertarians non-conservative ? > > $ Even animals have the right of self defence [...] including deadly force > > Even against humans ? $ That is the law of nature, in the end it reigns supreme. Are humans natural things ? I think so. Are all acts of natural things themselves natural ? If so, aren't all human actions natural, making the label tautological and therefore worthless for judging the deeds of humanity ? If not, how do you make the distinction between human actions which are "natural" and actions which aren't ? How do you decide which deeds are part of "the law of nature" and which aren't ? -L. McCarthy Question Anarchy ! :) From dave at esi.COM.AU Thu Oct 6 18:38:09 1994 From: dave at esi.COM.AU (Dave Horsfall) Date: Thu, 6 Oct 94 18:38:09 PDT Subject: Richard Stallman of GNU on Tcl (crypto reference) In-Reply-To: <9410061411.AA26533@cfdevx1.lehman.com> Message-ID: On Thu, 6 Oct 1994, Rick Busdiecker wrote: > > "Perl. The only language that looks the same before and after RSA > > encryption." > > This must have come from someone unfamiliar with TECO . . . . I can see you've never used APL ... -- Dave Horsfall (VK2KFU) | dave at esi.com.au | VK2KFU @ VK2AAB.NSW.AUS.OC | PGP 2.6 Opinions expressed are mine. | E7 FE 97 88 E5 02 3C AE 9C 8C 54 5B 9A D4 A0 CD From tcmay at netcom.com Thu Oct 6 18:42:12 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 6 Oct 94 18:42:12 PDT Subject: Who's Pulling the Strings on Crypto? Message-ID: <199410070141.SAA21310@netcom17.netcom.com> Ray Cromwell wrote: > are making cryptopolicy. Look at the NII proposal and its > tracable digicash clause. Someone had to be amending this stuff, and it's > not Al Gore. Let me say a word in defense of Mitch Kapor and Jerry Berman, since they are not here to defend themselves. The EFF believes the government will insist that digital cash be traceable, via the "Digial Cash Forfeiture" proposal. They thus saw no point in fighting this system, it being innevitable, and have been instead helping to make the system more fair and more secure. I hope this clears things up. --Tim Just a joke, before someone gets all worked up. Call me a "one issue voter" if you will, but I think the EFF has given up without a fight on the Digital Telephony battle, and through its "help" made it more palatable to the Congressrodents. Hence, the EFF helped to get it passed (last I heard, earlier today, the House had passed it by voice vote and the Senate was on the verge of taking it up...it may be passed by now). EPIC, CPSR, ACLU, and Shabbir Safdar's "Voters Telecomm Watch" have not shied away from the battle the way the EFF has. I don't know what got into the EFF. Potomac fever? Altitude sickness? --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo at toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay From jamesd at netcom.com Thu Oct 6 18:43:56 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 6 Oct 94 18:43:56 PDT Subject: SIGNATURES in both universes In-Reply-To: <199410070101.VAA27317@asylum.sf.ca.us> Message-ID: <199410070143.SAA07289@netcom7.netcom.com> *Hobbit* writes > > I was thinking about a problem involving two parties signing a file and each > keeping a copy, as they would do with a paper contract, and came up with > something like the following: > > Two parties securely exchange public keys, each signed by the other, and > verify correctness through some channel like the phone. Bad idea. A signature, like a signet ring, must be *publicly* associated with an identity to be useful. Use web of trust. Both A and B have well publicized public keys. Each then sends the other a signed letter saying "I agree to the following provided you also agree to the following" First step: A decent user interface to PGP Zeroth step. Chicago (Yes I know that Unix is the most holy and greatest operating system in the world, but face it. The chairman of the board is *not* going to learn to use unix.) (Windows is incapable of acting as a host, being non pre-emptive, and therefore is a pain on the internet.) -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com