From lcottrell at popmail.ucsd.edu Thu Sep 1 00:04:16 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Thu, 1 Sep 94 00:04:16 PDT Subject: Is this person really speaking for Julf (anon.penet.fi)? Message-ID: <199409010703.AAA29022@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- I was one of the people who suffered from the anon.penet.fi attack which allocated IDs to so many members of this list. I immediately sent a message to admin at anon.penet.fi asking to have the message removed. I just received the reply below. I am not familiar with this person. Does this person speak for Julf? Is the snakemail.hut.fi site associated with the anon.penet.fi site? Thanks for all help. >From: Mari (Black Panther) Sepp{ >Subject: Re: Unauthorized allocation of annon ID. >To: lcottrell at popmail.ucsd.edu (Lance Cottrell) >Date: Wed, 31 Aug 1994 11:48:56 +0200 (EET DST) >X-Mailer: ELM [version 2.4 PL21] > >> I suspect that you are aware of the attack on your system. Hundreds of IDs >> are being created and the annon and real IDs posted to Alt.test. What can >> we do to have these anon IDs removed. > >Yes, those id's that didn't have passwords were attacked. You can delete >the id by sending me mail from the account id is on. > >> Are the anon IDs directly derivable from the source address, or would I get >> a different ID if I reapplied? Many thanks, and hope things are not going >> too bad there. > >If you send a message to ping at anon.penet.fi after the removal you will get >a new id. > > Zarr > > -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLmWJ7VVkk3dax7hlAQFplwP9HBcC55/UABq3dYoZUfslTQwWHSTVM/GW EdyTPa8UdQk5tGdHhNiK7Auqs5yw8fqU2CkBmV8gESNYn7bLHhAN3Pav7OJwA9uv 3GkPgFx+rGLY+0ZbNaN2ne93EPTjsbdydzL44oIKURflUje964c1dp2f35OPT3bI O4S6BDL0CbM= =KUb4 -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.6 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From mimir at io.com Thu Sep 1 02:13:34 1994 From: mimir at io.com (Al Billings) Date: Thu, 1 Sep 94 02:13:34 PDT Subject: Wiretap Bill Alert (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 30 Aug 1994 09:18:10 -0700 From: email list server To: cpsr-announce at Sunnyside.COM Subject: Wiretap Bill Alert Wiretap Bill Alert Voter's Telecommunications Watch (VTW) has issued the attached alert on the pending FBI Wiretap Bill. The Electronic Privacy Information Center (EPIC) is working in conjunction with VTW and other organiza- tions to educate the public on this legislation. Your involvement is crucial -- please contact Rep. Jack Brooks IMMEDIATELY. EPIC is a project of the Fund for Constitutional Government and Computer Professionals for Social Responsibility. =================================================================== Subject: INFO: Status of the Digital Telephony bills (SB 2375 & HR 4922) From: shabbir at panix.com (Shabbir J. Safdar) Date: 29 Aug 1994 23:28:26 -0400 Message-ID: <33u90q$8mk at panix2.panix.com> [updated August 29, 1994 shabbir] ********************************************************************* DISTRIBUTE WIDELY ********************************************************************* Table of contents: Status of the bills Five things you can do RIGHT now to stop Digital Telephony Records of legislators supporting/opposing/wavering on DT Digital Telephony bill FAQ The VTW Press Release Sample Letter To The Editor Who are we and how can you contact us? ------------------------------------------------------------------------------- STATUS OF THE BILLS (updated 8/10/94) Aug 18, 94 HR 4922 reported back to committee (write to Rep. Jack Brooks!) Aug 11, 94 Sen. Leahy & Rep. Edwards hold a joint hearing on the bills in Wash. DC at 1pm in Rayburn 2237. Aug 10, 94 HR 4922 referred to Subcomm. on Civil and Constitutional Rights Aug 10, 94 SB 2375 referred to Subcomm. on Technology and the Law Aug 9, 94 Rep. Hyde officially cosponsors HR 4922 Aug 9, 94 HR 4922 referred to House Judiciary Committee Aug 9, 94 SB 2375 referred to Senate Judiciary Committee Aug 9, 94 Identical House and Senate bills are announced by their respective sponsors, Rep. Don Edwards (D-CA) and Sen. Patrick Leahy (D-VT) EFF states the legislation is "not necessary". VTW will be monitoring this legislation in the same way that we monitored the Cantwell bill, with the blow by blow, day to day updates that cost us significant long distance bills. :-) We're not asking for money though. Don't send us money; we don't want it and it causes us bookkeeping work. Call/write your legislator instead and relay to them the sample communiques below. ------------------------------------------------------------------------------- FIVE THINGS YOU CAN DO *RIGHT* NOW (in their order of importance) 1. Write to the House Judiciary Committee Chairman, Jack Brooks (D-TX) and ask him to oppose the Digital Telephony bill. (HR 4922) 2. Fax/mail a copy of the VTW press release to your local newspaper, tv station, call-in show (everything from NPR to Rush Limbaugh), etc. 3. Write to your legislator (especially if s/he is on the Judiciary Committee (House or Senate) and ask that they oppose the Digital Telephony bills. (SB 2375/HR 4922) 4. Forward a copy of this FAQ to three friends who don't know about it. Or, print it out and place it on a bulletin board at work, at school, hand it out, etc. 5. Write a letter to the editor of your local newspaper, opposing the Digital Telephony bill. 1. CALL/WRITE TO REP. JACK BROOKS, HOUSE JUDICIARY COMM. CHAIRMAN Sample phone Communique: Rep. Jack Brooks Phone: (202) 225-6565 Dear Mr. Brooks, The recent Digital Telephony bills (HR 4922 & SB 2375) disturb me greatly. The FBI has not yet made their case that justifies building wiretap functionality into the telephones of 250 million people to justify the privacy intrusion. Please oppose HR 4922 and SB 2375. Sincerely, _______________________ Sample fax/letter Communique: Rep. Jack Brooks 2449 RHOB Washington, DC 20515 Phone: (202) 225-6565 Fax: (202) 225-1584 The Honorable Jack Brooks, Please oppose Senator Leahy's and Representative Edwards' Digital Telephony bills (HR 4922 & SB 2375). This legislation asks us, the American public, to trade our privacy to ensure law enforcement's future ability to continue to perform wiretaps. Unfortunately, the FBI has yet to make its case to the public to prove that it is unable to administer significant numbers of wiretaps. Telecommunications technology is very new and the change of pace in it is very rapid. The Digital Telephony bills are premature and should not be considered until: -the standards bodies are appointed and include privacy rights groups (not just the Electronic Frontier Foundation) at both the technical and policy levels -the standards are defined and accepted by the three stakeholders (law enforcement, common carriers, and privacy rights groups) -an adequate oversight agency has been given the authority previously allocated to the FCC -the technology has advanced to a point where the effect of such a broad ruling on the undustry can be ascertained. Please oppose HR 4922 & SB 2375. Sincerely, _______________________ If you want to help make legislators responsible for their actions, report this information back to vtw at vtw.org. We'll add their position to our database. 2. Take the press release attached and fax/mail/email it to local tv stations, radio stations, callin shows, newspapers, etc. Drop a note to vtw at vtw.org, where we'll track the coverage. 3. Forward this file to your friends and coworkers. Use it when you phone call-in shows; educate everyone you know. This is literally a "net" effort. Few people outside of the Internet know about this legislation; they would be horrified to discover its existence. Help educate them. 4. Call/write your legislator and ask them to oppose the Digital Telephony bill. Use the sample communiques above. To find your own legislator, contact the League of Women Voters in your area. 5. Write a letter to your local newspaper's editorial page about the Digital Telephony bill. We have attached a sample editorial page letter that you might base your letter upon. Feel free to use significant license. ------------------------------------------------------------------------------- LIST OF LEGISLATORS SUPPORTING/OPPOSING/WAVERING ON DIGITAL TELEPHONY -REPRESENTATIVES All addresses are Washington, D.C. 20515 Dist ST Name, Address, and Party Phone Fax ==== == ======================== ============== ============== 16 CA Edwards, Donald (D) 1-202-225-3072 1-202-225-9460 2307 RHOB House sponsor of the 1994 Digital Telephony bill 6 IL Hyde, Henry J. (R) 1-202-225-4561 1-202-226-1240 2110 RHOB Cosponsor of the 1994 Digital Telephony bill -SENATORS P ST Name and Address Phone Fax = == ======================== ============== ============== D VT Leahy, Patrick J. 1-202-224-4242 na 433 RSOB Washington, D.C. 20510 Senate sponsor of the 1994 Digital Telephony bill ------------------------------------------------------------------------------- DIGITAL TELEPHONY BILL FAQ What are the (DT) Digital Telephony bills and where did they come from? The DT bills were initially introduced by the Bush administration presumably at the request of the FBI. The initial proposals were very unpopular and met with great opposition, preventing them from moving through Congress. The current incarnations of the legislation (SB 2375 & HR 4922) have several features, but basically require the same thing: common carriers must be able to provide law enforcement officers with court orders access to personal communications. (eg, if the FBI presents a court order for a wiretap on your phone calls to NYNEX, NYNEX should be able to provide the FBI with the ability to intercept your communications under the terms of the court order.) To do this will require changes in the telephone equipment we use today. Since this will obviously cost money, the bill appropriates $500 million in Federal money to these carriers to compensate them for the changes. Does this include bulletin boards and Internet sites like Netcom, America OnLine? No, the legislation specifically identifies common carriers. Information Services, such as these above, are not common carriers. How will this affect me? Imagine there's a giant socket on the side of the phone company's equipment that says "FOR FBI USE ONLY" in giant red letters. Imagine if the fine for not implementing that socket was $10,000 per day for the phone company. How many communications carriers do you think will make any noise about the privacy of their customers' communications? Now imagine that you were asked to pay the bill for this. The proposed budget for implementing this functionality is $500 million dollars for 1995-1998. Just how many wiretaps per year are there? In 1992 there were less than 1,000 wiretaps performed. It is important to note that the legislation is targeted towards wiretaps that the government says they cannot implement. Since there is thus far no published evidence of unimplementable wiretaps, turning the nation's phone system into a giant eavesdropping device to prevent a problem which has not yet been documented or become widespread, sacrifies too much privacy for too little gain. Is there ever a legitimate need for law enforcement to conduct wiretaps? Yes, according to the 1992 Government Accounting Office's "Report on Applications for Orders Authorizing or Approving the Interception of Wire, Oral, or Electronic Communications (Wiretap Report)", there were 919 wiretaps authorized in 1992 (there were no requests denied). There were 607 individuals convicted as a result of these wiretaps. Although this is not an excessive amount, it is not ignorable either. However 607 convictions is infinitesmally small when one considers the number of people convicted yearly in the US. Furthermore, the report does not specify if any wiretaps were unimplementable because of advancing technology. The FBI maintains that advancing technology will prevent this, though this has not yet been documented. VTW feels that until the the FBI makes their case to the public, this bill should not be considered as legislation. Why should I be worried about this bill? THE BILL IS VAGUE REGARDING STANDARDS SETTING The bill requires industry standards groups to be formed to work with law enforcement to create technical standards for this functionality. There are a number of problems with this. First is that these standards bodies may not have even been appointed yet, giving incredible power to a presently unnamed group that will be responsible for appointing those bodies. Secondly, these standards bodies do not currently include any public input. There is a delicate balance involved in wiretapping vs. a citizen's privacy. The standards bodies that are proposed do not have any provisions for public input. Public-interest and/or privacy groups should be included at every level (including the technical level) in order to ensure that this balance is found. Without such input, the standards are likely to sacrifice privacy while giving more functionality than is needed by law enforcement to do its job. THE STANDARDS SHOULD BE ACCEPTED BEFORE THE LEGISLATION IS PROPOSED The DT legislation is vague regarding the standards for wiretapping functionality. Many of the questions and problems we have with this legislation stem from the vagueness of the details regarding the standards. The standards body should be appointed (with representatives from law enforcement, industry, and the public at both the technical and high level) and the standards accepted before the legislation is proposed. THE BILL PUTS GREAT POWER INTO STANDARDS AND COMMITTEES THAT DO NOT EXIST YET By empowering standards bodies that do not exist, and mandating standards that do not yet exist, great power is given to those individuals who can appoint the members of the standards bodies. Furthermore, no process is mandated for the appointment of the members of these standards bodies. THE BILL DOES NOT APPOINT AN ADEQUATE OVERSIGHT AUTHORITY In many situations the (FCC) Federal Communications Commission is appointed to be the final arbiter if industry standard bodies cannot agree on technical standards. The FCC currently serves the interest of industry in regulating the communication carriers. Because the Commission serves the interest of both groups, there is a conflict of interest. A different ageny should be appointed and given the FCC's oversight authority. TELECOMMUNICATIONS TECHNOLOGY IS NOT MATURE Telecommunications is a very new technology. Within the last twenty years, we have seen amazing advances in the technology. Ordering the implementation of such a broad privacy- sensitive function will have far-reaching effects on the future of the technology. This legislation should wait until the technology is more stable. ------------------------------------------------------------------------------- PRESS RELEASE [Please fax this to your local newspaper] Voter's Telecommunications Watch invites fellow citizens to join its media awareness campaign by emailing or faxing this press release to one of two media institutions. East of the Mississippi: Burlington Times email: _________ fax: ___________ West of the Mississippi: San Jose Mercury-News email: _________ fax: ___________ VTW is also experimenting with a fax/email chain letter. The document "An Open Letter on Digital Telephony" is currently circulating the Internet. VTW has also prepared an FAQ for Digital Telephony. Point your gopher to panix.com (port 70) and check under the VTW main menu entry, or use the URL: FOR IMMEDIATE RELEASE NEW YORK, NY -- 08/22/94 -- Contrary to popular belief, not all online civil libertarians support the Government's attempts to ensure the FBI can wiretap every citizen. Voter's Telecommunications Watch (VTW), a New York-based online activism group, working in conjunction with the Electronic Privacy Information Center (EPIC) and other privacy advocates, is working to energize and focus the grassroots opposition to the recently introduced Leahy-Edwards Digital Telephony Bill (H.R. 4922, S. 2375). The Digital Telephony Bill would require telecommunications service providers to design all their equipment to allow FBI agents and other government officials to wiretap any telephone conversation -- only if there is a court order permitting it, of course, the FBI promises. Adding this feature to the telecommunications system is costly -- so costly that the bill appropriates $500 million taxpayer dollars to reimburse phone companies for their "reasonable" expenses. "It's objectionable for the FBI to try to make us pay for invading our own privacy," says Alexis Rosen, co-founder of Public Access Networks Corporation, a regional public Internet provider. According to FBI Director Louis Freeh, there were 183 wiretaps in 1993 that would have been facilitated by the digital telephony mandates. "Should we really spend half a billion dollars for a couple of hundred wiretaps that compromise the privacy of two hundred million Americans?" asks Simona Nass, President of the Society for Electronic Access, a New York-based organization devoted to issues of civil liberties and public access. VTW is spearheading a drive to defeat the bill. Using the Internet to keep millions of electronically-connected citizens informed, VTW workers have put together summaries and analyses of the legislation and are tracking the bill's movements through the byzantine halls of Congress. Using this informations, citizens can inundate their representatives at optimum moments. VTW is tracking each influential legislators' position on the Digital Telephony initiative, and periodically publishes a scorecard summary of their positions, party, districts and contact information. To access VTW's anti-Digital Telephony effort, join the VTW electronic mailing list by sending Internet e-mail to vtw-list-request at panix.com. Information is also available via Internet Gopher in the VTW area of gopher.panix.com (port 70). For further information, contact Steven Cherry at 718-596-2851. PRESS CONTACT: Steven Cherry (718) 596-2851(voice mail) stc at acm.org (electronic mail) ------------------------------------------------------------------------------- SAMPLE LETTER TO THE EDITOR [Note, this is Steven Cherry's "Open Letter" on Digital Telephony. Please do not submit it to the New York Times. -Shabbir] An Open Letter Regarding Digital Telephony Digital Telephony, embodied in bills entered into Congress by Sen. Leahy (S.B. 2375) and Rep. Edwards (HR. 4922), would require that telecommunications carriers alter their equipment so as to allow wiretaps and similar surveillance to be performed at the companies' offices, or the offices of law enforcement. In a word, to make telecommunications equipment, "wiretap friendly"; to make a wiretap order executable "at the press of a button." With the help of some civil liberties activists, the bill admirably distinguishes between common carriers and information services. Only the former are subject to its provisions. But the distinction, while clear in the abstract, is hard to make in practice. The mom-and-pop neighborhood bulletin board service or Internet provider is excluded, but even if it is providing store-and-forward message-passing for an individual or other small provider? Indeed, the very definition of common carrier in the proposed legislation is problematic, as the definition relies on that used in the Communications Act of 1934, when just now that Act is being overhauled finally, after sixty years. The bill's authors have sensibly and cleverly left out of the legislation all the details of implementation. It is impossible to object to the bill on the grounds of being unworkable. It is also difficult to object on grounds of the risks to individual privacy, insofar as the risks are largely unquantifiable by virtue of being largely unknown. The very clever lack of any practical detail, however, leads the prudent citizen to question the public expenditure of $500,000,000 -- the figure is likely far too high, or far too low. Indeed, all we know is it is unlikely to be correct, and we therefore object to it as being unrealistic to the needs of the enterprise. In point of fact, one other thing is known about this figure -- it is but a fraction of the total expenditures resulting from the mandates of the bill. The balance will be borne by the common carriers, who, in turn, will either have to raise rates, reduce services, or restrict investment and expansion of their business at the very moment in the history of telecommunications that calls for them to do just the opposite. Indeed, the very forces of technological change that caused law enforcement to request this bill demand that it be defeated. We would like to return to the issue of increased risks for a moment. While unquantifiable, they are equally undeniable. The more facile the system, the more it will be overused and error-ridden. We must of course balance risk with reward. Who would refuse an extra paycheck for fear of getting a papercut? We must ask, what are the rewards of digital telephony? The FBI Director has variously stated the number of cases where a wiretapping was subverted by a digital switch or signal, offering contradictory figures from a low of 80 to a high of 183. The Director has not said all of them, or even any of them, were cases where a conviction was not obtained, or where a conviction could have been obtained with the wiretap, or could only have been attained with a wiretap. Of course, only these last possible instances really lend any justification to digital telephony. It is quite clear that digital technology offers more challenges to law enforcement than digital switches and signals. The object of a wiretap can easily use unbreakable encryption to protect the privacy of his or her communications. While the transmission of a message would be intercepted, the content would still evade the eyes and ears of law enforcement. Indeed, any, or all, of these 80 or 183 cases could have been subsequently frustrated by encryption even had digital telephony solved the initial digital barrier. Let us state the potential rewards as generously as possible -- or even more generously than possible. There were approximately 1000 wiretaps in 1993. Let us imagine, contrary to actual fact, all of these to be subverted by digital technology. Let us imagine the number to double in coming years. (Any or all of which could remain private through encryption.) 2000 cases. Weighed against these are the 200 million Americans whose security and privacy are compromised by digital telephony. Well, what if the number of wiretaps doubles again, and again and again? Don't 20,000 or 30,000 wiretaps, hypothetically, justify? Perhaps. But what kind of society needs so many police listening in on the private lives of so many people? At what point do we regret the lack of a public policy debate on mass wiretapping of the American citizenry? We do not live in a police state nor will we. And so we are back to supposing a massive technological effort at great expense to achieve a modest wiretapping program of small, perhaps almost nonexistent, benefit. To sum up, it is as if the entire city of population 25,000, were to have its telephone system restructured, its citizen's phone privacy compromised, all to make effective a wiretap on a single alleged drug peddler or gangster, which wiretap may or may not help in convicting the offender, if indeed he or she is guilty. All at a cost of $62,500 to the taxpayers, and more to the local telephone companies and their ratepayers. For all these reasons, the unclarity, the expense, the risks to privacy, and the lack of substantive benefits, separately and together, we oppose this bill. Steven Cherry stc at acm.org ------------------------------------------------------------------------------- CONTACT INFORMATION The Voters Telecomm Watch is a volunteer organization dedicated to monitoring federal legislation that affects telecommunications and civil liberties. We are based primarily out of New York, though we have volunteers throughout the US. Voters Telecomm Watch keeps scorecards on legislators' positions on legislation that affects telecommunications and civil liberties. If you have updates to a legislator's positions, from either: -public testimony, -reply letters from the legislator, -stated positions from their office, please contact vtw at vtw.org so they can be added to this list. Voice mail: (718) 596-2851 General questions: vtw at vtw.org Mailing List Requests: vtw-list-request at vtw.org Press Contact: stc at vtw.org Gopher URL: gopher://gopher.panix.com:70/11/vtw WWW URL: We're working on it. :-) --- CPSR ANNOUNCE LIST END --- To alter or end your subscription to this mailing list, write to listserv at cpsr.org. For general information send the message: HELP To unsubscribe, send the message: UNSUBSCRIBE CPSR-ANNOUNCE You need to do this from the same machine you subscribed from. In both cases, leave the subject blank, or at least not resembling an error message. From j.hastings6 at genie.geis.com Thu Sep 1 03:16:56 1994 From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com) Date: Thu, 1 Sep 94 03:16:56 PDT Subject: State Declaration of Ind. Message-ID: <199409011006.AA047183972@relay2.geis.com> Neil admits that the following is not agorist, (or crypto-anarchist), but is a great republican idea: "...here is a ballot initiative I and a couple of other guys drafted while I was in Colorado (well, actually second draft which I did solo) immediately following the passage by the U.S. Senate of the crime bill containing the assault weapons bans. I will be devoting a considerable about of my energies in the forseeable future -- my life, fortune, and sacred honor, in fact -- to trying to get as many states as possible to put this on the ballot and start creating some free countries." *** THE AMERICAN INDEPENDENCE BALLOT INITIATIVE Preface In States where the people may place this initiative on the ballot to amend the State Constitution by direct ballot initiative, the proponents of this initiative should form a committee to do so and to combat legal challenges to the initiative being placed on that State's ballot. In States with no direct initiative procedures, or where legal impediments or challenges prevent this Initiative from being placed on the ballot, a political party may adopt, or be newly formed to adopt, the platform of placing this initiative on the ballot by whatever legal procedure is required in that State in order to effect its consideration. Question Shall [YOUR STATE] declare independence from the United States of America. Purpose The Declaration of Independence adopted by the Continental Congress dated July 4, 1776, states as follows: "We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty, and the pursuit of Happiness. That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed,-- That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness." A long train of abuses by the Congress of the United States, the Judiciary of the United States, and the Executive Branch of the United States having infringed upon the rights, privileges, immunities, and powers of the people of [YOUR STATE], in direct contravention to the purposes of the Declaration of Independence and the rights enshrined in the first ten articles of amendment to the Constitution of the United States, We the People of [YOUR STATE] do hereby resolve, effective immediately, the following: Resolved: That [Your State] does hereby declare itself independent of, and does hereby secede from, the United States of America, declaring itself the free and independent [YOUR STATE] Republic. All persons born in the territory or state of [YOUR STATE] or currently residing in this Republic are hereby deemed citizens of the Republic, and all individuals residing in the Republic or who otherwise are citizens of the Republic who have attained the age of 16 years are declared to be Sovereign Individuals, possessing all rights, privileges, and immunities, and subject to all duties, responsibilities, and penalties, of adults living in a free Republic. The legislature of [YOUR STATE] is hereby dissolved, and the Governor of [YOUR STATE] is hereby appointed President Pro Tem of the Republic and Commander-in-Chief Pro Tem of its State Guard and Militia, which consists of all Sovereign Individuals of the age of 16 or greater capable of bearing arms; however, no individual who conscientiously objects to Militia service shall be required to bear arms. The vote of no Representative or Senator from the state of [YOUR STATE] to the Congress of the United States shall be regarded as binding upon the will of the people of [YOUR STATE] in its relations as an independent Republic with the United States; however, such senators and representatives may retain their seats until the natural expiration of their terms of office, or until their offices are abolished by a Constitutional Convention of the Republic, which ever shall occur first. Within 90 days of the adoption of this Initiative there shall be a Constitutional Convention to propose amendments to the Constitution of [YOUR STATE] in order to enact a permanent Constitution for the Republic, and any Sovereign Individual of the age 21 years or older who holds the proxies for 2500 other Sovereign Individuals of the age of 16 years or older shall be seated as a voting Delegate to the Convention, empowered to elect presiding officers of the Convention, to adopt the Rules of Order, and to decide upon all business that shall come before the Convention, except with the following limitations: that the Declaration of Rights which is enacted as part of this Initiative shall be the permanent and supreme Law of the Land, not subject to repeal, alteration, or abridgement by the Constitutional Convention or any deliberative body which shall follow it; that a Delegate to the Constitutional Convention shall be seated only so long as the sufficient number of proxies is maintained, and such proxies are revocable at any time during the Convention by notice to the recording Secretary of the Convention; that the Convention may be reconvened under these same limitations to propose new amendments at any time after ratification of the Convention by a majority of those voting in a popular initiative, and that all proceedings of this and subsequent Constitutional Conventions shall be available for public viewing and broadcast. Each Delegate to the Convention shall have one vote on the floor of the convention, irrespective of the number of proxies that Delegate holds in excess of the minimum number required to be seated. The proposed Constitution ratified by a majority vote of seated Delegates shall be submitted to a popular referendum within 120 days of the seating of the [a number representing 10% of your state's population]th Delegate, which shall be a quorum for the Constitutional Convention to begin. Every Sovereign citizen of the Republic having attained the age of 16 shall be entitled to vote in this referendum, and a majority vote in this referendum shall adopt the Constitution, which shall go into effect immediately. Within 90 days from the adoption of the Constitution, but in no event later than 180 days from the adoption of this Ballot Initiative declaring independence, all currently held elected, appointed, and civil offices of [YOUR STATE], including the presidency-pro-tem, shall expire, and the Republic shall hold such general elections as are mandated by this Ballot Initiative and created by the Constitution of the Republic. If the people have failed to approve a Constitution within 180 days from the adoption of this ballot initiative, then all legislative, judicial, and executive authority of the Republic shall remain with the Constitutional Convention or, respectively, with the people in popular referenda, until such time as a Constitution is approved by the people. The Constitutional Convention shall as its first order of business after the election of presiding officers and adoption of Rules of Order appoint an Ambassador to the United States of America to open communications for the purpose of discussing such subjects as are of interest to the people of the United States of America and the people of the Republic, to seek a peaceful divorce and coexistence. Any other State, Province, or Republic which shall adopt the following Declaration of Rights in total and without alteration may join in free Confederation with this Republic; and the Sovereign Individuals of those States, Provinces, and Republics shall be entitled to all privileges and immunities of the Republic; and all public acts, records, and judicial proceedings, of such a State, Province, or Republic shall be given full faith and credit by the Republic. Alternatively, if the several states of the United States of America should adopt this Declaration of Rights into the Constitution of the United States of America in total and without alteration, the Republic shall, by popular initiative, vote whether it shall rejoin the United States. DECLARATION OF RIGHTS All Individuals within the borders of the Republic, and those of its Sovereign citizens abroad, are hereby declared to hold the following unalienable Rights, and this Declaration of Rights shall be the Supreme Law of the Land of this Republic, not subject to repeal, abridgement, or amendment; and all laws or regulations of the State of [YOUR STATE], or of the United States of America, which are repugnant to these Rights are immediately null and void: To be free from laws respecting an establishment of religion or taxing or prohibiting the free exercise thereof; or taxing or abridging freedom of speech, or of the press, or of communication public or private; or peaceably to assemble, or to petition the Government for a redress of grievances; or to travel freely domestically or abroad. A standing Army being repugnant to the people's Liberty and creating a likelihood of foreign military adventures, and public liberty and security being predicated on the ability of Sovereign Individuals to act on behalf of their individual liberties and personal safety, a popular Militia is the natural defense of a Free Society, and posse comitatus drawn from such Militia is the best protector of public order and safety; however, no individual who conscientiously objects to Militia service shall be required to bear arms. The Right of all Individuals to keep, own, and carry, openly or concealed, any arms for defense of themselves, the public peace, and the Republic shall not be called into question in any place in the Republic, except for those persons being held to answer for an infamous crime or those who having been convicted of an infamous crime have had restrictions placed on their liberty as a condition of probation or parole, or in places where such persons may be incarcerated; nor, other than requirements that may be enacted for training of the Militia, shall the government place any burdens on the acquisition, possession, or ownership of arms; nor shall privately owned arms be enumerated or registered with any authority by force of law; nor shall any taxes, tariffs, fees, or regulations be placed on the manufacture of or trade in personal or militia arms; nor shall any Individual be held criminally or civilly liable for any reasonable act in defense of life, liberty, property, or the public peace; nor shall any sworn police or peace officer have any greater Rights or powers than those available to any Sovereign Individual. Neither slavery nor involuntary servitude, except in punishment for a crime whereof the party be duly convicted, shall exist in the Republic or any place subject to its jurisdiction. No Sovereign Individual in the Republic may be denied or have abridged by law, public, or official act, any Right, privilege, or immunity held by the people as a whole; and any official, elected, appointed, or otherwise receiving remuneration from public funds, who violates the least of these Rights, even to proposing or supporting a law that would violate the Rights set forth in this Declaration, shall be held personally liable, criminally or civilly, for any damage or dishonor against any or all Sovereign Individuals of the Republic; and upon conviction of Criminal Violation of Sovereign Rights may as part of punishment be further barred from holding any office or position of public trust in the Republic thereafter. No military or government personnel shall be quartered in any house without the consent of the Owner. The right of all Individuals to be secure in their persons, houses, documents, files, private communications, and effects shall not be violated, nor any warrants shall issue, but upon probable cause, supported by Oath or affirmation, by a Grand Jury elected yearly by the People, and particularly describing the place to be searched and the Individuals or things to be seized, and if such Warrant shall have come about by perjury, malice, manufacture of false evidence, or malfeasance by any Individual, such individual shall be held to answer, criminally and civilly, for such malfeasance. and Individuals not charged, or adjudicated to be innocent, shall be compensated in full from public funds for any costs or damages resulting from such a search, seizure, charges, or trial resulting therefrom. No Individual shall be held to answer for a capital or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury elected yearly by the People, except in cases arising in the Militia when in actual service in time of war or public danger; nor shall any act be a crime in which it can not be proved that one or more actual Individuals was caused harm or could likely have been caused harm; nor shall any individual be held to answer as an adult for a capital or otherwise infamous crime who has not enjoyed the full rights, privileges, and immunities of an adult; nor shall any Individual be subject to charges arising from the same offense to be twice put in jeopardy of life, limb, or loss of property after an acquittal or failure of a Jury in a criminal trial to reach a conviction; nor shall anyone be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property without due process of law. Any Sovereign Individual in the Republic may petition a Grand Jury to bring criminal charges against any public official he believes has violated his Rights; and if the person who might be charged sits upon that Grand Jury, that Grand Juror shall be recused and the charges considered by the remaining Grand Jurors. No magistrate may impose a punishment upon any Individual for Contempt of Court except by presentment or indictment by a Grand Jury and conviction on the charge in a criminal trial by Jury. No private property shall be taken for public use without full and just compensation, upon a vote of two-thirds of those voting in a popular referendum and for no other purpose than a clear and present danger to the Sovereign Individuals of the Republic or equally grave public purpose. Neither the Republic nor any of its subdivisions may have title to real property, nor may the Republic demand public use of private property, with the exception of rights of way necessary to the public's right to travel and engage in free commerce and recreation, national cemeteries, embassies and consular offices; and the devolution of public property into private ownership shall balance the public interest with the conservative advantages of private stewardship. In all criminal prosecutions the accused shall enjoy the Right to a speedy and public trial by an impartial jury of the district wherein the crime shall have been committed, which district shall have been previously ascertained by law; and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of competent and energetic Counsel for his defense. Furthermore, in all criminal prosecutions and civil matters each jury shall be selected from a pool of rational Sovereign Individuals who have demonstrated in their lives common sense, courage, a knowledge of the law in general and of the issues of the specific crimes being charged or issues being litigated, and shall be of a sufficient moral stature to overcome any preconceptions or prejudices that may have arisen in their minds from public discussion of the case prior to the commencement of trial; and each jury shall have the power to rule both upon the facts of the case and to nullify any charge or law for that case they consider to be unjust, and shall not be bound to the precedents established in any prior case; and the judge for each trial shall be elected by the jury and no fact or issue of law shall be considered except in open court with the full jury present. Excessive bail shall not be required nor excessive fines be imposed nor cruel and unusual punishments inflicted, nor shall punishment be the primary purpose of criminal law except that it seeks redress on behalf of victims for harms caused by a criminal act. In suits at common law, where the value in controversy shall exceed five troy ounces of .999 fine gold, the Right of trial by jury shall be preserved, and no fact tried by a jury shall be otherwise reexamined in any Court of the Republic, than according to the rules of the common law. No law, treaty or contract shall exist in the Republic unless written in plain language understandable to an Individual of average intelligence and literacy; and all laws and treaties under consideration in any deliberative governmental body shall be made available free for examination to all Sovereign Individuals in the Republic; nor shall any law or treaty be enacted that is of such excessive length, or which has been so recently drafted, that the public has not had time to contemplate its effects. No law shall exist whose purpose is to prevent an adult individual from causing harm solely to himself or his own property, nor conversely from seeking to enhance his own health or well-being by chemical, medical, herbal, physical, or other means; nor shall the possession of medicinal substances, herbs, or materials used in growing or preparation of them be prohibited or burdened; nor shall any Individual be taxed to pay for his own future needs; nor shall the practice of medicine, or of the law, or of any other Profession or livelihood be licensed or regulated by the Republic or subdivisions thereof; nor shall any private and discreet religious, economic, or sexual practice between or among consenting adults be a subject of law. No law shall exist in the Republic that shall prohibit the termination of a pregnancy except that the fetus be healthy and viable apart from its mother's womb and there exists an individual capable of and committed to the adoption of the fetus when born and to assume all costs of support for the mother through the birth of the child, any costs relating to the birth, any costs of care for the mother and any of her other dependent children resulting from the continuation of the pregnancy to term, and burdens of parenthood for the fetus when born, in which case an abortion of such a fetus shall be tried as homicide; but in the event that no qualified person has committed to all these costs and responsibilities, then no criminal or civil charges for the abortion of even a viable and healthy fetus shall be permitted. No law shall prohibit any Sovereign Individual from using as a medium of exchange any legal commodity, nor require any Sovereign Individual to accept any note as legal tender, nor shall the Republic issue any currency not backed by a commodity in the Republic's treasury, nor shall the Republic or any of its subdivisions contract a bond or debt mortgaged upon the government's ability to collect future revenues except in time of war or public disaster. No tax shall be levied without the majority of the people voting in a direct referendum; and furthermore no tax may be levied except that it is to be used for a specific public purpose and no revenue raised for one purpose may be used for another without the majority of the people voting in a direct referendum; and no tax may be enacted such that it requires burdensome accounting or is ambiguous in its requirements or requires professional assistance to understand or comply with it; nor shall any Sovereign Individual suffer any criminal penalty for failure to pay a tax or evasion thereof. In all tax cases or other civil cases in which the government shall be a plaintiff against a Sovereign Individual or private property, all protections accorded to a defendant in a criminal proceeding shall be afforded to the defendant or property owner; neither shall there be any civil forfeiture of private property to the government except after judgment in a jury trial. The government may neither operate any enterprise in competition with a private enterprise; nor by grant of monopoly, subsidy, or other advantage to a private enterprise discourage free competition in any service or product offered to the public; nor prohibit or burden any private enterprise which would provide a service or product previously offered by a unit of government or enjoying an advantage due to government privilege. The enumeration in this Declaration of certain Rights shall never be construed to deny or disparage others retained by the People; and while no Rights here enumerated may be abolished or abridged by constitutional amendment or law, nothing here shall be constructed to prevent additional limitations on public power to enhance the protection of the people from tyrannical abuse. In all questions relating to the Construction of these Rights, let decisions be ruled according to the original intent of the framers of this Declaration, that Individual private powers be nurtured and the Sovereign Individual be protected from the natural tendency of any government to expand the sphere of public power. The protection of these Rights shall be the first and last duty of all persons holding any office of public trust, and the interpretation of these Rights shall firstly and lastly be decided by the Sovereign Individuals of the Republic, as expressed in their acts as members of juries and Grand Juries. First draft of this Initiative and Declaration of Rights was submitted by Scott Paul Graves, J. Neil Schulman, and Timothy H. Willis on August 26, 1994. This draft submitted by J. Neil Schulman, August 28, 1994. Reply to: J. Neil Schulman Mail: P.O. Box 94, Long Beach, CA 90801-0094 Voice Mail: (on AT&T) 0-700-22-JNEIL (1-800-CALL-ATT to access AT&T) Fax: (310) 839-7653 JNS BBS: 1-310-839-7653,,,,25 Internet: softserv at genie.geis.com Post as filename: BALLOT.TXT Blame this very long post on Kent - j.hastings6 at genie.geis.com From sommerfeld at orchard.medford.ma.us Thu Sep 1 05:40:03 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Thu, 1 Sep 94 05:40:03 PDT Subject: Cyberspatial governments? In-Reply-To: <199409010045.RAA07345@servo.qualcomm.com> Message-ID: <199409011222.IAA00420@orchard.medford.ma.us> > Indeed, many government policies can be understood only from this > perspective. Clipper is a perfect example. Key escrow exists only > because the NSA doesn't want to risk blame if some terrorist or drug > dealer were to use an unescrowed NSA-produced algorithm. If this is indeed the case, Matt Blaze's results should be particularly devastating to them. - Bill From ravage at bga.com Thu Sep 1 06:05:51 1994 From: ravage at bga.com (Jim choate) Date: Thu, 1 Sep 94 06:05:51 PDT Subject: State Declaration of Ind. In-Reply-To: <199409011006.AA047183972@relay2.geis.com> Message-ID: <199409011305.IAA05299@zoom.bga.com> What a waste of time. There is no way that any reasonable person will accept or support such an action. Wake up and smell the roses dude... If you really want to fix the problem them how about reading the Constitution and demanding that your EXISTING representatives uphold the sacred oath they have sworn to uphold. Yes, this country has problem. No, they are nowhere near bad enough to render the union. Get a clue. From bdolan at well.sf.ca.us Thu Sep 1 06:31:10 1994 From: bdolan at well.sf.ca.us (Brad Dolan) Date: Thu, 1 Sep 94 06:31:10 PDT Subject: Art Gallery on internet needs PGP signatures Message-ID: <199409011330.GAA19093@well.sf.ca.us> Hey PGP gurus: A Mr. Ken Nahan (of New York, *I think*) was on the NBC Today show this morning, discussing his plans to set up a commercial art gallery on the internet. He intends to set up some kind of server with graphic images and text descriptions of works of art which are for sale. He also wants to be able to accept bids via the internet. Some knowledgeable person should talk to him about digital signatures, PGP, etc. Regards, Brad bdolan at well.sf.ca.us From perry at imsi.com Thu Sep 1 06:35:02 1994 From: perry at imsi.com (Perry E. Metzger) Date: Thu, 1 Sep 94 06:35:02 PDT Subject: Bad govt represents bad people? In-Reply-To: <1994Aug31.161253.1181968@gorgias.ilt.tc.columbia.edu> Message-ID: <9409011333.AA16822@snark.imsi.com> Rachel_P._Kovner at gorgias.ilt.columbia.edu says: > perry at imsi.com wrote: > >Actually, as public choice economic theory has shown, bad government > >tends to be the inevitable result of the evolutionary pressures on > >government and government officials. This is not to say that some > >government programs are not occassionally well run or that some > >government officials are not legitimately "trying their best", but > >that the pressure on the whole system is to go towards maximum > >corruption, just as the evolutionary pressure on organisms is to only > >follow survival-prone strategies. > > I would agree with you that there is a natural evolutionary trend > towards bad government - however, I do not think of this process as > inevitable. The "eternal vigilance" quote I cited was merely my way > of saying that "bad government" -will- come about if people do not > protect their rights, because of this 'evolutionary pressure' of > which you speak. Therefore, it's very important for a society to > resist this evolutionary pressure. No society thus far has succeeded. Every government in history to date has descended into corruption or warfare and fallen one way or another within at most a few hundred years. I place my faith in what I can see, not on what I can speculate about. Thus far no one has succeeded in stopping this sort of decay, and I have no reason to believe the U.S. is any different. "Eternal Vigilance" is a nice phrase, but it doesn't appear that its ever happened. Its fine to say that it would be nice for the people to guard their own rights -- but since they never do, one might as well talk about how it would be nice if everyone was morally perfect. > There will always be people out there who will attempt to encroach > on our liberties - sometimes they will succeed, sometimes they will > fail. It depends on how much support they have and how much > resistance they encounter. They've never failed -- thats the thing. France has had five or six or seven governments since its revolution depending on how you count them. Italy's government was barely a few years old following the last war when it became nothing more than a graft generator. Of all the nations of Europe, only England in some sense can be said to have survived more than the last sixty or seventy years without a major change of government -- and it might be said that England's government changed radically following the reforms of the last century and the Parliament Act of 1911. (Well, some of the Scandanavian countries are also partial exceptions, but not especially big ones.) Europe is considered the "advanced" part of the workd, ladies and gentlemen. The U.S.'s record of surviving over 200 years without a major upheaval is quite an unusual thing. > It is up to the people of a country to resist bad government - > otherwise, although they will be the victims of bad government, they > will have contributed to bringing it upon themselves. But the people almost never resist. Usually, they want the bad government -- it needs them to survive. From Rachel_P._Kovner at gorgias.ilt.columbia.edu Thu Sep 1 08:24:45 1994 From: Rachel_P._Kovner at gorgias.ilt.columbia.edu (Rachel_P._Kovner at gorgias.ilt.columbia.edu) Date: Thu, 1 Sep 94 08:24:45 PDT Subject: Bad govt represents bad people? Message-ID: <1994Sep01.061638.1184863@gorgias.ilt.tc.columbia.edu> perry at imsi.com wrote: >They've never failed -- thats the thing. France has had five or six or >seven governments since its revolution depending on how you count >them. Italy's government was barely a few years old following the last >war when it became nothing more than a graft generator. Of all the >nations of Europe, only England in some sense can be said to have >survived more than the last sixty or seventy years without a major >change of government -- and it might be said that England's government >changed radically following the reforms of the last century and the >Parliament Act of 1911. (Well, some of the Scandanavian countries are >also partial exceptions, but not especially big ones.) Europe is >considered the "advanced" part of the workd, ladies and gentlemen. >The U.S.'s record of surviving over 200 years without a major upheaval >is quite an unusual thing. I agree with you that the U.S. is unusual in this way - but I would say that part of the reason the US has been so successful in warding off 'bad government' is because Americans have traditionally been very concious and protective of their liberties, more so than the French and Italians, and even more so than the Brits. I would suggest that this supports my 'eternal vigilance' statement, because it is only the country that has been most protective and concious of its rights that still has it's rights. (Having a written Constitution has helped a bit, too...) >But the people almost never resist. Usually, they want the bad >government -- it needs them to survive. Well, that's an awfully pessimistic attitude, but I think you would certainly agree that some countries in the world have worse government than others. I would say that the government reflects the people - the countries with the best government tend to be those with the citizenry which is most aware of the dangers of big government. Even if those countries eventually succumb to bad government, they will have succumbed because they cease to resist the big G. My point is this - G(g)overnment reflects the people in that it is the people who ultimately must insure that their rights are protected. If they don't, history has shown, 'bad Government' will take over. American liberties have survived in some form for so long because Americans have made efforts to maintain them - not because the forces which try to restrict/remove our liberties are not their. By the same coin, since these forces are always there, when the US gives into them it will be because our citizenry is no longer vigilant in resisting these forces. rk ---------------------------------------------- Delivered by the NLTL Internet Gateway From tcmay at netcom.com Thu Sep 1 11:18:45 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 1 Sep 94 11:18:45 PDT Subject: Art Gallery on internet needs PGP signatures In-Reply-To: <199409011330.GAA19093@well.sf.ca.us> Message-ID: <199409011818.LAA09850@netcom13.netcom.com> > A Mr. Ken Nahan (of New York, *I think*) was on the NBC Today show > this morning, discussing his plans to set up a commercial art gallery > on the internet. He intends to set up some kind of server with graphic > images and text descriptions of works of art which are for sale. He > also wants to be able to accept bids via the internet. > > Some knowledgeable person should talk to him about digital signatures, > PGP, etc. There's an interesting connection between art, forgeries, and public key crypto. I heard about this some years ago, and not since, so I guess the idea never really caught on. A company in L.A., "Light Signatures" as I recall, was selling a system that took an optical scan, a line scan from one corner of an object to another. (On a paiting, for example.) The resulting bit sequence (of pixel values) could then be encrypted with the private key of the creator, or appraiser, or whatever. This would be the "provenance" of the work. Out in the "field," in the auction houses, for example, the signature could be verified by taking the digital signature, applying the _public_ key, which would then generate the sequence of pixel values, and comparing it what a field scanner actually saw. (The idea is the familiar one, applied slightly differently.) A main use was predicted to be making "unforgeable" machine parts, like crankshafts, engine blocks, etc. The pattern of scratches, surface marks, etc., could be 'signed' by Harley-Davidson, Ferrari, etc. (apparently they are plagued by forgeries). There are some obvious technical issues of error tolerance (have to tolerate a few new scratches, marks without compromising the security), where to stamp the number, etc. I thought it a novel idea, back in 1988, and I'm somewhat surprised the idea seems to have never reached commercialization. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From ravage at bga.com Thu Sep 1 11:39:24 1994 From: ravage at bga.com (Jim choate) Date: Thu, 1 Sep 94 11:39:24 PDT Subject: Revisionist History of the US....:( Message-ID: <199409011839.NAA22563@zoom.bga.com> Hi all, I am not going to name names but I would like to address the comment that several folks have made (or agreed with) that the US has gone 200 years w/o a major upheaval. Maybe I am taking a alternate History than you folks but I believe the Civil War can be considered a major internal upheaval and it occured 4 score and 7 years (87 years) after the birth of our country. Since then we have also had the civil rights upheaval (if you don't want to consider deaths of folks like MLK major that is your business) in the late 50's and early 60's as well. Especially when you consider the political and social turmoil that occured because of the Vietnam War. What I find most interesting about this chronology is that the upheavals occur approximately every hundred years since our founding. The fact that the present problems we are having w/ the administration recognizing and the general populace demaning their civil liberties/rights is apparently early by approximately 70 years. Perhaps the present administration is really as progressive as they claim...:) Take care. From blancw at pylon.com Thu Sep 1 13:15:29 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 1 Sep 94 13:15:29 PDT Subject: Problems with anonymous escrow 2--response Message-ID: <199409012015.NAA08436@deepthought.pylon.com> Responding to msg by solman at MIT.EDU The skills of an entity without any reputation capital are absolutely worthless. But usually an anonymous entity will come around brandishing all sorts of certifications (reputation capital). .......................................................... Well, I was thinking that certifications & reputations wouldn't mean all that much to me, nor either knowing or being unfamiliar with someone's identity (or pseudonymity). I would be more convinced with a demo. Something which could demostrate facility or ability would be more valuable to me than a second-hand proof. I realize some professions cannot provide such demonstrations, but I myself would rather have a way of making decisions based on the excercise of first-hand judgement whenever possible. This anonymity/identity and certification/reputation business looks to me like trying to have one's cake and eat it, too, as the expression goes. A featureless landscape with remote associations to actual substance so as to both please the aloof-ers & appease the uncertain. It's a bit odd, because for every method which is found by which to hide, another method is found by which to reveal what was heretofore undetectable in Nature. While scientists push back the envelope & reveal what was previously 'invisible' to our eyes, others work to effect stealth techniques against the tools of Consciousness. Kind of strange, though interesting. Blanc From blancw at pylon.com Thu Sep 1 13:15:33 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 1 Sep 94 13:15:33 PDT Subject: Alt.Gvmt.Bad.Bad.Bad Message-ID: <199409012015.NAA08437@deepthought.pylon.com> Responding to msg by Michael Conlen: Theft could be from thoes who do not protect there property and from thoes who do not respect others property, so can it also be said that 'bad government' can be from people not protecting there rights and people who have no respect for the rights of others? ............................................................... What should really be said is that theft does not happen of its own accord; someone must decide to accomplish the so-called criminal act. To describe theft as the result of another's inaction is to imply that human action of any kind is mostly automatic, that there is a pull like gravity which will cause action upon intelligence the way gravity affects inanimate objects, and that nothing better could be or should be expected from it. It is also to imply that the possession of intelligence is negligible because any opportunity for taking advantage of another's vulnerability will be irresistible to humans, as if they were basically scavengers looking for the spoils of other people's negligence. In which case, rather than speaking of bad government, the subject should be a question on the existence of intelligence & the possibility for morality. I don't know who would be qualified to discuss it, though, without the possession of the one and an appreciation of the other. Blanc From blancw at pylon.com Thu Sep 1 13:43:35 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 1 Sep 94 13:43:35 PDT Subject: (Fwd) Re: Alt.Gvmt.Bad.Bad.Bad Message-ID: <199409012044.NAA09073@deepthought.pylon.com> Responding to msg by Michael Conlen: Theft could be from thoes who do not protect there property and from thoes who do not respect others property, so can it also be said that 'bad government' can be from people not protecting there rights and people who have no respect for the rights of others? ............................................................... What should be said is that theft does not happen of its own accord; someone must decide to accomplish the so-called criminal act. To describe theft as the result of another's inaction is to imply that human action of any kind is mostly automatic, that there is a pull which will evoke action upon intelligence the way gravity affects inanimate objects, and that nothing better could be or should be expected from it. It is also to imply that the possession of intelligence is negligible because any opportunity for taking advantage of another's vulnerability will be irresistible to humans, as if they were basically scavengers looking for the spoils of other people's negligence. In which case, rather than speaking of bad Government, the aim should be to question the existence of intelligence & the possibility for morality. I don't know who would be qualified to discuss it, though, without the possession of the one and an appreciation of the other. Blanc From blancw at pylon.com Thu Sep 1 13:43:41 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 1 Sep 94 13:43:41 PDT Subject: (Fwd) Re: Problems with anonymous escrow 2--response Message-ID: <199409012044.NAA09075@deepthought.pylon.com> Responding to msg by solman at MIT.EDU The skills of an entity without any reputation capital are absolutely worthless. But usually an anonymous entity will come around brandishing all sorts of certifications (reputation capital). .......................................................... Well, I was thinking that certifications & reputations wouldn't mean all that much to me, nor either knowing or being unfamiliar with someone's identity (or pseudonymousness). I would be more convinced with a demo. Something which could demostrate facility or ability would be more valuable to me than a second-hand proof. I realize some professions cannot provide such demonstrations, but I myself would rather have a way of making decisions based on the excercise of first-hand judgement whenever possible. This anonymity/identity and certification/reputation business appears something like trying to have one's cake and eat it, too, as the expression goes. A featureless landscape with remote associations to actual substance so as to both please the aloof-ers & appease the uncertain. It's a bit paradoxical that for every method which is found by which to hide, another method is found by which to reveal what was heretofore undetectable in Nature. While scientists push back the envelope & reveal what was previously 'invisible' to our eyes, others work to effect stealth techniques against the tools of Consciousness. Kind of strange, though interesting. Blanc From jkreznar at ininx.com Thu Sep 1 14:13:08 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Thu, 1 Sep 94 14:13:08 PDT Subject: Bad govt represents bad people? In-Reply-To: <1994Sep01.061638.1184863@gorgias.ilt.tc.columbia.edu> Message-ID: <9409012112.AA02543@ininx> -----BEGIN PGP SIGNED MESSAGE----- Rachel_P._Kovner at gorgias.ilt.columbia.edu writes: > perry at imsi.com wrote: > >But the people almost never resist. Usually, they want the bad > >government -- it needs them to survive. > Well, that's an awfully pessimistic attitude,... Well, look around you. Examples abound. One of the origins of this thread was Phil Karn's observation that it's the ham radio operators themselves who demand curtailment of other hams' freedoms. One of the biggest threats to freedom right now is the government takeover of health care. Is this being pushed by a ruling elite on a recalcitrant population? No! Most of the driving force is coming from the people themselves, each trying to get his neighbor to pay the bill. The list goes on and on. Ending bad government begins with refusing to accept its ``benefits''. Unfortunately, lots of people gratuitously accept those benefits or even actively solicit them, oblivious of the resulting destruction of freedom. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmZCssDhz44ugybJAQHkVgP8DGfnus2oSFPhkGlxx8qZORBX2CTFY03B Sl9B2sirJZI07q6hYMtNmXSq4tnYilCY0dY8u4+/03eaO5ufu8deFy/jmSh/xGnZ fLGCLFaIm93s84WJrOi/phaPZIFSJYhgGJJWhJDmWhWYgN8JscuQDojsRkL3Kspu 4/KOs2cymEs= =9UZh -----END PGP SIGNATURE----- From jamesd at netcom.com Thu Sep 1 14:15:13 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 1 Sep 94 14:15:13 PDT Subject: Is the following digicash protocol possible? Message-ID: <199409012115.OAA16764@netcom8.netcom.com> A question about offline digicash: Is it possible to arrange digicash as follows: If A, the original issuer, issues a unit of digicash to to B, and B gives it to C, and C gives it to D, and D, gives it to E, and E cashes it with A, -- and everyone colludes except C and D, it is impossible to prove that C got this unit from D. If A, the original issuer, issus a unit of digicash to to B, and B gives it to C, and C gives it to D, and D, gives it to E, and E cashes it with A, -- and C double spends it to D', who then gives it to E' who then attempts to cash it with A, -- then A will detect the double spending and rebuff the attempt, E' will complain to D', and D', with information supplied by E' and A, can then prove that C dishonorably double spent the money, without discovering that C gave the money to D, and hence without discovering that D gave the money to E. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From ianf at simple.sydney.sgi.com Thu Sep 1 15:35:26 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Thu, 1 Sep 94 15:35:26 PDT Subject: Government and Repression In-Reply-To: Message-ID: <9409020832.ZM1895@simple.sydney.sgi.com> On Aug 31, 4:08pm, yusuf921 wrote: > If someone tries to blow my brains half way across the room I don't care > if he's 17 because his birthday was yesterday or 16 because his birthday is > day after tomarrow. > Play like the big boys--PAY like the big boys. But he doesn't play like the "big boys". For one thing, the kid doesn't enjoy the full rights of an adult in other respects - voting and representation - and so has not had the right to vote draconian and immoral laws (the very laws you want to subject him to) out of existance. Slightly off topic, but I have always felt that the quality of the education system could be IMMENSELY improved by giving kids the vote at age 10 or 12, and thus making the politicians realise that there were political implications in treating the education system as a barely necessary irritation. Of course, you've got to question whether capital punishment is _ever_ justified, and I would argue that it isn't. This is way, way off the topic of cypherpunks, and I don't intend to get into that discussion on this forum. I am very glad to live in a country which has signed international conventions which prohibit it indulging in brutal and callous judicial murder of a person, despite the occasional state government loony who pines for the good old days. > > And let's not forget the rather unpleasant physical and sexual > > assault statistics which are noticed in prisons worldwide, which includes > > the USA. > do you have some statistics which says the USA has a significantly higher > rate to compensate that free dental plan? I don't believe that it has: from memory it was pretty much average in this regard. My point was that the original poster's statement that the US has the most "pleasant" prisons in the world when this can happen at all is utterly ridiculous. Ian. From ianf at simple.sydney.sgi.com Thu Sep 1 15:52:56 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Thu, 1 Sep 94 15:52:56 PDT Subject: $10M breaks MD5 in 24 days In-Reply-To: <199408260001.TAA00715@omaha.omaha.com> Message-ID: <9409020849.ZM1914@simple.sydney.sgi.com> On Aug 25, 7:01pm, alex wrote: > Subject: Re: $10M breaks MD5 in 24 days > > One of the more interesting papers had a claim (with little detail, > > unfortunately) that for ten million dollars you could build a machine that > > would "break" MD5, in the sense of finding another message which would > > hash to the same as a chosen one, in 24 days. > This in itself wouldn't give an attacker much of anything would it? I > mean, once they discovered a message which hashed to a given value, the > new message wouldn't be in the proper format, would it? Wouldn't it just > be noise, instead of text in english, crypto keys, etc.? Not necessarily. If you're forging some packet, certificate or file, it is often adequate to have just a couple of fields (potentially a few bits) which contain data you want, and the rest can be garbage. If your search engine could fix these and play with the rest of the packet, the chances are good (but decreasing with the more bits you use for a fixed size packet) that you will find a packet which will have the correct signature _and_ contain the forged data you need. If you can play with the packet size, then your chances of finding a match increase. Ian. From hfinney at shell.portal.com Thu Sep 1 16:29:46 1994 From: hfinney at shell.portal.com (Hal) Date: Thu, 1 Sep 94 16:29:46 PDT Subject: Is the following digicash protocol possible? In-Reply-To: <199409012115.OAA16764@netcom8.netcom.com> Message-ID: <199409012329.QAA28368@jobe.shell.portal.com> jamesd at netcom.com (James A. Donald) writes: >A question about offline digicash: >Is it possible to arrange digicash as follows: (I have rearranged James' two paragraphs) >If A, the original issuer, issus a unit of digicash to >to B, and B gives it to C, and C gives it to D, and D, >gives it to E, and E cashes it with A, -- and >C double spends it to D', who then gives it to E' >who then attempts to cash it with A, -- then A >will detect the double spending and rebuff the attempt, >E' will complain to D', and D', with information >supplied by E' and A, can then prove that C dishonorably >double spent the money, without discovering that C gave >the money to D, and hence without discovering that D >gave the money to E. There are protocols to do essentially this, although they get rather complicated. It is necessary for each person in the chain to have some knowledge of the person he is passing the money to, so that he can confirm that that person is in fact revealing something about himself that will incriminate him if he double-spends. If all parties in the transactions are totally anonymous then there is no hope of tracking down a double-spender. >If A, the original issuer, issues a unit of digicash to >to B, and B gives it to C, and C gives it to D, and D, >gives it to E, and E cashes it with A, -- and >everyone colludes except C and D, it is impossible >to prove that C got this unit from D. My reading of Chaum's paper "Transferred Cash Grows in Size" is that if you have a system to satisfy the 1st paragraph, it cannot also satisfy this. It appears that if B, E and the bank collude, and B knows he gave the cash to C and E knows that he got it from D, then they can tell that C gave it to D. Basically B recognizes the money E got from D, with the bank's help. Although Chaum wrote as though his results applied to any conceivable transferrable double-spending-detecting cash system, it wasn't clear to me how general his results really were. Hal Finney From chen at intuit.com Thu Sep 1 16:45:43 1994 From: chen at intuit.com (Mark Chen) Date: Thu, 1 Sep 94 16:45:43 PDT Subject: Revisionist History of the US....:( (fwd) Message-ID: <9409012344.AA16736@doom.intuit.com> Jim choate writes: > I am not going to name names but I would like to address the comment that > several folks have made (or agreed with) that the US has gone 200 years > w/o a major upheaval. > > Maybe I am taking a alternate History than you folks but I believe the > Civil War can be considered a major internal upheaval and it occured > 4 score and 7 years (87 years) after the birth of our country. Since then > we have also had the civil rights upheaval (if you don't want to consider > deaths of folks like MLK major that is your business) in the late 50's and > early 60's as well. Especially when you consider the political and social > turmoil that occured because of the Vietnam War. We might also add Shay's Rebellion, Bacon's Rebellion, the Hudson River Renters' Uprising, the Pullman Strike, the Homestead Strike, the Ludlow Massacre, the Lawrence Textile Strikes, etc., etc. Many of these were full-scale insurrections. This country's "progress" is really just a series of grudging concessions made by authoritarian power structures to various nearly catastrophic crises. > What I find most interesting about this chronology is that the > upheavals occur approximately every hundred years since our > founding. The fact that the present problems we are having w/ the > administration recognizing and the general populace demaning their > civil liberties/rights is apparently early by approximately 70 > years. Perhaps the present administration is really as progressive > as they claim...:) Take care. Good observation about periodicity, Jim, but I'd say that the typical span is much shorter than 100 years. - Mark - -- Mark Chen chen at netcom.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From jya at pipeline.com Thu Sep 1 17:27:46 1994 From: jya at pipeline.com (John Young) Date: Thu, 1 Sep 94 17:27:46 PDT Subject: Government and Repression Message-ID: <199409020027.UAA17306@pipe1.pipeline.com> Responding to msg by ianf at simple.sydney.sgi.com ("Ian Farquhar") on Fri, 2 Sep 8:32 AM >Of course, you've got to question whether capital >punishment is _ever_ justified, and I would argue that >it isn't. This is way, way off the topic of >cypherpunks, and I don't intend to get into that >discussion on this forum. I am very glad to live in a >country which has signed international conventions >which prohibit it indulging in brutal and callous >judicial murder of a person, despite the occasional >state government loony who pines for the good old >days. An enlightened view like this is never off topic where nuclear weapons and molten spray in tank hulls are chatted up with relish. State-mandated homicide gotta have its dehumanized professionals to do the dirty work. And your suggestion of giving kids the vote at an earlier age adds sane countervalence to the parent / teacher / caseworker / cop / prison guard / executioner escape from responsibility algorithm. John From jya at pipeline.com Thu Sep 1 18:29:42 1994 From: jya at pipeline.com (John Young) Date: Thu, 1 Sep 94 18:29:42 PDT Subject: Revisionist History of the US....:( (fwd) Message-ID: <199409020129.VAA28894@pipe1.pipeline.com> Responding to msg by chen at intuit.com (Mark Chen) on Thu, 1 Sep 4:47 PM >This country's >"progress" is really just a series of grudging >concessions made by authoritarian power structures to >various nearly catastrophic crises. > >Good observation about periodicity, Jim, but I'd say >that the typical span is much shorter than 100 years. Jim and Mark, Sound remarks about domestic upheavals. Parallel to these, it should be added that internal strife has declined as US foreign interventions have increased. From Teddy Roosevelt forward, whenever domestic strain builds, there just happens to be an urgent matter somewhere else that needs patriotic attention to our "national interests". Soothing, addictive, social and economic bribes flow from warmaking -- industrial growth, jobs, education, research, technological advances. A bitching citizenry is a happy citizenry where domestic Government affairs are concerned, but the most obedient people are those united against a foreign foe. Lesson 1 of world affairs leadership. John From RBARCLAY at TrentU.ca Thu Sep 1 18:40:01 1994 From: RBARCLAY at TrentU.ca (Ross Barclay) Date: Thu, 1 Sep 94 18:40:01 PDT Subject: PGP WinFront 3.0 Now Available! (New Windows front end for PGP) Message-ID: <01HGM2KXF3LE000ESK@TRENTU.CA> -----BEGIN PGP SIGNED MESSAGE----- Announcing PGP WinFront 3.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ A freeware Windows front end for PGP 2.3a and 2.6 Copyright 1994 Ross Barclay (rbarclay at trentu.ca) WHAT IT IS: - PGP WinFront is the most fully featured free (or otherwise) Windows front end available. It will make using PGP easy for beginners, and it will drastically increase the speed at which experts use it too. PGP WinFront is now into is third revision and I have tried to implement as many of the suggestions that I received as possible. PGP WinFront was designed by its users, but was coded by me. Features: - Supports secret key ring placement on floppy drive - Support en/decryption to/from clipboard - Move / Copy / Delete files - Online hypertext help - Online hypertext PGP help - Keyring reader to pick names, view key characteristics - Keyring reader supports less-often used "huge" keyrings - Signature Checker - Very configurable - over 25 user-definable settings - more . . . This program does too much to list here. And it's free! This version is a complete rewrite of the popular PGP WinFront 2.0. The feature-set has largely been set by users who sent in suggestions. Please read the file README.TXT and peruse the help files. Please send me your comments. HOW TO GET IT: At the moment, there are 2 ways to get this program: 1) Via FTP - The PGP WinFront 3.0 filename is called PWF30.ZIP. - It has been uploaded to the incoming directories of the following FTP sites: ftp.cica.indiana.edu ftp.eff.org ftp.wimsey.bc.ca black.ox.ac.uk soda.berkeley.edu ftp.informatik.uni-hamburg.de ftp.ee.und.ac.za ftp.demon.co.uk - Hopefully, they will be slotted into the PGP directories soon. On CICA, it will be placed into \pub\pc\win3\utils. That is where PWF20.ZIP was placed. - Once you get the program, please upload it to other FTP sites! 2) From Colorado Catacombs BBS - dial (303)772-1062. The file is called PWF30.ZIP - once you get the program, please upload it to other BBSs. *** The mail access system I had was discontinued. This is because the file was too big to fit into my account. However, you can still register PWF and request certain PGP and PWF related items using my mail access system. Details of these are on the "About" screen of PWF 30. - --Ross Barclay - ------------------------------------------------------------------------- Ross Barclay (rbarclay at trentu.ca), Assistant Editor | To receive my PGP | public key, send PC NEWS Review: Windows Edition | me e-mail with the Bellevue, WA (206) 399-8700 | subject: GET KEY - ------------------------------------------------------------------------- To receive PC NEWS Review, send me e-mail with the subject: GET PNR. - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLmZ7fdgpRteEZ9JhAQFeXgIAxIpvJQeMsx7YecNgtusBDMqL662XFeX2 qL0qF8HcN4ReZ9MYjtn9t8N1zWGxkPOXQEI3KfM7uk8JTzxjZ5LG2g== =gSYT -----END PGP SIGNATURE----- From justpat at phantom.com Thu Sep 1 19:16:50 1994 From: justpat at phantom.com (Agent of Change) Date: Thu, 1 Sep 1994 19:16:50 -0700 Subject: Did I send you this??????? Message-ID: <1P7ZRc4w165w@mindvox.phantom.com> THE REAL HONEST-TO-GOD PURPOSE OF THE SECOND AMENDMENT "A well-regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed" -Second Amendment to the U.S. Constitution "This declaration of rights, as I take it, is intended to secure the people against the mal- administration of government." -Eldbridge Gerry Massachusetts Delagate to the Constitutional Convention August 17, 1789 Rock on, baby. It might be difficult to convince Buford T. Public of this fact, but the Second Amendment was never intended to allow him to keep rapid fire assualt rifles in his trailer so he could shoot every crack-addicted baby-raper that dares to set foot onto the 30 square yards Buford calls his own. No matter how much good ol' Buford may consider that a public service. No, the Second Amendment is much deeper than that. During the Constitutional Convention of 1787, the Anti-Federalists (the ones who thought that the Articles of Confederation, the joke under which our government was running at the time, were just fine, thank you, and any attempt at making a strong federal government would lead to tyranny) were against a permanent army because from their experience, it was much easier for a tyrant (or a tyrannical political party) to get control of a government when it has the support of the military. A permanent army would be able to keep an unarmed population under control with relative ease. To the Anti-Federalists, an unarmed population was virtually a guarantee of tyranny. Even the Federalists, the ones who saw that Britian and Spain were laughing their asses off at our Articles of Confederation, and would continue to do so until we developed a real manly government, never wanted a big army. They advocated only that army that was necessary to prevent other countries and wild Indians from invading us. Their chief fear was that a large peacetime army, standing around with nothing to do, will draw us into war just to justify their existance. (Can you say "JFK-Oliver Stone-Military-Industrial-Complex Theory"?) The Federalists accepted the necessity of a permanent army, but they and the Anti-Federalists made certain that Congress had to debate the needs and requirements of this army every two years. During the dealmaking of the Constitutional Convention, the Anti-Federalists more or less won on the issue of national defense. The new nation would not have an army during peacetime; it was up to the citizens to protect themselves from other governments and from their own. Why is this important nowadays? We already have a permanent military, and if they can't protect us from invasion, there's not a lot that good old Buford and his Uzis can do. Military hardware is just too powerful. Likewise, exchanging gunfire with the military as a way of expressing your distaste for what you feel is tyranny is just going to make Janet Reno pissed at you. You know how she gets. So if we can't fight, let's hide. Hide our records, our writings, our past and our future. Not from each other, baby, (that makes no sense) but from the government. There's nothing that says that you have to make it easy for the government to read your mail and tap your phone. The key issue behind any interpretation of the Second Amendment is not "Does Buford have the right to own another grenade launcher?", but rather "Do we as citizens have the right to defend ourselves against our government?" From solman at MIT.EDU Thu Sep 1 20:08:53 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Thu, 1 Sep 94 20:08:53 PDT Subject: Is the following digicash protocol possible? In-Reply-To: <199409012115.OAA16764@netcom8.netcom.com> Message-ID: <9409020308.AA10953@ua.MIT.EDU> > A question about offline digicash: > > Is it possible to arrange digicash as follows: > > If A, the original issuer, issues a unit of digicash to > to B, and B gives it to C, and C gives it to D, and D, > gives it to E, and E cashes it with A, -- and > everyone colludes except C and D, it is impossible > to prove that C got this unit from D. I assume you mean the last line to read "to prove that D got this unit from C". Chaum has demonstrated (In a paper I discussed here a little over a month ago) that when A, B and E collude they can be sure that the cash D gave to E is part of the same banknote that B gave to C. HOWEVER, it is possible to design a protocol such that it is NOT possible for A, B and E to be sure that C gave his money directly to D. (i.e. a protocol can be designed such that A, B and E can not rule out the possibility that the cash went from C to F to G to H to I to J to D. Thus, the solution for entities that are worried about having their cash marked is to exchange banknotes anonymously with randomly selected entities before using them again. > If A, the original issuer, issus a unit of digicash to > to B, and B gives it to C, and C gives it to D, and D, > gives it to E, and E cashes it with A, -- and > C double spends it to D', who then gives it to E' > who then attempts to cash it with A, -- then A > will detect the double spending and rebuff the attempt, > E' will complain to D', and D', with information > supplied by E' and A, can then prove that C dishonorably > double spent the money, without discovering that C gave > the money to D, and hence without discovering that D > gave the money to E. Anonymous e-cash can be created such that the identity of the cheat is immediatelly known as soon as the second copy of the banknote (or of a part of the banknote) reaches A. I should think that any protocol which requires backtracking would be highly undesirable (i.e. D' and idealy E' should not be bothered). Cheers, Jason W. Solinsky From roy at sendai.cybrspc.mn.org Thu Sep 1 22:06:30 1994 From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail) Date: Thu, 1 Sep 94 22:06:30 PDT Subject: State Declaration of Ind. In-Reply-To: <199409011305.IAA05299@zoom.bga.com> Message-ID: <940901.205941.4v5.rusnews.w165w@sendai.cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, ravage at bga.com writes: > What a waste of time. There is no way that any reasonable person will accept > or support such an action. Wake up and smell the roses dude... No? I lived in Alaska for 21 years. During this time, no less than 3 efforts were fielded to secede from the Union. All 3 got a large (although non-binding) number of signatures (including mine, FWIW). > If you really want to fix the problem them how about reading the Constitution > and demanding that your EXISTING representatives uphold the sacred oath they > have sworn to uphold. > > Yes, this country has problem. No, they are nowhere near bad enough to render > the union. Ever since the breakup of the former Soviet Union, I have wondered just what _is_ holding the USA together. Within our borders, I think we show far more diversity than the former USSR had. Yet we remain "unified", even in the face of ever-growing erosion of citizens' rights. I think if a few states were to secede, it would be a great wake-up call! The FedGov would have to react somehow. If they aquiesced, end of problem and we become a loosly allied group of independent republics. (maybe... or perhaps we don't ally at all) If they retaliate with force (which, unfortunately, I think is the more likely outcome), they will be showing their true totalitarian stripe. > Get a clue. That looked like a mighty good clue to me. - -- Roy M. Silvernail [] roy at sendai.cybrspc.mn.org It's just this little chromium switch....... -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLmaI5xvikii9febJAQF6VAP/dz86B4B7g9zC4ZhiRSHiXTAYWrZVBX64 gxIhRG2Ni6qcSFhNOo2nxtgMZqZFR4mwsZQw9QhrM0nMtOqaLCB5FE6E66HB/Gg6 e716iy3uk1w/WGKF+iZxGDvJASccvi+igw2A9H17P67zs7pACspeAi6bR+vmGxlm PN9G7XYm1PM= =OZJj -----END PGP SIGNATURE----- From shamrock at netcom.com Thu Sep 1 23:21:36 1994 From: shamrock at netcom.com (Lucky Green) Date: Thu, 1 Sep 94 23:21:36 PDT Subject: Cabel TV's new specs require leaky encryption Message-ID: <199409020621.XAA15351@netcom7.netcom.com> Cablelabs, a reasearch institute for US cable companies, whose members provide 85% of the cable service in the US and 70% in Canada, has release their "Request For Proposals for a Telecommunications Delivery System over a Hybrid Fiber/Coax (HFC) Architecture" This RFP contains the final specs for a new multimedia architecture the cable companies intend to deploy. Here are some quotes: ".c4.11.7.1.1 Security System Objectives: The Offeror shall specify [..] whether it is possible to hide information in the digital signature number of which the signer would be unaware, which could conceal information. " Such as parts of the key? and under .c3.11.7.2 Privacy: " It should be possible to manage encryption keys and provide them to law enforcement agencies on demand." Big Brother is watching you. Through your TV. The full doccument is available at ftp://ftp.cablelabs.com//pub/RFIs/Telecom_RFP.MSWord -- Lucky Green PGP public key by finger From cactus at bb.com Thu Sep 1 23:51:30 1994 From: cactus at bb.com (L. Todd Masco) Date: Thu, 1 Sep 94 23:51:30 PDT Subject: State Declaration of Ind. In-Reply-To: <940901.205941.4v5.rusnews.w165w@sendai.cybrspc.mn.org> Message-ID: <346i9k$6rk@bb.com> In article <940901.205941.4v5.rusnews.w165w at sendai.cybrspc.mn.org>, Roy M. Silvernail wrote: >Ever since the breakup of the former Soviet Union, I have wondered just >what _is_ holding the USA together. Within our borders, I think we show >far more diversity than the former USSR had. Yet we remain "unified", >even in the face of ever-growing erosion of citizens' rights. Yah. I've wondered about this myself; If one goes through the Federalist Papers, all the arguments made for the formation of the Republic are obselete (unless you believe Canada or Mexica is a real threat: I don't). Many of the SF writers forecast a future where something big has grown out of the US to be first some sort of western (or northern) hemisphere giant, and then futher. I think this is way off the mark. I have great hopes for computer networking as a technology: There are those who don't realize or who deny that the social impact of this technology will be huge: they probably would have said that the printing press wouldn't have a large impact, either. -- L. Todd Masco | "Which part of 'shall not be infringed' didn't cactus at bb.com | you understand?" From tcmay at netcom.com Fri Sep 2 00:59:25 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 2 Sep 94 00:59:25 PDT Subject: More signs that key escrow is coming In-Reply-To: <199409020621.XAA15351@netcom7.netcom.com> Message-ID: <199409020759.AAA23653@netcom2.netcom.com> Things seem awfully quiet on the list the past 24 hours.... Lucky Green wrote: > This RFP contains the final specs for a new multimedia architecture the > cable companies intend to deploy. ... > ".c4.11.7.1.1 Security System Objectives: > The Offeror shall specify [..] whether it is possible to hide information > in the digital signature number of which the signer would be unaware, which > could conceal information. " > > Such as parts of the key? This sounds like it's a concern about subliminal channels in the DSS/DSA signatures, a la the concerns raised by Gus Simmons last year. I don't know what the use would be, unless it's concern (by whom?) that viewing preferences could be back-propagated. > and under .c3.11.7.2 Privacy: > " It should be possible to manage encryption keys and provide them to law > enforcement agencies on demand." Well, this definitely fits with other signs that the Feds have been "jawboning" with various industry groups. Key escrow, or "GAK." If they're putting this kind of thing into their spec plans, somebody has "suitably incentivized" them to. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From M.Gream at uts.EDU.AU Fri Sep 2 05:12:25 1994 From: M.Gream at uts.EDU.AU (Matthew Gream) Date: Fri, 2 Sep 94 05:12:25 PDT Subject: Aust crypto regulations Message-ID: <9409021215.AA04190@acacia.itd.uts.EDU.AU> I posted this to clarify some possible misconceptions, and ended it with a `teaser'. Since I'm sure it'll be of interest to readers here, here goes a forward (some headers elided): ---- begin include ---- From: M.Gream at uts.edu.au (Matthew Gream) Newsgroups: aus.computers.ibm-pc,alt.security.pgp Subject: Re: PGP for Oz users Date: 2 Sep 1994 11:58:42 GMT Vesselin Bontchev (bontchev at fbihh.informatik.uni-hamburg.de) wrote: > Actually, it seems that the Australian laws are not much better. A > colleague of mine there told me that he had to apply for an export > license even for his program that does only cryptographic checksums, > no encryption. That sounds bogus to me, at least from the information you've given me there. I've had the pleasure of being routed from our `Australian Trade Commission' through a number of channels to get to the `Defence Industry Development Branch' who furnished me with information relating to export of `Dual Use Technologies'. Having been informed first hand, and given the appropriate paperwork, I'm fairly confident in saying that there are no export restrictions on software (specific clause stating that mass market, public domain and "unsupported after installation" software is not covered by the Industrial List). There do exist restrictions on hardware. All of these restrictions are a direct result of our adherence with COCOM regulations (enacted through amendments to our Customs Act) -- and even so, export licences are required only for "certain" countries. The documentation relating to export guidelines is dated September 1992, I received it early 1994 and was informed that it was still "current". I have heard "on the net" (how's that for credibility ? :-), that the COCOM agreements are going to be abandoned, but as the software project I'm involved with isn't complete, I haven't looked into the matter since the initial investigation. I will do so when the time comes, or suitably motivated. I should also mention that in response to one of several questions I put to our Cwth Attorney General's Department, I received: ``Your third question concerns restricting [sic] on the production, export and import of cryptographic software and hardware. I note your familiarity with the Customs (Prohibited Exports) Regulations. I am not aware of any other legislation dealing particularly with cryptographic software and hardware.'' -- Steven Marshall, A/g Assistant Secretary, National Security Branch. Security Divison, Attorney General's Department, Commonwealth of Australia. personal correspondence, 26 May 1994. Getting back to the export guidelines, I have it with me here and I'll quote something interesting that may apply in this circumstance (whoever wrote this didn't seem pleased either, but it still got the Minister's seal of approval): ``United States of America Re-export Controls Exporters should be aware that authorities of the United States of America claim control over many exports from other countries, including Australia, where the goods are of US origin, include components of US origin, or were produced using US-origin technology. In such cases, under US export regulations, a US re-export licence may be required whether or not an Australian export licence is needed or has been granted. Although such US regulations are not valid in Australian law, the US authorities commonly penalise foreign companies which do not comply, by denying them access to US goods or technology in the future. Where a company has a presence in the US, legal action may lead to the imposition of fines and other penalties. Enquiries regarding re-export approval should be directed to the US Consulate in Sydney or Melbourne. The contact numbers are listed in Annex C.'' -- "Australian controls on the export of technology with civil and military applications" -- "a guide for exporters and importers" September 1992, Department of Defence, Canberra. pg 4. The question here is whether "US-origin technology" covers algorithms and conceptual systems (RSA for example). I'd be interested to hear about these apparent US prosecutions. Matthew. -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: From? \notin speaking_for(Organization?) [cfqx103] ---- end include ---- -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: From? \notin speaking_for(Organization?) [cfqx103] From meconlen at IntNet.net Fri Sep 2 06:03:23 1994 From: meconlen at IntNet.net (Michael Conlen) Date: Fri, 2 Sep 94 06:03:23 PDT Subject: Alt.Gvmt.Bad.Bad.Bad In-Reply-To: <199409012015.NAA08437@deepthought.pylon.com> Message-ID: On Thu, 1 Sep 1994 blancw at pylon.com wrote: > What should really be said is that theft does not happen of its > own accord; someone must decide to accomplish the so-called > criminal act. To describe theft as the result of another's > inaction is to imply that human action of any kind is mostly > automatic, that there is a pull like gravity which will cause > action upon intelligence the way gravity affects inanimate > objects, and that nothing better could be or should be expected > from it. Some belive that human action is automatic, while semming to be by choice, that the past of this persones life defines how they will react to a certin situation. I do however agree that someone does decide on there own that they will commit a criminal act, however if people protected themselves would they be acted apon? If you use PGP does someone else read your E-Mail? If not what happens? (assumming that you are writing something that someone else will want to intercept, ect.) > It is also to imply that the possession of > intelligence is negligible because any opportunity for taking > advantage of another's vulnerability will be irresistible to > humans, as if they were basically scavengers looking for the > spoils of other people's negligence. I have known many people to be this way. They will and DO take every advantage of any situation they can. > In which case, rather than speaking of bad government, the > subject should be a question on the existence of intelligence & > the possibility for morality. I don't know who would be > qualified to discuss it, though, without the possession of the > one and an appreciation of the other. The United States is made up of ignorant people who know what they need to get by in life, and do not want to take the time to do what it takes to improve themselves, ie. vote. As for morality, I feel it is somthing that we all wish to be but find it hard to be. I know I find it hard to be moral. Groove on Dude Michael Conlen From solman at MIT.EDU Fri Sep 2 06:38:45 1994 From: solman at MIT.EDU (solman at MIT.EDU) Date: Fri, 2 Sep 94 06:38:45 PDT Subject: Cabel TV's new specs require leaky encryption In-Reply-To: <199409020621.XAA15351@netcom7.netcom.com> Message-ID: <9409021338.AA20390@ua.MIT.EDU> > ".c4.11.7.1.1 Security System Objectives: > The Offeror shall specify [..] whether it is possible to hide information > in the digital signature number of which the signer would be unaware, which > could conceal information. " > > Such as parts of the key? Yup, that's why you always want to know who implemented your authentication scheme. But the fact that an algorithm is capable of doing sumliminal messaging does not speak badly about it. In fact, I think it is an extremelly good sign that this was placed in the RFP. It shows that they are aware of the potential problem and are trying to avoid it (IMNSHO). If a cable company actually tried to leak your key in this manner, it would create an enourmous potential liability for them. > and under .c3.11.7.2 Privacy: > " It should be possible to manage encryption keys and provide them to law > enforcement agencies on demand." Cable companies would like to offer some services as a common carrier (although they clearly want avoid having the entirety of their business designated as such). That means that they are going to have to comply with the digital telephony act. Cheers, Jason W. Solinsky From jya at pipeline.com Fri Sep 2 06:43:37 1994 From: jya at pipeline.com (John Young) Date: Fri, 2 Sep 94 06:43:37 PDT Subject: OFFSHORE DIGITAL BANKS Message-ID: <199409021342.JAA29122@pipe1.pipeline.com> Responding to msg by tcmay at netcom.com (Timothy C. May) on Wed, 31 Aug 4:8 PM >I'm not sure what John wants me to expand on here. >Others have noted the same sorts of things. Here are >some random, brief points: [Elision of US foreign interventions] >Is this enough of an expansion? As a newcomer to this list I'm interested your views, and those of others, on how crypto and related topics may be used in responding to US interventions abroad and their domestic consequences. Blending these views into discussions on other matters is just fine; I'll continue to pick out the parts that catch my eye. Much list discussion seems to focus on internal affairs of the US with periodic comments from those members outside. My sense is that our laments about internal abuses of the USG will not be answered until we address the external policies that are used to justify these abuses. Since so much of the power of the USG derives from "national security" responsibilities -- diplomacy, military, intelligence -- and because these have repeatedly been used to justify invasive policies, both domestic and foreign, I wish to learn more on what might be done through c'punks' activities to ventilate the secrecy cloak that shields such affairs from the public. Most of my recent posts have tried to raise queries along these lines whether about crypto anarchy, digicash or varieties of government. This follows my query a while back about how c'punks think US scientists and their technology may be redirected away from national security affairs, where the best and brightest have thrived in the last two generations, toward the needs of civil society, in the US and abroad. So you won't think this is an idle interest, I'll mention that I've been pursuing these topics, with others, for some 27 years in the NYC area in a public planning and development context, as we have waited for the Cold War squandering of surplus wealth to end so that more of these resources might go toward dealing with civil shortcomings, especially through non-governmental programs. Sorry for soapboxing, but this is from a long-time worker among NYC's richest and poorest wondering how long these worlds can be kept apart by the fictions of "national interests". John From jya at pipeline.com Fri Sep 2 07:40:33 1994 From: jya at pipeline.com (John Young) Date: Fri, 2 Sep 94 07:40:33 PDT Subject: Cable TV's new specs require leaky encryption Message-ID: <199409021439.KAA07075@pipe1.pipeline.com> Responding to msg by shamrock at netcom.com (Lucky Green) on Thu, 1 Sep 11:22 PM > >Big Brother is watching you. Through your TV. Yeah, that's what the guy that blew away the NBC worker here in NYC believed. Maybe he read about tiny surveillance cameras and mikes that can be hidden in the VCR or cable box, so advertisers say, and transmit by cable or radio. John From ravage at bga.com Fri Sep 2 08:08:43 1994 From: ravage at bga.com (Jim choate) Date: Fri, 2 Sep 94 08:08:43 PDT Subject: Revisionist History of the US....:( (fwd) In-Reply-To: <199409020129.VAA28894@pipe1.pipeline.com> Message-ID: <199409021508.KAA03334@zoom.bga.com> > > Jim and Mark, > > Sound remarks about domestic upheavals. > > Parallel to these, it should be added that internal strife has > declined as US foreign interventions have increased. From > Teddy Roosevelt forward, whenever domestic strain builds, there > just happens to be an urgent matter somewhere else that needs > patriotic attention to our "national interests". > The only point here is that it doesn't address what causes the internal strife. A populace that gets what it wants is obviously not going to be full of strife. It seems to me, what needs to be addressed is the issue(s) that are causing the strife. In the case of both the Civil War and the Vietnam War it was economic in nature. In the Civil War it was the difference that abolishing slavery would have caused to the plantation systems in teh south and the industrial systems in the north. The Vietnam case is a little(!) more complicated in that we may still be historicaly too close to it to get a clear picture of the cause/effects. However, I do believe that the failure of the industrial - military - political machine to provide the kinds of freedoms and inexpensive life that people were expecting may have played a major role in the events of the 60's. > Soothing, addictive, social and economic bribes flow from > warmaking -- industrial growth, jobs, education, research, > technological advances. > I think we all agree the political - military complex is run by back scratching of herculian proportions. This may be a little difficult to analyze because it is involved in both the cause and the result in such a major way. > A bitching citizenry is a happy citizenry where domestic > Government affairs are concerned, but the most obedient people > are those united against a foreign foe. Lesson 1 of world > affairs leadership. > Lesson 2 should be that the 'external' threat won't last forever and at some point the real issues will blow up to such an extent that the poplace will not be concerned about external events because they are so busy trying to stay alive and make a living. From ravage at bga.com Fri Sep 2 08:15:07 1994 From: ravage at bga.com (Jim choate) Date: Fri, 2 Sep 94 08:15:07 PDT Subject: Revisionist History of the US....:( (fwd) In-Reply-To: <9409012344.AA16736@doom.intuit.com> Message-ID: <199409021513.KAA03549@zoom.bga.com> > > We might also add Shay's Rebellion, Bacon's Rebellion, the Hudson > River Renters' Uprising, the Pullman Strike, the Homestead Strike, the > Ludlow Massacre, the Lawrence Textile Strikes, etc., etc. Many of > these were full-scale insurrections. This country's "progress" is > really just a series of grudging concessions made by authoritarian > power structures to various nearly catastrophic crises. > I have a hard time comparing any of these histricaly important but comparatively minor events to the half a million dead of the Civil War or the 50,000+ dead of Vietnam. Perhaps you have extended the analogy a little too far?... > > What I find most interesting about this chronology is that the > > upheavals occur approximately every hundred years since our > > founding. The fact that the present problems we are having w/ the > > administration recognizing and the general populace demaning their > > civil liberties/rights is apparently early by approximately 70 > > years. Perhaps the present administration is really as progressive > > as they claim...:) Take care. > > Good observation about periodicity, Jim, but I'd say that the typical > span is much shorter than 100 years. > Considering that (taking my example) there have been only 2 'major' upheavals since the founding fight we probably have way too few data points to draw any real comparison about periodicity. I was making the comment more to goad others to respond than to make any absolute statement about the periodicity. Also, one must be careful about how you defind 'major' upheaval. This country has had lots of turmoil in its history and as long as that will continue to be allowed I suspect we have a good chance of staying around as a union. The reality is that while many of the turmoils have had national import they were not at the time of the event of national range. From blancw at pylon.com Fri Sep 2 08:24:53 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Fri, 2 Sep 94 08:24:53 PDT Subject: Alt.Gvmt.Immorality Message-ID: <199409021524.IAA29904@deepthought.pylon.com> Responding to msg by Michael Conlen: The United States is made up of ignorant people who know what they need to get by in life, and do not want to take the time to do what it takes to improve themselves, ie. vote. As for morality, I feel it is somthing that we all wish to be but find it hard to be. I know I find it hard to be moral. ........................................................ On the note, I offer this quote which is always amusing to me: "The only claim made for any organized ideas of human nature is that everybody everywhere needs them in order to tell what is human, what is natural, what is worth knowing, what is worth having and how to get it, and all the other information necessary for getting through the day, week, year and lifetime. .....That is human nature - to organize the data of human nature into a body of knowledge or working model. That is what a working model or organized idea of human nature does: it gives you the story about where everything belongs, and how and when and why it belongs there. And as for people who wear comfortable shoes and assume nothing, they are usually killed very young while trying to cross the street. Such people have no idea whatsoever about where anything belongs, or how and when and why it belongs there. That makes it very difficult to stay alive, let alone to locate the real fact. People who assume nothing have no working model of human nature to begin with and thus no way to assemble even the true story with its moral about what to pay attention to. ..... So that is how a working model of human nature works. It provides you with a frame of meaning and puts you in the picture. And once you are there, you can see where you stand on such diverse issues as life and death. You can find your point of view about taxes and clothing. You can fix your position with regard to the schoolhouse, the alehouse, the whorehouse, the courthouse, and the electric chair. In other words, a working model of human nature makes things visible, and you visible as well." - from "The Human Nature Industry", by Ward Cannel and June Macklin Blanc From blancw at pylon.com Fri Sep 2 10:02:53 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Fri, 2 Sep 94 10:02:53 PDT Subject: Revisionist Reinterpretation Message-ID: <199409021703.KAA01444@deepthought.pylon.com> Responding to msg by Jim choate, quoting another: >> We might also add Shay's Rebellion, Bacon's >Rebellion, the Hudson >> River Renters' Uprising, the Pullman Strike, the >Homestead Strike, the >> Ludlow Massacre, the Lawrence Textile Strikes, etc., >etc. Many of >> these were full-scale insurrections. This country's >"progress" is >> really just a series of grudging concessions made by >authoritarian >> power structures to various nearly catastrophic >crises. I have a hard time comparing any of these histricaly important but comparatively minor events to the half a million dead of the Civil War or the 50,000+ dead of Vietnam. Perhaps you have extended the analogy a little too far?... .......................................................... I think he was talking about the Principle of the deal, Jim - about what this means regarding the relationship of the citizenry to the big G. Put all of those insurrections together and what do they spell? F _ _ _ _ _ F Blanc From juola at suod.cs.colorado.edu Fri Sep 2 10:10:56 1994 From: juola at suod.cs.colorado.edu (Patrick Juola) Date: Fri, 2 Sep 94 10:10:56 PDT Subject: Needed for a computer ethics class Message-ID: <199409021709.LAA00722@suod.cs.colorado.edu> Does anyone have a concise, citeable statement about why anonymous remailers are a good thing? Some sort of position statment by Julf would be ideal. Similarly, if anyone has something for the *other* side of the coin, I'd love to see that. I'm in the process of writing a course on computer ethics for the University of Colorado at Boulder and I think anonymous remailers would be a good subject for an essay assignment, but I need enough material (ideally, primary source material) to lay the groundwork first. Patrick From chen at intuit.com Fri Sep 2 10:57:24 1994 From: chen at intuit.com (Mark Chen) Date: Fri, 2 Sep 94 10:57:24 PDT Subject: Revisionist Reinterpretation Message-ID: <9409021753.AA19398@doom.intuit.com> Blanc writes: > Responding to msg by Jim choate, quoting another: > > >> We might also add Shay's Rebellion, Bacon's > >Rebellion, the Hudson > >> River Renters' Uprising, the Pullman Strike, the > >Homestead Strike, the > >> Ludlow Massacre, the Lawrence Textile Strikes, etc., > >etc. Many of > >> these were full-scale insurrections. This country's > >"progress" is > >> really just a series of grudging concessions made by > >authoritarian > >> power structures to various nearly catastrophic > >crises. > > I have a hard time comparing any of these histricaly > important but comparatively minor events to the half a > million dead of the Civil War or the 50,000+ dead of > Vietnam. Perhaps you have extended the analogy a > little too far?... > .......................................................... > > I think he was talking about the Principle of the deal, Jim - > about what this means regarding the relationship of the > citizenry to the big G. > Put all of those insurrections together and what do they spell? > > F _ _ _ _ _ F Blanc is right. You are correct, Jim, in that in terms of destruction, the wars you mention surpass in magnitude the other events that I listed (though I'll point out that if we count Indochinese dead, Vietnam's cost was far higher than 55,000, even if we add in the more than 60,000 who committed suicide in the aftermath). What I am really saying is that we are not, even in "normal" times, the slightly rambunctious but contented citizenry that popular mythology makes us out to be. This country has serious problems, and it always has. I think that we may be in agreement on this. Another good point that you've made elsewhere is the importance of economics as a motivator. I believe that you are exactly right. I'd like to add more, and also to say something about the perceptive comments from John Young, but I think I have a flu, so I'll go home and pick this up again on Monday. Meanwhile, wishing you all a good weekend. . . . - Mark - -- Mark Chen chen at netcom.com 415/329-6913 finger for PGP public key D4 99 54 2A 98 B1 48 0C CF 95 A5 B0 6E E0 1E 1D From talon57 at well.sf.ca.us Fri Sep 2 11:15:38 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Fri, 2 Sep 94 11:15:38 PDT Subject: minor humor: telco's vs cable companies Message-ID: <199409021806.LAA14699@well.sf.ca.us> We at TPC like to put it to people quite simply, " Do you want your cable service to be like your phone service, or do you want your phone service to be like your cable service?" Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From ravage at bga.com Fri Sep 2 11:48:41 1994 From: ravage at bga.com (Jim choate) Date: Fri, 2 Sep 94 11:48:41 PDT Subject: Revisionist Reinterpretation In-Reply-To: <199409021703.KAA01444@deepthought.pylon.com> Message-ID: <199409021848.NAA13576@zoom.bga.com> > > I think he was talking about the Principle of the deal, Jim - > about what this means regarding the relationship of the > citizenry to the big G. > Put all of those insurrections together and what do they spell? > > F _ _ _ _ _ F > > > Blanc > The problem I have with this interpretationis that it overlooks, to me, a bigger point... Mainly that these conflicts dealt with disagreements within the 'big G' and were not directly about the people - big G dichotomy that you refer to. Personaly, I still feel that the people of this country are the true government of this nation. We have representatives who are in a position where they approach their office as a 'job' and not a sacred duty to every individual they meet on the street every day. They see their oath to uphold the Constitution as a minor point and not THE point. Section 1401 and 1402 of the Crime Bill (aptly named since it is a crime) which regard the seizure of private property for funding during a criminal investigation. I go the Constitution and it says that if you take private property for public use you have to recompense the private owner. There is no caveat dealing with whether it is a crime or not or whether it was used in a crime. From my point of view if a 'official' takes your property and does not send you a check (you agreed a priori) for it then they have committed a crime that is in direct and clear violation of the Constitution. All criminal seizure programs are clearly unconstitutional. From ravage at bga.com Fri Sep 2 11:50:42 1994 From: ravage at bga.com (Jim choate) Date: Fri, 2 Sep 94 11:50:42 PDT Subject: Revisionist Reinterpretation In-Reply-To: <199409021703.KAA01444@deepthought.pylon.com> Message-ID: <199409021850.NAA13695@zoom.bga.com> > > I think he was talking about the Principle of the deal, Jim - > about what this means regarding the relationship of the > citizenry to the big G. > Put all of those insurrections together and what do they spell? > > F _ _ _ _ _ F > > > Blanc > As to putting them all together, you do a diservice in my eyes. They did not occur together and they certainly did not occur in the same social milieu that the Civil War or the Vietnam War - Civil Disobedience did. There were national events that effected every person. The events that you refer to were local events that eventually effected every person on a national scale. Slightly different animals. From CCGARY at MIZZOU1.missouri.edu Fri Sep 2 11:59:47 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Fri, 2 Sep 94 11:59:47 PDT Subject: Arizona state email...privacy Message-ID: <9409021859.AA19223@toad.com> Netsurfer, "Why is State property theft?" More precisely, I should have said that govt. property is extorted rather than stolen. In a democracy, the sham that taxes are sanctioned by the people is used to justify state extortion of wealth - taxation. Right now, full taxation is approx. 45% of U.S. wealth. I don't remember giving anybody the ok to take this giant amount of money for state purposes. Even if most people would assent to 45% taxation, there would be a large minority that would not. Also, we don't agree where the money should be spent. In this giant representative democracy, policy seems to be determined by a huge number of minorities instead of a majority. Each lobbying group, minority political group, & ruling elite gets legislation & policies that favor their interests. For that reason, we are governed by huge numbers of special interests rather the "common good" as willed by a majority. For that reason, we don't even meet the criteria of majority rule. Not that I see any right that a majority has to rule us. As generally a Liberterian & specifically an Anarchist, I don't agree to be ruled. PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCK! BBBEEEAAATTTT STATE! Gary Jeffers From jamesd at netcom.com Fri Sep 2 12:22:01 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 2 Sep 94 12:22:01 PDT Subject: State Declaration of Ind. In-Reply-To: <940901.205941.4v5.rusnews.w165w@sendai.cybrspc.mn.org> Message-ID: <199409021921.MAA27071@netcom8.netcom.com> Roy M. Silvernail writes > Ever since the breakup of the former Soviet Union, I have wondered just > what _is_ holding the USA together. Within our borders, I think we show > far more diversity than the former USSR had. Yet we remain "unified", > even in the face of ever-growing erosion of citizens' rights. Habit, inertia, and indoctrination. Same as held the Soviet Union together for 25 years after belief faded. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From prz at acm.org Fri Sep 2 12:37:15 1994 From: prz at acm.org (Philip Zimmermann) Date: Fri, 2 Sep 94 12:37:15 PDT Subject: PGP 2.6.1 release from MIT Message-ID: -----BEGIN PGP SIGNED MESSAGE----- To: All PGP users Date: 2 Sep 94 Re: PGP 2.6.1 release MIT will be releasing Pretty Good Privacy (PGP) version 2.6.1 real soon now. By tomorrow, I think. The MSDOS release filename will be pgp261.zip, and the source code will be in pgp261s.zip. The MIT FTP site is net-dist at mit.edu, in the pub/PGP directory. Be sure to adhere to US export restrictions when you redistribute PGP after getting it from MIT. Since Compuserve has an unfortunate restriction of 6-character filenames, I don't know how they will handle the name collision of the source archive filename. I suggest that anyone who uploads the sources to Compuserve rename the file pg261s.zip. Just for Compuserve only. This new version has a lot of bug fixes over version 2.6. I hope this is the final release of this family of PGP source code. We've been working on an entirely new version of PGP, rewritten from scratch, which is much cleaner and faster, and better suited for the future enhancements we have planned. All PGP development efforts will be redirected toward this new code base, after this 2.6.1 release. There are some important changes to the 2.6.1 manual, especially in the Legal Issues section. Please read the "Freeware Status and Restrictions" section. Especially those of you who want to make changes to PGP. I hope all PGP users are switching to the official MIT releases, now that the new data formats have become effective on 1 Sept. PGP 2.6, as well as this new 2.6.1, will always be able to read messages, signatures and keys produced by the older versions. See the manual for details. PGP has many really cool new features planned in its future, and these new features will require more new data formats to support them. Stay compatible by keeping up to date with the official PGP releases from MIT. This message may be reposted to all interested newsgroups. - --Philip Zimmermann prz at acm.org -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLmd9jGV5hLjHqWbdAQGSsAP/RVrmYG3rrVQPlrA4Qf4w5kTyB3RJNLr/ QSOX6C0Lqj3bczCDeyBRlvfydlkSYhwe955OXjF3/tyUdQ/aLyTkz/Sc50yXXxZ8 xfEyaaSDAGkkZPVzvA4dOpDdcgWiYf2q5C7iHM/MbVUUAIX+B6Xh7+3RNKR9U1kh D7QvXd9P1M8= =WqZF -----END PGP SIGNATURE----- From shamrock at netcom.com Fri Sep 2 12:39:11 1994 From: shamrock at netcom.com (Lucky Green) Date: Fri, 2 Sep 94 12:39:11 PDT Subject: More signs that key escrow is coming Message-ID: <199409021939.MAA12297@netcom7.netcom.com> Tim wrote: >Things seem awfully quiet on the list the past 24 hours.... > >Lucky Green wrote: > >> This RFP contains the final specs for a new multimedia architecture the >> cable companies intend to deploy. >... >> ".c4.11.7.1.1 Security System Objectives: >> The Offeror shall specify [..] whether it is possible to hide information >> in the digital signature number of which the signer would be unaware, which >> could conceal information. " >> >> Such as parts of the key? > >This sounds like it's a concern about subliminal channels in the >DSS/DSA signatures, a la the concerns raised by Gus Simmons last year. >I don't know what the use would be, unless it's concern (by whom?) >that viewing preferences could be back-propagated. > The RFP is not just for a system that sends Multimedia to the subscriber. The specs call for Homeshopping, private financial transactions, encrypted credit card transaction, etc. Just what info do they intend to conceal that the "the signer would be unaware" of? Just wondering, -- Lucky Green PGP public key by finger From warlord at MIT.EDU Fri Sep 2 13:15:56 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 2 Sep 94 13:15:56 PDT Subject: PGP 2.6.1 release from MIT In-Reply-To: Message-ID: <9409022015.AA20287@toxicwaste.media.mit.edu> Small correction to Phil's mail: > pgp261.zip, and the source code will be in pgp261s.zip. The MIT FTP > site is net-dist at mit.edu, in the pub/PGP directory. The FTP site is net-dist.mit.edu, not net-dist at mit.edu. More information as it happens.... -derek From ravage at bga.com Fri Sep 2 13:21:08 1994 From: ravage at bga.com (Jim choate) Date: Fri, 2 Sep 94 13:21:08 PDT Subject: State Declaration of Ind. In-Reply-To: <199409021921.MAA27071@netcom8.netcom.com> Message-ID: <199409022020.PAA18658@zoom.bga.com> > > Roy M. Silvernail writes > > Ever since the breakup of the former Soviet Union, I have wondered just > > what _is_ holding the USA together. Within our borders, I think we show > > far more diversity than the former USSR had. Yet we remain "unified", > > even in the face of ever-growing erosion of citizens' rights. > > Habit, inertia, and indoctrination. Same as held the Soviet > Union together for 25 years after belief faded. > > > -- > --------------------------------------------------------------------- > We have the right to defend ourselves and our > property, because of the kind of animals that we James A. Donald > are. True law derives from this right, not from > the arbitrary power of the omnipotent state. jamesd at netcom.com > > I suspect that the reason we are still a union is we share a commen idealism relating to life, liberty, and the pursuit of happiness. Idealistic but perhaps applicable... From jya at pipeline.com Fri Sep 2 13:55:45 1994 From: jya at pipeline.com (John Young) Date: Fri, 2 Sep 94 13:55:45 PDT Subject: Revisionist History of the US....:( (fwd) Message-ID: <199409022055.QAA24441@pipe1.pipeline.com> Responding to msg by ravage at bga.com (Jim choate) on Fri, 2 Sep 10:8 AM >Lesson 2 should be that the 'external' threat won't >last forever and at some point the real issues will >blow up to such an extent that the poplace will not be >concerned about external events because they are so >busy trying to stay alive and make a living. Yes. The external threat to the US has diminished, let's hope, to where some resources, human and material, can be applied to ways to make an advanced society serve its citizenry without resorting to fear of foreign boogies. The way that the surveillance satellite systems of the US and the USSR helped to reduce fear of military planners is instructive. This non-lethal technology, though expensive, made, and continues to make, accidental nuclear war less likely, and seems to me to be a great service to the world's population. Aggressive weapons systems may be similarly replaced by non-lethal technology as scientists and technologists are asked to device such apparatus. Fear of economic and social deprivation might also benefit from the talents of those who once produced the tools of the Cold War and hot regional conflicts you mention. Further, this list offers other ways to envision a society less dependent on the national security rubric of big Government, and may thereby support alternative local initiatives for economic and civil affairs. Kudos for this non-lethal work. John From tcmay at netcom.com Fri Sep 2 16:04:36 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 2 Sep 94 16:04:36 PDT Subject: Black Market in Russia Message-ID: <199409022304.QAA05442@netcom11.netcom.com> The MacNeil-Lehrer Newshour, a PBS television show (for you non-U.S. residents), has a good report tonight on the black market in Russia. Mostly an emphasis on the "shuttle traders" who take chartered flights down to Dubai and stock up on massive amounts of stuff to sell back in Moscow. (An inefficient system, compared to the systems of shippping and mega-malls we have, but encouraging to see.) The traders then pay off customs inspectors, etc. Apparently Russians are doing better than official stats would indicate, similar to the way Italians are much wealthier than tax stats would suggest. I was heartened to see this report. All Cypherpunks, of course, are encouraged to see thriving black markets (or markets of color, to be politically correct about it). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From claborne at microcosm.sandiegoca.NCR.COM Fri Sep 2 16:59:01 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Fri, 2 Sep 94 16:59:01 PDT Subject: PGP 2.6.1 release from MIT Message-ID: <2E67949E@microcosm.SanDiegoCA.NCR.COM> ---------- > From: Philip Zimmermann > ---------------------------------------------------------------------------- -- > > -----BEGIN PGP SIGNED MESSAGE----- > > To: All PGP users > Date: 2 Sep 94 > Re: PGP 2.6.1 release > > This new version has a lot of bug fixes over version 2.6. I hope this is > the final release of this family of PGP source code. We've been working > on an entirely new version of PGP, rewritten from scratch, which is much > cleaner and faster, and better suited for the future enhancements we have > planned. All PGP development efforts will be redirected toward this > new code base, after this 2.6.1 release. Anyone have an idea of what these "enhancements" will be? New data formats? 2 -- C -- ... __o .. -\<, chris.claborne at sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. From jamesd at netcom.com Fri Sep 2 16:59:29 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 2 Sep 94 16:59:29 PDT Subject: State Declaration of Ind. In-Reply-To: <199409022020.PAA18658@zoom.bga.com> Message-ID: <199409022349.QAA26049@netcom8.netcom.com> Roy M. Silvernail writes > > Ever since the breakup of the former Soviet Union, I have wondered just > > what _is_ holding the USA together. Jim choate writes > I suspect that the reason we are still a union is we share a commen idealism > relating to life, liberty, and the pursuit of happiness. Idealistic but > perhaps applicable... Beliefs held by most of the citizens, but no longer taken seriously by the government. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jdwilson at gold.chem.hawaii.edu Fri Sep 2 18:43:40 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Fri, 2 Sep 94 18:43:40 PDT Subject: Quick item re cellular encryption Message-ID: This was parsed off Edupage - anyone know what type of encryption they are using? -NetSurfer BEWARE CELLULAR CONFIDENCES Lawyers who use cellular phones to discuss private matters with clients are increasingly turning toward encryption technology to protect confidential information. Boston-based SafeCall, a company that guarantees secure cellular conversations by routing the calls through its scrambler, says its largest and fastest growing contingent of customers is lawyers. Meanwhile, a six-step set of how-to instructions for turning a Motorola flip-phone into a cellular call receiver was posted on the Internet. (Wall Street Journal 9/1/94 B1) From blancw at pylon.com Fri Sep 2 19:13:55 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Fri, 2 Sep 94 19:13:55 PDT Subject: Reinterpretation Reprised Message-ID: <199409030214.TAA14349@deepthought.pylon.com> Responding to msg by Jim choate: As to putting them all together, you do a diservice in my eyes. They did not occur together and they certainly did not occur in the same social milieu that the Civil War or the Vietnam War - Civil Disobedience did. There were national events that effected every person. The events that you refer to were local events that eventually effected every person on a national scale. Slightly different animals. ............................................................. Do you mean that a Majority Happening is the only thing which is important in your eyes? That the individual is insignificant when s/he is affected by legislation on a personal basis? That if only one person feels discomfitted by it then it's no big deal because no one else has realized that they've been violated? That life, liberty & the pursuit of happiness is only important when carried out by large groups? That the standard of Good Government is a National Event rather than the quality of individual existence? That a Rose by any other name or any lesser multiplicand is not a rose? Blanc From 0x7CF5048D at nowhere Fri Sep 2 19:50:19 1994 From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere) Date: Fri, 2 Sep 94 19:50:19 PDT Subject: How do I choose constants suitable for Diffe-Hellman? Message-ID: <199409030207.AA17919@xtropia> -----BEGIN PGP SIGNED MESSAGE----- How do I choose constants suitable for Diffe-Hellman? According to _Applied Cryptography_ n should be prime, also (n-1)/2 should also be prime. g should be a primitive root of unity mod n. n should be 512 or 1024 bits long. Are there any other requirements? How can I choose such numbers? Are such numbers published anywhere? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmNv5g2Gnhl89QSNAQEnOQQAq8N8NyL9aTFEFq7BfhmXp4J/K8cSiIZU pP+yaIymt69Ne4fqxv2R26wqgRtqSw/jENgmCOJpK1SIeqeRX0/X4WikAh/v+4uC UhvJ48aBiS5Yosct6I2NiFMINS91m0IoCicqNU2IyRG8mzSSzKUWvSivIGSy87VR 8LPgC/AvH8Q= =iDBs -----END PGP SIGNATURE----- From warlord at MIT.EDU Fri Sep 2 20:03:45 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 2 Sep 94 20:03:45 PDT Subject: PGP 2.6.1 release from MIT In-Reply-To: <2E67949E@microcosm.SanDiegoCA.NCR.COM> Message-ID: <9409030303.AA21931@toxicwaste.media.mit.edu> Well, I haven't seen the code, but some ideas I'd have for enhancements are: - signatures at the end of the packets for one-time data passes - signature revocations - userID revocations - real database key management - extensions for alternative encryption and message digest algorithms - modularization of the code - a PGP library and API - much of the wish list Vesselin Bontchev has created -derek From khijol!erc at apple.com Fri Sep 2 20:06:12 1994 From: khijol!erc at apple.com (Ed Carp [Sysadmin]) Date: Fri, 2 Sep 94 20:06:12 PDT Subject: Quick item re cellular encryption In-Reply-To: Message-ID: > a six-step set of how-to instructions for turning a Motorola flip-phone > into a cellular call receiver was posted on the Internet. (Wall Street Anyone know where this was posted? -- Ed Carp, N7EKG Ed.Carp at linux.org, ecarp at netcom.com Finger ecarp at netcom.com for PGP 2.5 public key an88744 at anon.penet.fi If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From anonymous at extropia.wimsey.com Fri Sep 2 20:20:22 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Fri, 2 Sep 94 20:20:22 PDT Subject: Program to circumvent the Sep 1 Legal Kludge part 1/5 In-Reply-To: Message-ID: <199409030237.AA18100@xtropia> -----BEGIN PGP SIGNED MESSAGE----- Tom Jennings Writes: > >Can you please stop mailing me these unidentifyable, undecodable >files from a person I cannot identify, nor detect the reason for >the anonymity? Ok, I won't send that file anymore. Hal writes: > >I've been receiving these, too. It seems to be a program which has the >same effect as a one-line shell script to add the "+legal_kludge" option >to the command line for PGP2.6, so that it generates backwards-compatible >messages without violating anyone's license agreements. Well not exactly, because of a bug in pgp, the +legal_kludge=off does not work by itself. What does work is +CERT_DEPTH=0 +LEGAL_KLUDGE=OFF +CERT_DEPTH=4 Where 4 is the value that you actually want for CERT_DEPTH. I did not want my program to change the behavior of pgp with respect to CERT_DEPTH. So I had my program scan config.txt to find the value there. It then sets the final value of CERT_DEPTH to be the value found there. If no value can be found for CERT_DEPTH then it uses pgp's hardcoded default which is 4. > It's easy to >do such a shell script in Unix. Which shell language? I understand that unix has several although I am not a UNIX expert. > Is there a good way in DOS to add a few >command-line arguments in front of the ones the user has supplied? I wanted to have a program that could be drop in replaceable in a dos environment. I wanted it to be possible to have existing pgp shells continue to work with the SEPT 1 kludge disabled. In DOS, there are common library calls that only spawn executables (.exe files) and do not spawn .bat files. The same is true of OS/2. If any of the commonly avaiable pgp shells used these calls, I wanted my program to be an executable so that it would work as a replacement which would disabled the kludge. I do not see how one could write a dos .bat file that could scan config.txt for the users choice of CERT_DEPTH. If you could do it, it would be sure to be slow. Some Dos users do not use microsoft's command.com, so it is hard to see how a .bat file could be fully portable in DOS. > If >so that would seem easier (and smaller) to distribute. > >Hal > > In short, I think my program could be useful to some people who must send messages to people with old versions of pgp. I wish that someone would make it available at an ftp site. I won't send it out anymore and I am sorry I bothered you. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLl42Zw2Gnhl89QSNAQFgeQP9ESyltO1ilDje2WLrJxzgRU7M+AFE58aO KgL3V9cFkRnkrqgW0Itj9adG3MV77OI8g5xlaQNnVuOD061ly5Yt6hsCMGj8VTIw PLASysn84dsYqVItLD0+mCkLzO7Fw/PgJZ3rhJl+1v7AZZeluHaOSFH5egUs5S9X OmX4e/RKV+Q= =Ieoj -----END PGP SIGNATURE----- From 0x7CF5048D at nowhere Fri Sep 2 20:20:37 1994 From: 0x7CF5048D at nowhere (0x7CF5048D at nowhere) Date: Fri, 2 Sep 94 20:20:37 PDT Subject: Hiding conventionally encrypted messages in PGP messages to someelse. Message-ID: <199409030238.AA18130@xtropia> -----BEGIN PGP SIGNED MESSAGE----- I have been thinking about steganography lately. Correct me if I am wrong, but it seems to me that if one wants to hide encrypted data, then all this public key encryption stuff becomes irrelevant. It seems that the sender and the recipient must agree on a way to hide the data. The time of this agreement is a perfect time to exchange conventional key(s). Speaking of conventional encryption, PGP uses conventional encryption (IDEA). RSA is only used to transmit a conventional encryption key, after it has been randomly chosen. So if we wish to hide conventionally encrypted data, why not use the purloined letter method, and hide it as the conventionally encrypted data in a PGP encrypted file? Then, when Darth Vader finds the PGP encrypted file, we can say that we can not decrypt the file, because it was encrypted for obiwan at galaxy.far.far.away. If the RSA headers confirm this, Darth will have no reason to disbelieve us. Hopefully, obiwan will be out of Darth's reach. To create such a file, we would simply create as PGP usually does, except that we specify or record the conventional IDEA key used. Then to decrypt the file, we simply ignore the RSA headers and use the specified or recorded conventional IDEA key. We could even insure that the IDEA key in the RSA encrypted headers is wrong. So, obiwan can not reveal the data even if Darth can seize him. I have created a hack to PGP ui to do all of the above! The hack works exactly like ordinary PGP except that there are 3 new configuration parameters which may only be specified only on the command line. These parameters are +DISPLAYIDEAKEY +SPECIFYIDEAKEY and +WRONGIDEAKEY. +DISPLAYIDEAKEY=on causes the IDEA key used to be displayed in hex. +SPECIFYIDEAKEY is used to specify the idea key. It can be specified as a passphrase or as a hexadecimal string. +WRONGIDEAKEY=on causes the wrong idea key to be encrypted into the RSA blocks so that the nominal recipient can not decrypt the file. Examples: pgp "+SPECIFYIDEAKEY=my pass phrase" -eat file obiwan at galaxy.far.far.away We will be able to decrypt the encrypted file even though we are not obiwan by: pgp "+SPECIFYIDEAKEY=my pass phrase" file.asc If we wish to encrypt as above but we do not want obiwan to be able to decrypt we would say: pgp +WRONGIDEAKEY=on "+SPECIFYIDEAKEY=my pass phrase" -eat file obiwan at galaxy.far.far.away obiwan will not be able to decrypt (but we will), because the wrong idea key (chosen randomly) will be RSA encrypted in the headers. We can use the +DISPLAYIDEAKEY=on parameter to display the idea key used. pgp +DISPLAYIDEAKEY=on -eat file obiwan at galaxy.far.far.away This will print the idea key in hex. We will be able to decrypt by specifying the displayed key in hex. pgp +SPECIFYIDEAKEY=0X7ee723d686cf5aac8d4b3fd091a00e3e file.asc We can use the parameter +SPECIFYIDEAKEY=PROMPT (upper case) to cause the hacked PGP to prompt for the pass phrase or hex string from the terminal. If you use any of the above be sure that +SELF_ENCRYPT is off. It will not do to have your own name in the RSA headers when Darth comes for you. To create a hacked version of the program, do the following steps: 1) Run this message thru pgp to restore the cutmarks. 2) unpack the pgp 2.6 ui sources to a directory. 3) apply the context diffs (below) using patch. patch ignore ) key[count] = idearand() ^ try_randombyte(); /* Write out a new randseed.bin */ *************** *** 501,507 **** return IDEAKEYSIZE; } ! word32 getpastlength(byte ctb, FILE *f) /* Returns the length of a packet according to the CTB and - --- 501,510 ---- return IDEAKEYSIZE; } ! int make_random_ideakey(byte key[IDEAKEYSIZE+RAND_PREFIX_LENGTH]) ! { ! return make_random_ideakey_ign(key,0); ! } word32 getpastlength(byte ctb, FILE *f) /* Returns the length of a packet according to the CTB and *************** *** 2075,2081 **** { FILE *f; /* input file */ FILE *g; /* output file */ ! byte ideakey[16]; struct hashedpw *hpw; if (verbose) - --- 2078,2084 ---- { FILE *f; /* input file */ FILE *g; /* output file */ ! byte ideakey[IDEAKEYSIZE+RAND_PREFIX_LENGTH]; /* 16 + 8 */ struct hashedpw *hpw; if (verbose) *************** *** 2099,2105 **** /* Get IDEA password, hashed to a key */ if (passwds) ! { memcpy(ideakey, passwds->hash, sizeof(ideakey)); memset(passwds->hash, 0, sizeof(passwds->hash)); hpw = passwds; passwds = passwds->next; - --- 2102,2110 ---- /* Get IDEA password, hashed to a key */ if (passwds) ! { ! make_random_ideakey_ign(ideakey,IDEAKEYSIZE); ! memcpy(ideakey, passwds->hash, sizeof(passwds->hash)); memset(passwds->hash, 0, sizeof(passwds->hash)); hpw = passwds; passwds = passwds->next; *************** *** 2140,2145 **** - --- 2145,2183 ---- /*======================================================================*/ static byte (*keyID_list)[KEYFRAGSIZE] = NULL; + int display_key(byte ideakey[24]) + { + int i; + for(i=0;i In article <199409030238.AA18130 at xtropia> you wrote: > -----BEGIN PGP SIGNED MESSAGE----- > I have been thinking about steganography lately. Correct me if I am > wrong, but it seems to me that if one wants to hide encrypted data, then > all this public key encryption stuff becomes irrelevant. It seems that > the sender and the recipient must agree on a way to hide the data. The > time of this agreement is a perfect time to exchange conventional > key(s). > Speaking of conventional encryption, PGP uses conventional > encryption (IDEA). So if we wish to hide conventionally encrypted > data, why not use the purloined letter method, and hide it as the > conventionally encrypted data in a PGP encrypted file? > To create such a file, we would simply create as PGP usually does, > except that we specify or record the conventional IDEA key used. Then to > decrypt the file, we simply ignore the RSA headers and use the specified > or recorded conventional IDEA key. We could even insure that the IDEA > key in the RSA encrypted headers is wrong. So, obiwan can not reveal > the data even if Darth can seize him. > I have created a hack to PGP ui to do all of the above! Isn't this what pgp -c does? From vince at dsi.unimi.it Sat Sep 3 04:31:52 1994 From: vince at dsi.unimi.it (David Vincenzetti) Date: Sat, 3 Sep 94 04:31:52 PDT Subject: your mail In-Reply-To: <199409030237.AA18101@xtropia> Message-ID: <9409031105.AA11913@goblin.dsi.unimi.it> Some anonymous user sent me a message which is divided in three parts. I am sorry but I did not receive the first one. Can this anon guy please send me the first part again? Thank you. From jya at pipeline.com Sat Sep 3 08:27:42 1994 From: jya at pipeline.com (John Young) Date: Sat, 3 Sep 94 08:27:42 PDT Subject: NY Times Fears C'punks Message-ID: <199409031519.LAA23930@pipe1.pipeline.com> The New York Times Magazine, p. 23 September 4, 1994 Method and Madness Nicolas Wade [Subhead] Little Brother Not so long ago, high technology was seen as the likely handmaiden of totalitarian government, with surveillance systems and central computers tracking every citizen from cradle to grave. By a strange turn of events, what is now in progress is the very opposite of that nightmare. So many powerful technologies are streaming into private hands that Government is struggling to protect even the bare minimum of its legitimate domains. Once only governments could launch photoreconnaissance satellites; now the C.I A. is anxiously trying to curb commercial systems that can discern objects as small as a yard across, high-enough resolution to interest generals as much as geologists. A fleet of navigational satellites designed to give military commanders their exact position anywhere in the world is now in essence available to anyone; the Pentagon has let the public listen in on a degraded signal, but commercial vendors with clever algorithms can restore it to near-military accuracy. The computers that tie together the Government's information systems have become increasingly porous. The better their security systems, the more tempting the challenge. Earlier this year the Pentagon discovered that a coterie of computer hackers had penetrated large parts of its sensitive though unclassified computer network and had even taken control of several military computers. Think tanks and academics have warned for years, quite erroneously, that terrorists would avail themselves of nuclear, chemical or biological weapons; it hasn't happened, because none of these items are easy to use and simpler means have always been available. But the samples of stolen Russian uranium and plutonium that have recently been captured in Germany are a clear warning that this blithe era of security may now be over. The samples seem to have come from reactor fuel and laboratories, not nuclear warheads. But that is small comfort, especially in view of new calculations that only one kilogram (2.2 pounds) of plutonium is needed to make a bomb, not eight kilograms as was generally assumed. And the smugglers caught by the German police were hawking four kilograms for a mere $250 million. Perhaps the most surprising democratization of high technology is that of cryptography, once an elite art of those who guarded Government's most precious secrets. The first serious challenge to the National Security Agency's ability to crack almost everyone else's ciphers came from an ingenious coding approach created in academe in the mid-1970's and known as the public key cryptosystem. The commercial sponsor sold the program to American companies but was not allowed to export it. Then in 1991, a Colorado computer expert, Philip R. Zimmermann, produced a program apparently based on this system, which he named Pretty Good Privacy. A copy of Pretty Good Privacy found its way onto the Internet, free to takers from all countries, and all of a sudden Government-class security became available to everyone. Zimmermann's next project is to develop a pretty secure citizen's phone that scrambles conversations. At this point, of course, it's possible to wonder if the humiliation of Big Brother isn't being taken beyond reasonable limits. Some Government monopolies are not so bad: the use of force, for one. If you believe the F.B.I. is bugging your conversations, you'll want to see Zimmermann in the inventors' hall of fame; if terrorism and organized crime seem the more immediate threats, the universal right to absolute privacy looks less compelling. Is it possible for the state to get too weak in relation to its possible adversaries? That's the last thought that occurs to Americans across a wide spectrum of opinion, from free market economists to civil libertarians. From a variety of motives, they persistently call for governmental power to be curbed. The present headlong democratization of high technology is the flower of a decade of economic deregulation, and of the fading influence of military procurement as a driver of technical progress. The state is so familiar a political structure that its endurance is hard to doubt. For economists and political analysts, it is the only unit of account. Yet in his recent book, "The Transformation of War," the noted military historian Martin van Creveld argues that since modern states are no longer able to fight each other for fear of nuclear war, conventional warfare, too, has become outmoded. Since the purpose of states (at least in the view of military historians) is to fight each other, states that cannot do so must sooner or later yield to organizations that will, like sects, tribes and cults. "In North America and Western Europe, future war-making entities will probably resemble the Assassins, the group which ... terrorized the medieval Middle East for two centuries," van Creveld predicts. Regular armed forces, as has happened in Lebanon, will degenerate into police forces or mere armed gangs; the day of the condottieri will return. Van Creveld is not the only analyst to fear for the state. From quite different reasoning, the political scientist Samuel P. Huntington argued in a widely read essay in Foreign Affairs last year that world politics would be shaped in future by clashes between cultures and religions. As the West loses its military and economic predominance, the counterresponse from the rest of the world will be couched in religious and cultural terms: "The fault lines between civilizations will be the battle lines of the future," he wrote. Even without fully embracing these forecasts of the state's eclipse, it's hard to ignore such recent incidents as the bombing of the World Trade Center or the car bombings of Jewish organizations in Buenos Aires and London. Terrorists with secure phones, satellite maps, accurate positioning and a sophisticated understanding of modern communications systems could bring down not just a few buildings but large sections of a modern economy. Big Brother is dead. The only serious likelihood of his resurrection lies in reaction to the chaos and disintegration that an era of Little Brothers might bring. ------------------- END From hfinney at shell.portal.com Sat Sep 3 08:38:29 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 3 Sep 94 08:38:29 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <199409012015.NAA08436@deepthought.pylon.com> Message-ID: <199409031538.IAA03232@jobe.shell.portal.com> I thought Blanc Weber made a good point when he wrote: >Well, I was thinking that certifications & reputations wouldn't >mean all that much to me, nor either knowing or being >unfamiliar with someone's identity (or pseudonymity). I would >be more convinced with a demo. Something which could >demostrate facility or ability would be more valuable to me >than a second-hand proof. This is similar to Tim May's suggestion for a credential-less society (as far as possible). Rather than trying to carry around a lot of baggage in the form of certifications, credentials, reputations, etc. (anonymous or not), people structure their affairs in such a way that transactions can be completed using just the information at hand. Blanc's idea for immediate demos to demonstrate competency could tie into this nicely. >This anonymity/identity and certification/reputation business >looks to me like trying to have one's cake and eat it, too, as >the expression goes. A featureless landscape with remote >associations to actual substance so as to both please the >aloof-ers & appease the uncertain. I didn't quite follow the rest of Blanc's message (a problem I have, I'm afraid, with many of his postings) but I do agree that there are problems with the use of reputations as a catch-all to solve the problems of anonymity. Faced with the ease of unpunished cheating in an anonymous relationship, people introduce the idea of reputations, sometimes called "reputation capital", and assert that cheaters would in fact be punished by damage to their reputations, the loss of reputation capital. What is this stuff, reputation capital? What does it look like? How can it be measured? How much is it really worth? I think this concept needs to be clarified and examined if it is to serve as one of the principle foundations of pseudonymous commerce. (I know there is a concept in modern finance which attempts to measure the economic value of a firm's reputation, called, I think, "good will", but I don't know how similar that would be to what we are talking about.) One question is, to the extent that a "piece of reputation capital" is an actual object, a digital signature or token of some sort, how heavily linked is it to a given owner? If I run two pseudonyms, Bert and Ernie, and Ernie earns a piece of reputation capital, can he securely transfer it to Bert and have Bert show it as his own? On the one hand, we would not want this to be so (or, expressed in less normative terms, people would probably be uninclined to put much value on reputation capital which had this mathematical structure). If the purpose of reputation capital is to, in effect, punish cheaters, this is defeated to a large extent if it can be transferred. Ernie can earn a reputation, cheat, and then have Bert show the good aspects of Ernie's reputation while being unlinkable to the bad. Going back to the earlier discussion of anonymous escrow agents this would seem to make it far too easy for dishonest agents to succeed. On the other hand, untransferrable credentials are undesirable from the point of view of privacy. That was the whole point of Chaum's work on pseudonyms and credentials. If pseudonym credentials are untransferrable we have a problem where information builds up about a pseudonym that is very nearly as bad as a completely identified system. It is true that at least the ultimate linkage between pseudonym and physical body is broken, but to the extent that your on-line activities _are_ your pseudonym, it is no more desirable to allow dossiers to be built up about your on-line personality than your off-line life. Chaum's system worked in large part because it was ultimately grounded in an identity-based system. People could have credentials and transfer them, but there were limits on the types and numbers of pseudonyms you could have. I think these kinds of restrictions could limit some of the problems which arise with transferrable reputation credentials, although the general problem of "negative credentials", which is really another word for the problem of punishing cheaters, was not fully solved by Chaum's approach, at least not in a way that I understood (he wrote as though he had solved it). One final point I'd make is that Tim's idea about avoiding credentials, along with the points Blanc made, is attractive but there do seem to be a lot of situations where credentials are shown in life. When that is necessary it is tempting to fall back on a trusted authority, the anonymous escrow agent or perhaps Jason Solinsky's cyberspace government, but I think you still have the problem of those authorities proving their honesty. So the problems of credentials and reputations are still present. Hal From hfinney at shell.portal.com Sat Sep 3 08:59:03 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 3 Sep 94 08:59:03 PDT Subject: How do I choose constants suitable for Diffe-Hellman? In-Reply-To: <199409030207.AA17919@xtropia> Message-ID: <199409031558.IAA03708@jobe.shell.portal.com> 0x7CF5048D at nowhere.toad.com writes: >How do I choose constants suitable for Diffe-Hellman? >According to _Applied Cryptography_ n should be prime, >also (n-1)/2 should also be prime. g should be a primitive >root of unity mod n. n should be 512 or 1024 bits long. >Are there any other requirements? These requirements are slightly overkill, IMO. n does have to be prime, but what you really want is to have g generate a "large enough" sub-group of the numbers from 1 to n. One way to achive this is to have (n-1)/2 also be prime, in which case the order of g (the length of g^0,g^1,...,1) is either 1, n-1, 2, or (n-1)/2. The odds of it being 1 or 2 are practically nil, so you could really use a random g since a period of (n-1)/2 is more than good enough. Or, you could test g by raising it to the (n-1)/2 power and if the answer is 1 reject it and try another g. That way you get one with period n-1 which is maximal. There was a program posted here last time we discussed this (maybe four months ago?) which sieved for both n prime and (n-1)/2 prime. It was pretty fast. One thing you can do which IMO is just as good is to choose a g with a considerably smaller period. There are two known ways to solve discrete logs; one depends on the size of n and the other depends on the size of the order of g(|g|). The second one is much weaker so if you choose the size of |g| to provide about as much security as the method based on the size of n you get something like n=512, |g|=140. This is used in the DSS, I believe. The advantage of this is that it is faster to exponentiate g^x in DH since x will be only 140 bits. So, to use this, pick a prime q of 140 bits, then find a prime n equal to kq+1 for some k, such that n is 512 bits. This assures that there are some generators g which have a period of q. There is an easy trick to find one: pick a random number a < n, and set g = a ^ ((n-1)/q). It follows that g^q equals 1 (since it is a^(n-1)), and since q is prime it must be the order of g. As I said, you can always use the full DH, but you would be in good company using the small-q version. One question is the size of q to use for n=1024. I haven't seen a clear answer to that, but the general principle is that if solving discrete logs becomes X times harder, you should increase q by a factor of X^2. So if DH is a million times harder for n=1024 than for n=512 (it's hard to tell with all of the O(1) factors in the formulas) then q should be 40 bits longer or about 180 bits. Hal From tcmay at netcom.com Sat Sep 3 11:49:58 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 3 Sep 94 11:49:58 PDT Subject: Credentials, Reputations, and Anonymity In-Reply-To: <199409031538.IAA03232@jobe.shell.portal.com> Message-ID: <199409031850.LAA02876@netcom16.netcom.com> Hal Finney wrote: > I thought Blanc Weber made a good point when he wrote: I learned a while back that Blanc is a woman. She's never corrected this public misperception, that I recall seeing, so maybe I'm out of place doing it here, but I've gone and done it anyway. (Blanc's point elided) > This is similar to Tim May's suggestion for a credential-less society > (as far as possible). Rather than trying to carry around a lot of > baggage in the form of certifications, credentials, reputations, etc. > (anonymous or not), people structure their affairs in such a way that > transactions can be completed using just the information at hand. > Blanc's idea for immediate demos to demonstrate competency could tie > into this nicely. Yes, I think "locality" is generally a big win. Locality means local clearing, immediacy, and self-responsibility. Caveat emptor, and all that. Not perfect, of course, but generally better than a non-local, non-immediate system in which contracts are negotiated, credentials must be produced (often demanded by the government--here in Santa Cruz one needs a license to be a palm reader!). There are cases where time-binding is needed, where contracts must be negotiated, but the modern trend to make everything into a non-local, accounting-centered deal seems wrong-headed. > I didn't quite follow the rest of Blanc's message (a problem I have, I'm > afraid, with many of his postings) but I do agree that there are problems > with the use of reputations as a catch-all to solve the problems of > anonymity. Faced with the ease of unpunished cheating in an anonymous > relationship, people introduce the idea of reputations, sometimes called > "reputation capital", and assert that cheaters would in fact be punished > by damage to their reputations, the loss of reputation capital. I don't think reputations solve all problems. Enforcement of contracts with threats of sanctions (economic, physical, etc.) is often needed. One doesn't pay $20,000 for a new car, not get the car because the dealer welched, and simply say: "Boy, his reputation is mud now." (I won't go into the various common-sense ways of dealing with this, nor point out that such massive frauds are rare, for various reasons.) My main point is a simple one: Let there be no laws which dictate what protocols people use for transactions. If Alice and Bob are content to use each others' "reputations" as a basis for doing business, let no third party step in and force them to use "credentials." How it all works out, with flaws and all, is not something we can predict. I'm not saying Hal's doubts about how reputation will work are unwarranted, or unwelcome...indeed, such questioning is needed. > What is this stuff, reputation capital? What does it look like? How can > it be measured? How much is it really worth? I think this concept needs > to be clarified and examined if it is to serve as one of the principle > foundations of pseudonymous commerce. (I know there is a concept in > modern finance which attempts to measure the economic value of a firm's > reputation, called, I think, "good will", but I don't know how similar > that would be to what we are talking about.) Economists ought to be thinking about these things, a point economist David Friedman agreed with me on a couple of years or so ago. The study of anonymous markets, in which conventional sanctions are difficult to apply, should be an exciting area to explore. > One question is, to the extent that a "piece of reputation capital" is an > actual object, a digital signature or token of some sort, how heavily > linked is it to a given owner? If I run two pseudonyms, Bert and Ernie, > and Ernie earns a piece of reputation capital, can he securely transfer > it to Bert and have Bert show it as his own? "Webs of trust" are partial examples of this, with Alice signing Bob's key and thus saying "I trust this key, so if you trust me, you should also trust Bob." While this does not yet extend to more substantive issues (such as saying "I vouch for this transaction"), it gives us a hint about how this may work. We've had some good discussions in Cypherpunks physical meetings, with noted agorists Dean Tribble, Norm Hardy, Mark Miller, etc., on this very topic: the transitive properties of reputation capital. It seems to work, based on analogies with criminal markets (where they obviously can't go to the courts), and with comparisons to primitive trading societies. The "Law Merchant," as you'll recall (Benson's "The Enterprise of Law") was extra-national, and only "my word as a captain is my bond" worked to ensure completion of trade arrangements. It worked well, too. (As I've said before, the fallback position of relying on the State has displaced ordinary concepts of trust and honor...it is no longer a "fallback" position, and so trust and honor (= reputation) has become a joke. I am optimistic that crypto anarchy will see a restoration of these concepts, back-stopped of course with cryptographic protocols and unforgeable signatures.) > On the one hand, we would not want this to be so (or, expressed in less > normative terms, people would probably be uninclined to put much value on > reputation capital which had this mathematical structure). If the > purpose of reputation capital is to, in effect, punish cheaters, this is > defeated to a large extent if it can be transferred. Ernie can earn > a reputation, cheat, and then have Bert show the good aspects of Ernie's > reputation while being unlinkable to the bad. Going back to the earlier > discussion of anonymous escrow agents this would seem to make it far too > easy for dishonest agents to succeed. An unresolved issue, I suspect. Almost no work has been done here, so we have only our intuitions about how things will work. I have to be honest here, but I feel no shame about not knowing the answers to Hal's good points--this is just an area that has had little study, theoretically or empirically. A clarion call for more work. > On the other hand, untransferrable credentials are undesirable from the > point of view of privacy. That was the whole point of Chaum's work on > pseudonyms and credentials. If pseudonym credentials are untransferrable > we have a problem where information builds up about a pseudonym that is > very nearly as bad as a completely identified system. It is true that at > least the ultimate linkage between pseudonym and physical body is broken, > but to the extent that your on-line activities _are_ your pseudonym, it > is no more desirable to allow dossiers to be built up about your on-line > personality than your off-line life. Practically, I see almost no way that credentials would *not* be transferrable. One obvious way is for Len and Mack to share bank accounts, money, etc. Len could have a large bank account (a credential of one sort) and could then "transfer" it (the access codes) to Mack. Voila! Credentials got transferred. More generally, two agents, related or not, can arrange transfers. In one extreme from, Len could transfer *all* of his codes and numbers to Mack, allowing Mack to effectively become Len. This is certainly a transfer of reputation! (And a concern several have raised, a la "But how do you know who you are *really* dealing with?") > Chaum's system worked in large part because it was ultimately grounded in > an identity-based system. People could have credentials and transfer > them, but there were limits on the types and numbers of pseudonyms you > could have. I think these kinds of restrictions could limit some of the > problems which arise with transferrable reputation credentials, although > the general problem of "negative credentials", which is really another > word for the problem of punishing cheaters, was not fully solved by > Chaum's approach, at least not in a way that I understood (he wrote as > though he had solved it). I agree that much more work is needed. In fact, it's a situation analogous to the nanotechnology field, where one researcher dominates a field (Chaum in this stuff, Drexler in nanotech) and the great mystery is why no more Chaums or Drexlers have appeared! > One final point I'd make is that Tim's idea about avoiding credentials, > along with the points Blanc made, is attractive but there do seem to be a > lot of situations where credentials are shown in life. When that is > necessary it is tempting to fall back on a trusted authority, the > anonymous escrow agent or perhaps Jason Solinsky's cyberspace government, > but I think you still have the problem of those authorities proving their > honesty. So the problems of credentials and reputations are still > present. Even with the implications not fully explored, my main point is (again) that there be no restrictions on *my* ability to try to deal with other agents on this basis. That there may be some messy situations is not enough reason to outlaw anonymity; we see messy situations in our credential-happy society today, with "permission slips" needed for increasing numbers of transactions. Anonymity and unlinkable, untraceable transactions gives us the opportunity to explore these issues, and probably answer Hal's questions. A fair trade, I'd say. Even if I don't have a credential authorizing me to make that statement. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From roy at sendai.cybrspc.mn.org Sat Sep 3 14:21:07 1994 From: roy at sendai.cybrspc.mn.org (Roy M. Silvernail) Date: Sat, 3 Sep 94 14:21:07 PDT Subject: NY Times Fears C'punks In-Reply-To: <199409031519.LAA23930@pipe1.pipeline.com> Message-ID: <940903.152223.7n1.rusnews.w165w@sendai.cybrspc.mn.org> -----BEGIN PGP SIGNED MESSAGE----- In <199409031519.LAA23930 at pipe1.pipeline.com>, jya at pipeline.com passes along a New York Times article. Yep, they're sounding scared. I saw definite pleading of the government's case in there. They left out pedophiles, but they got terrorists, drug dealers and nuclear weapons smugglers. Was it just me, or did the tone get a little more frantic when they started talking about crypto? And what are they really saying in that closing paragraph? > Big Brother is dead. The only serious likelihood of his resurrection > lies in reaction to the chaos and disintegration that an era of Little > Brothers might bring. Is this the NYT being out of touch, or are they just showing off their tentaclehood? To me, that reads like a threat against those who oppose the Government Private Agenda. - -- Roy M. Silvernail -- roy at sendai.cybrspc.mn.org "Usenet: It's all fun and games until somebody loses an eye." --Jason Kastner -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLmjdnhvikii9febJAQGWUQQAosUtEx0cy9UHm2BeoRf/uVGPDCiup6Ug /LONLcBBDOqFCe58eBHnPJ1Hs7mF4FjPNpLBbt6ME+RzQHnh8RBGXAi9tWqqUo56 87SJaLW3CIrbRAns25C8O5qzgVkScNr7OUklvIUstYRqssS34MpeWI+5TCs5Ala8 9GPzxatyT6o= =dt5k -----END PGP SIGNATURE----- From brains at male.org Sat Sep 3 14:37:30 1994 From: brains at male.org (brains at male.org) Date: Sat, 3 Sep 94 14:37:30 PDT Subject: NY Times Fears C'punks Message-ID: >-----BEGIN PGP SIGNED MESSAGE----- > >In <199409031519.LAA23930 at pipe1.pipeline.com>, jya at pipeline.com passes >along a New York Times article. Yep, they're sounding scared. I >saw definite pleading of the government's case in there. They left out >pedophiles, but they got terrorists, drug dealers and nuclear weapons >smugglers. > >Was it just me, or did the tone get a little more frantic when they >started talking about crypto? If you, then me, too :-\ > >And what are they really saying in that closing paragraph? > >> Big Brother is dead. The only serious likelihood of his resurrection >> lies in reaction to the chaos and disintegration that an era of Little >> Brothers might bring. > >Is this the NYT being out of touch, or are they just showing off their >tentaclehood? To me, that reads like a threat against those who oppose >the Government Private Agenda. My vote is out of touch - with a threat tossed in for good measure. FWIW, I sent them a nice (hah!) reply, poking holes in some of their premises. Likely won't do any good, but made me feel better. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From jamesd at netcom.com Sat Sep 3 15:31:35 1994 From: jamesd at netcom.com (James A. Donald) Date: Sat, 3 Sep 94 15:31:35 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <199409031538.IAA03232@jobe.shell.portal.com> Message-ID: <199409032231.PAA02510@netcom6.netcom.com> Hal writes > What is this stuff, reputation capital? What does it look like? How can > it be measured? How much is it really worth? Obviously none of these questions are answerable: So what? If you are arguing that intangibles do not exist, and therefore cannot affect real things, then this is obviously false. > I think this concept needs > to be clarified and examined if it is to serve as one of the principle > foundations of pseudonymous commerce. No it should not be "clarified and examined" or you will wind up with the supreme court declaring that such and such an act should dock your reputation thirty points, and that it is cruel and unusual punishment for people to have their reputations docked for acts committed more than seven years ago. We already know what reputations are. "Defining" them is going to make them into meaningless nominalist hot air. > (I know there is a concept in > modern finance which attempts to measure the economic value of a firm's > reputation, called, I think, "good will", but I don't know how similar > that would be to what we are talking about.) Not that similar, which is why they did not call it reputation. > One question is, to the extent that a "piece of reputation capital" is an > actual object, a digital signature or token of some sort, how heavily > linked is it to a given owner? Since a reputation is not a digital signature or token this is not a sensible question. A reputation belongs to a person identified by signature or token. > If I run two pseudonyms, Bert and Ernie, > and Ernie earns a piece of reputation capital, can he securely transfer > it to Bert and have Bert show it as his own? No. That is why corporations like to have one logo on all their products. > On the other hand, untransferrable credentials are undesirable from the > point of view of privacy. Life's a bitch, and then you die. > If pseudonym credentials are untransferrable > we have a problem where information builds up about a pseudonym that is > very nearly as bad as a completely identified system. It is true that at > least the ultimate linkage between pseudonym and physical body is broken, > but to the extent that your on-line activities _are_ your pseudonym, it > is no more desirable to allow dossiers to be built up about your on-line > personality than your off-line life. If your on line personality is selling something, it would seem highly desirable to have dossiers built up about it. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From matsb at sos.sll.se Sat Sep 3 17:35:58 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Sat, 3 Sep 94 17:35:58 PDT Subject: Credentials, Reputations, and Anonymity In-Reply-To: <199409031850.LAA02876@netcom16.netcom.com> Message-ID: Just some thoughts (I haven't done much reading or thinking on these issues so possibly this is just to show how little I understand): > One doesn't pay $20,000 for a new car, not get the car because the > dealer welched, and simply say: "Boy, his reputation is mud now." No, one gets a receipt and keys to the car when paying (in whatever way) and drives away in the purchase. The receipt can be one-way anonymous and the car can be paid for in paper cash. (Then there are problems of registration and insurance interfering with anonymity, not relevant to what is discussed here). If necessary I can prove in court that I bought the car, showing the receipt (in theory still anonymously). Now, if I want to pay for the car in on-line cash I guess I could connect to my anonymous bank account with my private key, transfer the money to a bank account of the seller's choice, his bank giving my bank a receipt, and drive away in my new car. So, when buying hardware I only have to trust the digital banking system, not the seller? Well, if the seller is anonymous to his bank also, what can be proved is only that anonX paid anonY the sum Z (or possibly what the purchase was about - a description of the merchandise - if the seller instructed his bank to sign this into the receipt). What if the seller reveales his identity to a court, shows a paper receipt to prove that he has bought the merchandise and claims never to have sold it to me? No one can force him to produce the private key connecting him to the account that received on-line payment. It doesn't help to 'outlaw' paper receipts - still, he can prove that he bought the car by producing the key (password) to an account that paid for it but deny connection to the account that received payment from me. By revealing my connection to my paying bank account I can prove that I 'paid for' the car (possibly time-stamped at a later date) but who is to say that I am not the owner of the receiving account also? Thus, if the seller is identifying himself, an anonymous buyer can use on-line cash to pay for a car and still be 'safe' with a receipt (paper or on-line have similar value in preserving the buyer's pseudonymity). But if both seller and buyer are anonymous, then receipts mean nothing (like in criminal business) but reputations everything. Mats From paul at hawksbill.sprintmrn.com Sat Sep 3 18:01:27 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sat, 3 Sep 94 18:01:27 PDT Subject: PGP 2.6(1) Message-ID: <9409040204.AA02587@hawksbill.sprintmrn.com> ... is obviously not available yet. I just took a look on net-dist.mit.edu and only vanilla 2.6 is still available. Any clues on when 2.6(1) will be available? - paul From ravage at bga.com Sat Sep 3 19:29:47 1994 From: ravage at bga.com (Jim choate) Date: Sat, 3 Sep 94 19:29:47 PDT Subject: Reinterpretation Reprised In-Reply-To: <199409030214.TAA14349@deepthought.pylon.com> Message-ID: <199409040229.VAA04290@zoom.bga.com> > > Do you mean that a Majority Happening is the only thing which > is important in your eyes? That the individual is > insignificant when s/he is affected by legislation on a > personal basis? That if only one person feels discomfitted by > it then it's no big deal because no one else has realized that > they've been violated? That life, liberty & the pursuit of > happiness is only important when carried out by large groups? > That the standard of Good Government is a National Event rather > than the quality of individual existence? That a Rose by any > other name or any lesser multiplicand is not a rose? > > Blanc > A person has certain inalienable rights. The rights of teh majority in this country are DEFINED by the Constitution. If the right or responsibility is not SPECIFICALY detailed in that document then the Federal govt. does not have that right, unless it is added as an amendment by the states. I oppose any move by the majority to remove a possible action or belief system from the individual that does not directly lead to the damage of a person or their property without their prior consent. ] Is that clear enough as to what I believe? Behind this view is an avowed Pantheist. As to the rose, call it whatever is convenient... Take care. From stjude at well.sf.ca.us Sat Sep 3 20:05:21 1994 From: stjude at well.sf.ca.us (Judith Milhon) Date: Sat, 3 Sep 94 20:05:21 PDT Subject: re 2nd amendment Message-ID: <199409040305.UAA26932@well.sf.ca.us> any comments, please reply to me personally... From warlord at mit.edu Sat Sep 3 20:11:33 1994 From: warlord at mit.edu (Derek Atkins) Date: Sat, 3 Sep 94 20:11:33 PDT Subject: PGP 2.6(1) In-Reply-To: <9409040204.AA02587@hawksbill.sprintmrn.com> Message-ID: There is no PGP 2.6(1). However, PGP 2.6.1 should be released soon, once we make sure that there are no problems with the distribution, etc. Mail will be sent out when the release happens. Unfortunately Phil tends to jump the gun on things like this, and sent out mail before we were ready to release. Sorry for the inconvenience. We'll let you know when the release is made. -derek From tcmay at netcom.com Sat Sep 3 20:46:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 3 Sep 94 20:46:23 PDT Subject: "Reputations" are more than just nominalist hot air In-Reply-To: <199409032231.PAA02510@netcom6.netcom.com> Message-ID: <199409040346.UAA17897@netcom14.netcom.com> James Donald writes: (quoting Hal Finney) > > I think this concept needs > > to be clarified and examined if it is to serve as one of the principle > > foundations of pseudonymous commerce. > > No it should not be "clarified and examined" or you will wind up > with the supreme court declaring that such and such an act should > dock your reputation thirty points, and that it is cruel and unusual > punishment for people to have their reputations docked for acts > committed more than seven years ago. Why not try to clarify and examine such an important concept? Where's the danger in gaining a better understanding? Jumping forward to speculations about what the Supremes might do with such knowledge (were they to subscribe to our list and thus gain this knowledge :-}) and from this concluding that such research should not be done seems unwarranted. To put it mildly. > We already know what reputations are. "Defining" them is going > to make them into meaningless nominalist hot air. James, I can only conclude you were in a bad mood when you wrote this, as surely the study of how reputations work, how they get increased and decreased, etc., cannot be a bad thing. > > If I run two pseudonyms, Bert and Ernie, > > and Ernie earns a piece of reputation capital, can he securely transfer > > it to Bert and have Bert show it as his own? > > No. My close friend and frequent collaborator, Sue D. Nym, known to you also as S. Boxx, as Pablo Escobar, and as an12070, has been researching this issue very carefully. His analysis of pseudospoofing is precisely on target here, and answers this question affirmatively. (In this paragraph, I have just "spent" some of my "reputation capital" in this praise of Detweiler. Depending on the views you readers have about my reputation, and Detweiler's reputation, and how serious you think I was here, my reputation could get better or worse, and Detweiler's could get better or worse. This is one way the reputation of one agent can be transferred to another. It happens all the time, in reviews of movies, books, restaurants, and pseudonyms.) The study of reputations and how they change is an important one. It is more than just "nominalism" to see how things tick, what the key features are, what the conserved quantities are (if any), and so forth. This I think was the thrust of Hal's questions. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hfinney at shell.portal.com Sat Sep 3 20:50:51 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 3 Sep 94 20:50:51 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <199409032231.PAA02510@netcom6.netcom.com> Message-ID: <199409040350.UAA07837@jobe.shell.portal.com> jamesd at netcom.com (James A. Donald) writes: >Hal writes >> What is this stuff, reputation capital? What does it look like? How can >> it be measured? How much is it really worth? >Obviously none of these questions are answerable: So what? >If you are arguing that intangibles do not exist, and therefore >cannot affect real things, then this is obviously false. No, my questions were not rhetorical at all. I do think that various people have come up with ideas for what they call reputation capital that are much more formalized and structured than what you are referring to. This doesn't mean that they are right and you wrong, just that there are a lot of different concepts floating around under this umbrella of a term. As one example, consider how signed endorsements could be used to create and validate a reputation. We already see that today with celebrity endorsements in advertising. I once sold a product where the main competitor had (years ago) collected a favorable comment by Dvorak, the well-known computer columnist. I'll bet a lot of people had never heard of that company but when they saw Dvorak's quote the image of that company was improved a great deal. This endorsement could be called reputation capital. In a very real sense, it was one of the principal assets of that company. I believe many conceptions of reputation capital consist of collections of such endorsements, along with an infrastructure to support them (similar perhaps to the PGP web of trust). >> I think this concept needs >> to be clarified and examined if it is to serve as one of the principle >> foundations of pseudonymous commerce. >No it should not be "clarified and examined" or you will wind up >with the supreme court declaring that such and such an act should >dock your reputation thirty points, and that it is cruel and unusual >punishment for people to have their reputations docked for acts >committed more than seven years ago. There is always the danger of legislative interference in any action but I really don't think our discussions here are likely to bring disaster down on us. >We already know what reputations are. "Defining" them is going >to make them into meaningless nominalist hot air. On the contrary, I think that a pseudonymous/anonymous world calls for a re-examination of the concept of reputations. Today there is no implementation of a transferrable credential, where I could for example prove that company XYZ considers me a good credit risk, without XYZ linking my present nom de guerre with the one I used when with them. Today there is no use made of blind signatures. A few years ago public-key encryption was almost unknown in the private sector. All of these technologies could have significant impact on business relationships. Things are changing, and we on this list are some of the few people who are interested in talking about the effects of these changes. >> If pseudonym credentials are untransferrable >> we have a problem where information builds up about a pseudonym that is >> very nearly as bad as a completely identified system. It is true that at >> least the ultimate linkage between pseudonym and physical body is broken, >> but to the extent that your on-line activities _are_ your pseudonym, it >> is no more desirable to allow dossiers to be built up about your on-line >> personality than your off-line life. >If your on line personality is selling something, it would seem highly >desirable to have dossiers built up about it. Right, I did discuss this point. This helps prevent people from certain kinds of cheating. But the down side is that sellers have to give up some (all?) privacy. And, after all, practically everyone is selling something, even if just their labor. Is the solution that we have privacy as consumers but not as sellers? I don't think this is the only possible answer. It is worth considering whether privacy can be provided to sellers as well. As another example, consider the case of someone applying for credit. Here the bank is, in a sense, selling money. OTOH the applicant is selling something, too - his ability to pay. Do we just say that "of course" dossiers of people's credit history and banks' lending history are the desirable and correct way to solve this problem, as we have today? I would prefer to see whether solutions could be derived in which more privacy is provided to the participants. Obviously total anonymity would make such lending virtually impossible, but perhaps there is some middle ground between that and a system of total identification. This is where Chaum is coming from with his credentials. His solutions have problems, granted, but I don't think it is necessarily time to give up and say that the kinds of dossiers we have today are the best way things can work. Hal From tcmay at netcom.com Sat Sep 3 21:06:57 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 3 Sep 94 21:06:57 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <199409040350.UAA07837@jobe.shell.portal.com> Message-ID: <199409040407.VAA19812@netcom14.netcom.com> Hal's reply to James Donald went out within minutes of mine, and made roughly the same points I made (his "endorsement" by Dvorak example is eerily similar to the example I used, about endorsing Detweiler). Maybe Detweiler was right...maybe we _are_ tentacles! --Tim the Tentacle -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jamesd at netcom.com Sat Sep 3 23:51:49 1994 From: jamesd at netcom.com (James A. Donald) Date: Sat, 3 Sep 94 23:51:49 PDT Subject: "Reputations" are more than just nominalist hot air In-Reply-To: <199409040346.UAA17897@netcom14.netcom.com> Message-ID: <199409040651.XAA07075@netcom14.netcom.com> > James Donald writes: > > We already know what reputations are. "Defining" them is going > > to make them into meaningless nominalist hot air. Timothy C. May writes > James, I can only conclude you were in a bad mood when you wrote > this, as surely the study of how reputations work, how they get > increased and decreased, etc., cannot be a bad thing. Hal wished to have answers to certain questions about reputations. The questions he was asking have no answers. If one provided answers to such questions, the thing that one is calling a reputation would not be a reputation, it would be something more formal, and more subject to centralized control. Were such a definition generally accepted, this would have consequences radically different to those that we desire. I really do not want to digress onto the issue of nominalism and legal positivism, which is seriously off topic, but a similar approach on other matters has led to the catastrophic collapse of societies in the past, and I would claim that it is having something of that effect in the present. It is legitimate and desirable to ask such questions about credentials. To ask them about reputations is harmful and dangerous. You may ask: How can a mere question be dangerous? Answer: Because some questions imply false definitions, and false definitions are dangerous. To take an extreme example, consider the labor theory of value. The labor theory of value defines what capitalists do (organize labor so as to maximize value and minimize labor) as non existent. It therfore leads to the false conclusion that capitalists can be forcibly eliminated without their functions being taken over by a totalitarian nomenclatura, because the definition defines capitalists to have no function. A nominalist definition of reputation, which was what Hal's questions would necessarily lead to, would lead to analogous conclusions -- the need for a formal system of credentialing in cyberspace -- to serve *in the place of* real reputations.. If such a system was to serve the function that reputations now serve in the real world, it would lead to consequences very different from those intended or desired by Hal. From jkreznar at ininx.com Sun Sep 4 03:52:50 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Sun, 4 Sep 94 03:52:50 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <199409031538.IAA03232@jobe.shell.portal.com> Message-ID: <9409041052.AA03370@ininx> -----BEGIN PGP SIGNED MESSAGE----- Hal writes: > On the other hand, untransferrable credentials are undesirable from the > point of view of privacy. ... It is true that at > least the ultimate linkage between pseudonym and physical body is broken, > but to the extent that your on-line activities _are_ your pseudonym, it > is no more desirable to allow dossiers to be built up about your on-line > personality than your off-line life. But is this really true? If a seller is using the pseudonym just to defend himself against uninvited third parties such as tax collectors, it would seem that accumulation of a dossier would be useless as long as the physical seller can't be found. What would be gained by transferring the credential (the evidence of the seller's marketable skills or whatever he's selling) to a new pseudonym? I assume that the seller receives payment by some anonymous method, perhaps electronic cash. Am I missing something? John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLmmPh8Dhz44ugybJAQHBBgP7BOyYR6qWoR4rM4KKbA/G6zjoGKoyaKuH Xp8VL57VPo+k8h1onolU9MoIpnBKMK45CL7atwRkgtNgSVzINgiCkl5xaeviVd15 +fv/xYdJz8evaINwxTA5AM5KCOxF90CsKlLqgyF/ZoGeMfwTYi4us1dHtJDr8Ot3 84RR3vFdYkk= =oWFz -----END PGP SIGNATURE----- From jya at pipeline.com Sun Sep 4 09:08:13 1994 From: jya at pipeline.com (John Young) Date: Sun, 4 Sep 94 09:08:13 PDT Subject: \"Reputations\" are more than just nominalist hot air Message-ID: <199409041602.MAA02685@pipe1.pipeline.com> Responding to msg by jamesd at netcom.com (James A. Donald) on Sat, 3 Sep 11:51 PM >I really do not want to digress onto the issue of >nominalism and legal positivism, which is seriously >off topic, but a similar approach on other matters has >led to the catastrophic collapse of societies in the >past, and I would claim that it is having something of >that effect in the present. * * * >If such a system was to serve the function that >reputations now serve in the real world, it would lead >to consequences very different from those intended or >desired by Hal. Your elaboration of this claim, to echo Tim's later post, would be welcomed. Tim has mentioned before that "off topic" is solved by artful weaving. Please do. John From norm at netcom.com Sun Sep 4 10:49:06 1994 From: norm at netcom.com (Norman Hardy) Date: Sun, 4 Sep 94 10:49:06 PDT Subject: Force is not physical Message-ID: <199409041749.KAA14499@netcom.netcom.com> Can someone send me a copy of Eric Hughes Wednesday essay "Force is not physical"? I somehow lost the machine version. From mab at research.att.com Sun Sep 4 10:54:27 1994 From: mab at research.att.com (Matt Blaze) Date: Sun, 4 Sep 94 10:54:27 PDT Subject: Final version of Clipper Protocol Failure paper Message-ID: <9409041753.AA02006@merckx.UUCP> The "final" pre-print version (dated August 20, 1994) of my paper, "Protocol Failure in the Escrowed Encryption Standard" is now available. You can get it in PostScript form via anonymous ftp from research.att.com in the file /dist/mab/eesproto.ps . This version replaces the preliminary draft (June 3) version that previously occupied the same file. Most of the substance is identical, although few sections are expanded and a few minor errors are now corrected. I'd appreciate it if anyone who's citing the paper use this version. Only PostScript format is available. Sorry. This paper will be presented at the 2nd ACM Conference on Computer and Communications Security in Fairfax in November. -matt From jamesd at netcom.com Sun Sep 4 11:24:38 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 4 Sep 94 11:24:38 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <199409040350.UAA07837@jobe.shell.portal.com> Message-ID: <199409041824.LAA14498@netcom7.netcom.com> Hal writes > > > What is this stuff, reputation capital? What does it look > > > like? How can it be measured? How much is it really > > > worth? jamesd at netcom.com (James A. Donald) writes: > > Obviously none of these questions are answerable: So what? Hal writes > No, my questions were not rhetorical at all. I do think > that various people have come up with ideas for what they > call reputation capital that are much more formalized and > structured than what you are referring to. This doesn't > mean that they are right and you wrong, just that there are > a lot of different concepts floating around under this > umbrella of a term. No no: What is floating around are proposals for the structured handling of the *information* on which reputations are based, not proposals for the structured handling of reputations. Digital credentials, not digital reputations. Structured handling of *reputations* would be catastrophic. If you *define* reputations to be something formal and explicit, and say that the system will work because people guard their reputations, then reputations become something that can be most efficiently granted and withdrawn by some centralized authority. And then, as with fiat currency, the value of those "reputations" would in the end need to be backed by force in order to make the system work. I am complaining about dangerous carelessness in your use and definition of words. Your use of the word reputation is as fraught with frightful consequences as Marx's use of the word "value". Reputation based systems work for freedom, and coercion based systems work for centralized government, for obvious reasons that all of us agree upon. *Define* reputations to be something other than reputations, and you are kicking the crucial foundation out from under freedom. You are defining the foundation of freedom away, in a way precisely analogous to the way Marx defined the basis of capitalism away, though he did it maliciously and knowingly, and you are doing it accidentally. > As one example, consider how signed endorsements could be > used to create and validate a reputation. True. But signed endorsements are *not* a reputation. > > > I think this concept needs to be clarified and examined if > > > it is to serve as one of the principle foundations of > > > pseudonymous commerce. > > No it should not be "clarified and examined". > > ... > > We already know what reputations are. "Defining" them is > > going to make them into meaningless nominalist hot air. > On the contrary, I think that a pseudonymous/anonymous > world calls for a re-examination of the concept of > reputations. Today there is no implementation of a > transferrable credential, where I could for example prove > that company XYZ considers me a good credit risk, without > XYZ linking my present nom de guerre with the one I used > when with them. This is an illustration of the danger of redefining "reputation" as you appear to be doing. Obviously a blind signed credential transferable between digital pseudonyms would have no value to support a reputation, but by abandoning the correct usage of the word "reputation" you have obscured that fact from yourself. But what would have value was a credential whereby some authority signed *one* private key that you possessed at a certain time, without knowing either the private key or the public keys associated with that private key. But if you used that key to support multiple identities, you would then be stuffed because it would then create a link between Joe Robertson, software benchmarker, and Mike Hardcase, purveyor of underage Ceylonese virgins. Worse, it might create a link between Mike Hardcase and Joe Whatsyourpleasure, purveyor of Filipina whores, thereby substantially reducing the value of the Ceylonese virgins purveyed by Mike Hardcase, even though both Mike Hardcase and Joe Whatsyourpleasure both had excellent reputations until their reputations became linked. > > If your on line personality is selling something, it would > > seem highly desirable to have dossiers built up about it. > Do we just say that "of course" dossiers of people's credit > history and banks' lending history are the desirable and > correct way to solve this problem, as we have today? I > would prefer to see whether solutions could be derived in > which more privacy is provided to the participants. > Obviously total anonymity would make such lending virtually > impossible, but perhaps there is some middle ground between > that and a system of total identification. This is where > Chaum is coming from with his credentials. Exactly so: And Chaum talked of digital credentials, and the reputations of digital credentials. He *did not* talk about digital reputations. Use the word *credentials*, not the word *reputations*. If we were to start using the word *reputations* in the way that you have been using it, we will make errors with vastly more serious consequences that the errors that you have made. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Sun Sep 4 11:37:45 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 4 Sep 94 11:37:45 PDT Subject: "Reputations" are more than just nominalist hot air In-Reply-To: <199409040346.UAA17897@netcom14.netcom.com> Message-ID: <199409041837.LAA15650@netcom7.netcom.com> James Donald writes: > > No it should not be "clarified and examined" Timothy C. May writes > Why not try to clarify and examine such an important > concept? Where's the danger in gaining a better > understanding? When somebody wants to "clarify and examine" a concept that is already well understood, this usually means that he wants to change the meaning of that concept. Where the concept is something fundamental to existing social structures, the result can be utterly ruinous (for example Socrates). In Hal's case he wants to "clarify and examine" something that is crucial to the future that we all want to achieve. It is clear from some of the things he said that his "clarified" meaning is in fact substantially different from the correct meaning. For example he asks a number of questions that are not meaningful or answerable if "reputation" means reputation, but are meaningful if "reputation" means credentials. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Sun Sep 4 11:52:58 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 4 Sep 94 11:52:58 PDT Subject: \"Reputations\" are more than just nominalist hot air In-Reply-To: <199409041602.MAA02685@pipe1.pipeline.com> Message-ID: <199409041853.LAA17023@netcom7.netcom.com> I wrote: > > I really do not want to digress onto the issue of > > nominalism and legal positivism, which is seriously > > off topic, but a similar approach on other matters has > > led to the catastrophic collapse of societies in the > > past, and I would claim that it is having something of > > that effect in the present. > > * * * > > > If such a system was to serve the function that > > reputations now serve in the real world, it would lead > > to consequences very different from those intended or > > desired by Hal. John Young writes > Your elaboration of this claim, to echo Tim's later post, > would be welcomed. Hal seems to be asking questions which implicitly define a reputation to be some kind of credential. This is like *defining* money as fiat money, as governments are prone to do, or *defining* the value of a good to be its labor content, as Marx did. If you assume that the two are the same, then the two will cease to be the same, the system will screw up, and you will need coercion (legal tender laws) to make fiat money work as if it was actual money, and to make credentials act as if they were actual reputations. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From greg at ideath.goldenbear.com Sun Sep 4 12:13:03 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 4 Sep 94 12:13:03 PDT Subject: "Reputations" are more than just nominalist hot air In-Reply-To: <199409041837.LAA15650@netcom7.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- James Donald writes: > Timothy C. May writes > > Why not try to clarify and examine such an important > > concept? Where's the danger in gaining a better > > understanding? > When somebody wants to "clarify and examine" a concept > that is already well understood, this usually means that > he wants to change the meaning of that concept. Well understood by *who*? You seem to have a strong local definition for the word "reputation". You seem to believe that freedom itself depends on folks only using that word in a fashion compatible with your own use. That's an interesting notion for a sleepy Sunday afternoon, but you haven't convinced me yet. Perhaps you'd be good enough to describe what you mean when you use the word "reputation"? > In Hal's case he wants to "clarify and examine" something > that is crucial to the future that we all want to achieve. When you say "we", who are you referring to? > It is clear from some of the things he said that his "clarified" > meaning is in fact substantially different from the correct meaning. Who decides what the "correct meaning" of a word is? -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLmoaxH3YhjZY3fMNAQHO/wP8DJhb5eiESy/rmhyv+UwwdA5tLyulZqvH WdqwAMqb4nyOOMnYo9lhI+gvjnIPtPD/Hf8YvnmwAfDDGR72IIDFQ3xrbApOg73W nDPsLBvUFMHx5Zh8PCCcaZjHn05rjCXsaAGiixWAh37OjC7qm3/OqLvh3gEsBJX0 iwEf9BSLKYE= =c8V6 -----END PGP SIGNATURE----- From sandfort at crl.com Sun Sep 4 12:41:10 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 4 Sep 94 12:41:10 PDT Subject: ACAPULCO H.E.A.T. Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, This week's episode, "Code Name: Stalemate," was a two-parter. The Team goes to Venezuela to protect Andre Sokal, an ex-KGB agent, who is playing in a big chess tournament. Andre in now part of the Russian reform movement and Communist hard-liners want to assassinate him. H.E.A.T.'s archenemy, Strake, is hired to do the job. Strake is a violent but sensitive megalomaniac who eschews a simple bullet to the head because a good assassination is "a theatrical performance that must show the genius of the assassin" or something like that. Strake first shoots one of the real chess players in the back, which shows curiously little genius. He then replaces him with a surgically altered double. It goes downhill from there. The crypto and hi-tech angles are many. Ashley (Catherine Oxenberg, who I have been told was *not* Ringo's wife) replaces one of the other chess players. (No, she doesn't shoot her in the back, they were old friends. Ashley just happens to play at the grandmaster level and anyway, Chrissie will be feeding her computer generated moves via a radio receiver in Ashley's eyeglass frames. Strake's ringer is also strategically impaired and so Strake is helping him with a laptop with a screen that only the double can see because he is wearing special glasses. (Why not just use an LCD screen? Nobody can read those things either.) Unfortunately, Strake has brought in an electronics communication expert from Russia (Ivan something-or-other). Ivan spoofs the H.E.A.T. computers and satellite communications uplinks. When the Team discovers their communications have been compromised, Mike tells Ashley not to use their normal communications until the system is secure. When she asks how should communicate, Mike tells her to "use the phone." (Now *that's* secure!) Ivan is available to Strake, because his research funding dried up when the USSR went belly up. Too bad, because "he was on the verge of developing a microchip which would have been able to decrypt any secure computer." Yeah, right. To be continued next week. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sdw at lig.net Sun Sep 4 16:10:37 1994 From: sdw at lig.net (Stephen D. Williams) Date: Sun, 4 Sep 94 16:10:37 PDT Subject: "Reputations" are more than just nominalist hot air In-Reply-To: Message-ID: Would someone care to create a mini-glossary, complete with author-noted alternate definitions of the current topics? I don't think I'm going to get up to speed in to time participate otherwise... Thanks sdw (who has 900 recent messages and 3500 from vacation...) -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From sdw at lig.net Sun Sep 4 16:20:36 1994 From: sdw at lig.net (Stephen D. Williams) Date: Sun, 4 Sep 94 16:20:36 PDT Subject: Alt.Gvmt.Bad.Bad.Bad In-Reply-To: Message-ID: ... > The United States is made up of ignorant people who know what they need > to get by in life, and do not want to take the time to do what it takes > to improve themselves, ie. vote. As for morality, I feel it is somthing > that we all wish to be but find it hard to be. I know I find it hard to > be moral. Make sure you have an intelligent and rational definition of your morals, and they won't seem hard. Don't take me to mean that you should have self-serving and opportunistic morals however. > Groove on Dude > Michael Conlen sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From sdw at lig.net Sun Sep 4 16:35:56 1994 From: sdw at lig.net (Stephen D. Williams) Date: Sun, 4 Sep 94 16:35:56 PDT Subject: Alt.Gvmt.Immorality In-Reply-To: <199409021524.IAA29904@deepthought.pylon.com> Message-ID: > Responding to msg by Michael Conlen: > > ........................................................ > > On the note, I offer this quote which is always amusing to me: > > "The only claim made for any organized ideas of human nature is ... > words, a working model of human nature makes things visible, > and you visible as well." > > - from "The Human Nature Industry", by Ward > Cannel and June Macklin > > Blanc There are some theories that various 'power' segments of society actively cultivate a particular working model for their own benefit. Foremost, of course, are Clergy, lawyers, and gov. (Has anyone heard of 'Neo-Tech'?) I've always thought and recently espoused that there should be classes from the beginning of highschool on philosophy and sociology. I suppose the problem would be which philosophy and whose spin on things the schools would encourage. I just think that too many people don't think of themselves on the 'meta' level. (Thinking about what they think and do and why.) I had my little crisis at 13. Not to mention the fact that there would be more atheists... :-) sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From 7CF5048D at nowhere Sun Sep 4 18:20:23 1994 From: 7CF5048D at nowhere (7CF5048D at nowhere) Date: Sun, 4 Sep 94 18:20:23 PDT Subject: Hiding conventionally encrypted messages in PGP messages to someelse. In-Reply-To: <199409030838.AA179351514@sl9.sr.hp.com> Message-ID: <199409050106.AA26246@xtropia> -----BEGIN PGP SIGNED MESSAGE----- Paul Franklin writes: >> To create such a file, we would simply create as PGP usually does, >> except that we specify or record the conventional IDEA key used. Then to >> decrypt the file, we simply ignore the RSA headers and use the specified >> or recorded conventional IDEA key. We could even insure that the IDEA >> key in the RSA encrypted headers is wrong. So, obiwan can not reveal >> the data even if Darth can seize him. >> I have created a hack to PGP ui to do all of the above! >Isn't this what pgp -c does? No pgp -c creates a conventionally encrypted file that appears to be a conventionally encrypted file. If you run such a file thru pgp, pgp will report that it is a conventionally encrypted file even if you do not know the password. If you have such a file Darth Vader will assume that you can decrypt it. My hack allows you to created a file which appears to be pgp public key encrypted to someone else, but which you also (or perhaps you only) can decrypt. (Because you have specified or recored the conventional idea key.) Hopefully, Darth will be fooled in to thinking that you can not decrypt the file. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmjPoQ2Gnhl89QSNAQH4qQP/WBMRdSbT6j9G4CgQOt1glM3SO10KfId1 v0dlLAD763sYy7rLPwueoNIUXYjsibMkP1/dBX+BRcjKJLGxNVo/E7weZDOBgwck 1NlpjG+kVQH35NRvmBfecRF/PsPoYu+utHfDTZ0ntQSAj0zb7EFLl0XI5ULYqFNU y8KnEG8GhzI= =RC+G -----END PGP SIGNATURE----- From jya at pipeline.com Sun Sep 4 19:26:30 1994 From: jya at pipeline.com (John Young) Date: Sun, 4 Sep 94 19:26:30 PDT Subject: Problems with anonymous escrow 2--response Message-ID: <199409050225.WAA28445@pipe1.pipeline.com> Responding to msg by jamesd at netcom.com (James A. Donald) on Sun, 4 Sep 11:24 AM >I am complaining about dangerous carelessness in your >use and definition of words. Your use of the word >reputation is as fraught with frightful consequences >as Marx's use of the word "value". > >Reputation based systems work for freedom, and coercion > based systems work for centralized government, for >obvious reasons that all of us agree upon. > >*Define* reputations to be something other than >reputations, and you are kicking the crucial foundation >out from under freedom. >support a reputation, but by abandoning the correct >usage of the word "reputation" you have obscured that >fact from yourself. >Use the word *credentials*, not the word *reputations*. >If we were to start using the word *reputations* in the > way that you have been using it, we will make errors >with vastly more serious consequences that the errors >that you have made. James, Your answers to Hal and Tim have been enlightening. And your attempt to move away from nominalism to improve precision of language and to ward off inadverdent undermining of fundamentals, is admirable, that is, if I understand your objections to Hal's proposals correctly. Perhaps to avoid counter-objections that matters of definition all to often lead back into nominalistic debates, you will be able to suggest practical examples of what you mean by "dangerous", "frightful", "serious consequences", "kicking the crucial foundation out from under freedom", and the like. Sometimes these melodramatic terms obscure rather than point toward concrete situations that will convey your intentions more effectively. Your strong feelings on these matters are clear, but I for one do not know what you would do in place of what Hal, and others, are proposing, to build and sustain reputations in the electronic realm. Not, to be sure, to undermine what is valid in brickspace, but how such firm foundations might be extended, even emulated occasionally, in the cyber realm. I don't yet see these efforts as threatening as you claim. When you get a chance, your specific examples would help. Thanks. John From sdw at lig.net Sun Sep 4 20:24:30 1994 From: sdw at lig.net (Stephen D. Williams) Date: Sun, 4 Sep 94 20:24:30 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <199409050225.WAA28445@pipe1.pipeline.com> Message-ID: ... > James, > > Your answers to Hal and Tim have been enlightening. > > And your attempt to move away from nominalism to improve > precision of language and to ward off inadverdent undermining > of fundamentals, is admirable, that is, if I understand your > objections to Hal's proposals correctly. > > Perhaps to avoid counter-objections that matters of definition > all to often lead back into nominalistic debates, you will be ... > Thanks. > > John ... Good Sir, what frightfully polite eloquence have you bathed this august gathering of gentle spirits? Who among us dare tread upon the literary plateau where you have chosen with great cunning to cast down the gauntlet of gentlemanly and stately redaction and precision? Errr..., what'd he say? sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From blancw at pylon.com Sun Sep 4 21:22:51 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Sun, 4 Sep 94 21:22:51 PDT Subject: Alt.Gvmt.Immorality Message-ID: <199409050422.VAA28301@deepthought.pylon.com> Responding to msg by Stephen D. Williams: >There are some theories that various 'power' segments >of society actively cultivate a particular working >model for their own benefit. Foremost, of course, are >Clergy, lawyers, and gov. Well, reading books like the one from which I took that quote would alert one's attention to the fact that there are many working models of human nature possible, and that one should not merely take the one given out in school or at church or by whomever. I think that when one realizes that these models are all the product of our own human reasoning, then the idea of liberty & freedom becomes more meaningful, as one realizes that there are choices beyond the views created by one's elders or leaders. >I've always thought and recently espoused that there >should be classes from the beginning of highschool on >philosophy and sociology. I suppose the problem would >be which philosophy and whose spin on things the >schools would encourage. I think this would start a big fight in the public schools as to which philosophy or sociological works to use in the classroom. However, in classrooms per se if there were a general presentation of the concepts and discussions on the human ability to develop comprehensive views of the world, then everyone was turned loose in the library, each person could begin their study of any of them and proceed at their own pace & interest. At the very least they could become aware of the source of the images of human nature which surround us and could better evaluate what it means to live & act within any particular system of operations. >I just think that too many people don't think of >themselves on the 'meta' level. (Thinking about what >they think and do and why.) The opportunities for this kind of thinking are greatly limited to what the church and politics provide as a frame of reference (not that the libraries aren't open and available for budding curiosities). It was from browsing through picture books of other peoples & reading about how other cultures arrange their existence, that I developed the comprehension that there are different methods of doing things in the world, that there is such a thing as choice, and that not only cultures but individuals can arrange their affairs according to their own ideas of success. Blanc From hibbert at netcom.com Sun Sep 4 21:28:25 1994 From: hibbert at netcom.com (Chris Hibbert) Date: Sun, 4 Sep 94 21:28:25 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: Message-ID: <199409050428.VAA26284@netcom15.netcom.com> >> > James, >> > >> > Your answers to Hal and Tim have been enlightening. >> > >> > And your attempt to move away from nominalism to improve >> > precision of language and to ward off inadverdent undermining >> > of fundamentals, is admirable, that is, if I understand your >> > objections to Hal's proposals correctly. >> > >> > John >> >> Good Sir, what frightfully polite eloquence have you bathed this >> august gathering of gentle spirits? [...] >> >> Errr..., what'd he say? >> >> sdw Stephen, I think you understood exactly what he said. I'll explain why he said it the way he did. John thinks that James may have some good ideas, but he's too excited, and he's not explaining them clearly. John asked James to calm down, and suggested some particular points that James wasn't explaining in his excitement over the error he sees other people falling into. John is talking this way so James will understand that John is trying to be on his side. If he said something like "you idiot," or "you raving clod", there would be little chance of James calming down enough to understand John's point. The way John spoke shows that he is familiar with many of the problems people fall into when they hold a heated conversation on the net. Many people mistake heat and excitement for disagreement and personal attack. John is doing a good job of pointing out to James that people are interested in what he has to say, and that communication will be clearer of if he takes a deep breath and figures out what people are really asking him for. Thanks John, Chris BTW, I think John and James are right: reputation is not quantifiable, it's interpreted by each observer differently. Credentials on the other hand, can be transfered, and it makes sense to codify them so other people can understand what recommendations they represent. From blancw at pylon.com Sun Sep 4 21:48:11 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Sun, 4 Sep 94 21:48:11 PDT Subject: Problems with Definitions in Escrow Message-ID: <199409050448.VAA28868@deepthought.pylon.com> Responding to msg by James A. Donald: If you *define* reputations to be something formal and explicit, and say that the system will work because people guard their reputations, then reputations become something that can be most efficiently granted and withdrawn by some centralized authority. . . . . . . . . . . . I am complaining about dangerous carelessness in your use and definition of words. Your use of the word reputation is as fraught with frightful consequences as Marx's use of the word "value". ................................................................. .... Perhaps when you decry the establishment of 'definitions' you mean that a concept should not be circumbscribed tightly within the boundaries of a pre-determined range of meaning? I thought what Hal intended by 'examining & defining' a term, was simply to assess what it means to those who are seeking to apply it, rather than intending to confine it in advance of any real knowledge of its actual reference. Blanc From sameer at c2.org Sun Sep 4 22:20:20 1994 From: sameer at c2.org (sameer) Date: Sun, 4 Sep 94 22:20:20 PDT Subject: elm and pine patched for a preprocessor Message-ID: <199409050518.WAA21325@infinity.c2.org> I have hacked on elm and pine so that they will work with Raph Levien's "premail" package easily. It allows the use of a preprocessor to sendmail through the use of the PRESENDMAIL environment variable. -- I made the following changes to src/mailmsg2.c to allow use of setenv PRESENDMAIL "program" to allow an alternate sendmail. This is in elm 2.4 pl20. 95,97d94 < #define PRESENDMAIL /* Uncomment this if you don't want to allow users */ < /* to run a 'replacement sendmail' with the PRESENDMAIL */ < /* environment variable */ 209,211d205 < #ifdef PRESENDMAIL /* Hack to allow 'replacement sendmails' */ < char *pre_sendmail; < #endif 571,585d564 < < #ifdef PRESENDMAIL /* Hack to allow replacement sendmails */ < if(pre_sendmail = getenv("PRESENDMAIL")) < { < sprintf(very_long_buffer,"( (%s %s %s ; %s %s) & ) < %s", < pre_sendmail, mailerflags, expanded_to, < remove_cmd, whole_msg_file, whole_msg_file); < } < else < { < sprintf(very_long_buffer,"( (%s %s %s ; %s %s) & ) < %s", < mailer, mailerflags, expanded_to, < remove_cmd, whole_msg_file, whole_msg_file); < } < #else 589,591c568 < #endif < < } --- > } -- I made the following changes to pine/send.c to allow use of setenv PRESENDMAIL "program" to allow an alternate sendmail This is in pine 3.89. 63,64d62 < #define PRESENDMAIL /* Allow users to specify an alternate sendmail */ < 1512,1514d1509 < #ifdef PRESENDMAIL /* If we want an alternate sendmail to be specified */ < char *pre_sendmail; < #endif 1527,1539d1521 < < #ifdef PRESENDMAIL < if(pre_sendmail = getenv("PRESENDMAIL")) < { < sprintf(mail_cmd, "( ( %s %s ; /bin/rm -f %s ) < %s & )", < pre_sendmail, SENDMAILFLAGS, tmpfile, tmpfile); < } < else < { < sprintf(mail_cmd, "( ( %s %s ; /bin/rm -f %s ) < %s & )", < SENDMAIL, SENDMAILFLAGS, tmpfile, tmpfile); < } < #else 1542d1523 < #endif -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer at c2.org From jamesd at netcom.com Sun Sep 4 22:56:58 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 4 Sep 94 22:56:58 PDT Subject: Alt.Gvmt.Immorality In-Reply-To: Message-ID: <199409050556.WAA17847@netcom12.netcom.com> Stephen D. Williams writes > I've always thought and recently espoused that there should be classes > from the beginning of highschool on philosophy and sociology. I > suppose the problem would be which philosophy and whose spin on things > the schools would encourage. Alas, due to the fact that no one else is willing to pay for philosophy, nearly all philosophy is government sponsored. Unsurprisingly, nearly all government sponsored philosophy logically leads to the conclusion that to avoid killing each other, we need to be thoroughly governed, and that any restraints on the power of government are foolish or wicked and selfish. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Sun Sep 4 23:17:17 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 4 Sep 94 23:17:17 PDT Subject: Problems with anonymous escrow 2--responsey In-Reply-To: <199409050225.WAA28445@pipe1.pipeline.com> Message-ID: <199409050617.XAA19646@netcom12.netcom.com> John Young writes > all to often lead back into nominalistic debates, you will be > able to suggest practical examples of what you mean by > "dangerous", "frightful", "serious consequences", "kicking the > crucial foundation out from under freedom", and the like. > Sometimes these melodramatic terms obscure rather than point > toward concrete situations that will convey your intentions > more effectively. If we assume that reputations are themselves some kind of credentials, rather than assuming that credentials provide information on which people infer reputations, then we will wind up proposing credentials that will work like motor car licenses -- credentials that will not by themselves achieve the desired effect, and will therefore need to be supported by coercion. The objective is to go to a system where good conduct is enforced by the non material and unquantifiable value of reputations, rather than a system where good conduct is enforced by coercion. Adopting a nominalist meaning for the word "reputation" would frustrate this objective, since nominalist "reputations" cannot enforce good conduct. I am not arguing for increased rigor in the use of the word "reputation". Indeed I am protesting and opposing inappropriate and misleading rigor. Credentials are not reputations. Any attempt to make reputations more precise, objective, and knowable, will turn them into credentials, which are incapable of achieving the desired effect. The "frightful consequence" is simply that. A world in which cyberspace business functions only by the fiat of government, which is of course not at all what Hal wishes to achieve. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamesd at netcom.com Sun Sep 4 23:43:26 1994 From: jamesd at netcom.com (James A. Donald) Date: Sun, 4 Sep 94 23:43:26 PDT Subject: "Reputations" are more than just nominalist hot air In-Reply-To: Message-ID: <199409050643.XAA21745@netcom12.netcom.com> Stephen D. Williams writes > Would someone care to create a mini-glossary, complete with author-noted > alternate definitions of the current topics? No. The problem is that Hal wants a definition of "Reputation" that is more objective, concrete, controllable measurable and well defined, whereupon I went ballistic because reputations do not have the properties that he thinks a good definition of reputation should have. Thus reputations, defined to have the nice properties that Hal would like them to have, would lack the crucial property of enforcing good conduct. Since we want "reputations" to serve in place of state violence, rather than serving in place of drivers licenses, I argued that the kind of definition that Hal was seeking would be catastrophically counter productive. We should propose credentialing systems, rather than define reputations. Of course what Hal really wanted to do was discuss credentialing systems, rather than get involved in a discussion of nominalism and realism etc. My objection was that by calling credentialling systems "reputations" he was obfuscating the crucial part of the process whereby credentials obtain value. This is an error akin to that of "the labor theory of value", and would lead to the same disastrous error that the labor theory of value leads to: We would end up proposing "non coercive" systems that would in reality require a great deal of coercion in order to work. By calling a credential a reputation, we imply that it automatically has value. Of course it does not. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From ghio at chaos.bsu.edu Mon Sep 5 08:29:43 1994 From: ghio at chaos.bsu.edu (Matthew Ghio) Date: Mon, 5 Sep 94 08:29:43 PDT Subject: How do I choose constants suitable for Diffe-Hellman? Message-ID: <199409051528.KAA07031@chaos.bsu.edu> 0x7CF5048D wrote: > How do I choose constants suitable for Diffe-Hellman? > According to _Applied Cryptography_ n should be prime, > also (n-1)/2 should also be prime. g should be a primitive > root of unity mod n. n should be 512 or 1024 bits long. > Are there any other requirements? > > How can I choose such numbers? Are such numbers published > anywhere? Yes, Phil Karn posted a list of such numbers to the list last May, and the program used to generate them. Since some people have expressed their distaste for large files re-posted/forwarded to the list, I won't send it, but you can get it from ftp cs.cmu.edu: /afs/andrew.cmu.edu/usr12/mg5n/public/Karn.DH.generator From jya at pipeline.com Mon Sep 5 08:39:06 1994 From: jya at pipeline.com (John Young) Date: Mon, 5 Sep 94 08:39:06 PDT Subject: Doors of Perception 2: '@HOME' Conference (Very Long) Message-ID: <199409051538.LAA06266@pipe1.pipeline.com> Forwarding mail by: HRL at PSUVM.PSU.EDU (Howard Ray Lawrence 814 238 9535) on ------------------- - - The original note follows - - From: willem at mediamatic.hacktic.nl (Willem Velthoven) Subject: Doors of Perception 2: '@HOME' Conference Date: Mon, 05 Sep 1994 16:51:31 +0100 Doors of Perception 2: '@HOME' Conference 4+5+6 November 1994 RAI Congress Center Amsterdam the Netherlands *Doors of Perception* is an important meeting point for all those interested in the design challenge of interactivity. The first conference, in November 1993, was attended at relatively short notice by nearly 700 people from 20 countries. *Aim of the conference The 1994 conference, which is organised by the Netherlands Design Institute with Mediamatic Magazine, will further develop discussion about culture, context and innovation. The subject's importance was well put by Terry Winograd: 'major leaps only happen when someone has a new insight into the larger picture, and can escape from the old context'. That is the aim of *Doors 2*. Speakers will focus on a particular context, 'home' - as market, as metaphor, and as myth. Industry has great expectations for home as a site for new products, as an outlet for entertainment and information services, and as a place of work. But when a new technology enters a culture, the culture changes. What does that mean for 'home'? *Subjects >From the multiple perspectives of marketing, technology, design, philosophy, anthropology, and psychology, speakers will consider the cultural impact of technology on work and play, home and school, learning and entertainment. They will compare the qualities of telematic space and domestic space. They will talk about real nomads and telematic nomads. They will analyse changes to our sense of place, both public and private. They will look at the psychology of belonging - to a family, group, or community. They will explore the architecture of information, and the creation of shared meaning, in virtual communities. *Debate The point of this debate is that uncritical assumptions, and a crude use of 'real world' metaphors about the home, can actually stifle innovation. Vast resources are being devoted to digital versions of existing human activities - teleshopping, video-on-demand, telecommuting; but attempts to create entirely new uses for the technologies have been unambitious, to say the least. Doors of Perception gives equal emphasis to thinking and doing. It is not a trade show - neither is it exclusive: chief executives and young creatives are equally 'at home' at this unique event. *The organisers Vormgevingsinstituut / Netherlands Design Institute Tel: +31 (0)20 5516500 Fax: +31 (0)20 620 1031 e-mail: doors at nvi.mediamatic.hacktic.nl Mediamatic Magazine Tel: +31 (0)20 6266262 Fax: +31 (0)20 6263793 To receive *Doors 2 electronic newsletter* send e-mail to: listserv at mediamatic.hacktic.nl The message should mention: 'subscribe home' *The Speakers *Christopher Alexander author of 'A Pattern Language: Towns, Buildings, Construction': After a ten-year silence, Christopher Alexander and his colleagues at the Center for Environmental Strucure published a major statement in the form of three books which will, in their words, 'lay the basis for an entirely new approach to architecture, building and planning, which will replace existing ideas and practices entirely'. At the core of his books is the idea that people should design for themselves their own houses, streets, and com munities. This idea may be radical (it implies a radical transformation of the architectural profession) but it comes simply from the observation that most of the wonderful places of the world were not made by architects but by the people. Also author of: 'The Timeless Way of Building': The theory of architecture implicit in our world today, Christopher Alexander believes, is bankrupt. More and more people are aware that something is deeply wrong. Yet the power of present-day ideas is so great that many feel uncomfortable, even afraid, to say openly that they dislike what is happening, because they are afraid to seem foolish, afraid perhaps that they will be laughed at. Now, at last, here is a coherent theory which describes in modern terms an architecture as ancient as human society itself. Christopher Alexander presents a new theory of architecture, building, and planning which has at its core that age-old process by which the people of a society have always pulled the order of their world from their own being. *John Perry Barlow studied comparative religion, has been the lyricist for The Grateful Dead since 1972, is an insightful writer, and co-founded, with Mitchell Kapor and Stephen Wozniak,the Electronic Frontier Foundation. The EFF pushes ethical and political issues of the new media onto the international agenda - freedom of speech, privacy, intellectual property, and other social consequences of a network culture. *Alfred Birnbaum who was born in China and raised in Japan, is a noted translator in Japanese (of such authors as Murakami), an artist with the Kyoto-based performance group 'Dumb Type', and a highly original researcher of diverse popular phenomena in contemporary Japan, which he compares to deeply rooted Asian cultural traditions. *'Breaking stories, eye candy and mental muesli' as one journalist described 'Doors 1', will again feature in this year's conference. How is interactivity to be designed? What methodologies and management skills are needed for what is, by definition, a multi-diciplinary activity? A keen reader of conference blurbs will also appreciate that this paragraph has been added at artwork stage to replace the cv of a key speaker, whose name begins with B, who has de-confirmed. But we'll replace him. *Amy Bruckman a doctoral candidate at MIT, founded MediaMOO, a text-based virtual reality environment designed as a professional on-line community for media researchers.For her dissertation, Bruckman is creating a MUD for children called MOOSE Crossing, designed to be an authentic context in which kids can learn reading, writing and programming. Bruckman will explain what MUDs and MOOs actually are in her presentation. *Florian Brody who studied linguistics and computer science in Vienna, investigates the relationship between computers, memory and identity. He worked in the Austrian National Library on automation management, and was technical director of the 'expanded books' project at Voyager Publishing in California, before founding New Media Consulting. He teaches at Vienna University, and he is president of the Austrian Society for Virtuality, Telepresence and Cyberspace. *David Chaum is managing director of DigiCash, an Amsterdam-based company that is a world pioneer in electronic cash payment systems. Dr Chaum is also chairman of CAFE, the European Union research consortium investigating the technical infrastructure and equipment for electronic money in Europe. He took a PhD in computer science at Berkeley, taught at NYU Graduate School of Business, and founded the International Association for Cryptological Research. *Manuel De Landa a New York-based artist, is also the author of 'War In The Age Of Intelligent Machines'. From a vantage point at the intersection of chaos theory and post-structuralism, De Landa described how military technology has altered the relationship between humans, their machines, and information. In his new book Phylum: A Thousand Years Of Non-Linear History, De Landa considers the cottage-industrialisation of the world, and the global spread of a 'population of firms' . *Thomas Dolby is a pop-star-hacker-programmer who saw in immersive virtual reality a new medium for musical expression. He created the audio studio Headspace that allows the user to wander round a classic string quartet as it plays. Currently working with Joy Mountford's group at Interval Research Corporation in California, Dolby is also developing an interactive version of Francis Ford Coppola's The Conversation which will be released on CDRom. *Anthony Dunne and Fiona Raby a research and design partnership based in London, explore the inter-relationships between industrial design, architecture and electronic media. Their recent work, which has focussed on what they call the 'poetics of telecommunications', includes the Fields & Thresholds project for the Netherlands Design Institute, an investigation into communicative and design implications of a 'virtual institute'. *Lynn Hershman is a Senior Professor at the University of California where she initiated the IDEA laboratory devoted to electronic arts. Among her award- winning videotapes and interactive installations are The Electronic Diary and Virtual Love, the latter a long narrative about breaking through the screen that separates us from our media-derived fantasies. Hershman is currently completing a sequel, The Twisted Chord, charting the telephone from Bell through to the Internet. *Peter Lamborn Wilson was described by Erik Davis in the Village Voice this year as an 'underground anarcho-Sufi scholar (whose) work explores the historical and mystical dimensions of Sufism and Islamic heresy, as in his latest book Sacred Drift. His surprisingly virulent concept/buzzword 'temporary autonomous zones' spread through the computer underground to Time magazine. His lectures argue for the ultimate unity of imagination and intellectual investigation'. *Patti Maes who received her PhD in computer science at the University of Brussels, researches artificial life and artificial intelligence, and recently produced 'Alive', an interactive installation involving 'virtual pets', whose future in the home she will explain to the conference.Maes has worked at MIT's Artificial Intelligence Laboratory and more recently as an assistant professor at MediaLab, since 1990. Her research focusses on the modelling of all kinds of artificial intelligence 'agents'. *William Mitchell's new book 'City of Bits': Space, Place and Infobahn, which addresses central concerns of the Home theme,will be published in 1995. Mitchell, who is Professor of Architecture and Media Arts and Sciences, and Dean of the School of Architecture, at MIT, conducts research in design theory, computer applications in architecture and urban design. His other books include The Reconfigured Eye which deals with the social and cultural impact of digitally altererd photographs . *Mitch Ratcliffe as editor-in-chief of the influential industry newsletter Digital Media, is well-placed to distinguish between hype and reality, and to explain which technologies will actually work, and when, on the infobahnen. He is the co-author (with Andrew Gore) of Powerbook: The Digital Nomad's Guide and is now completing a book on the World Wide Web which analyses the economic, social and political implications of software agent technology. *Jeffrey Shaw is director of the media institute at Karlsruhe Media Centre in Germany. Shaw studied architecture in Australia, and art in Milan and London, before working on interactive and virtual space projects from a base in The Netherlands, where he also taught at the Rietveld Academie. He has shown such award-winning projects as TheLegible City, The Narrative Landscape, and The Virtual Museum at festivals and workshops throughout Europe, the USA and Japan. *Marco Susani is a teacher and researcher at Domus Academy, the research centre and postgraduate design school in Milan. An expert on the design of services, Susani explores the relationship between dematerialisation - for example, of communications - and scenarios for a sustainable economy in which radically less matter and energy are consumed. His recent work focusses on conviviality - the behavioural threshold that offers one route for technology to enter the home. *Philip Tabor's doctoral thesis at Cambridge University concerned the limits of 'automated' architectural design. He co-founded the Centre for Land Use and Built Form Studies (now the Martin Centre), and the computer aided design consultancy, Applied Research of Cambridge, which is now part of McDonnell Douglas. For ten years a partner in Edward Cullinan Architects, specialising in housing, Philip Tabor was until recently Director of the Bartlett School of Architecture in London. *Shin-Ichi Takemura teaches anthropology, international affairs and cultural design, including ethnic arts, at Touhoku University of Art and Design. His trans-cultural analysis of communication processes , media structures and design issues includes a particular emphasis on an 'ecology of body and mind'. Takemura is convenor of the Asian Cultural Design Forum and Human Ecology Round Table. His team is also involved in planning such public facilities as the proposed Eco-Aesthetic Museum. *Pauline Terreehorst in her recently completed book Het Boerderijmodel - 'The Farm Mould' - argues that the new communication technologies may help transform the home into a 'farm' again. Terreehorst also speculates that the re-location of home as a focal point of the electronic superhighway will and foster positive changes in relationships between men and women. Home played such a positive role before industrialisation forced people to separate home from work. *FURHTER SPEAKERS and presentations will be scheduled continuously between now and the conference itself: * SPEAKER UPDATE: Confirmed speakers at publishing date are Hiroshii Ishi, and Stephen Perrella ('Architecture at the End of Metaphysics' studio) *Conference Programme Friday 4 November 08:00-10:00 Registration 10:00-12:30 Plenary 15:00-18:00 Plenary 19:00 Reception Saturday 5 November 08:30-10:00 Breakfast Round Tables 10:00-12:30 Plenary 15:00-18:00 Plenary 19:00 Reception Sunday 6 November 08:30-10:00 Breakfast Round Tables 10:00-12:30 Plenary 15:00-18:00 Plenary *Breakfast Round Tables On both 5 and 6 November, about 25 different 'breakfast round tables' will be held between 08:30-10:00. Each table will consider a different topic or presentation - some programmed in advance, others decided on the day. Many but not all the discussions will be led by a speaker or a moderator. An extra charge of Dfl 25 per breakfast is payable for participation. Register now to participate. If that day is fully booked by the time of your registration, we will book the other day and notify you with your confirmation. *Registration and hotel service For more INFORMATION about REGISTRATION, plus details of HOTEL service: Sonja van Piggelen Tel: +31 20 61 70 390 Fax: +31 20 61 74 679 e-mail: modam at xs4all.nl REGISTRATION FEES (in Dutch Guilders, or 'Dfl') exclude accomodation but include attendance at all conference sessions apart from the breakfast round tables. The fees also include evening receptions, morning and afternoon tea and coffee, and conference documentation. The conference sells out, and places are limited, so please do not come without a reservation. Applications are processed in order received. *REGISTRATION FORM* Name: Company: Function/Profession: Street address: City: ZIP Code: Country: Telephone: Fax: E-mail: Student card number: School/Institution: Date: PLEASE MENTION WHICH NUMBER (=OPTION) YOU CHOOSE: # ... Standard rate to 1 October 1) Excluding breakfast round tables: Dfl 575,- 2) Including one breakfast round table Saturday: Dfl 600,- 3) Including one breakfast round table Sunday: Dfl 600,- Standard rate after 1 October 4) Excluding breakfast round table: Dfl 625,- 5) Including breakfast round table Saturday: Dfl 650,- 6) Including breakfast round table Sunday: Dfl 650,- Student rate to 1 October 7) Excluding breakfast round table: Dfl 225,- 8) Including breakfast round table Saturday: Dfl 250,- 9) Including breakfast round table Sunday: Dfl 250,- Student after 1 October 10) Excluding breakfast round tables: Dfl 275,- 11) Including breakfast round table Saturday: Dfl 300,- 12) Including breakfast round table Sunday: Dfl 300,- *I HEREBY REGISTER and pay via: #... a) Diners Club b) Visa c) Eurocard/Mastercard d) American Express e) JCB Credit card No: Expire Date: Card holder's name: Card holder's address: Zipcode: f) (NL only): ABN Amro 43 36 80 407 o.v.v. DoP, of per giro nr. 2391 van de ABN Amro t.g.v. 43 36 80 407 o.v.v. DoP * PLEASE SEND an invoice (you will receive confirmation and your ticket, after payment of the full amount) CANCELLATION: refund in full only if you cancel in writing by 21 October -- Mediamatic Postbus 17490 1001 JL Amsterdam vox +31 - 20 626 6262 fax +31 - 20 626 3793 From ghio at kaiwan.com Mon Sep 5 08:40:43 1994 From: ghio at kaiwan.com (Matthew Ghio) Date: Mon, 5 Sep 94 08:40:43 PDT Subject: Ethics of Anonymous Remailers (Re: Needed for a computer ethics class) Message-ID: <9409051540.AA15978@toad.com> > Date: Fri, 2 Sep 1994 11:09:40 -0600 > From: Patrick Juola > To: cypherpunks at toad.com > Subject: Needed for a computer ethics class > > > Does anyone have a concise, citeable statement about why anonymous > remailers are a good thing? Some sort of position statment by > Julf would be ideal. Similarly, if anyone has something for the > *other* side of the coin, I'd love to see that. > > I'm in the process of writing a course on computer ethics for > the University of Colorado at Boulder and I think anonymous > remailers would be a good subject for an essay assignment, but > I need enough material (ideally, primary source material) to > lay the groundwork first. > > Patrick No, but it's something that I often get asked. I would be interested to hear examples of good things that people are using my anonymous remailer for. From jburrell at crl.com Mon Sep 5 10:16:28 1994 From: jburrell at crl.com (Jason Burrell) Date: Mon, 5 Sep 94 10:16:28 PDT Subject: Ethics of Anonymous Remailers (Re: Needed for a computer ethics class) Message-ID: <199409051715.AA10707@mail.crl.com> > >No, but it's something that I often get asked. I would be interested to hear >examples of good things that people are using my anonymous remailer for. Take Pr0duct Cypher, for example. Many believe that what (s)he's doing(*) is a Good Thing, and I've seen him/her using the Cypherpunk remailers to conceal his/her identity. * If you don't know, (s)he's the person who wrote PGPTOOLS, and a hack for PGP 2.3a to decrypt messages written with 2.6. I assume (s)he's doing it anonymously due to ITAR regulations. --- Hey Feds! How's it goin'? (LIke you're not reading the list. :) -- Jason Burrell Finger for PGP public key. There is no such thing as limited censorship. If you want your freedom, fight now. Don't wait until you've lost it. WWW: ftp://ftp.crl.com/users/ro/jburrell/WWW/home.html From cwalton at earthlink.net Mon Sep 5 12:57:02 1994 From: cwalton at earthlink.net (Conrad Walton) Date: Mon, 5 Sep 94 12:57:02 PDT Subject: Reputations/Credentials Message-ID: At 11:17 PM 9/4/94 -0700, James A. Donald wrote: >The objective is to go to a system where good conduct is >enforced by the non material and unquantifiable value of >reputations, rather than a system where good >conduct is enforced by coercion. > >Credentials are not reputations. Any attempt to make reputations >more precise, objective, and knowable, will turn them into >credentials, which are incapable of achieving the desired >effect. I'm afraid I don't understand what you guys are talking about. My wife and I bought a car on Saturday. We drove it away, based on what the dealer's computer printedout from his TRW inquiry. My personal credit (tied to my Social Security Number)is terrible. My wife's is pristine. We used hers. (Is this "transference of reputation? Could *I* use a couple different SSNs for different "reputations"?) They asked about how much $$$ she makes, how long we've lived in our house and looked at the record of payments on other loans. They took a copy of her driver's license (credentials?) and TRW calculated a "risk factor" for us. It was a specific number, between 1-1000. This sounds like a reputation kept by a third party (escrow agent?) to me. My actions (good conduct) will be based on (enforced?) by the non material and semi-quantifiable value of the TRW credit report, not coercion (I want more stuff in the future). TRW seems like a "reputation reporting agency". I can take a copy of that print out into another bank and get another loan if I wanted. Is that a "credential"? What's the difference? and what are the implications of the difference? Give me a better model to illustrate what you think would be better or worse. Drug dealers only need cash and a gun to make transactions while they keep totally anonymous. Futures traders need a credit line and a government registered agent to work through and have *no* privacy, but more money than I'll ever make. >By calling a credential a reputation, we imply that it automatically >has value. Of course it does not. But this is like saying that a credit card has no value. While this is technically true, in reality, where I live, I can turn that credit card into food, gas, stereos and computers. If I don't pay my bill at the end of the month, they won't give me anymore stuff. Reputations *and* credentials both have nothing to do with the value, worth or character of a person, but I don't think the car dealer cares if I kick my dog, only if I pay my bills. PS- I lost the note about Sandy's Privacy Seminar. Did I miss it? ***************************************** Conrad Walton cwalton at earthlink.net ***************************************** Without JOY there can be no STRENGTH. Without STRENGTH, all other virtures are worthless. Edward Abbey From rarachel at prism.poly.edu Mon Sep 5 13:43:19 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Mon, 5 Sep 94 13:43:19 PDT Subject: Needed for a computer ethics class In-Reply-To: <199409021709.LAA00722@suod.cs.colorado.edu> Message-ID: On Fri, 2 Sep 1994, Patrick Juola wrote: > Does anyone have a concise, citeable statement about why anonymous > remailers are a good thing? Some sort of position statment by > Julf would be ideal. Similarly, if anyone has something for the > *other* side of the coin, I'd love to see that. 1. They allow the reporting of evil practices by big companies/government 2. They allow the dissemination of "forbidden" information. ie: under an opressive government, etc. 3. They allow the sender to ask a question which would destroy his/her reputation for whatever. > > I'm in the process of writing a course on computer ethics for > the University of Colorado at Boulder and I think anonymous > remailers would be a good subject for an essay assignment, but > I need enough material (ideally, primary source material) to > lay the groundwork first. You're not in any way related to Detweiler are you? :-) =============================================================================== | + ^ + || ' . . . . . . . Ray (Arsen) Arachelian || | \|/ || . . . ' . ' . : . . rarachel at photon.poly.edu || |<--+-->||. . . |' '| .' . . ... ___ sunder at intercom.com || | /|\ || . . \___/ . . . : .... __[R] || | + v + || . oOOo /o.O\ oOOo :. : .. |A| "And bugs to kill before I sleep"|| =========/---vvvv-------VVVV------------|I|----------------------------------/ / . : . ' : ' |D| This signature pannel is / / The Next Bug to kill(tm) --- now open. / /___________________________________________________________________/ GCS d++(---)(-) H s+++/++ !g !p !au a- w-(+) (!v | v) C+++++ Coherent++++ L+ 3 C+ V+ P? E- N++ K- W W--- M++ V-- po- Y+++ t:[tos+, tng--, ds9+] 5 !j !R G? tv+ b+++ D+ B--- e+(- | *) u--- h+++ f+(++) r++ n+(---) x**(++) From 7CF5048D at nowhere Mon Sep 5 14:50:21 1994 From: 7CF5048D at nowhere (7CF5048D at nowhere) Date: Mon, 5 Sep 94 14:50:21 PDT Subject: How to find a primitive root of unity, for Diffe-Hellman? Message-ID: <199409052037.AA04009@xtropia> -----BEGIN PGP SIGNED MESSAGE----- > >How do I choose constants suitable for Diffe-Hellman? >According to _Applied Cryptography_ n should be prime, >also (n-1)/2 should also be prime. g should be a primitive >root of unity mod n. n should be 512 or 1024 bits long. >Are there any other requirements? > >How can I choose such numbers? Are such numbers published >anywhere? > Ok let me take a stab at finding g assuming n has been choosen to meet the above requirements. (I hope my math is still good.) Let Zn be the field defined by the prime n. Let G be the multiplicitive group defined in Zn. So |G| = n-1. Now n is large so 1 is not equal to -1 in Zn. Let N be { 1, -1} in G. It is a subgroup. Zn is abielian so it is Normal. We can consider the canoical map: G ---> G/N The order of G/N will be (n - 1)/2 which we are assuming to be prime. G/N is a cyclic group with no non trivial subgroups. Every element not = 1 is a generator. Pulling back to G we find that if g is not a root of unity, then the other member of its co-set = -g is! So take any g and raise to (n-1)/2 power. The result will be equal to 1 or -1. g raised to any lower power will not be equal to 1 or -1. Since (n-1)/2 is a large prime, it is odd. So if g to the (n-1)/2 is = to 1, then - -g to the (n-1)/2 = -1. So we can find a g which raised to the order (n-1)/2 power is = to -1. So g to the (n-1) power is =1 and g is a primitive root of unity. Have I made any errors? Did I get it right? -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmt8dw2Gnhl89QSNAQHzmAP9GUGAmFcbgMyWxKtrzEvQYJS33FXGoGmr w4rXblv14lkwJX32hpoRKmicm3bdND2OPGgmM4EefGYggj+iCI+NU+l6II+MxhjY C4Rk3Xjn59H81FhNdfcNqOU9AirjwMBSqKzYtNCfbedB6HuQDCTeLSU5pjI5PSEQ wvFP7F3i5rY= =0r8J -----END PGP SIGNATURE----- From tcmay at netcom.com Mon Sep 5 15:00:56 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 5 Sep 94 15:00:56 PDT Subject: Art Gallery on internet needs PGP signatures In-Reply-To: Message-ID: <199409052200.PAA15039@netcom14.netcom.com> Arsen Ray A. wrote: > Now the question I have is what if the forgery is done so well, would it > fool the scanner and pass the signature? ie: What if you take a picture > of the painting or part or whatever using high resolution film, etc. > Would it pass the signature? I don't know (but I'll make some speculative/engineering guesses), as I never saw the system...like I said, I heard a verbal description of it some years back (from Jim Omura, of Cylink, now famous for suing RSADSI). First, photo-reproduced art is almost never confused with the real thing. Surface texture, brush strokes, light at different angles, etc. Second, I could imagine the scanner system using light at two or more angles specifically to provide better protection against forgeries. (In the intended main applicaiton, that of detecting machine part forgeries, the pattern of natural scratches and abrasions, and grains/regions in the metal, would be essentially impossible to mechanically reproduce. Not completely impossible, but very difficult, and hence not cost-effective.) Anyone interested in pursuing this may be find out if Light Signatures still exists. Omura may know, and someone at RSADSI probably would have records of their licensing arrangements. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From M.Gream at uts.EDU.AU Mon Sep 5 15:50:41 1994 From: M.Gream at uts.EDU.AU (Matthew Gream) Date: Mon, 5 Sep 94 15:50:41 PDT Subject: How do I choose constants suitable for Diffe-Hellman? In-Reply-To: <199409051528.KAA07031@chaos.bsu.edu> Message-ID: <9409052253.AA19774@acacia.itd.uts.EDU.AU> "Matthew Ghio" wrote: > Yes, Phil Karn posted a list of such numbers to the list last May, and > the program used to generate them. Since some people have expressed > their distaste for large files re-posted/forwarded to the list, I won't > send it, but you can get it from ftp cs.cmu.edu: > /afs/andrew.cmu.edu/usr12/mg5n/public/Karn.DH.generator I needed a few of these primes a while ago, so I took a few minutes and hacked Phil's code to operate distributed (ie. a central machine carried out the sieving and handed off candidates to a set of other machines to do the Rabin-Miller). With one Sun Sparc 690MP and approx 40 Sun Sparc LX's, it was getting results like: acacia: 7:21pm up 2:05, 20 users, load average: 0.95, 0.98, 0.77 mg.{~/static/d/dist} date;./go;date Sun Jul 24 19:21:57 EST 1994 [..] server calls: 7235 found modulus p = 72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743efbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402aa76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f23d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef356a05180c3bec7ddd5ef6fe76bfd8717 finding generator trying 2 3 5 generator g = 5 Sun Jul 24 21:10:18 EST 1994 That's 2 hours for a 2048 prime P where (P - 1)/2 is also prime, and they also satisfied the constraint that P = 3(mod 4). The software maintains a TCP connection to each "Rabin-Miller server" and can dynamically deal with the loss of machines, but in it's simplicity doesn't do reconnects. If anyone who operates an FTP archive wants to reply to me, I'll tar it up (in it's current "it works for me, but no guarantees" state). Speaking of primes with constraints, I got my hands on Harn's recent paper on a PKCS based on both factoring and discrete logs. He wants his modulus to be a prime P = 2p x q + 1, where p = 2r + 1, q = 2s + 1. All P, q, q, r, s must be prime -- good luck in finding such primes by probablistic methods ! Matthew. mg.{~/src/rr} ls -l total 26 -rw------- 1 mgream 8339 Jul 24 14:17 client.c -rw------- 1 mgream 2196 Jul 24 15:00 common.h -rw------- 1 mgream 6028 Jul 29 13:35 dhgen.c -rwx------ 1 mgream 270 Jul 24 14:58 go -rw------- 1 mgream 527 Jul 24 14:58 makefile -rw------- 1 mgream 3041 Jul 29 14:50 server.c -rw------- 1 mgream 367 Jul 24 14:26 servers.src -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: From? \notin speaking_for(Organization?) [cfqx103] From sandfort at crl.com Mon Sep 5 16:18:19 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 5 Sep 94 16:18:19 PDT Subject: PRIVACY 101 Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Conrad Walton wrote: ... PS-I lost the note about Sandy's Privacy Seminar. Did I miss it? Nope, no one did. Due to circumstances beyond *my* control, Duncan has been out of town for the last few days (he should return today). He is running the list software and will be starting things out tomorrow (probably). Thanks for your patients. Stay tuned. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Mon Sep 5 16:35:51 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 5 Sep 94 16:35:51 PDT Subject: NYC C'PUNKS MEETING? Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks in the New York City area, Are you interested in having a Cypherpunks physical meeting at (aprox.) the same time as the SF Bay Area Meeting? Is there anyone in the area who can volunteer a venue? Alison Armitage of Acapulco H.E.A.T. wants to attend. Please let me know your thoughts via private e-mail. Please include your phone number. Thanks, S a n d y P.S. I lied about Alison Armitage. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sdw at lig.net Mon Sep 5 16:42:39 1994 From: sdw at lig.net (Stephen D. Williams) Date: Mon, 5 Sep 94 16:42:39 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <199409050428.VAA26284@netcom15.netcom.com> Message-ID: stop stop , please, I knew what he was doing.... :-) I just had to comment on the unorthodox (unfortunately) tact. While I don't like to be forced to be overly formal, I find it strange that some people get upset during a strenuous argument. I 'grew up' corporately at a GE research lab (LBG) where you argued things strenuously and then walked away friends. Personal attacks are an obvious sign of defeat, since you are admitting you have nothing of substance to profer. Unfortunately, my wife doesn't treat arguments/debate the same way... sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru. From jamesd at netcom.com Mon Sep 5 17:31:58 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 5 Sep 94 17:31:58 PDT Subject: Reputations/Credentials In-Reply-To: Message-ID: <199409060031.RAA10617@netcom10.netcom.com> Conrad Walton writes > I'm afraid I don't understand what you guys are talking about. My wife and > I bought a car on Saturday. We drove it away, based on what the dealer's > computer printedout from his TRW inquiry. My personal credit (tied to my > Social Security Number)is terrible. My wife's is pristine. We used hers. > (Is this "transference of reputation? No. > Could *I* use a couple different SSNs > for different "reputations"?) Recently some tenants appeared to have a fictitious history. My wife ridiculed my suspicions - after all they have real social security numbers -- they cannot cheat. Needless to say, their history was fictitious, and I have no idea how they managed it. Perhaps Duncan can elucidate. So yes, you can, and some people apparently do, use multiple social security numbers for multiple reputations. This is of course, dishonest, since you are misrepresenting yourself to the landlord or bank. Misrepresenting yourself to the IRS is completely honest, because the IRS has no right to ask the questions that it demands answers to, under threat of violence. Furthermore most landlords make this distinction also, though not necessarily on the same philosophical grounds as I do. I do not know if banks make that distinction. On the other hand multiple corporate identities are fine - I used to be several different companies, and nobody gets upset provided you refrain from running the companies through profitable bankruptcies. There is nothing wrong with making it difficult for people to cross reference information from one of your activies to another of your activities. But if you say you are revealing information about your activities, and you are concealing it, then that is dishonest. > My actions (good conduct) will be based on (enforced?) by the non material > and semi-quantifiable value of the TRW credit report, not coercion (I want > more stuff in the future). TRW seems like a "reputation reporting agency". > I can take a copy of that print out into another bank and get another loan > if I wanted. Is that a "credential"? Exactly so. > What's the difference? and what are > the implications of the difference? The printout is a credential. The reputation is how impressed the banks are by your credentials. The implication of making a distinction is that clever use of cryptographic signatures and the like on credentials will not make the credentials worth anything. A credential will only be of value to the extent that it impairs privacy. The objective therefore must be to maintain privacy against uninvited third parties and make privacy impossible against invited parties. More realistically, we must reveal what invited parties wish to know, without revealing what uninvited parties might wish to know. > Give me a better model to illustrate what you think would be better or > worse. Drug dealers only need cash and a gun to make transactions while > they keep totally anonymous. Futures traders need a credit line and a > government registered agent to work through and have *no* privacy, but more > money than I'll ever make. All the models you give are excellent. The drug dealers transaction is strictly local, and therefore can be completely anonymous. Unfortunately complete anonymity and the lack of a storefront means that loss of reputation is no problem. Thus punishments for misconduct also have to be local, hence the gun. This suggests that people doing business in cyberspace cannot be anonymous from each other, although their real physical identity and physical location may be hidden, making them difficult to coerce. The futures transaction is non local, and is backed both by reputation and state coercion. In some markets the transaction is backed only by reputation. In others, such as China and Vietnam, arbitrary government coercion randomly prevents people from carrying through the deals that they have made. > > By calling a credential a reputation, we imply that it automatically > > has value. Of course it does not. > But this is like saying that a credit card has no value. While this is > technically true, in reality, where I live, I can turn that credit card > into food, gas, stereos and computers. If I don't pay my bill at the end of > the month, they won't give me anymore stuff. Credentials support a reputation, and a reputation enables one to obtain a credential, yet chickens are not eggs. If one defines chickens to be eggs, one will have difficulty roasting a chicken. The difference between your credit card and your reputation is that if you lose your credit card it will be replaced, but if you lose your reputation they will cut up your credit card the next time your proffer it. > Reputations *and* credentials both have nothing to do with the value, worth > or character of a person, but I don't think the car dealer cares if I kick > my dog, only if I pay my bills. Quite so. From hfinney at shell.portal.com Mon Sep 5 17:41:48 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 5 Sep 94 17:41:48 PDT Subject: \"Reputations\" are more than just nominalist hot air In-Reply-To: <199409041853.LAA17023@netcom7.netcom.com> Message-ID: <199409060041.RAA15683@jobe.shell.portal.com> jamesd at netcom.com (James A. Donald) writes: >Hal seems to be asking questions which implicitly define >a reputation to be some kind of credential. I tried to post something on this last night, but Toad apparently hiccupped and lost it. My suggestion was that we do not discuss "reputations", where I think James is right that the term already refers to an opinion someone holds in his mind, but rather "reputation capital" or perhaps "reputation credentials", which are information structures which may be used to establish or support a reputation. The example I used last night was that "reputation capital" is not "reputation" any more than the "liberty bell" is "liberty". Then perhaps we can avoid arguing about what a reputation is, and instead focus on the interesting issue of what the role of cryptography will be in establishing reputations in a possibly-pseudonymous business network. Hal From werewolf at io.org Mon Sep 5 18:03:48 1994 From: werewolf at io.org (Mark Terka) Date: Mon, 5 Sep 94 18:03:48 PDT Subject: Remailer at Wein? Message-ID: Is the remailer at remailer at ds1.wu-wein.ac.at up and running? Test messages to that site kept bouncing. Also, how do I get ahold of that remailer's public key for encrypting messages through them? -------------------------------------------------------------------------- Mark Terka | werewolf at io.org | public key (werewolf) by Toronto,Canada | dg507 at cleveland.freenet.edu | public key server or request --------------------------------------------------------------------------- From hibbert at netcom.com Mon Sep 5 18:05:12 1994 From: hibbert at netcom.com (Chris Hibbert) Date: Mon, 5 Sep 94 18:05:12 PDT Subject: Reputations/Credentials In-Reply-To: Message-ID: <199409060105.SAA08869@netcom6.netcom.com> I'm not going to quote Conrad Walton point-by-point, but I'm responding to the message in which he asks how what TRW provides relate to what we mean by reputations and credentials. What TRW does is to collect information from others about their beliefs about others and their history of dealings with them. TRW then provides a summary giving their opinion. They do it in an automated way, and provide a numerical rating as the output. Equifax, TransUnion and Dunn&Bradstreet provide a similar service, but depend on different sources, and combine the information in different ways. I doubt if any of them would tell you what their formula is. I think what other c'punks writing on this topic have objected to is the notion that someone might create *a* calculus that would describe *the* proper way for rating services to do their job. Reputations are people's opinions, and how you add them up depends on your beliefs about the opinion-holders. I'm not sure that credentials are different in that respect. The way credentials should be different is that they should tell you what opinion they're intended to represent. Does your signature on my key indicate that you believe that I'm a real person with the name I use, or just that I am the person who used that name last year? Reputations are subjective. Credentials are codifications about beliefs. They say that X believes Y about Z. It might be useful to codify what the different useful Y's are, but I find it hard to see how there could be a general formalism for composing statements like these. Chris From werner at mc.ab.com Mon Sep 5 18:13:05 1994 From: werner at mc.ab.com (tim werner) Date: Mon, 5 Sep 94 18:13:05 PDT Subject: Reputations/Credentials Message-ID: <199409060110.VAA05999@sparcserver.mc.ab.com> >Date: Mon, 5 Sep 1994 12:56:53 -0800 >From: cwalton at earthlink.net (Conrad Walton) > >Give me a better model to illustrate what you think would be better or >worse. Drug dealers only need cash and a gun to make transactions while >they keep totally anonymous. I used to carry a Swiss Army knife, myself (because of the corkscrew), and a lot of the transactions were based on credit. Reputation was very important, whether dealing in cash or not, and I never dealt with anyone I didn't know and trust. tw From lcottrell at popmail.ucsd.edu Mon Sep 5 18:24:34 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Mon, 5 Sep 94 18:24:34 PDT Subject: Random number workbench Message-ID: <199409060124.SAA23028@ucsd.edu> I was just wondering if something like a random number workbench exists? I am looking for some implimentations of randomness tests that I can run on the output of pseudo-random and random number generators that I am working on. Is there a ftp site where I can get something of this sort? If not, what sort of demand would there be for one if I were to write it? Lance -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.6 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From schulz at omcron.uleth.ca Mon Sep 5 19:14:52 1994 From: schulz at omcron.uleth.ca (Tom Schulz) Date: Mon, 5 Sep 94 19:14:52 PDT Subject: Punk Rock Zine Message-ID: <9409060120.AA09488@omcron.uleth.ca> Hi Me and some friends of mine are compiling a punk rock fan zine, and i wish to include a section outlining public key cryptography, the cypherpunks as a group, etc. I was wondering if anybody had any press releases, or short (like 1 page) RSA or PGP articles or that sort of thing. It won't be a huge spread or anything, but it will be positive nondigitial media press for cypherpunkism. I am not a current list member, so please email me at schulz at omcron.uleth.ca TOM SCHULZ From mschruf at metronet.com Mon Sep 5 19:47:35 1994 From: mschruf at metronet.com (Michael Schruf) Date: Mon, 5 Sep 94 19:47:35 PDT Subject: Remailer at Wein? In-Reply-To: Message-ID: <199409060249.AA16733@metronet.com> > > Is the remailer at remailer at ds1.wu-wein.ac.at up and running? Test > messages to that site kept bouncing. > > Also, how do I get ahold of that remailer's public key for encrypting > messages through them? > > -------------------------------------------------------------------------- > Mark Terka | werewolf at io.org | public key (werewolf) by > Toronto,Canada | dg507 at cleveland.freenet.edu | public key server or request > --------------------------------------------------------------------------- > The address you typed above contains a typo. Correct is: remailer at ds1.wu-wien.ac.at ^^ (Wien = Vienna) I hope that solves the first part of your problem. Michael M. Schruf mschruf at metronet.com From juola at suod.cs.colorado.edu Mon Sep 5 21:57:24 1994 From: juola at suod.cs.colorado.edu (Patrick Juola) Date: Mon, 5 Sep 94 21:57:24 PDT Subject: Needed for a computer ethics class Message-ID: <199409060324.VAA04179@suod.cs.colorado.edu> > I'm in the process of writing a course on computer ethics for > the University of Colorado at Boulder and I think anonymous > remailers would be a good subject for an essay assignment, but > I need enough material (ideally, primary source material) to > lay the groundwork first. You're not in any way related to Detweiler are you? :-) Nope, 'fraid not. Never even met the "gentleman," as it happens. I'm sure that whoever is running the Medusa style-analyzer can bear me out on that. 8-) (That and the fact that I've been on cypherpunks for nearly a year now, and Detweiler's not subtle enough to keep his tentacles quiet for that long. Feeling paranoid?) Maybe I didn't make myself clear enough on the question. I don't need to be convinced that remailers are a Good Thing. I already believe it. On the other hand, [I feel] it's more professional to point the students on magazine articles, FAQ's, and stuff and to let them draw their own conclusions about the inherent Rightness of anonymous Email than to simple proseletyze at them, which never works. So I'm looking for material *external* to what I'm presenting them directly, rather than simply arguments, which I can make in the course of the class. Patrick Patrick From cwalton at earthlink.net Mon Sep 5 22:09:07 1994 From: cwalton at earthlink.net (Conrad Walton) Date: Mon, 5 Sep 94 22:09:07 PDT Subject: \"Reputations\" are more than just nominalist hot air Message-ID: At 5:41 PM 9/5/94 -0700, Hal wrote: > >Then perhaps we can avoid arguing about what a reputation is, and instead >focus on the interesting issue of what the role of cryptography will be >in establishing reputations in a possibly-pseudonymous business network. I think the distinction between "reputation" and "credential" is an important one in this context. I would be interested in discussing "the interesting issue of what the role of cryptography will be in establishing in a possibly-pseudonymous business network", i.e. TRW credit reports, drivers licenses, or ATM cards (all of which may or may not be tied to a reputation or to a valuable, wonderful person - doesn't matter to me. Will I get my money outta the deal?). ***************************************** Conrad Walton cwalton at earthlink.net ***************************************** Without JOY there can be no STRENGTH. Without STRENGTH, all other virtures are worthless. Edward Abbey From werewolf at io.org Mon Sep 5 22:19:27 1994 From: werewolf at io.org (Mark Terka) Date: Mon, 5 Sep 94 22:19:27 PDT Subject: How Did This Get Done? Message-ID: Ok...ok....ignore the content of the following. I'm not interested in flames about narrow mindedness or whatever, I'm just interested in how the poster was able to pull the following off.... I picked this up from a post in alt.sex.stories (and yeah....man does not live on talk.politics.crypto alone :>) : ---------------------------------------------------------------------------- Path: io.org!sun.cais.com!news.sprintlink.net!tequesta.gate.net!sysop From: no_more_faggots at faggots.must.die.com <===== Is this a trick? Newsgroups: alt.sex.stories Subject: NO MORE FAGGOT STORIES! Date: 5 Sep 1994 21:13:00 GMT Lines: 1 Message-ID: <34g1ks$jn1 at tequesta.gate.net> NNTP-Posting-Host: hopi.gate.net NO MORE FAGGOT STORIES DAMMIT ----------------------------------------------------------------------------- How the hell did the poster "customize" his address to ...ummm...fit the post??? From mpd at netcom.com Mon Sep 5 23:07:01 1994 From: mpd at netcom.com (Mike Duvos) Date: Mon, 5 Sep 94 23:07:01 PDT Subject: How Did This Get Done? In-Reply-To: Message-ID: <199409060606.XAA13709@netcom6.netcom.com> The "From" line of a news post may be any arbitrary text. Although most newsreaders insert truthful information, you can post anything you like if you interface with the posting agent personally. You can telnet to any NNTP server on the Net that does not reject your connection and post anything you wish. The "Path" information should give you some idea of where the post originated. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From M.Gream at uts.EDU.AU Tue Sep 6 00:05:52 1994 From: M.Gream at uts.EDU.AU (Matthew Gream) Date: Tue, 6 Sep 94 00:05:52 PDT Subject: Aust crypto regulations Message-ID: <9409060707.AA01997@acacia.itd.uts.EDU.AU> Well, fuck that for thinking I was living under a less restrictive regime -- and I can say goodbye to an international market for my software. ---- begin include ---- From: M.Gream at uts.edu.au (Matthew Gream) Newsgroups: aus.computers.ibm-pc,alt.security.pgp Subject: Re: PGP for Oz users Date: 6 Sep 1994 06:44:14 GMT Matthew Gream (M.Gream at uts.edu.au) wrote: > That sounds bogus to me, at least from the information you've given me > there. I've had the pleasure of being routed from our `Australian Trade [..] > I'm fairly confident in saying that there are no export restrictions on > software (specific clause stating that mass market, public domain and > "unsupported after installation" software is not covered by the > Industrial List). There do exist restrictions on hardware. All of these > restrictions are a direct result of our adherence with COCOM > regulations. I'm afraid I have to post a clarification to a clarification. I've just been in contact with the relevant people at the Defence Signals Directorate. It seems that regardless of advice obtained from other departments and documentation that points to the contrary, there are restrictive controls on software. In my conversation, the following was articulated (she was refering to the same document as previously mentioned [1]): 1. The "General Software Note" on Page 1-6 of [1] does not override the regulations in "Category 5: Telecommunications and `Information Security'", specifically s.5.A.2 and s.5.D.2. This means that they assert control over all forms of software _including_ public domain. I tried to pin-point what the "General Software Note" is for then, but didn't receive an acceptable answer. 2. DES can only be exported for specific banking and associated applications, even then only to 8 governments and certain banking groups. They accept RSA for export where it's used in Key Distribution applications. In essence, there is a list of specific uses for certain algorithms. 3. Message digests are in general OK, so long as they can't be modified to perfom cryptographic functions (ie. encryption/decryption). 4. Export is regulated on a per end user basis. In order words, they assert control over _each_ item of software sold. 5. The fact that COCOM is in a "forum" period does not affect the current regulations. 6. I specifically asked about "public domain" distribution of software via the Internet. She said that this was "highly inadvisable" and "if our government found out about it, they could take action" and asserted that it would be worse for an individual than if the violation was carried out by a company. She said that she wouldn't like someone to become a "test case", and made mention of problems in the USA. She was extremely helpfull though, but the real problem I had, and I spent most of my time on this, was that these requirements aren't solidified anywhere, and hence subjective. I'm not really surprised though, that's the whole point of it all. I wasn't concerned about "weak crypto", only DES, IDEA, RSA, MD* and locally produced algorithms. In short: Anything cryptographic, they want to know about, and they want to know about it on a per end-user basis. They advise against distribution on the "Internet" and any distribution without prior approval otherwise there could be "problems". Matthew. [1] "Australian Controls on the Export of Technology with Civil and Military Applications", Aust Dept of Defence, Sept 1992. -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: From? \notin speaking_for(Organization?) [cfqx103] ---- end include ---- -- Matthew Gream -- Consent Technologies, (02) 821-2043 Disclaimer: From? \notin speaking_for(Organization?) [cfqx103] From wcs at cbnewsh.att.com Tue Sep 6 00:56:28 1994 From: wcs at cbnewsh.att.com (wcs at cbnewsh.att.com) Date: Tue, 6 Sep 94 00:56:28 PDT Subject: Micro Power Broadcasting Meeting/Picnic & Workshops In-Reply-To: <34ahf1$qgb@crl7.crl.com> Message-ID: <9409060755.AA02794@ig1.att.att.com> The following article in alt.society.anarchy touched on some issues that have been occasionally discussed here in cypherpunks. (I'm temporarily disconnected from receiving cypherpunks until my mail addresses get straightened out - sigh.) Bill ------- In article <34ahf1$qgb at crl7.crl.com> somebody writes: ] ]You are invited to a meeting of the Free Communications Coalition on ]Sunday, September 11. It will be held in Berkeley at 809 B Allston Way ](two blocks south of University Ave. between 6th and 5th) from 12 noon to ]2 PM. A potluck vegie picnic will follow at a nearby park complete with a ]live micro power broadcast. Members of the Free Communications Coalition ](the peoples' FCC) include San Francisco Liberation Radio, Radio Libre, ]Free Radio Berkeley, National Lawyers Guild Committee on Democratic ]Communications and other micro power practioners and supporters. Help ]plan the fall/winter campaign to take back the airwaves. ] ]Two workshops on micro power broadcasting are scheduled for the Bay ]Area. The first one will be held in Berkeley at the Long Haul, 3124 ]Shattuck Avenue on Saturday, September 24. New College, 777 Valencia in ]San Francisco will be the site of the second workshop on Saturday, ]October 8. Both workshops will start at 11 AM and run until about 4 PM. ]A donation of $5-$25 is requested. Materials and info will be provided. ]Learn how to put your own micropower station on the air. ] ]Listen to San Francisco Liberation Radio 93.7 on the air every night ]covering the western portion of SF, north and west of Twin Peaks. Radio ]Libre 103.3 is on every night from the Mission District covering an area ]east of Twin Peaks. Free Radio Berkeley returns to the air on Sunday, ]September 4 at 8 PM on 104.4 ] ]For further information, contact Free Radio Berkeley / Free ]Communications Coalition. You can request a current copy of our ]newsletter and list of the kits we offer. ] ]Email: frbspd at crl.com ] ]Snail: FRB, 1442 A Walnut St., #406, Berkeley, CA 94709 ] ]Voice mail: (510) 464-3041 ] ] -- # Bill Stewart AT&T Global Information Solutions (new name for NCR!) # 6870 Koll Center Pkwy, Pleasanton CA 94566 1-510-484-6204 fax-6399 # Email: bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 Digital Telephony Initiative - the price of liberty is eternal vigilance! From pstemari at bismark.cbis.com Tue Sep 6 05:25:22 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Tue, 6 Sep 94 05:25:22 PDT Subject: PGP 2.6.1 release from MIT In-Reply-To: <2E67949E@microcosm.SanDiegoCA.NCR.COM> Message-ID: <9409061224.AA12502@focis.sda.cbis.COM> > > This new version has a lot of bug fixes over version 2.6. I hope this is > > the final release of this family of PGP source code. We've been working > > on an entirely new version of PGP, rewritten from scratch, which is much > > cleaner and faster, and better suited for the future enhancements we have > > planned. All PGP development efforts will be redirected toward this > > new code base, after this 2.6.1 release. > > Anyone have an idea of what these "enhancements" will be? New data formats? Or when they will be available? I tried FTPing them over the weekend and only found the 2.6.0 version. --Paul From pstemari at bismark.cbis.com Tue Sep 6 05:41:10 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Tue, 6 Sep 94 05:41:10 PDT Subject: NY Times Fears C'punks In-Reply-To: <940903.152223.7n1.rusnews.w165w@sendai.cybrspc.mn.org> Message-ID: <9409061240.AA12614@focis.sda.cbis.COM> > > Big Brother is dead. The only serious likelihood of his resurrection > > lies in reaction to the chaos and disintegration that an era of Little > > Brothers might bring. > > Is this the NYT being out of touch, or are they just showing off their > tentaclehood? To me, that reads like a threat against those who oppose > the Government Private Agenda. No, I wouldn't say that. What they're predicting there is that the massive state will die, smaller groups and cults (ala the Assassins) will replace it with non-territorial based fighting, and that the reaction to the abuses of the smaller groups and cults will cause a popular demand for a resurrection of the big Brother-style govt. It's an interesting thought, but I don't see that Big Brother is on his deathbed, which is their starting premise. From spaceman.spiff at calvin.hobbes.org Tue Sep 6 06:14:39 1994 From: spaceman.spiff at calvin.hobbes.org (spaceman.spiff at calvin.hobbes.org) Date: Tue, 6 Sep 94 06:14:39 PDT Subject: No Subject Message-ID: <9409061311.AA05915@toad.com> In refrence to Mark Terka's article on how the person faked his name, he probaably did it the same way I am doing this, only on a variation for news. You can accuatly telnet in to other ports that are instance. Anyway Loopholes arent to hard to find. Ask a net programmer what the port for news is. Groove on dude Michael Conlen From jya at pipeline.com Tue Sep 6 06:31:53 1994 From: jya at pipeline.com (John Young) Date: Tue, 6 Sep 94 06:31:53 PDT Subject: NYT on Electronic Purses Message-ID: <199409061331.JAA23072@pipe1.pipeline.com> The New York Times today reports: Quotes: "Electronic purses" may mean the end of cash. Banks, credit card companies and even some governments are racing to introduce electronic purses, wallet-size cards embedded with microchips that store sums of money for people to use instead of cash for everything from buying fast food to paying highway tolls. * * * Long-range planners in the banking industry see the weaning of small businesses and consumers from cash as the last step to closing many expensive branches and conducting virtually all business by telephone, through cash machines and perhaps home computers. * * * "As more and more people do business on the Internet, we have to look for how you pay for things," said Catherine Allen, a vice president in Citibank's technology office and the head of the Smart Card Forum, an industry group. "The smart card allows me to identify myself securely." * * * But Mondex [Britain's system] has still another wrinkle: privacy. Unlike most other electronic purse systems, Mondex, like cash, is anonymous. The banks that issue Mondex cards will not be able to keep track of who gets the payments. Indeed, it is the only system in which two card holders can transfer money to each other. "If you want to have a product that replaces cash, you have to do everything that cash does, only better," Mondex's senior executive, Michael Keegan said. "You can give money to your brother who gives it to the chap that sells newspapers, who gives it to charity, who puts it in the bank, which has no idea where it's been. That's what money is." End quotes. The article describes smart card systems in the US and other countries. Describes how customers "recharge" the card by home phone or other means. Email copies wanted? It's about a half-page in size. John From joshua at cae.retix.com Tue Sep 6 06:45:10 1994 From: joshua at cae.retix.com (joshua geller) Date: Tue, 6 Sep 94 06:45:10 PDT Subject: Aust crypto regulations In-Reply-To: <9409060707.AA01997@acacia.itd.uts.EDU.AU> Message-ID: <199409061341.GAA19268@cae.retix.com> > Matthew Gream (M.Gream at uts.edu.au) wrote [in re aussie spooks and > crypto (I think)]: > In short: Anything cryptographic, they want to know about, and they > want to know about it on a per end-user basis. They advise against > distribution on the "Internet" and any distribution without prior > approval otherwise there could be "problems". I am sure they will be as successfull as their american counterparts in suppressing such distribution. josh From cme at tis.com Tue Sep 6 07:36:02 1994 From: cme at tis.com (Carl Ellison) Date: Tue, 6 Sep 94 07:36:02 PDT Subject: Governments and repression In-Reply-To: <199408311836.LAA07396@comsec.com> Message-ID: <9409061433.AA26714@tis.com> >Date: Wed, 31 Aug 1994 08:35:12 -0400 >From: "Perry E. Metzger" Perry, >I would refer to most governments as being no more than large >organized gangs, differing from the Mafia or Hezbollah only in so far >as they have convinced large numbers of people of their legitimacy. It's always bothered me that gov'ts were people wielding power for its own sake. I had hoped we had progressed beyond the tribal chieftan stage of development. Then again, I remember the bullies in grade school. To what extent is gov't a home for bullies and to what extent is it the collective defense against bullies (both ideas finding models in the Wild West Sheriff)? How do we turn it from the first to the second? - Carl From talon57 at well.sf.ca.us Tue Sep 6 07:38:34 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 6 Sep 94 07:38:34 PDT Subject: AIDs testing and privacy Message-ID: <199409061438.HAA14594@well.sf.ca.us> 'Punksters There was an interesting piece on a new AIDs self-test kit this morning that focused on privacy. The idea is that an AIDs self-test kit is made widely available via your local pharmacy. You use the kit's materials to draw a drop of blood, which you place on an enclosed test slide. You then seal the slide, attach a barcoded sticker, and mail in the enclosed mailer to a lab. After a few weeks, you call a 1-800 number, punch in your code (from the sticker) and you get a recording telling you if the test was negative. From this point on the piece (CBS this morning) was elaborating on whether or not a machine should be used to pass on this news, or should a "real" person be involved. Interesting... Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth From nobody at shell.portal.com Tue Sep 6 07:46:21 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 6 Sep 94 07:46:21 PDT Subject: How Did This Get Done? Message-ID: <199409061446.HAA19128@jobe.shell.portal.com> > ---------------------------------------------------------------------------- > Path: io.org!sun.cais.com!news.sprintlink.net!tequesta.gate.net!sysop > From: no_more_faggots at faggots.must.die.com <===== Is this a trick? > Newsgroups: alt.sex.stories > Subject: NO MORE FAGGOT STORIES! > Date: 5 Sep 1994 21:13:00 GMT > Lines: 1 > Message-ID: <34g1ks$jn1 at tequesta.gate.net> > NNTP-Posting-Host: hopi.gate.net > > NO MORE FAGGOT STORIES DAMMIT > ----------------------------------------------------------------------------- > > How the hell did the poster "customize" his address to ...ummm...fit the > post??? not hard at all...by telnetting in to port 25 of a system on the net, you can talk directly to that systems sendmail...mail is passed in ascii format...few systems require a HELO (identifying the system telnetting in)...then you simply type in the mail headers manually...combine this with the fact that some systems let you post to usenet by email, and you can do just about anything and be untraceable (i think, anyone know for sure?)... i am sure that there are other ways to do this...i don't know how usenet news is passed, but i suspect this is also done in a similar way so if you know the port number and the format, you could do it like that... Skat From hfinney at shell.portal.com Tue Sep 6 08:21:33 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 6 Sep 94 08:21:33 PDT Subject: Problems with anonymous escrow 2--response In-Reply-To: <9409041052.AA03370@ininx> Message-ID: <199409061521.IAA21325@jobe.shell.portal.com> jkreznar at ininx.com (John E. Kreznar) writes: >Hal writes: >> it >> is no more desirable to allow dossiers to be built up about your on-line >> personality than your off-line life. >But is this really true? If a seller is using the pseudonym just to >defend himself against uninvited third parties such as tax collectors, >it would seem that accumulation of a dossier would be useless as long as >the physical seller can't be found. What would be gained by >transferring the credential (the evidence of the seller's marketable >skills or whatever he's selling) to a new pseudonym? I assume that the >seller receives payment by some anonymous method, perhaps electronic >cash. Am I missing something? Well, there are at least a couple of reasons why a seller might want to do this, one (IMO) good and one bad. The good one would be to allow sellers to do socially or politically unpopular things without being punished for them. For example, someone selling pro-civil rights material during the 1950's, or someone selling homosexual rights material today might find themselves facing a certain amount of prejudice if they also wanted to sell more mainstream stuff. By being able to run two businesses which are unlinkable but to apply their good credit record, good customer response record, etc. from one business to the other, we encourage diversity and a free market in ideas. On the other hand, an unscrupulous seller could open up a string of businesses, be honest for a few months to collect some good credentials like this, then fold the business and keep customer money. He then opens up a new business and uses his old good credentials to get going quickly, only to repeat the process. Both of these kinds of activities happen today, but in the network environment there are a lot more possibilities for records keeping. Today it may be an open secret that "Praise the Lord Publications" and "Hot Sex Novels" are both published by the same guy, but probably most of his customers don't know it. On the net it will be a lot harder to keep this kind of thing secret because of the greater access to infor- mation. Likewise, the fly-by-night boiler-room telemarketing service may have a harder time competing in a network environment where the lack of a track record will be more obvious, but the cryptographic credentials which solve the first problem may also allow this tactic to be more successful as well. Hal From pstemari at bismark.cbis.com Tue Sep 6 08:23:45 1994 From: pstemari at bismark.cbis.com (Paul J. Ste. Marie) Date: Tue, 6 Sep 94 08:23:45 PDT Subject: AIDs testing and privacy In-Reply-To: <199409061438.HAA14594@well.sf.ca.us> Message-ID: <9409061523.AA13234@focis.sda.cbis.COM> > After a few weeks, you call a 1-800 number, punch in your code > (from the sticker) and you get a recording telling you if the test > was negative. Of course, with ANI, calling an 800 number is not an anonymous act, unless you one of the few that know you need to do it from a payphone. --Paul From bugs at ritz.mordor.com Tue Sep 6 09:04:00 1994 From: bugs at ritz.mordor.com (Mark Hittinger) Date: Tue, 6 Sep 94 09:04:00 PDT Subject: more detweiler foo Message-ID: <199409061603.MAA05000@ritz.mordor.com> ~Newsgroups: misc.invest ~Path: sdd.hp.com!hpscit.sc.hp.com!cupnews0.cup.hp.com!news1.boi.hp.com!rdetweil ~From: rdetweil at boi.hp.com (Richard Detweiler) ~Sender: news at boi.hp.com (Boise Site News Server) ~Message-ID: ~Date: Tue, 6 Sep 1994 14:28:44 GMT ~Nntp-Posting-Host: hpbs4189.boi.hp.com ~Organization: Hewlett Packard - Boise Printer Division ~Isn't this amazing? I've cut down the newsgroups to just misc.invest. The article is discussing a recent forgery. Maybe since the summer is over and its back-to-work time he has to cut back to one group? He-he-he-huh-huh. From samman at CS.YALE.EDU Tue Sep 6 10:13:40 1994 From: samman at CS.YALE.EDU (Subversive Citizen Unit) Date: Tue, 6 Sep 94 10:13:40 PDT Subject: How Did This Get Done? In-Reply-To: <199409061446.HAA19128@jobe.shell.portal.com> Message-ID: > > > > How the hell did the poster "customize" his address to ...ummm...fit the > > post??? > > not hard at all...by telnetting in to port 25 of a system on the net, you > can talk directly to that systems sendmail...mail is passed in ascii > format...few systems require a HELO (identifying the system telnetting > in)...then you simply type in the mail headers manually...combine this > with the fact that some systems let you post to usenet by email, and you > can do just about anything and be untraceable (i think, anyone know for > sure?)... Well you can do it this way by using a mail to news gateway, as for tracibility, this is quite tracible. Remember all you have to do is have a log of all incoming telnet sessions and a log at the home machine of all out going telnet sessions and you're easily paired up with it. That's one of the ways, some stupid fool got caught mailing a death threat to the president using forged mail from 'never.gonna.catch.me.org' Ben. From warlord at MIT.EDU Tue Sep 6 10:19:21 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 6 Sep 94 10:19:21 PDT Subject: PGP 2.6.1 release from MIT In-Reply-To: <9409061224.AA12502@focis.sda.cbis.COM> Message-ID: <9409061713.AA11964@toxicwaste.media.mit.edu> A message will be sent out when 2.6.1 is available. I expect it to be available later today or tomorrow, but wait for the mail that says that it is available and where to get it! -derek From karn at qualcomm.com Tue Sep 6 11:04:52 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 6 Sep 94 11:04:52 PDT Subject: How to find a primitive root of unity, for Diffe-Hellman? In-Reply-To: <199409052037.AA04009@xtropia> Message-ID: <199409061803.LAA08116@servo.qualcomm.com> Maybe I can save you some trouble. Here is a "strong" 1024-bit prime and generator that I've been using for Diffie Hellman key exchange to set up keys for IP packet encryption. For a "strong" prime p, (p-1)/2 is also prime. This is thought to make the discrete logarithm problem maximally hard. --Phil a4788e2184b8d68bfe02690e4dbe485b17a80bc5f21d680f1a8413139734f7f2b0db4e25375 0018aad9e86d49b6004bbbcf051f52fcb66d0c5fca63fbfe634173485bbbf7642e9df9c74b8 5b6855e94213b8c2d89162abeff43424350e96be41edd42de99a6961638c1dac598bc90da06 9b50c414d8eb8652adcff4a270d567f Generator = 5 You're welcome to verify that this is indeed a strong prime; this should be considerably faster than searching for one from scratch. Phil From nobody at BU.EDU Tue Sep 6 11:07:12 1994 From: nobody at BU.EDU (Nobody) Date: Tue, 6 Sep 94 11:07:12 PDT Subject: Rabin-Miller Message-ID: <199409061806.OAA20548@BU.EDU> Has anyone checked to see if the Rabin-Miller Primalty testing algorithm is included in PRZ's new release of PGP 2.61? From raph at CS.Berkeley.EDU Tue Sep 6 11:08:39 1994 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 6 Sep 94 11:08:39 PDT Subject: List of reliable remailers Message-ID: <199409061808.LAA00513@kiwi.CS.Berkeley.EDU> I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://kiwi.cs.berkeley.edu/pub/raph/premail-0.22.tar.gz This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 10-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"chaos"} = " cpunk hash ksub"; $remailer{"vox"} = " cpunk oldpgp."; $remailer{"avox"} = " cpunk oldpgp"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"kaiwan"} = " cpunk pgp hash latent cut"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"jpunix"} = " cpunk pgp hash"; $remailer{"wien"} = " cpunk pgp hash nsub"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric pgp."; $remailer{"penet"} = " penet"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut"; $remailer{"leri"} = " cpunk pgp hash"; Last ping: Tue 6 Sep 94 11:00:01 PDT remailer email address history latency uptime ----------------------------------------------------------------------- jpunix remailer at jpunix.com **+**-**++## 7:36 99.99% bsu-cs nowhere at bsu-cs.bsu.edu **++******## 4:47 99.99% wien remailer at ds1.wu-wien.ac.at *-**+*-*+*** 12:38 99.99% extropia remail at extropia.wimsey.com --+++---..-+ 5:20:51 99.99% c2 remail at c2.org .-++++-+***+ 42:07 99.99% vox remail at vox.hacktic.nl --------- . 10:30:39 99.99% chaos remailer at chaos.bsu.edu *#****###### 0:57 99.92% ideath remailer at ideath.goldenbear.com **-*****+*#+ 12:50 99.87% leri remail at leri.edu --+*****+*#+ 22:09 99.83% soda remailer at csua.berkeley.edu +++++++++..+ 2:45:46 99.58% kaiwan ghio at kaiwan.com +** + ++--** 19:32 99.28% alumni hal at alumni.caltech.edu **+****+ * * 5:03 99.15% portal hfinney at shell.portal.com **+****+ #* 3:36 98.22% rebma remailer at rebma.mn.org -----*+--- + 5:32:23 94.53% usura usura at xs4all.nl ****+*+* -* 22:49 87.85% penet anon at anon.penet.fi _ _+__++** 43:44:31 73.46% Suggested path: wien;bsu-cs;jpunix For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. special Accepts only pgp encrypted messages. History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Note to remailer operators: this script generates hourly ping messages. If you don't want that, let me know and I will take your mailer off the list, or increase the interval between pings. Raph Levien From karn at qualcomm.com Tue Sep 6 11:08:41 1994 From: karn at qualcomm.com (Phil Karn) Date: Tue, 6 Sep 94 11:08:41 PDT Subject: How Did This Get Done? In-Reply-To: Message-ID: <199409061809.LAA08142@servo.qualcomm.com> >That's one of the ways, some stupid fool got caught mailing a death threat >to the president using forged mail from 'never.gonna.catch.me.org' Another way that people often let themselves be caught is that they inevitably send a test message to themselves right before the forged message in question. This shows up clearly in the sending system's sendmail logs. It's a point to consider with remailer chains too, if you don't trust the last machine on the chain. Phil From warlord at MIT.EDU Tue Sep 6 11:21:15 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 6 Sep 94 11:21:15 PDT Subject: Rabin-Miller In-Reply-To: <199409061806.OAA20548@BU.EDU> Message-ID: <9409061820.AA12988@toxicwaste.media.mit.edu> I can tell you that no, Miller-Rabin is not in 2.6.1 -- 2.6.1 is just a bugfix release of 2.6, and nothing more. -derek From jis at mit.edu Tue Sep 6 11:29:19 1994 From: jis at mit.edu (Jeffrey I. Schiller) Date: Tue, 6 Sep 94 11:29:19 PDT Subject: PGP 2.6.1 Available from MIT Message-ID: <9409061829.AA12998@big-screw> -----BEGIN PGP SIGNED MESSAGE----- MIT is pleased to announce the availability of PGP 2.6.1, a free public-key encryption program for non-commercial use. PGP 2.6.1 provides for digital signatures and confidentiality of files and messages. PGP 2.6.1 is distributed in source form for DOS/UNIX platforms. For convenience, an MSDOS executable is also part of this release. Because source is available, anyone may examine it to verify the program's integrity. For Macintosh users MIT is currently distributing MacPGP 2.6. An update to MacPGP 2.6 will occur at a later date. PGP 2.6.1 contains fixes to many of the bugs reported in PGP 2.6 and MIT encourages all U.S. PGP users to upgrade. How to get PGP 2.6.1 from MIT: PGP 2.6.1 is available from MIT only over the Internet. Use anonymous FTP to login to net-dist.mit.edu. Login as anonymous. Look in the directory /pub/PGP. In this directory, available to everyone, is a README file a copy of the RSAREF license and a copy of a software license from MIT. Please read the README file and these licenses carefully. Take particular note of the provisions about export control. The README file contains more detailed instructions on how to get PGP 2.6.1. Also in /pub/PGP is a copy of the PGP Manual (files pgpdoc1.txt and pgpdoc2.txt) and the file pgformat.doc that describes the PGP message, signature and key formats, including the modifications for PGP 2.6.1. These are being made available without the distribution restrictions that pertain to the PGP source and executable code. -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLmywV8UtR20Nv5BtAQHsTgP/co0ff5OVXOCMo85BxWKKYulmWk1S1Xns qypYTbKvYETn98mAqXol3dolQPW9OWhgtG2km/R4C2Zq4G/NZBjPy7yfTpO/ket8 lfC0muTQSzAVxzwMhHTRNSItwISCiVwlWDwMADlz3uXKKckJkfntAR+jXd+Foxk/ gizPTNo4ytc= =7ndy -----END PGP SIGNATURE----- From cme at tis.com Tue Sep 6 12:47:15 1994 From: cme at tis.com (Carl Ellison) Date: Tue, 6 Sep 94 12:47:15 PDT Subject: NY Times Fears C'punks In-Reply-To: <199409052359.QAA20112@comsec.com> Message-ID: <9409061944.AA25811@tis.com> >From: John Young >Date: Sat, 3 Sep 1994 11:19:14 -0400 >The New York Times Magazine, p. 23 >September 4, 1994 >Perhaps the most surprising democratization of high technology is that >of cryptography, once an elite art of those who guarded Government's >most precious secrets. This is infuriating. Has no one read Kahn? Cryptography has been developed by amateurs since the beginning, over 3000 years ago. How about an e-mail or (ugh) Snail address for the NYTimes? - Carl From tcmay at netcom.com Tue Sep 6 12:54:39 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 6 Sep 94 12:54:39 PDT Subject: List of reliable remailers In-Reply-To: <199409061808.LAA00513@kiwi.CS.Berkeley.EDU> Message-ID: <199409061833.LAA23223@netcom6.netcom.com> > > I have written and installed a remailer pinging script which > collects detailed information about remailer features and reliability. > > To use it, just finger remailer-list at kiwi.cs.berkeley.edu > > There is also a Web version of the same information, at: > http://www.cs.berkeley.edu/~raph/remailer-list.html Just to give some kudos to Raph, I've used his "finger" service and have been shocked at how _good_ it is! Seeing the uptimes, delays, etc. is very useful in planning remailer chains. I haven't had the time to explore his other tools, though. Between this pinging service, and those of Matt Ghio and Sameer Parekh (haven't checked it in a while), welcome progress has been made. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Tue Sep 6 13:03:56 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 6 Sep 94 13:03:56 PDT Subject: AIDs testing and privacy In-Reply-To: <199409061438.HAA14594@well.sf.ca.us> Message-ID: <199409061731.KAA15119@netcom6.netcom.com> Brian Williams wrote: > There was an interesting piece on a new AIDs self-test kit this > morning that focused on privacy. > > The idea is that an AIDs self-test kit is made widely available ... > From this point on the piece (CBS this morning) was elaborating on > whether or not a machine should be used to pass on this news, or > should a "real" person be involved. A report I saw on this said the concern about the "human voice" giving the news, especially if positive for HIV, was psychological. That is, that HIV-positive folks would not like hearing this from a recording, and might do something serious to themselves. I applaud the "unconditionally untraceable" nature of the test (pay cash for the kit, call from a payphone). Ideas like this are _good_ for society, and for us. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From raph at CS.Berkeley.EDU Tue Sep 6 13:27:21 1994 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 6 Sep 94 13:27:21 PDT Subject: Where can I get cypherpunk t-shirts? Message-ID: <199409062027.NAA01386@kiwi.CS.Berkeley.EDU> I would like to get some cypherpunk t-shirts. So far, I've heard of the "Big Brother inside" and "Cypherpunk Criminal" ones. If anybody has any information about these, I'd appreciate it. From what I hear, there is a fair amount of pent-up demand for the "Big Brother inside" one. For those who are interested, I have a Web page for net-related t-shirts at http://www.cs.berkeley.edu/~raph/tshirt.html Thanks in advance, Raph From adam at bwh.harvard.edu Tue Sep 6 13:37:47 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Tue, 6 Sep 94 13:37:47 PDT Subject: Reputation Capital papers? Message-ID: <199409062037.QAA21812@arthur.bwh.harvard.edu> Are there papers out there on reputation capital that I should be familiar with before talking about it? I have a bunch of ideas, but would like to review the lit before presenting any of them, so I don't repeat things that have been talked about, and don't make any dumb mistakes. I checked the index of AC, and also looked in the bibliography under Chaum but did not see anything. Can anyone provide useful pointers? Adam From CCGARY at MIZZOU1.missouri.edu Tue Sep 6 13:41:47 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 6 Sep 94 13:41:47 PDT Subject: CEB PREMEIER ISSUE PART 2 Message-ID: <9409062041.AA14296@toad.com> however, can still read both formats. Although this is annoying if you have a really old key that has lots of old signatures on it, the fact is that the older the key, the more likely someone has captured both it and the passphrase used to protect it. Therefore, I strongly recommend generating a new key and getting at least one other person to sign it. ARE MY OLD KEYS COMPATIBLE WITH MIT PGP 2.6? Unless they were created with the old, non-PKCS standard (i.e., created with PGP 2.2 or earlier, or created with PGP 2.3a with pkcs_compat set to 0), and unless they were created with a modulus of more than 1024 bits, then they are compatible. If a compatible key has an incompatible signature certificate, then the incompatible signature certificate will simply be stripped off by PGP 2.6. Otherwise, you can keep using your old key. In fact, if you just copy your key ring files to your new PGP 2.6 directory, then extract your old key with ASCII armor, it will be indistinguishable from a PGP 2.6 key, but have the same value, id, and signatures (assuming they were all in the PKCS format). WHY DOESN'T THE MIT KEY SERVER ACCEPT KEYS FROM PGP VERSIONS < 2.4? They don't want to be accused of contributing to the possibly infringing use of PGP 2.3a. WHY IS MY PGP 2.3a KEY ON THE MIT KEY SERVER? Because the MIT key server synchronizes with several non-USA key servers that run PGP 2.6ui or MIT PGP 2.6, and which accept keys from PGP 2.3a. When keys are extracted from those servers to synchronize with the MIT server, they appear to be coming from PGP 2.6, so they are accepted. WHY SHOULD I UPGRADE TO MIT PGP 2.6 FROM PGP 2.3a (BESIDES THE TIME BOMB)? First of all, if you are in the USA, the patent-legal status of MIT PGP 2.6 is good for your conscience. Second of all, there are a lot of bug fixes and features: Fixed a bug with the -z option. If no passphrase was given, PGP used to crash. When using -c, the IV is generated properly now, and the randseed.bin postwash is done. (This bug could have resulted in the same ciphertext being generated for the same plaintext, if the same passphrase is used.) Memory allocated with halloc() is now freed with hfree() in ztrees.c and zdeflate.c. (MS-DOS only.) The decompression code now detects end of input reliably, fixing a bug that used to have it produce infinite amounts of output on come corrputed input. Decompression has also been sped up. PGP -m won't try to write its final output to the current directory. This makes it less efficent if you want to save the text to a file, but more secure if you don't. If the line comment= appears in the config file, the line "Comment: " appears in ASCII armor output. Of course, you can also use this from the command line, e.g. to include a filename in the ASCII armor, do "pgp -eat +comment=filename filename recipient". PGP now enables clearsig by default. If you sign and ascii-armor a text file, and do not encrypt it, it is clearsigned unless you ask for this not to be done. The now enables textmode. Textmode detects non-text files and automatically turns itself off, so it's quite safe to leave on all the time. If you haven't got these defaults yourself, you might want to enable them. All prompts and progress messages are now printed to stderr, to make them easier to find and ensure they don't get confused with data on standard output such as pgp -m output. PGP now wipes temp files (and files wiped with pgp -w) with pseudo-random data in an attempt to force disk compressors to overwrite as much data as possible. On Unix, if the directory /usr/local/lib/pgp exists, it is searched fror help files, language translations, and the PGP documentation. On VMS, the equivalent is PGP$LIBRARY:. (This is PGP_SYSTEM_DIR, defined in fileio.h, if you need to change it for your site.) Also, it is searched for a default global config.txt. This file may be overridden by a local config.txt, and it may not set pubring, secring, randseed or myname (which should be strictly personal) The normal help files (pgp -h) are pgp.hlp or .hlp, such as fr.hlp. Now, there is a separate help file for pgp -k, called pgpkey.hlp, or key.hlp. No file is provided by default; PGP will use its one-page internal help by default, but you can create such a file at your site. On Unix systems, $PGPPATH defaults to $HOME/.pgp. PGP used to get confused if you had a keyring containing signatures from you, but not your public key. (PGP can't use the signatures in this case. Only signatures from keys in the keyring are counted.) PGP still can't use the signatures, but prints better warning messages. Also, adding a key on your secret key ring to your public keyring now asks if the key should be considered ultimately-trusted. Prviously, you had to run pgp -ke to force this check, which was non-obvious. On Unix, PGP now figures out the resolution of the system clock at run time for the purpose of computing the amount of entropy in keystroke timings. This means that on many Unix machines, less typing should be required to generate keys. (SunOS and Linux especially.) The small prime table used in generating keys has been enlarged, which should speed up key generation somewhat. There was a bug in PGP 2.3a (and, in fact in 2.4 and dating back to 1.0!) when generating primes 2 bits over a multiple of the unit size (16 bits on PC's, 32 bits on most larger computers), if the processor doesn't deal with expressions like "1<<32" by producing a result of 1. In practice, that corresponds to a key size of 64*x+4 bits. At the request of Windows programmers, the PSTR() macro used to translate string has been renamed to LANG(). The random-number code has been *thoroughly* cleaned up. So has the IDEA code and the MD5 code. The MD5 code was developed from scratch and is available for public use. Versions prior to 2.6 would not permit a new signature to be added to a key if there was an already existing signature from the same signer. Starting with version 2.6 newer signatures will override older ones *as long as the newer signature verifies*. This change is important because many keys have signatures on them that were created by PGP version 2.2 or earlier. These signatures can not be verified by PGP 2.5 or higher. Owners of keys with these obsolete signatures should attempt to gather new signatures and add them to their key. WHY SHOULD I UPGRADE TO MIT PGP 2.6 FROM PGP 2.6ui? If you are in the USA, PGP 2.6ui suffers from the same alledged patent infringement problems as PGP 2.3a. PGP 2.6ui also lacks most of the bug fixes and enhancements listed above since PGP 2.3a, since PGP 2.6ui is essentially just PGP 2.3a modified to accept both new and old packet version bytes (2 and 3). On the other hand, if you are outside of the USA and Canada, you should be careful not to offend the U. S. Department of State, Office of Defense Trade Controls, by exporting MIT PGP 2.6 from the USA or Canada. I suppose that you wouldn't break U. S. law if you got a copy of MIT PGP 2.6 that someone else exported, or you could get a copy of the PGP 2.6ui (that originated in Great Britain) if you don't care about the enhancements listed above, or if you want to be able to use 1264-bit keys. Note that if you use MIT PGP 2.6 in most countries, you are still bound by the RSAREF license because of the copyright law, and you are still limited in some countries to noncommercial use of PGP by the IDEA patent (unless you get a license from ETH Zurich). IS THERE AN EVIL PLOT, BACK DOOR, OR INTENTIONAL WEAKNESS IN MIT PGP 2.6? Not that I am aware of. It ships with source code, and I didn't see any way to hide such a thing in the source code that I looked at. Besides, if you really knew Phil Zimmermann, you would know just how repugnant such an idea is to him. IS THERE A LEGAL VERSION OF PGP FOR COMMERCIAL USE IN EUROPE? Not yet. To do that, you would have to (1) arrange to license the use of IDEA from ETH Zurich or wait for the coming triple-DES option in PGP, and (2) use the original (PGP 2.3a or 2.6ui) RSA code linked in with the new PGP (to avoid restrictions on the copyrighted RSAREF code). There is also the possibility of other local laws, such as those in France, restricting use of strong cryptography. IS THERE A LEGAL VERSION OF PGP FOR COMMERCIAL USE IN THE USA & CANADA? Yes. Use Viacrypt PGP for any commercial or personal use in the USA and Canada. I understand that there are some BSAFE-based PGP versions for commercial use in the USA, too, but you need to check with Philip Zimmermann on that to make sure that all of the copyright and licensing issues are handled properly. WHAT EXACTLY IS COMMERCIAL USE? I don't have an exact definition. Use some common sense. Are you encrypting sales reports, business plans, contract bidding information, and proprietary designs? Are your money making operations aided by the use of PGP? If so, and if one is available to you, you should buy the fully licensed commercial version. SINCE VIACRYPT PGP SHIPS WITH NO SOURCE, HOW DO I KNOW IT IS OK? Philip Zimmermann wrote or examined all of the source code. He says it is OK, so I trust him. I guess you have to decide for yourself. IS IT OK TO BUY VIACRYPT PGP, THEN USE MIT PGP FOR COMMERCIAL USE? RSADSI/PKP says it is not. On the other hand, since their only recourse is to sue you for damages, and since such a plan results in exactly the same revenue they would have if you did what they wanted, there are no damages to sue for. Personally, I use Viacrypt PGP except when beta testing PGP. IS THERE AN INTERCHANGE PROBLEM WITH THE DIFFERENT RSA ENGINES IN PGP? Fortunately, there is no problem interchanging RSA encrypted packets between original PGP, Viacrypt Digi-Sig, RSAREF, and BSAFE versions. They all do the same RSA computations. They are all different implementations of the same basic algorithm with a different legal status for each of them, which changes depending on what country you are in. The only annoyance is that unmodified copies of RSAREF and BSAFE can't handle more than 1024 bit RSA keys, but that isn't much of a problem (IMHO). HOW DO I UPGRADE FROM VIACRYPT PGP 2.4 TO VIACRYPT PGP 2.7 Call 800-536-2664 with your registration number, name, address, and credit card number handy. Hey, it is only US$10. No, I don't work for Viacrypt, nor do I get a commission on sales -- I just use Viacrypt PGP. WHERE DO I GET MIT PGP 2.6? By ftp: ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt ftp://ftp.csn.net/mpj/README.MPJ ftp://ftp.wimsey.bc.ca/pub/crypto/software/README ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/ Look for the files pgp26.zip, pgp26src.zip, and pgp26src.tar.gz. BBS: Colorado Catacombs BBS 303-772-1062 (free -- log in with your name) Hieroglyphics Voodoo Machine 303-443-2457 (log in as VOO DOO, password NEW) Download PGP26.ZIP, and for source, PGP26SRC.ZIP. Compuserve: Use IBMFF to look for PGP26.ZIP and PGP26S.ZIP. For a longer list, see the daily and montly postings on alt.security.pgp, or get ftp://ftp.csn.net/mpj/getpgp.asc WHAT KNOWN BUGS ARE IN MIT PGP 2.6? The function xorbytes doesn't. Replace the = with ^= to fix it. The effect of this bug is that RSA keys aren't quite as random as they should be -- probably not a practical problem, but worth fixing if you are going to compile the code yourself. DON'T SET PGPPASS when editing your keys, because if you do, and if you don't change your pass phrase, the key is lost. (If this happens, rename your backup keyring files to the primary files before you do anything else). These bugs have been fixed in the master source code, and will be corrected in the next release of MIT PGP. WHAT IS COMING IN FUTURE VERSIONS OF PGP? I won't steal the thunder from Philip Zimmermann, Jeff Schiller, Colin Plumb, and the rest of the team, but there is some neat stuff that they are working on. Transition from MIT PGP 2.6 and Viacrypt PGP 2.7 to the newer versions will be easier than transitions from other versions. If you have enhancements and suggestions for the PGP team, I suggest you coordinate with them so that your ideas can be integrated with the main PGP project. WHERE DO I REPORT BUGS IN PGP? Please send bug reports, bug fixes, ports to new platforms, and suggestions to pgp-bugs at mit.edu. WHERE DO I SEND OR FIND LANGUAGE KITS? If you have a language kit to share, you can also send it to me at mpj at csn.org for me to post on ftp.csn.net/mpj/public/pgp/, as well as sending it to some of the other PGP sites. IS PHILIP ZIMMERMANN STILL THE SUBJECT OF AN INVESTIGATION? Yes. He is still paying a lawyer lots of money to represent him, too. If you like PGP, then I would strongly suggest sending a donation to his defense fund at: Philip Zimmermann defense fund c/o Philip Dubois 2305 Broadway Boulder, Colorado 80304 USA CAN I REDISTRIBUTE THIS FILE? Permission is hereby granted to freely redistribute unmodified copies of this PGP signed file. ___________________________________________________________ | | |\ /| | | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | \/ |o| | PO Box 1151, Longmont CO 80502-1151 USA Jesus is alive! | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....| | ||| \ \_/ | PGPprint=F2 5E A1 C1 A6 CF EF 71 12 1F 91 92 6A ED AE A9 | |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAgUBLlDhNvX0zg8FAL9FAQHoZAP8C+XgqMzs1y0x1SHM45lzPzD8XK9JjjPk lHUSDlQ6uo5lRnBXxUVPpPlTmLW4E2AHvCM+mke4bsVbvNJnNK513tUELWDkGLf4 6rexV0wiZJ9VdnQW3HyN44Sug8/5W7mxmgbdIOwv4A+OOWwAqm/chOLXsFAVn1mP TLQSBl8sb3E= =Wq3r -----END PGP SIGNATURE----- Chapter 2. Steganography "A picture is worth a thousand words." ============================================= %% = !I = %% %%% = !!! BB = %%%* *%%%% = **!!** & = *** @** = u \ x! ) < = * *** + m ) c $ = ** = # k } � = � = $%- & u = = ------- = @!p +e$ ~ # = � = h �6& ; | = � = =,# {{ = � = = � � = = � � = = � � ============================================= � � STILL LIFE WITH CRYPT +++++++++++++++++++++++++++++++++++++++++++++ Steganography is the craft of hiding messages in pictures. The text is, of course, encrypted text rather than plain text. The current best steganography program has been done by Arsen Arachelian Below, follows his text contribution: From: rarachel at prism.poly.edu (Arsen Ray Arachelian) WNSTORM is available from: ftp.wimsey.bc.ca:/pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/Steg Usual routine to get it. i.e. cd /pub/crypto/software, get the README file, and if you agree to the terms then follow the instructions. Short description off the top of my head (I wrote the beastie) Another info scrap should be in the same directory as WNSTORM. WNSTORM is a data encryption/steganography utility which is pretty secure for most uses. Unlike some stego systems WNSTORM is expandible, all you have to do is write your own LSB injector/extractor for whatever data format you wish to hide information into. WNSTORM doesn't require the recipient of the host picture, sound, movie, etc. to have the original un-stormed picture. Unlike primitive stego programs, WNSTORM doesn't compare an stormed picture with an unstormed picture. WNSTORM will cover its tracks statistically. If it changes a 0 bit in the LSB data stream to a zero, or a 1 bit to a 1, it does nothing. If it changes a 1 bit to a zero, it will balance itself by changing an unused adjacent 0 bit to a 1. Ditto for a 0->1 transform. WNSTORM will NOT change every bit of the LSB in order to prevent detection. It will use a passkey along with a probabilistic algorithm to decide which bits it will change. The algorithm for picking bits depends on the previous succesfully encoded/decoded cyphertext AND the passkey. Internally WNSTORM works by picking "windows" or "packets" of bytes out of either a random number stream or an LSB stream extracted from a picture, sound, movie, etc. It then injects eight bits of cyphertext into this window. Each window is of variable size. The bit locations where the bits are inserted are randomly exchanged for each pass. The bit values are also randomly exchanged for each pass. WNSTORM includes an injector/extractor for PCX images, however I will write more injecotr/extractor programs for it in the future, and OTHERS can do so as well. Chapter 3. Shells for PGP. Section 1. David Merriman's WinPGP26.ZIP From: "David K. Merriman" Subject: Windows PGP shell I've just finished making an ftp deposit to soda in the cypherpunks/ incoming directory of WinPGP26.ZIP; it's the latest version of the Windows PGP shell Shareware, and understands 2.6/2.6ui/2.7. Dave Merriman Section 2. Ross Barclay's WinFront 3.0 From: Ross Barclay Subject: PGP WinFront 3.0 Now Available! (New Windows front end for PGP) To: cypherpunks at toad.com, ~rbarclay at TrentU.ca -----BEGIN PGP SIGNED MESSAGE----- Announcing PGP WinFront 3.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ A freeware Windows front end for PGP 2.3a and 2.6 Copyright 1994 Ross Barclay (rbarclay at trentu.ca) WHAT IT IS: - PGP WinFront is the most fully featured free (or otherwise) Windows front end available. It will make using PGP easy for beginners, and it will drastically increase the speed at which experts use it too. PGP WinFront is now into is third revision and I have tried to implement as many of the suggestions that I received as possible. PGP WinFront was designed by its users, but was coded by me. Features: - Supports secret key ring placement on floppy drive - Support en/decryption to/from clipboard - Move / Copy / Delete files - Online hypertext help - Online hypertext PGP help - Keyring reader to pick names, view key characteristics - Keyring reader supports less-often used "huge" keyrings - Signature Checker - Very configurable - over 25 user-definable settings - more . . . This program does too much to list here. And it's free! This version is a complete rewrite of the popular PGP WinFront 2.0. The feature-set has largely been set by users who sent in suggestions. Please read the file README.TXT and peruse the help files. Please send me your comments. HOW TO GET IT: At the moment, there are 2 ways to get this program: 1) Via FTP - The PGP WinFront 3.0 filename is called PWF30.ZIP. - It has been uploaded to the incoming directories of the following FTP sites: ftp.cica.indiana.edu ftp.eff.org ftp.wimsey.bc.ca black.ox.ac.uk soda.berkeley.edu ftp.informatik.uni-hamburg.de ftp.ee.und.ac.za ftp.demon.co.uk - Hopefully, they will be slotted into the PGP directories soon. On CICA, it will be placed into \pub\pc\win3\utils. That is where PWF20.ZIP was placed. - Once you get the program, please upload it to other FTP sites! 2) From Colorado Catacombs BBS - dial (303)772-1062. The file is called PWF30.ZIP - once you get the program, please upload it to other BBSs. *** The mail access system I had was discontinued. This is because the file was too big to fit into my account. However, you can still register PWF and request certain PGP and PWF related items using my mail access system. Details of these are on the "About" screen of PWF 30. - --Ross Barclay - ------------------------------------------------------------------------- Ross Barclay (rbarclay at trentu.ca), Assistant Editor | To receive my PGP | public key, send PC NEWS Review: Windows Edition | me e-mail with the Bellevue, WA (206) 399-8700 | subject: GET KEY - ------------------------------------------------------------------------- To receive PC NEWS Review, send me e-mail with the subject: GET PNR. - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLmZ7fdgpRteEZ9JhAQFeXgIAxIpvJQeMsx7YecNgtusBDMqL662XFeX2 qL0qF8HcN4ReZ9MYjtn9t8N1zWGxkPOXQEI3KfM7uk8JTzxjZ5LG2g== =gSYT -----END PGP SIGNATURE----- Chapter 4. Generally cool things. Section 1. Loompanics sources. Something cool from Vincent: Most of the Loompanics Unlimited catalog is online as: gopher://gopher.well.sf.ca.us/00/Business/catalog.asc And you can send mail to them at: loompanx at pt.olympus.net You can also get their catalog at: Loompanics Unlimited PO box 1197 33 Port Townsend, Wa. 98368 P id Send $5.00 for their general catalog - free with any order. Section 2. Viruses sources. AMERICAN EAGLE PUBLICATIONS Cypherpunks, I have found a source of info. that I just must share! American Eagle Publications, Inc. P. O. Box 41401 Tucson, AZ 85717 I'm sure they will send you a catalog just for the asking. So, what are they about? They are about VIRUSES! They don't just carry a couple of virus things - they are the VIRUSES-ARE-US of the virus world! They have a journal: Computer Virus Developments Quarterly. They have books on viruses, virus protection, cryptanalysis, the science fiction book "Heiland", a CD-ROM for $99.95 of several thousand live viruses, disks of viruses with source code, executable & utilities, programs & cards for boot protection, & even a virus IDEA computer system protector. Copy follows for two items of particular interest to Cypherpunks: POTASSIUM HYDROXIDE, KOH By the "King of Hearts" A sophisticated piece of software which uses ideas first developed by computer virus writers to secure your computer system against those who would like to get their hands on the information in it. You give KOH a pass phrase, & it uses state of the art IDEA data encryption algorithm to encrypt all of the information on your hard disk & your floppies. It is, for all intents & purposes, unbreakable, & works well with DOS & Windows. Many encryption programs offered commercially are easily cracked, but this one is not. Some people call this program a virus, come say it is not. In ways, it acts like a virus to do some of your security housekeeping for you. Yet at worst it is a friendly virus that lets you choose when & how it will replicate. program & manual on disk, $10 program, full source, & manual on disk, $20 (Overseas customers add $12: KOH cannot be exported from the US, but since it was not developed in the US, we will forward your order to the overseas distributor. Please allow 6 weeks for delivery) HEILAND By Franklin Sanders 276 pages, Paperback, 1986 Here's an entertaining book about America in the year 2020. If you wonder if it's proper to use viruses in wartime or if such a virus could be termed "good", this book will give you some food for thought. Sanders makes use of computer "worms" when the oppressed people of the US attack the federal government in an all-out war against tyranny. Sanders uses his worms right too - not as some all-powerful monster. Rather, they are deployed as part of a larger military strategy. For a book written in 1986, that's not bad! And if you're fed up with the government, this book is sure to give you a vision for the future. Sanders has been part of the mounting tax protest in this country. He's fought the IRS in court for years & won some important battles. Unfortunately the government seems to be con- firming some of his worst suspensions about them. Now you can get a good dose of his philosophy & his ideas about remedying our problems. And if you work for the government, don't be offended - this book is doubly recommended for you! Book, $8.00 for shipping add $2 per book. 5% sales tax for AZ. residents. It is my belief that in the next few years more uses for viruses than just being a vandal will be found. Also, they may find a place in protecting our electronic freedom. - for instance virus remailers. Also see my previous post - The FREEDOM DEAMON. Also, they have a place in my CHATTERBOX concept(a remailer for chat mode or commands). "Viruses aren't just for Sociopaths anymore!" Also, I suspect the state may start cracking down on virus tech- nology. Incidentally, did you all know that crypt has a place in modern viruses? Encryption is used to hide "nasty" code & virus signatures until they get into the system & decrypt. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKK! BBBEEEAAATTTTT STATE ! Chapter 5. Getting the Cypherpunks' archived & indexed list. Vincent also tells us about the complete Cypherpunk's text on line & indexed with fast access times: Eric Johnson has put one together as: http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src Please don't think that you used to be safe doing something illegal on this list and that you no longer are. That would be foolish. -- Vince The "http" is for "Hyper-Text Transport Protocol". This is not FTP, though it is a protocol similar in function to FTP. It is used by "WWW" (World Wide Web) of which Mosaic is the most popular implementation. If you have Mosaic, you can just give the above path. If you do not have mosaic, you should spend some time trying to get it. Mosaic makes it really easy to quickly move through lots of information on the net. Mosaic is a point and click hypertext interface. You can FTP to ftp.ncsa.uiuc.edu and go into Mosaic. WWW has a simple language for writting your own hypertext documents - "HTML" (Hyper Text Markup Language). You can think of this as sort of like Troff, LaTeX or Postscript, but for hypertext documents. One page of HTML can make dozens of normal files easy to access. For example, my README.html security page points to many normal files: ftp://furmint.nectar.cs.cmu.edu/security/README.html It turns out that the mail database is really in "WAIS" (Wide Area Information Server). You can use WAIS directly, though I think it is easier to use through mosaic. To use WAIS you would do: ws -h pmip.maricopa.edu -d cpindex/Cypherpunks The "ws" may be "waissearch" on your system. You can get lots of info on WAIS from ftp://wais.think.com/comp.infosystems.wais-FAQ As someone pointed out, this "http" method does not yet work with "lynx" (a text only implementation of WWW) on the cypherpunks mail database. It seems it will take a new version of lynx or WAIS for this to work. But the Unix "xmosaic" works fine. :-) This form of global filename starting with something like "ftp://", "http://", "gopher://" etc is also part of the WWW architecture. These names are called "URLs" for Universal Resource Locator. Well, that is probably enough acronyms for today. :-) -- Vince From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU To: cypherpunks at toad.com Subject: WWW Acronyms (was Re: Cypherpunks' mail database does exist) Gary Jeffers: > Vincent, you state that a fully archived, indexed cypherpunks >mailing list exists as: >http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src >Ok, so I ftp'ed to pmip.maricopa.edu & tried to get to cypherpunks.src, >but even the subdirectories weren't there. The "http" is for "Hyper-Text Transport Protocol". This is not FTP, though it is a protocol similar in function to FTP. It is used by "WWW" (World Wide Web) of which Mosaic is the most popular implementation. If you have Mosaic, you can just give the above path. If you do not have mosaic, you should spend some time trying to get it. Mosaic makes it really easy to quickly move through lots of information on the net. Mosaic is a point and click hypertext interface. You can FTP to ftp.ncsa.uiuc.edu and go into Mosaic. You also have a typo, it is "Cypherpunks.src" with a capital C. WWW has a simple language for writting your own hypertext documents - "HTML" (Hyper Text Markup Language). You can think of this as sort of like Troff, LaTeX or Postscript, but for hypertext documents. One page of HTML can make dozens of normal files easy to access. For example, my README.html security page points to many normal files: ftp://furmint.nectar.cs.cmu.edu/security/README.html It turns out that the mail database is really in "WAIS" (Wide Area Information Server). You can use WAIS directly, though I think it is easier to use through mosaic. To use WAIS you would do: ws -h pmip.maricopa.edu -d cpindex/Cypherpunks The "ws" may be "waissearch" on your system. You can get lots of info on WAIS from ftp://wais.think.com/comp.infosystems.wais-FAQ As someone pointed out, this "http" method does not yet work with "lynx" (a text only implementation of WWW) on the cypherpunks mail database. It seems it will take a new version of lynx or WAIS for this to work. But the Unix "xmosaic" works fine. :-) This form of global filename starting with something like "ftp://", "http://", "gopher://" etc is also part of the WWW architecture. These names are called "URLs" for Universal Resource Locator. Well, that is probably enough acronyms for today. :-) -- Vince PS I only read cypherpunks once a day, some time after midnight when my collection for the day is done. From: rishab at dxm.ernet.in Subject: Accessing the Cpunk WAIS archive "Gary Jeffers" > http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src > is the location of all the Cypherpunks' posts with index. I can > get to this place by placing a "www" in front of this instruction. Do an archie search for lynx or mosaic or some other decent browser. This is a WAIS indexed archive; no hyper links; you type in a keyword, and get a list of matching articles, and select one (or more) of them to look at. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA Chapter 6. Remailers & chained remailers. From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) Message-Id: <9408300753.AA22369 at anchor.ho.att.com> To: CCGARY at MIZZOU1.missouri.edu Subject: Re: Using remailers, chained remailers? There's somebody who posts a remailer summary to the list about monthly. There are three or four sets of remailers out there: - anon.penet.fi, which gives you an account an12345 at anon.penet.fi which people can reply to. Send "Subject: help" to anon at anon.penet.fi and it'll probably give you a useful reply. Its big use is for anonymous Usenet posting with working replies. - The cypherpunks remailers, which are mostly one-way no-reply mailers; some also support Usenet posting. Soda is pretty typical. - Various enhanced cypherpunks remailers, which have features like encrypted reply addresses you can attach at the end. You can get information on using the soda remailer by sending email to remailer at csua.berkeley.edu, with "help" somewhere in the posting; I'm not sure if it wants it in the Subject: or in the body. That's the remailer that posts from "Tommy the Tourist" with random NSA-bait at the bottom of postings. Here's a recent posting on getting status of remailers. Note that some really only remail once per day, so they may be working fine even if it says they're not. ---- Date: Mon, 15 Aug 1994 13:39:33 -0700 From: Raph Levien To: cypherpunks at toad.com Subject: "finger remailer-list at kiwi.cs.berkeley.edu" now operational Hi all, I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at http://http.cs.berkeley.edu/~raph/remailer-list.html Please do not take the uptime figures too seriously, at least for another week or so. The script has only been running reliably for a few days. Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Raph Levien ------- # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 Chapter 7. Current problems in Crypt. 1. We need an Internet Chat PGP system for conversations in real time. Note: #Freedom channel on the Internet Chat system has carried out fast encrypted conversations for years. When a Cypherpunk contacted one of their members (Sargent someone), he was politely told that their system was private. Sargent was unwilling to disclose method. Is their system some kind of security by obscurity code that cannot be varied (like by a drop in crypt/decrypt algorithm)? Or maybe the crypt method could be a drop in variable method & Sarge was unaware of it? Possibly other #Freedom members would be more knowledgeable? Possibly, a knowledgeable & diplomatic Cypherpunk could hit paydirt by pursuing this. 2. Has Stealth PGP been done yet? 3. Has Arsen Arachelian really solved the problem of discovery of crypt in steganograpy by statistical examination of the least significant bits in his WNSTROM? I have seen no debate on this. 4. If the Feds capture the internet & put their anti-privacy hardware & protocols in place & outlaw remailers, does anyone have any idea how to build secure & effective remailers? A "Fortress remailer"? 5. If the above possibility happens & Cyperpunks' list is outlawed, does anyone have ideas how to make a "Fortress list"? PUSH EM BACK! PUSH EM BACK! WWWAAAYYYY BBBAAACCCK! BBBEEEAAATTTT STATE! From sameer at c2.org Tue Sep 6 14:07:25 1994 From: sameer at c2.org (sameer) Date: Tue, 6 Sep 94 14:07:25 PDT Subject: List of reliable remailers In-Reply-To: <199409061833.LAA23223@netcom6.netcom.com> Message-ID: <199409062101.OAA00877@infinity.c2.org> > > Just to give some kudos to Raph, I've used his "finger" service and > have been shocked at how _good_ it is! Seeing the uptimes, delays, > etc. is very useful in planning remailer chains. > > I haven't had the time to explore his other tools, though. > 'premail' is excellent. I just this weekend hacked elm and pine to worrrk with premail, which I posted to the list. (these versions of elm and pine are installed on c2.org -- premail is not yet publically installed.) > Between this pinging service, and those of Matt Ghio and Sameer Parekh > (haven't checked it in a while), welcome progress has been made. > My pinger (on remail at c2.org and remailer at csua.berkeley.edu) has not been very reliable. I wanted a remailer pinger service available for my blind server and client projects and having seen Raph's setup I am deferring to his. . I hope to be able to incorporate the excellent setup that Raph is running into a client for the blind server running on omega.c2.org. Regarding Tim's earlier comments about for-pay remailers and such. I regard remail at c2.org a for-pay/prfossionally run remailer. While there is no charge associated with using the remailer, it is running as one of the many services offered by the for-profit Community ConneXion system. Thus I hope to keep this remailer very reliable, very strong, and Raph's setup will hopefully show this. (The blind server is an actual for-pay service but I expect that most users will not use it to a degree more than they get for free when they set up an account -- I should make sure I reword my description to emphasize that. [I suspect the reason thhat not many people have signed up [the client *is* hard to use, yes, and slightly buggy, but it works.. that is a reason, but not the main one, in my eyes is that people see that it is a forpay service and don't realize that light usage is free]) -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer at c2.org From sandfort at crl.com Tue Sep 6 14:14:11 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 6 Sep 94 14:14:11 PDT Subject: "GOOD" GOVERNMENT Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Carl Ellison wondered: To what extent is gov't a home for bullies and to what extent is it the collective defense against bullies ...? How do we turn it from the first to the second? As I see it, it's always a home for bullies masquerading as a collective defense. Sometimes it actually it actually has to perform its advertised defense function. Like naked quarks, purely defensive governments cannot exist. They are bipolar by nature, with some poles (i.e., the bullying part) being "more equal than others." S a n d y "There's no government, like no government" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jim at bilbo.suite.com Tue Sep 6 15:00:30 1994 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 6 Sep 94 15:00:30 PDT Subject: Digital Cash mini-FAQ for the layman Message-ID: <9409062159.AA04339@bilbo.suite.com> I recently wrote a description of digital cash for Tom Steinert-Threlkeld, Technology Writer for the Dallas Morning News. I figured I might as well post it here in case there are any newbies that are still coming up to speed. Keep in mind that my intended audience is a person who is in touch with the latest commercially available technology, but is not an engineer, mathematician, or scientist. I've intentionally generalized and oversimplified the descriptions to keep from getting bogged down in the details. If I've made any gross errors let me know, but I think most of the information is accurate. Q: How is digital cash possible? A: Public-key cryptography and digital signatures (both blind and non-blind signatures) make digital cash possible. It would take too long to go into detail how public-key cryptography and digital signatures work. But the basic gist is that banks and customers would have public-key encryption keys. Public-key encryption keys come in pairs. A private key known only to the owner, and a public key, made available to everyone. Whatever the private key encrypts, the public key can decrypt, and vice verse. Banks and customers use their keys to encrypt (for security) and sign (for identification) blocks of digital data that represent money orders. A bank "signs" money orders using its private key and customers and merchants verify the signed money orders using the bank's widely published public key. Customers sign deposits and withdraws using their private key and the bank uses the customer's public key to verify the signed withdraws and deposits. Q: Are there different kinds of digital cash? A: Yes. In general, there are two distinct types of digital cash: identified digital cash and anonymous digital cash. Identified digital cash contains information revealing the identity of the person who originally withdrew the money from the bank. Also, in much the same manner as credit cards, identified digital cash enables the bank to track the money as it moves through the economy. Anonymous digital cash works just like real paper cash. Once anonymous digital cash is withdrawn from an account, it can be spent or given away without leaving a transaction trail. You create anonymous digital cash by using numbered bank accounts and blind signatures rather than fully identified accounts and non-blind signatures. [To better understand blind signatures and their use with digital cash, I highly recommend skimming through chapters 1 - 6 of Bruce Schneier's book _Applied Cryptography_ (available at Taylor's Technical Books). It is quite readable, even to the layman. He doesn't get into the heavy-duty math until later in the book. Even if you don't write a digital cash column in the near future, I still recommend reading through chapters 1 - 6 of _Applied Cryptography_. Bruce does a very good job of describing the wide variety of interesting things you can do when you combine computers, networks, and cryptography.] There are two varieties of each type of digital cash: online digital cash and offline digital cash. Online means you need to interact with a bank (via modem or network) to conduct a transaction with a third party. Offline means you can conduct a transaction without having to directly involve a bank. Offline anonymous digital cash is the most complex form of digital cash because of the double-spending problem. Q: What is the double-spending problem? A: Since digital cash is just a bunch of bits, a piece of digital cash is very easy to duplicate. Since the copy is indistinguishable from the original you might think that counterfeiting would be impossible to detect. A trivial digital cash system would allow me to copy of a piece of digital cash and spend both copies. I could become a millionaire in a matter of a few minutes. Obviously, real digital cash systems must be able to prevent or detect double spending. Online digital cash systems prevent double spending by requiring merchants to contact the bank's computer with every sale. The bank computer maintains a database of all the spent pieces of digital cash and can easily indicate to the merchant if a given piece of digital cash is still spendable. If the bank computer says the digital cash has already been spent, the merchant refuses the sale. This is very similar to the way merchants currently verify credit cards at the point of sale. Offline digital cash systems detect double spending in a couple of different ways. One way is to create a special smart card containing a tamper-proof chip called an "Observer" (in some systems). The Observer chip keeps a mini database of all the pieces of digital cash spent by that smart card. If the owner of the smart card attempts to copy some digital cash and spend it twice, the imbedded Observer chip would detect the attempt and would not allow the transaction. Since the Observer chip is tamper-proof, the owner cannot erase the mini-database without permanently damaging the smart card. The other way offline digital cash systems handle double spending is to structure the digital cash and cryptographic protocols so the identity of the double spender is known by the time the piece of digital cash makes it way back to the bank. If users of the offline digital cash know they will get caught, the incidents of double spending will be minimized (in theory). The advantage of these kinds of offline systems is that they don't require special tamper-proof chips. The entire system can be written in software and can run on ordinary PCs or cheap smart cards. It is easy to construct this kind of offline system for identified digital cash. Identified offline digital cash systems can accumulate the complete path the digital cash made through the economy. The identified digital cash "grows" each time it is spent. The particulars of each transaction are appended to the piece of digital cash and travel with it as it moves from person to person, merchant to vender. When the cash is finally deposited, the bank checks its database to see if the piece of digital cash was double spent. If the digital cash was copied and spent more than once, it will eventually appear twice in the "spent" database. The bank uses the transaction trails to identify the double spender. Offline anonymous digital cash (sans Observer chip) also grows with each transaction, but the information that is accumulated is of a different nature. The result is the same however. When the anonymous digital cash reaches the bank, the bank will be able to examine it's database and determine if the digital cash was double spent. The information accumulated along the way will identify the double spender. The big difference between offline anonymous digital cash and offline identified digital cash is that the information accumulated with anonymous digital cash will only reveal the identity of the spender if the cash is double spent. If the anonymous digital cash is not double spent, the bank can not determine the identity of the original spender nor can it reconstruct the path the cash took through the economy. With identified digital cash, both offline or online, the bank can always reconstruct the path the cash took through the economy. The bank will know what everyone bought, where they bought it, when they bought it, and how much they paid. And what the bank knows, the IRS knows. By the way, did you declare that $20 bill your Grandmother gave you for your birthday? You didn't? Well, you wont have to worry about forgetting those sorts of things when everybody is using fully identified digital cash. As a matter of fact, you wont even have to worry about filing a tax return. The IRS will just send you a bill. Jim_Miller at suite.com From mnemonic at eff.org Tue Sep 6 15:02:40 1994 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 6 Sep 94 15:02:40 PDT Subject: A Different EFF on DigiTel Bill In-Reply-To: <199408291422.KAA10836@pipe3.pipeline.com.778170390> Message-ID: <34iotc$62t@eff.org> In article <199408291422.KAA10836 at pipe3.pipeline.com.778170390>, John Young wrote: >(If anyone cares, Mike posts zingers and unhealthy thoughts >like c'punks' regularly on list Cyberia-L.) Somebody's got to give those law professors some grief. --Mike -- Mike Godwin, (202) 347-5400 |"And walk among long dappled grass, mnemonic at eff.org | And pluck till time and times are done Electronic Frontier | The silver apples of the moon, Foundation | The golden apples of the sun." From hfinney at shell.portal.com Tue Sep 6 15:20:33 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 6 Sep 94 15:20:33 PDT Subject: Reputation Capital papers? In-Reply-To: <199409062037.QAA21812@arthur.bwh.harvard.edu> Message-ID: <199409062220.PAA21494@jobe.shell.portal.com> Adam Shostack writes: > Are there papers out there on reputation capital that I should >be familiar with before talking about it? I have a bunch of ideas, >but would like to review the lit before presenting any of them, so I >don't repeat things that have been talked about, and don't make any >dumb mistakes. I checked the index of AC, and also looked in the >bibliography under Chaum but did not see anything. I seem to recall a posting in outline form by Dean Tribble to this list about 1 1/2 years ago. It was some notes he had used in a presentation to a CP meeting. Maybe someone could dig it out again. I don't think Chaum has particularly used the term or even discussed the issue that much. It doesn't seem like it is an issue which is talked about in many places. Your ideas are probably as much worth hearing as anyone's. Hal Finney P.S. I did find a paper on the net called "Endorsements, Licensing, and Insurance for Distributed System Services", by Lai, Medvinsky, and Newman of Information Sciences Institute. Here is the abstract: "Clients in a distributed system place their confidence in many servers, and servers themselves rely on other servers for file storage, authentication, authorization, and payment. When a system spans administrative boundaries it becomes harder to assess the security and competence of potential service providers. This paper examines the issue of confidence in large distributed systems. "When confidence is lacking in the 'real world,' one relies on endorsements, licensing, insurance, and surety bonds to compensate. We show that by incorporating such assurances into a distributed system, users are better able to evaluate the risks incurred when using a particular server. This paper describes a method to electronically represent endorsements, licenses, and insurance policies, and discusses the means by which clients use such items when selecting service providers." Unfortunately, I can't recall where I saw the pointer to this paper. I'm sure other people read the same lists and newsgroups I do so perhaps someone else can provide a pointer. Also, my copy of the postscript paper would only print the first three pages, so I can't really evaluate their ideas. From CCGARY at MIZZOU1.missouri.edu Tue Sep 6 15:57:16 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 6 Sep 94 15:57:16 PDT Subject: CEB1B PREMEIERE ISSUE Message-ID: <9409062257.AA16925@toad.com> * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.sig * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.zip MacIntosh: * _DE:_ ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/mac /MacPGP2.6ui_beta.sit.hqx * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/PGP/MacPGP2.6ui_V1.2sources.cpt.hqx Other sites to look for the above mentioned files at: ftp.informatik.uni-hamburg.de /pub/virus/crypt/pgp This site has most, if not all, of the current PGP files. ftp.wimsey.bc.ca /pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/PGP (U. S. and Canadian users only) See /pub/crypto/software/README for the characters for XXXXXXXX This site has all public releases of the freeware PGP from 1.0 through 2.6 and 2.6ui. black.ox.ac.uk (129.67.1.165) /src/security/pgp26uix.zip (MS-DOS executables & docs) /src/security/pgp26uis.zip (Unix, MS-DOS, VMS, Amiga sources, docs, info on building PGP into mailers, editors, etc.) There are several other versions of PGP here, including the MIT release. ftp.csn.net /mpj/public/pgp/ contains PGP shells, faq documentation, language kits. ftp.netcom.com /pub/dcosenza -- Some crypto stuff, sometimes includes PGP. /pub/gbe/pgpfaq.asc -- frequently asked questions answered. /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ, Steganograpy software list. MacUtilites for use with MacPGP. Stealth1.1 + other steganography programs. Send mail to qwerty at netcom.com with the subject "Bomb me!" to get the PGP FAQ and MacPGP guide if you don't have ftp access. ftp.ee.und.ac.za /pub/crypto/pgp soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ftp.dsi.unimi.it /pub/security/crypt/PGP ftp.tu-clausthal.de (139.174.2.10) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) nic.funet.fi (128.214.6.100) /pub/crypt/pgp23A.zip /pub/crypt/pgp23srcA.zip /pub/crypt/pgp23A.tar.Z ftp.uni-kl.de (131.246.9.95) qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) StealthPGP: The Amiga version can be FTP'ed from the Aminet in /pub/aminet/util/crypt/ as StealthPGP1_0.lha. Also, try an archie search for PGP using the command: archie -s pgp26 (DOS & Unix Versions) archie -s pgp2.6 (MAC Versions) ftpmail: For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. For the ftp sites on netcom, send mail to ftp-request at netcom.com containing the word HELP in the body of the message. World Wide Web URLs: (Thanks to mathew at mantis.co.uk) _________________________________________________________________ MACPGP 2.3 Program * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.3.cpt.hqx * _UK:_ ftp://black.ox.ac.uk/src/security/macpgp2.3.cpt.hqx * _SE:_ ftp://isy.liu.se/pub/misc/pgp/2.3A/macpgp2.3.cpt.hqx * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3.cpt.hqx * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3.cpt.hqx * _US:_ ftp://soda.berkeley.edu/pub/cypherpunks/pgp/macpgp2.3.cpt.hqx.gz Source code Requires Think C. * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/MacPGP/MacPGP2.2src.sea.hqx -- version 2.2 only * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/macpgp2.3src.sea.hqx.pgp * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/macpgp2.3src.sea.h qx.pgp Documentation PGP is rather counter-intuitive to a Mac user. Luckily, there's a guide to using MacPGP in ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP. _________________________________________________________________ OS/2 PGP You can, of course, run the DOS version of PGP under OS/2. * _DE:_ ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/pgp/2.6ui/pgp26ui-os2.zip * _US:_ ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip ftp://ftp.csn.net/mpj/README.MPJ for the ??????? _________________________________________________________________ AMIGA PGP 2.3 * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a_3.lha * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a_3.lha Source * _DE:_ ftp://ftp.uni-kl.de/pub/aminet/util/crypt/PGPAmi23a3_src.lha * _US:_ ftp://ftp.wustl.edu/pub/aminet/util/crypt/PGPAmi23a3_src.lha _________________________________________________________________ ARCHIMEDES PGP * _UK:_ ftp://ftp.demon.co.uk/pub/archimedes/ArcPGP23a _________________________________________________________________ DOCUMENTATION ONLY * _US:_ ftp://net-dist.mit.edu/pub/PGP/pgp26doc.zip * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26doc.zip * _US:_ ftp://ftp.netcom.com/pub/mpj/public/pgp/pgp26doc.zip * _US:_ ftp://ftp.ftp.csn.net/mpj/public/pgp/pgp26doc.zip _________________________________________________________________ LANGUAGE MODULES These are suitable for most PGP versions. I am not aware of any export/import restrictions on these files. German * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha Italian * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz Japanese * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz Lithuanian * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip Russian * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version) * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version) * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip Spanish * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz Swedish * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt _________________________________________________________________ OTHER SITES Some cryptographic software is available from ftp://van-bc.wimsey.bc.ca/pub/crypto/software/. Read the README file and proceed from there. BBS sites: Colorado Catacombs BBS (See also the entry above for PGP 2.6) (303) 772-1062 Longmont, Colorado (2 lines) (303) 938-9654 Boulder, Colorado (free call from Denver CO, but 1 line) For free access: log in with your own name, answer the questions, then select [Q]uestionaire 3 from the [M]ain menu. Verified: This morning. Hieroglyphics Voodoo Machine (Colorado) Jim Still (aka Johannes Keppler), sysop. DOS, OS2, and Mac versions. (303) 443-2457 Verified: 5-2-94 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel If you find a version of the PGP package on a BBS or FTP site and it does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. ARCHIE WHO? There are many more sites. You can use archie and/or other "net-surfing" tools to find a more up-to-date listing, if desired. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUCBRAu G3chZXmEuMepZt0BAZtAA/0Rw5mintlUDgHycNbeoyIiMHoLu8jWaCSaiGSt+dDU 1A/bUCo+gorv5TYxOClRf3XHjD6zSooWyUz3ehotrzPYLunhVOE2YBxPU+OvKFOc 37mcZrnXGBlF5NblnSYxp0186tGaTm7WMWx7NDlHT4GvhzHJQSOoo48ykDkKm/mk LIkAlQIFEC4PWbs/ZwY8hTPrxQEBKyMD/A7kv91C1ZZIRtkbC9k9lsWOgOnO8wG8 bGMajaco465Z5llWD+Y8QCMdSWcowtOBGfW0Wv1bZ1uebeCpg1L66pJ7C+BOExrk gPqRVCstLLiVerKGeSOZo3yXtxYKYX7mHQPrHp98ef7fUG4IiKS+S+znmGxpJwrV sHZRlhJ3hXUsiQCVAgUQLg9ZefX0zg8FAL9FAQFBTAQAh4u4Vun7WhPuL6fsXiXm paaGfeLtd3biRj/aOMAG1eHuhVdWejx71ormyKTdNB2YV56bpsE3JQ/KhBuYDo0N SkRnqeM2S+Ef7aZEg6Q44uXG52pqCZUldtCeYfOs3aLCR9SMlc6Y3zmpSwB1wKP0 5+tN9zruNYVKKBLWEIFAY7W0K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9o bnNvbkBpZWVlLm9yZz60IE1pY2hhZWwgSm9obnNvbiA8bXBqQG5ldGNvbS5jb20+ tChNaWtlIEpvaG5zb24gPDcxMzMxLjIzMzJAY29tcHVzZXJ2ZS5jb20+tCtNaWNo YWVsIFAuIEpvaG5zb24gPG1wam9obnNvQG55eC5jcy5kdS5lZHU+tC1EbyBub3Qg dXNlIGZvciBlbmNyeXB0aW9uIGFmdGVyIDI3IEp1bmUgMTk5Ni4= =rR4q - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....| | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAgUBLkq2xfX0zg8FAL9FAQFTNgP+MRZEelkRWavsKsLKgTpZEXix++Bhk8CW s1jgJkyFEgEjS5EDPsKUOZKT+peohlfSmMO1dvO4125b+g+jg3rI/BQQOnWA65PT 8ylmelaoQSrzPhbYvPCk/a7zzOqoGnfa3x4C3ECJBRKFvofaZOgo1pzzCxwwa/wW PtYKpgCtp34= =H24Y -----END PGP SIGNATURE----- Section 3: Michael Johnson's PGP bomb contribution. From: Michael Johnson Subject: PGP Time Bomb FAQ -----BEGIN PGP SIGNED MESSAGE----- PGP TIME BOMB FAQ There has been some confusion about the annoying "Time Bomb" in MIT PGP 2.6, as well as some other PGP version compatibility issues. This is an attempt to clear up some of that confusion. WHY IS THERE A TIME BOMB IN MIT PGP 2.6? In the process of negotiating for the right to distribute a fully legal version of PGP that the patent assignees agree doesn't infring upon their patents, MIT agreed to include an inducement for people to upgrade from the alledgedly infringing freeware PGP 2.3a to the clearly legal freeware MIT PGP 2.6 or the also clearly legal Viacrypt PGP 2.7. Folks, you may not realize it, but the RSADSI/PKP concession to allow a freeware PGP in the USA is BIG TIME GOOD NEWS! To induce a small incompatibility with a downlevel version of PGP with several bugs in it is a small annoyance by comparison. WHAT IS THE NATURE OF THE TIME BOMB? On 1 September 1994 UT, by your system clock, MIT PGP 2.6 will start generating encrypted message and signature packets with a version byte (offset 3) of 2 instead of 3. It will accept either 2 or 3 as valid. This means that messages from PGP 2.3a and old messages from MIT PGP 2.6 can be read by MIT PGP 2.6, but new messages from MIT PGP 2.6 cannot be read by PGP 2.3a. See pgformat.doc in the MIT PGP 2.6 distribution for the location and use of these bytes. This time bomb is activated by code in pgp.c that looks like this: #define VERSION_BYTE_OLD 2 /* PGP2 */ #define VERSION_BYTE_KLUDGE 3 ... boolean legal_kludge; int version_byte = VERSION_BYTE_OLD; ... /* Turn on incompatibility as of 1 September 1994 (GMT) */ legal_kludge = (get_timestamp(NULL) >= 0x2e651980); ... if (legal_kludge) version_byte = VERSION_BYTE_KLUDGE; Although a method for disarming the time bomb is obvious to the casual C programmer, disabling this feature invalidates the RSA license to use the program, and really doesn't gain you much for reasons that will become obvious below. HOW DOES THIS TIME BOMB AFFECT COMPATIBILITY WITH OTHER VERSIONS? The bottom line is that PGP 2.3a and before (as well as Viacrypt PGP 2.4) cannot read all of the latest PGP version formats, starting on 1 September 1994. Here is a summary of the version bytes generated and understood: Format generated Formats before/after understood Version 1 Sep 94 (all times) - ---------------------------- ----- ---- ----------- 2.3 2 2 2 2.3a 2 2 2 Amiga 2.3a.4 2 2 2,3 Viacrypt 2.4 2 2 2 2.6ui 2 2 2,3 MIT 2.6 2 3 2,3 Viacrypt 2.7, pkcs_compat=1 2 3 2,3 Viacrypt 2.7, pkcs_compat=2 2 2 2,3 Viacrypt 2.7, pkcs_compat=3 3 3 2,3 (Not mentioned above is MIT PGP 2.5, which was a buggy beta, nor several other versions that are outside the mainstream PGP project). If you are using one of the versions above that cannot understand version byte 3 messages, you should upgrade to one that does. The upgrade from Viacrypt PGP 2.4 to Viacrypt PGP 2.7 is only US$10, and also provides several other enhancements. As you can see, people with downlevel versions of PGP will not be able to read all PGP messages directed at them, nor will they be able to verify all of the signed messages they might wish to verify. It is also worth noting that none of the new versions have any trouble reading the old format messages. WHAT IS THE RSA KEY MODULUS LENGTH LIMIT? The RSA key modulus length limit for compatibility with all mainstream PGP versions is 1024 bits (military grade). I recommend the use of this length, at least for now. PGP 2.3a, running on some platforms (but not others), use to be able to generate and use 1264 bit keys. In addition, some people have hacked their own copies of PGP to generate and use longer keys (up to 8192 bits or some such crazy number). Distribution of these hacked versions under the "Pretty Good Privacy" trademarked name is not recommended, since it upsets the trade mark owner (Philip Zimmermann) and interferes with some of his long term plans to support longer keys in a more organized fashion. IS 1024 BITS LONG ENOUGH? Conservative estimates of increasing computing power, advancing mathematical knowledge, and the propensity of certain spy organizations to spend lots of money on these things say that 1024 bit keys are strong enough for at least 20 years or so. Less paranoid prognosticators say that such keys are good for hundreds of years. More paranoid prognosticators think that someone has already broken RSA and not told us about it, so no RSA key is safe. My opinion is that RSA keys with a modulus of about 1024 bits in length is more than adequate to protect most electronic mail and financial transactions. What do you think? HOW DOES THE STRENGTH OF RSA AND IDEA COMPARE? As implemented in PGP, the IDEA cipher used for bulk encryption appears to be stronger than the RSA cipher. In fact, to strengthen the RSA to the same level as the IDEA cipher (assuming a brute force attack), it would take an RSA modulus of about 3100 bits. WHY NOT ALLOW LONGER RSA KEYS, ANYWAY? OK, so you are more paranoid than me, and want the RSA key to be at least as strong as the IDEA cipher. Why isn't there a higher limit to the RSA key size? First, there is the minor problem that RSAREF and BSAFE (which are tied to the RSA patent license for the freeware and some commercial versions of PGP) have a key length limit of 1024 bits. Changing this involves negotiations with RSADSI/PKP, and could take some time. Second, allowing longer key sizes could create a Tower of Babel problem of incompatible PGP versions, since not all versions could handle these long keys. Third, the implementation of longer keys needs to be done in an orderly manner such that all mainstream PGP versions (Viacrypt, MIT freeware, BSAFE-based commercial, and possibly a non-USA variant) are first upgraded to accept, but not generate, the longer keys. After all PGP users can accept the longer keys, then PGP versions can start generating the longer keys with no interruption in service. It still makes sense to have a length limit for compatibility reasons. I have asked Philip Zimmermann to increase that to at least 4096 bits when he can, and I think that he will do that in an orderly manner if there isn't too much in the way of hassles with RSAREF and BSAFE licensing. If this isn't secure enough for you, shift to conventional encryption and manual (direct person-to-person) key exchange, making sure that your keys have at least 128 bits of entropy. This can be done with pgp -c or another private key encryption program called dlock that has the virtues of (1) NO patent problems, and (2) very strong encryption. (DLOCK is not nearly as user friendly as PGP, but what do you want for free?) HOW DOES PKCS BYTE ORDERING IN KEYS AFFECT COMPATIBILITY? PGP versions 2.2 and before generated key and signature block formats with a different byte order than derived from the PKCS standards. PGP 2.3 also generated this old format if you specified +pkcs_compat=0 in config.txt or on the command line. This old format is now obsolete. Unfortunately, the old format cannot be parsed by RSAREF or BSAFE, so PGP versions based on these crypto engines (like MIT PGP 2.6) cannot read those packets. Viacrypt PGP, From CCGARY at MIZZOU1.missouri.edu Tue Sep 6 15:57:45 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Tue, 6 Sep 94 15:57:45 PDT Subject: CEB 1A PREMEIRE ISSUE Message-ID: <9409062257.AB16925@toad.com> CYPHER-REBELS ELECTRONIC BOOK (CEB) SEPTEMBER 05, 1994 LABOR DAY ISSUE PREMIERE ISSUE Publisher Gary Lee Jeffers A compendium of the best software & info for today's electronic privacy freedom fighters. This text may be distributed in part or in full anywhere you want. It may be given away freely or copies may be sold. CEB wants to be free & valuable. TABLE OF CONTENTS Chapter 1. PGP general. Section 2: Michael Johnson's PGP FAQ contribution Chapter 2. Steganography. "A picture is worth a thousand words." Chapter 3. Shells for PGP Section 1. David Merriman's WinPGP26.ZIP Section 2. Ross Barclay's WinFront 3.0 Chapter 4. Generally cool things. Section 1. Loompanics sources. Section 2. Viruses sources. Chapter 5. Getting the Cypherpunks' archived & indexed list. Chapter 6. Remailers & chained remailers. Chapter 7. Current problems in Crypt. CCCCCCCCCC YYYY YYYY PPPPPP HH HH EEEEEEE RRRRRRRRR CCCCCCCCCC YY YY PP PP HH HH EEEEEEE RRRRRRRRR CCC YY YY PP PP HH HH EE RR RR CCC YY YY PPPPPP HHHHHHHH EE RR RR CCC YYY PP HHHHHHHH EEEEEEE RR RR CCC YYY PP HH HH EEEEEEE RRRRRRRR CCC YYY PP HH HH EE RRRRRRR CCC YYY PP HH HH EE RRRRRR CCCCCCCCCC YYY PP HH HH EE RR RR CCCCCCCCCCC YYY PP HH HH EEEEEEE RR RR PP HH HH EEEEEEE RR RR RRRRRRRRRRR RR RR RRRRRRRRRRRRRR EEEEEEEEE RRRRRRRRRRR EEEEEEEEEEE BBBBBBBB EEEEEEEEEE SSSSSSS RRRRRRRR EEEEEEEEE BBBBBBBBBBB EE EEEEEEE SSSSSSSSS RR RRRR EEEEEEEEEE BBBBBBBBBB EEEEEEE SSSSSSSSS RRR RRRR EEEEEEEE BBBBBBBB EEEEEEE SSSSSSSS RRR RRRRR EEEEEE BBBBBB EEEEEEEE SSSSSSSSS RRRRRRRRRRRRRR EEEEEEE BBB EEEEEEEEEEE SSSSSSSSSS RRRRRRRRRRRRRR EEEEEEEEEE BB EEEEEEEEEEE SSSSSSS RRRRRRR RRRR EEEEEEEEEE BBB EEEEEEEEEEEEEE SSSSSSSSSSSSS RRR RRRRR EEEEEEEEEEEE BBBBB EEEEEEEEEEEEEEE SSSSSSSSSSSS RRRRR RR EEEEEEEE BBBBBBB EEEEEEEEE SSSSSSSSSS RR RRRRR EEEEEE BBBBBBBBB EEEEEEE SSSSSSSSSS RR RRRRR EEEEEE BBBBBBBBB EEEEEEE SSSSSSSSSS RRR RRRRRR EEEEEEEEEEE BBBBBBBB EEEEEEEEEEEE SSSSSSSSSSS RRRR RRRRRRR EEEEEEEEEEEEE BBBBBBB EEEEEEEEEEEEE SSSSSSSSSSSS PPPPPPPPPPP GGGGGGGGG PPPPPPPPPPP PPPPPPPPPPP GGGGGGGGG PPPPPPPPPPP PPP PP GGG PPP PP PPPPPPPPPPPP GGG GGGGGGG PPPPPPPPPPP PPPPPPPPPP GGG GGGGGGG PPPPPPPP PPP GGG GG PPP PPP GGGGGGGGGGGGG PPP PPP GGGGGGGGGGGG PPP Chapter 1. PGP general. PGP is Pretty Good Privacy from Phil Zimmermann. It is currently the best available encryption available to civilians at large. Zimmermann is the programmer on the original PGP versions but now, apparently, just guides other programmers in making improved versions. PGP uses two encryption algorithms: RSA for its Public Key powers & IDEA for its bulk encryption. The advantages of PGP over other crypt/decrypt systems are: 1. RSA algorithm. Allows users to communicate without needing a secure channel to exchange keys. - PUBLIC KEY ENCRYPTION. 2. The program system has been very well done & has huge development support. 3. It has huge popularity. 4. Security is guaranteed with distribution of source code & public investigation. 5. Its free. 6. Both RSA & IDEA are "STRONG" algorithms. MIT,s PGP 2.6 has the blessing of Zimmermann. PGP 2.6 ui is believed to have Zimmermann's approval because he has not attacked it. It is believed that Zimmermann will not endorse the ui version due to possible legal problems. Section 2: Michael Johnson's PGP FAQ contribution From: Michael Paul Johnson Subject: Where to get the latest PGP (Pretty Good Privacy) FAQ To: cypherpunks at toad.com -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 11 August 1994 by Mike Johnson) WHAT IS THE LATEST VERSION? There is more than one latest version. Pick one or more of the following that best suits your computer, patent restrictions, and export restrictions. Some countries (like France) may also restrict import or even use of strong cryptography like PGP. |-----------------|--------------|-------------|---------------------| | Platform(s) | Countries | Allowed Use | Latest Version | |-----------------|--------------|-------------|---------------------| | DOS, Unix, | USA & Canada | Commercial | Viacrypt PGP 2.7 | | or WinCIM/CSNav | | Personal | | | | | Research | | |-----------------|--------------|-------------|---------------------| | DOS, Unix, Mac, | USA & Canada | Personal | MIT PGP 2.6 | | OS/2, others | | Research | | |-----------------|--------------|-------------|---------------------| | DOS, Unix, Mac, | Most of the | Personal | PGP 2.6ui | | OS/2, others | world except | Research | ui=unofficial | | | the USA. | | international | |-----------------|--------------|-------------|---------------------| | Mac Applescript | Most of the | Personal | MacPGP 2.6ui v 1.2 | | | world except | Research | | | | the USA. | | | |-----------------|--------------|-------------|---------------------| | Mac Applescript | USA | Research | MacPGP 2.6ui v 1.2 | |-----------------|--------------|-------------|---------------------| | Amiga | Most of the | Personal | Amiga PGP 2.3a.4 | | | world except | Research | | | | the USA. | | PGPAmi23a_4.lha | |-----------------|--------------|-------------|---------------------| | Amiga | USA | Personal | Amiga PGP 2.6 0b0.6 | | | | Research | | |-----------------|--------------|-------------|---------------------| | Atari | Most of the | Personal | Atari PGP 2.3a | | | world except | Research | | | | the USA. | | | |-----------------|--------------|-------------|---------------------| | Atari | USA | Research | Atari PGP 2.3a | |-----------------|--------------|-------------|---------------------| | Any of the | Countries | Commercial | Any of the above | | above | where IDEA | Personal | | | | is not | Research | | | | patented and | | | | | cryptography | | | | | is not | | | | | restricted. | | | |-----------------|--------------|-------------|---------------------| Note: there are other versions available, but these are either old, or outside of the mainstream PGP project. Look for new versions from one of three sources: Viacrypt (Commercial), MIT (North American freeware), or mathew at mantis.co.uk (the unofficially non-designated holder of the unofficial international version that parallels what Philip Zimmermann and the rest of the PGP development team is doing in the USA. Note that the MIT PGP 2.6 is illegal to export from the USA or Canada, but using it outside of the USA and Canada for noncommercial use is not illegal in most countries. In spite of the best efforts of MIT and the other primary developers and distributors of PGP not to violate the International Traffic in Arms Regulations, MIT PGP 2.6 is available on some of the same sites listed for PGP 2.6ui, below. The noncommercial use restriction comes from both the RSAREF license and the patent on the IDEA cipher in Europe and North America. WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS? For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip The practical meaning, until the law is corrected to make sense, is that you are requested to get PGP from sites outside of the USA and Canada if you are outside of the USA and Canada. If you are in France, I understand that you aren't even supposed import it. Other countries may be worse. WHAT IS THE "TIME BOMB" IN MIT PGP 2.6? As a concession to the RSA patent holders (in return for endorsement of the legality of the freeware MIT PGP 2.6), MIT placed an inducement in MIT PGP 2.6 to encourage upgrade from the alledgedly patent-infringing PGP 2.3a to the MIT version. The nature of this inducement is a change in a packet ID byte that causes PGP 2.3a and earlier to reject messages created by MIT PGP 2.6 after 1 September 1994. Altering MIT PGP 2.6 to bypass this annoyance (though technically an easy change to the LEGAL_KLUDGE), invalidates the blessing of Public Key Partners on the licence of MIT PGP 2.6. Therefore, it is a bad idea. On the other hand, it is trivial to hack PGP 2.3a to accept these packets, and that (plus a few other bug fixes) is essentially what PGP 2.6ui is. None of the versions of PGP greater than 2.3 have problems reading the old packet ID values, so for maximum compatibility, the ideal is to write the old value and accept either value. Unfortunately, this time bomb has a negative effect on Viacrypt PGP 2.4, as well, which never infringed on anyone's patents. Viacrypt's solution was to issue PGP 2.7, which, by default acts just like MIT PGP 2.6, but has a config.txt option (explained in the release) that allows compatibility with both PGP 2.4 and PGP 2.6. Naturally, this also allows compatibility with PGP 2.3a. The time bomb is annoying for those who still wish to use PGP 2.3a, and for those who use Viacrypt PGP 2.4 and don't want to spend US$10 to upgrade to Viacrypt PGP 2.7, but considering the magnitude of the concession made by Public Key Partners in legitimizing the freeware PGP for use in the USA, it was worth it. ARE MY KEYS COMPATIBLE WITH THE OTHER PGP VERSIONS? If your RSA key modulus length is less than or equal to 1024 bits (I don't recommend less, unless you have a really slow computer and little patience), and if your key was generated in the PKCS format, then it will work with any of the mainstream PGP versions (PGP 2.3a, Viacrypt PGP 2.4, MIT PGP 2.6, PGP 2.6ui, or Viacrypt PGP 2.7). If this is not the case, you really should generate a new key that qualifies. Philip Zimmermann is aware of the desire for longer keys in PGP by some PGP fans (like me), but wants to migrate towards that goal in an orderly way, by first releasing versions of PGP in for all platforms and for both commercial (Viacrypt) and freeware (MIT) flavors that ACCEPT long keys, then releasing versions that can also GENERATE long keys. He also has some other neat key management ideas that he plans to implement in future versions. WHAT ARE THE KNOWN BUGS IN PGP? These are the most annoying: MIT PGP 2.6 -- the function xorbytes doesn't. Replace the = with ^= to fix it. The effect of this bug is that RSA keys aren't quite as random as they should be -- probably not a practical problem, but worth fixing if you are going to compile the code yourself. MIT PGP 2.6 -- DON'T SET PGPPASS when editing your keys, because if you do, and if you don't change your pass phrase, the key is lost. (If this happens, rename your backup keyring files to the primary files before you do anything else). PGP 2.6ui -- Conventional encryption -c option doesn't use a different IV every time, like it is supposed to. (PGP 2.3a had this problem, too). WHERE CAN I GET VIACRYPT PGP? Versions are available for DOS, Unix, or WinCIM/CSNav Commercial software. Call 800-536-2664 to order. If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest version number for their version of PGP is 2.7. Upgrade from Viacrypt PGP 2.4 to 2.7 is free if you bought version 2.4 after May 27, 1994, otherwise the upgrade is US$10. Viacrypt's licensing and price information is as follows: ViaCrypt PGP for MS-DOS 1 user $ 99.98 ViaCrypt PGP for MS-DOS 5 users $ 299.98 ViaCrypt PGP for MS-DOS 20 users or more, call ViaCrypt ViaCrypt PGP for UNIX 1 user $ 149.98 ViaCrypt PGP for UNIX 5 users $ 449.98 ViaCrypt PGP for UNIX 20 users or more, call ViaCrypt ViaCrypt PGP for WinCIM/CSNav 1 user $ 119.98 ViaCrypt PGP for WinCIM/CSNav 5 user $ 359.98 ViaCrypt PGP for WinCIM/CSNav 20 users or more, call ViaCrypt If you wish to place an order please call 800-536-2664 during the hours of 8:30am to 5:00pm MST, Monday - Friday. They accept VISA, MasterCard, AMEX and Discover credit cards. If you have further questions, please feel free to contact: Paul E. Uhlhorn Director of Marketing, ViaCrypt Products Mail: 2104 W. Peoria Ave Phoenix AZ 85029 Phone: (602) 944-0773 Fax: (602) 943-2601 Internet: viacrypt at acm.org Compuserve: 70304.41 WHERE CAN I GET MIT PGP? MIT PGP is Copyrighted freeware. Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp to net-dist.mit.edu and change to the hidden directory named in the telnet session to get your own copy. MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it within the USA (due to some archaic export control laws). 1. Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it. 2. Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it. 3. Telnet to net-dist.mit.edu and log in as getpgp. 4. Answer the questions and write down the directory name listed. 5. QUICKLY end the telnet session with ^C and ftp to the indicated directory on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get the distribution files (pgp26.zip, pgp26doc.zip, pgp26src.tar.gz, MacPGP2.6.sea.hqx, and MacPGP2.6.src.sea.hqx). If the hidden directory name is invalid, start over at step 3, above. File names (shortened file names are for DOS BBS distribution): pgp26doc.zip - documentation only pgp26.zip - includes DOS executable & documentation pgp26src.zip - source code pgp26src.tar or pgp26src.tar.gz - source code release for Unix and others macpgp26.hqx or MacPGP2.6.sea.hqx - Macintosh executable & documentation macpgp26.src or MacPGP2.6.src.sea.hqx - Macintosh source code mcpgp268.hqx or MacPGP2.6-68000.sea.hqx - Macintosh executable for 68000 pgp26os2.zip - OS/2 executable (may not be on the MIT archive) RSA and IDEA algorithms licenced for personal and noncommercial use. Uses RSAREF, which may not be modified without RSADSI permission. Contains "time bomb" to start generating messages incompatible with PGP 2.3 and 2.4 on 1 September 1994 as an incentive for people to not use PGP 2.3a in the USA, which RSADSI claims infringes on their patents. Mac versions are not yet Applescriptable. This version is not intended for export from the USA and Canada due to the USA's International Traffic in Arms Regulations and Canada's corresponding regulations. You can also get MIT PGP 2.6 from: ftp.csn.net/mpj ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.zip ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26os2.zip ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar.gz ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/mac MacPGP2.6.sea.hqx MacPGP2.6.src.sea.hqx MacPGP2.6-68000.sea.hqx ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/amiga/ pgp26-amiga0b0.6-000.lha pgp26-amiga0b0.6-020.lha pgp26-amiga0b0.6-src.lha amiga.txt See ftp://ftp.csn.net/mpj/README.MPJ for the ??????? See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's export control methods. ftp.netcom.com/pub/mpj ftp://ftp.netcom.com/mpj/I_will_not_export/crypto_???????/pgp/pgp26.zip ftp://ftp.netcom.com/mpj/I_will_not_export/crypto_???????/pgp/pgp26src.tar.gz ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/ MacPGP2.6.sea.hqx ftp://ftp.netcom.com/pub/mpj/I_will_not_export/crypto_???????/pgp/ MacPGP2.6.src.sea.hqx MacPGP2.6-68000.sea.hqx See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ??????? See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this site's export control methods. TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com containing the word HELP in the body of the message for instructions. You will have to work quickly to get README.MPJ then the files before the ??????? part of the path name changes again (several times a day). ftp.eff.org Follow the instructions found in README.Dist that you get from one of: ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ COMPUSERVE The NCSA Forum sysops have a library that is available only to people who send them a message asserting that they are within the U. S. A. This library contains PGP. I have also seen PGP 2.6 in some other places on Compuserve. Try searching for PGP26.ZIP in the IBMFF forum for up-to-date information on PGP in selected other areas. The last time I tried a search like this, PGP 2.6 was found in the PC World Online forum (GO PWOFORUM) new uploads area, along with several PGP shells and accessories. I've also heard that EUROFORUM caries PGP 2.6ui, but have not confirmed this. Compuserve file names are even more limited than DOS, so the file names to look for are PGP26.ZIP, PGP26S.ZIP (source code), and PGP26D.ZIP (documentation only). Colorado Catacombs BBS Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, etc. v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps 8 data bits, 1 stop, no parity, as fast as your modem will go. Use ANSI terminal emulation, of if you can't, try VT-100. Free access to PGP. If busy or no answer, try again later. Log in with your own name, or if someone else already used that, try a variation on your name or pseudonym. You can request access to crypto software on line, and if you qualify legally under the ITAR, you can download on the first call. Download file names: pgp26.zip (DOS version with documentation) pgp26src.tar (Unix version and source code) pgp26doc.zip (Documentation only -- exportable) macpgp26.hqx (MacPGP executables, binhexed .sea) macpgp26.src (MacPGP source, binhexed .sea) mcpgp268.hqx (MacPGP executables, binhexed .sea for 68000 processor). (303) 772-1062 Longmont, Colorado number - 2 lines. (303) 938-9654 Boulder, Colorado number forwarded to Longmont number intended for use by people in the Denver, Colorado area. Verified: This morning. Hieroglyphics Voodoo Machine (Colorado) Jim Still (aka Johannes Keppler), sysop. DOS, OS2, and Mac versions. (303) 443-2457 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Other BBS and ftp sites do have these files, as well. I noticed that PGP26.ZIP is being distributed on FIDONET. WHERE CAN I GET PGP FOR USE OUTSIDE OF THE USA? The latest for outside the USA is the "Unofficial International" PGP 2.6 for most platforms, MacPGP 2.3aV1.2 for the Mac (although 2.6ui is under development and should appear very soon), and 2.3a.4 for the Amiga. The latest amiga version is fully compatible with MIT's PGP 2.6. Copyrighted freeware. Version 2.6ui released by mathew at mantis.co.uk. Amiga version 2.3a4 released by Peter Simons These versions do NOT use RSAREF. No RSA patent problems outside the USA, but this version is not legal for commercial or extensive personal use in the USA. IDEA licensed for presonal use only in countries where the IDEA patent holds. The freeware version of PGP is intended for noncommercial, experimental, and scholarly use. It is available on thousands of BBSes, commercial information services, and Internet anonymous-ftp archive sites on the planet called Earth. This list cannot be comprehensive, but it should give you plenty of pointers to places to find PGP. Although the latest freeware version of PGP was released from outside the USA (England), it is not supposed to be exported from the USA under a strange law called the International Traffic in Arms Regulations (ITAR). Because of this, please get PGP from a site outside the USA if you are outside of the USA and Canada. Even though the RSAREF license associated with PGP 2.6 from MIT no longer prohibits use outside the USA, it still carries the not-for-profit restriction that the original RSA code in PGP 2.6ui doesn't have. On the other hand, patents on the IDEA cipher may limit PGP use in your country to nonprofit applications, anyway. Indeed, I understand that there are some countries where private electronic mail is not legal, anyway. These listings are subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Source code (gzipped tar format): * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26ui-src.tar.gz.sig * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26ui-src.tar.gz * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26ui-src.tar.gz.sig.gz * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26ui-src.tar.gz.sig.gz Source code (zip format): * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.sig * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uis.zip * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.sig * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uis.zip * _TW:_ ftp://nctuccca.edu.tw/PC/wuarchive/pgp/pgp26uis.zip Executable for DOS (zip format): * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.sig * _UK:_ ftp://ftp.demon.co.uk/pub/pgp/pgp26uix.zip * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp26uix.sig From ianf at simple.sydney.sgi.com Tue Sep 6 16:02:58 1994 From: ianf at simple.sydney.sgi.com (Ian Farquhar) Date: Tue, 6 Sep 94 16:02:58 PDT Subject: Aust crypto regulations In-Reply-To: <199409061341.GAA19268@cae.retix.com> Message-ID: <9409070857.ZM12456@simple.sydney.sgi.com> On Sep 6, 6:41am, joshua geller wrote: > > Matthew Gream (M.Gream at uts.edu.au) wrote [in re aussie spooks and > > crypto (I think)]: > > In short: Anything cryptographic, they want to know about, and they > > want to know about it on a per end-user basis. They advise against > > distribution on the "Internet" and any distribution without prior > > approval otherwise there could be "problems". > I am sure they will be as successfull as their american counterparts in > suppressing such distribution. It's kinda interesting, because another contact I have in DSD said that he wasn't aware of any restrictions on the distribution of crypto software. This may have been simply a personal lack of knowledge, but it also may indicate the obscurity of the restriction itself. It also interests me in that their charter gives DSD absolutely no responsibility for the control of domestic crypto. Anyway, if there are any other Australians on the list apart from Matthew and myself, I think a few letters to our respective members of Federal parliament are in order now. This law not acceptable, and I am pretty sure that most politicians won't support the spooks in this matter (the fact that Matthew has had such a hard time finding out makes me suspect that this is regulation might have been slipped in "under wraps", and I see the fingerprints of the AG's Law Enforcement Advisory Committee all over it). If we can coordinate this, all the better. Unfortunately, my MP is the Right Honorable Paul Keating, MP (Prime Minister), and his position reduces the time he spends on constituency matters somewhat. It's not going to stop me trying, though. Ian. From nobody at kaiwan.com Tue Sep 6 16:04:34 1994 From: nobody at kaiwan.com (Anonymous) Date: Tue, 6 Sep 94 16:04:34 PDT Subject: The Ethics of Remailers Message-ID: <199409062304.QAA03012@kaiwan.kaiwan.com> >From ghio at kaiwan.com Mon Sep 5 12:16:28 1994 >Sender: owner-cypherpunks at toad.com >Precedence: bulk > Date: Fri, 2 Sep 1994 11:09:40 -0600 > From: Patrick Juola > To: cypherpunks at toad.com > Subject: Needed for a computer ethics class > > > Does anyone have a concise, citeable statement about why anonymous > remailers are a good thing? Some sort of position statment by > Julf would be ideal. Similarly, if anyone has something for the > *other* side of the coin, I'd love to see that. > > I'm in the process of writing a course on computer ethics for > the University of Colorado at Boulder and I think anonymous > remailers would be a good subject for an essay assignment, but > I need enough material (ideally, primary source material) to > lay the groundwork first. > > Patrick >>No, but it's something that I often get asked. I would be interested to hear >>examples of good things that people are using my anonymous remailer for. Well about the best example I can think of is Canadian related. In Ontario Canada there is a ban in effect on a trial of a young lady named Karla Homolka. Karla and her (ex) hubby (who is presently incarcerated awaiting trial) are likely guilty (certainly Karla was found guilty at her trial) of pretty heinous acts of murder, torture etc. So heinous, that the judge banned all publication of the details surrounding Karla's trial. However, when he did so, he apparantly hadn't heard about Internet, because now its quite likely alot of the details have slipped through the cracks. The remailers have been used to protect anonymous sources posting to the Internet in order to help the public circumvent the ban. If they didn't exist, then its quite likely that circulation of the info....even on Internet, would have been made more difficult. The remailers, with their chaining abilities have certainly helped the spread of the info. Other than that, it's likely the remailers are useful for certain politically sensitive operations (ie circumventing ITAR) or socially sensitive (ie in discussions that the politically correct go up in arms about (ie gay rights.. for or against). And then of course there is the old stand-by use of posting stories to alt.sex.stories, etc :> From ghio at chaos.bsu.edu Tue Sep 6 16:14:24 1994 From: ghio at chaos.bsu.edu (Matthew Ghio) Date: Tue, 6 Sep 94 16:14:24 PDT Subject: Remailer at Wein? Message-ID: <199409062313.SAA07625@chaos.bsu.edu> Mark Terka wrote: > Is the remailer at remailer at ds1.wu-wein.ac.at up and running? Test > messages to that site kept bouncing. It answered my ping last night (finger remailer-list at chaos.bsu.edu) > Also, how do I get ahold of that remailer's public key for encrypting > messages through them? finger remailer.help.all at chaos.bsu.edu From ghio at chaos.bsu.edu Tue Sep 6 16:24:24 1994 From: ghio at chaos.bsu.edu (Matthew Ghio) Date: Tue, 6 Sep 94 16:24:24 PDT Subject: How Did This Get Done? Message-ID: <199409062323.SAA07861@chaos.bsu.edu> > I picked this up from a post in alt.sex.stories (and yeah....man does not > live on talk.politics.crypto alone :>) : > > > ---------------------------------------------------------------------------- > Path: io.org!sun.cais.com!news.sprintlink.net!tequesta.gate.net!sysop > From: no_more_faggots at faggots.must.die.com <===== Is this a trick? > Newsgroups: alt.sex.stories > Subject: NO MORE FAGGOT STORIES! > Date: 5 Sep 1994 21:13:00 GMT > Lines: 1 > Message-ID: <34g1ks$jn1 at tequesta.gate.net> > NNTP-Posting-Host: hopi.gate.net > > NO MORE FAGGOT STORIES DAMMIT > ----------------------------------------------------------------------------- > > How the hell did the poster "customize" his address to ...ummm...fit the > post??? The same way the remailers insert "nobody" or "anonymous". Read RFC 977... (telnet port 119) Whoever it is, I wish he would quit it, I've gotten several complaints about someone flaming gays via my remailer in that group. From greg at ideath.goldenbear.com Tue Sep 6 16:42:49 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 6 Sep 94 16:42:49 PDT Subject: Where can I get cypherpunk t-shirts? In-Reply-To: <199409062027.NAA01386@kiwi.CS.Berkeley.EDU> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > I would like to get some cypherpunk t-shirts. So far, I've heard of > the "Big Brother inside" and "Cypherpunk Criminal" ones. If anybody > has any information about these, I'd appreciate it. From what I hear, > there is a fair amount of pent-up demand for the "Big Brother inside" > one. Funny that you should bring this up while being lauded for providing reliability information. My own "ping test" of the "Cypherpunk Criminal" T-shirts resulted in 100% failure; e.g., no shirts yet and we must be approaching a 2-digit number of months since I ordered. The seller said that mine were in the last batch of funny-size shirts that got somehow screwed up; a few months ago they were to be reprinted and then in the mail within 2 weeks. Sigh. They sounded like a nice idea; perhaps someday I'll make it down to CA for a real CP meeting and I'll get to see one myself. I did, however, get my "Don't give Big Brother a master key" T-shirt very quickly. Would order from those folks again (sorry, don't have the address handy, though). -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLmz9xH3YhjZY3fMNAQEHtQQAlZd0ckEeRE576Wey231PDqG20rAqz4In x5rnh3p6cscAAB2u2hLKw4gBRUPzt6jtFTY4K1E2jqtRyB3f3O1znEArNPlPpkeR s0MAxObQqOlKedyRA9drYak54wPN/lETYOkB4F3uoVEUNYUZnzHV7wXudiojPsOR tdvqXgyXTx4= =pp79 -----END PGP SIGNATURE----- From paul at hawksbill.sprintmrn.com Tue Sep 6 17:09:09 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Tue, 6 Sep 94 17:09:09 PDT Subject: Where can I get cypherpunk t-shirts? In-Reply-To: Message-ID: <9409070110.AA15067@hawksbill.sprintmrn.com> > > Funny that you should bring this up while being lauded for providing > reliability information. My own "ping test" of the "Cypherpunk Criminal" > T-shirts resulted in 100% failure; e.g., no shirts yet and we must be > approaching a 2-digit number of months since I ordered. The seller said > that mine were in the last batch of funny-size shirts that got somehow > screwed up; a few months ago they were to be reprinted and then in the > mail within 2 weeks. Sigh. > Funny you should mention that. I ordered a "Cypherpunk Criminal" tee shirts (a couple, actually) and got them without delay. I am very happy with them. Suggest you e-mail cvoid at netcom.com to resolve. Cheers, - paul From mattt at microsoft.com Tue Sep 6 17:12:06 1994 From: mattt at microsoft.com (Matt Thomlinson) Date: Tue, 6 Sep 94 17:12:06 PDT Subject: Where can I get cypherpunk t-shirts? Message-ID: <9409070012.AA06890@netmail2.microsoft.com> From: Greg Broiles I did, however, get my "Don't give Big Brother a master key" T-shirt very quickly. Would order from those folks again (sorry, don't have the address handy, though). at crypto I had a half-dozen requests for info regarding the big brother inside/1984 shirts. Is another run of these possible? I could probably scrape together that many orders just here in Msoft, I beleive. matt From merriman at metronet.com Tue Sep 6 17:48:12 1994 From: merriman at metronet.com (David K. Merriman) Date: Tue, 6 Sep 94 17:48:12 PDT Subject: Where can I get cypherpunk t-shirts? Message-ID: > > at crypto I had a half-dozen requests for info regarding > the big brother inside/1984 shirts. Is another run of these > possible? I could probably scrape together that many > orders just here in Msoft, I beleive. > > matt > I'd still like to find one of the "eye" 1984 T-shirts; it's what I thought I was ordering when I got the Master Key shirt instead (though I still like the Master Key :-) Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From scmayo at rschp2.anu.edu.au Tue Sep 6 18:05:27 1994 From: scmayo at rschp2.anu.edu.au (Sherry Mayo) Date: Tue, 6 Sep 94 18:05:27 PDT Subject: Australian Crypto Message-ID: <9409070105.AA19523@toad.com> Matthew Gream said... >Well, fuck that for thinking I was living under a less restrictive >regime -- and I can say goodbye to an international market for my >software. > [...snip] > >In short: Anything cryptographic, they want to know about, and they >want to know about it on a per end-user basis. They advise against >distribution on the "Internet" and any distribution without prior >approval otherwise there could be "problems". > >Matthew. I am more than a little concerned by this as I have just put PGP source and executables on my experimental WWW server (Australian based). I announced it on talk.politics.crypto yesterday before I read this post. I thought I was doing a service by providing a faster download for Aussie users (downloading big files from outside Aus is painfully slow). I hope I'm not taking an unacceptable risk with my temporary residence visa :-( I too made the mistake of assuming that the Aussie regulations were more relaxed (like those of the UK). Oh well for what it's worth, here's the address: http://rschp2.anu.edu.au:8080/crypt.html Sherry (waiting for those ASIO spooks :-) From jpb at gate.net Tue Sep 6 18:37:39 1994 From: jpb at gate.net (Joseph Block) Date: Tue, 6 Sep 94 18:37:39 PDT Subject: Cypher related T-Shirts Message-ID: <199409070137.VAA65641@inca.gate.net> All this talk about T-shirts has me lusting for a suitable cypher related shirt. I missed the initial offerings, so would anyone who has any shirts left they'd like to unload please email me with details of the shirt and prices? Thanks, jpb at gate.net "We can't be so fixated on our desire to preserve the rights of ordinary Americans ..." -- Bill Clinton (USA TODAY, 11 March 1993, page 2A) From cvoid at netcom.com Tue Sep 6 19:07:47 1994 From: cvoid at netcom.com (Christian Void) Date: Tue, 6 Sep 94 19:07:47 PDT Subject: Where can I get cypherpunk t-shirts? In-Reply-To: <9409070110.AA15067@hawksbill.sprintmrn.com> Message-ID: On Tue, 6 Sep 1994, Paul Ferguson wrote: > Funny you should mention that. I ordered a "Cypherpunk Criminal" > tee shirts (a couple, actually) and got them without delay. > I am very happy with them. > > Suggest you e-mail cvoid at netcom.com to resolve. The few people that still have outstanding orders: I am resolving problems with the screening company and a certain size of shirt. I have received numerous promises from them that I would get the last of the shirts "by the end of the week". This has been going on for months, and is starting to sannoy me as well. There are as of now, only 5 orders that have not shipped, and this is the reason why. The shirts WILL BE SHIPPED. I have no control over the screening company, and have an order placed with another company which I may have do the small lot of shirts that have not shipped. I apologize to those of you who have waited, as this reflects moreso on me than anyone else. As always, if you have any questions, mail me. I do respond. Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid at netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-998-0774 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From frissell at panix.com Tue Sep 6 19:25:02 1994 From: frissell at panix.com (Duncan Frissell) Date: Tue, 6 Sep 94 19:25:02 PDT Subject: Justice Jackson on Diary Escrow Message-ID: <199409070224.AA19328@panix.com> Today's WSJ has an article by a Cato type about an Indiana businessman who told state labor investigators to get stuffed. In the course of this article, the author quoted a 1948 opion (in dissent?) by Justice Jackson: The government could simplify criminal law enforcement by requiring every citizen "to keep a diary that would show where he was at all times, with whom he was, and what he was up to." Now we know where they got the idea for various "escrow" and DTI schemes. DCF Who also fondly remembers Justice Jackson's strong dissent in Korematsu vs. US against those great civil libertarians Black and Douglas who voted to uphold that great liberal FDR's imprisonment of persons of Japanese ancestry. From merriman at metronet.com Tue Sep 6 19:54:53 1994 From: merriman at metronet.com (David K. Merriman) Date: Tue, 6 Sep 94 19:54:53 PDT Subject: Correction to CEB Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'd like to clarify something about the recent Cypherpunks Electronic Book that was posted: In the table of contents, the listing for the program WinPGP26 could be misunderstood as coming from me; I'd like to state that I simply forwarded a copy of the program (in it's shareware version) - I am *not* it's author (t'were that it were so!). The author is: Christopher W. Geib 7605 Mt. Hood Dayton, OH 45424 email: 72144.1426 at compuserve.com I *have* however, registered the program, and am quite pleased with it - the author is _very_ responsive to feedback from users. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLm0qhcVrTvyYOzAZAQFE0gQAn4iDHD3T84scktaSY6OwY0MKu9L7areh wLKdrIpAm89Vmd5LHxhZADNZk43UR7xg6UnomGVkLdKq+T4tMH0ZnF1IR+b1/VmS XLS/K/cQ1TRzR18AgZXhavFOzrqNI0JsQrGVk/+nbrydeOvSEyP7N4LB1idvK3qq fTY8HCOD69E= =FGOM -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAi3uZ2MAAAEEALWQtxX77SZSaFls6cVbPp+fZS4MNyKK3ZFYQo0qWyj+0tMq YgRTPRJRaCQixo63RttknogfPp514qdVMZw5iPeOXmD+RxrmTTwlbGqA7QUiG1x5 LG2Zims5zk4U6/rt8hwLh0/8E4lIb9r5d31qc8L1A9Twk/cmN8VrTvyYOzAZAAUR tClEYXZpZCBLLiBNZXJyaW1hbiA8bWVycmltYW5AbWV0cm9uZXQuY29tPokAlQIF EC3uaE3Fa078mDswGQEBbI8D/0FiwDcbfeNyDVJ+7EIWHjIxVkIGu+ArYUEllR3G SBHVZ9Vh7n8bNXeNHMnG5cZ23TLMVvweyhxFS+cDi+I7omeDNr6x65z500LxfUvL K5bSuSiBVkTp2z+/iojY/662JwKHzEEunuJ4CO8Yhxy11CdeszEX7DpXzRxLL92r EmO2 =4ZfP -----END PGP PUBLIC KEY BLOCK----- From rah at shipwright.com Tue Sep 6 20:00:08 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 6 Sep 94 20:00:08 PDT Subject: Reputation Capital papers? Message-ID: <199409070258.WAA09806@zork.tiac.net> At 3:20 PM 9/6/94 -0700, Hal wrote: >P.S. I did find a paper on the net called "Endorsements, Licensing, >and Insurance for Distributed System Services", by Lai, Medvinsky, >and Newman of Information Sciences Institute. Here is the abstract: [snip...] >Unfortunately, I can't recall where I saw the pointer to this paper. >I'm sure other people read the same lists and newsgroups I do so perhaps >someone else can provide a pointer. Also, my copy of the postscript >paper would only print the first three pages, so I can't really evaluate >their ideas. Try this... >From: bcn at ISI.EDU >Date: Sun, 4 Sep 1994 13:05:42 -0700 >Original-From: Clifford Neuman >To: www-buyinfo at allegra.att.com, kerberos at mit.edu >Subject: New paper available >X-UIDL: 778899999.011 > >A new paper is available by FTP that may be of interest to the readers >of this list. The paper will be presented in November at the Second >ACM Conference on Computer and Communications Security. > > Charlie Lai, Gennady Medvinsky, and B. Clifford Neuman. Endorsements, > Licensing, and Insurance for Distributed System Services. 2nd ACM > Conference on Computer and Communications Security, Fairfax VA, > November 1994. > >The paper discusses mechanisms for confidence building on the NII. In >particular it discusses methods by which users may assure themselves >of the competence and honesty of service providers on the network. >The paper is available as: > > ftp://prospero.isi.edu/pub/papers/security/insurance-cccs94.ps.Z > >Clifford Neuman > I didn't drop off the face of the earth, I just got a hot project thrown into my lap. I really want to come back and talk about offline cash some more, but I won't have a chance for a bit. Anyway this thread is way cool.... Bye! Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From cme at tis.com Tue Sep 6 20:06:25 1994 From: cme at tis.com (Carl Ellison) Date: Tue, 6 Sep 94 20:06:25 PDT Subject: believing three impossible things before breakfast Message-ID: <9409070303.AA10095@tis.com> There was a news report/discussion tonight about birth control -- and someone advocating that all you need to do is just tell teens to say "no" to sex before marriage, then you won't need to distribute condoms without parental permission.... Suddenly it hit me that the same frame of mind was clearly behind the Clipper Initiative. Do you think there's a way to test for this ability to believe nonsense? Do you think there's a way to treat it? - Carl From jgostin at eternal.pha.pa.us Tue Sep 6 20:50:45 1994 From: jgostin at eternal.pha.pa.us (Jeff Gostin) Date: Tue, 6 Sep 94 20:50:45 PDT Subject: AIDs testing and privacy Message-ID: <940906231828N1Jjgostin@eternal.pha.pa.us> pstemari at bismark.cbis.com (Paul J. Ste. Marie) writes: > Of course, with ANI, calling an 800 number is not an anonymous act, > unless you one of the few that know you need to do it from a payphone. We tell children not to do things until they are old enough to be able to figure it out for themselves. If they cared enough about their privacy, they'd know. Hell, there's alot I don't know about maintaining privacy and security. However, I _do_ know that calling from a pay phone outside of 5 miles from your house is an easy way to take care of the problem. --J From hfinney at shell.portal.com Tue Sep 6 21:46:15 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 6 Sep 94 21:46:15 PDT Subject: Reputation Capital papers? In-Reply-To: <199409070258.WAA09806@zork.tiac.net> Message-ID: <199409070445.VAA20261@jobe.shell.portal.com> Thanks to Bob Hettinga for providing a reference to that paper which discusses several issues related to what we might call "reputation capital". I was able to fix my Postscript problems and get the whole paper printed. Two of the three authors are the originators of the NetCash proposal. I gave that paper a pretty negative review here a few months ago, mostly because their "cash" was non-anonymous, and was really a digital certified check. That's fine, although not IMO cryptographically interesting and I really didn't see much about their proposal that wasn't obvious. I find this paper more interesting. They discuss the general issues of servers establishing credibility with clients through various strategies: licenses, where a legal agency provides a credential that the server meets various minimum standards; endorsements, which are similar but which tend to come from private agencies and will often have a range of levels (like the 1 to 5 diamond ratings granted to hotels by the AAA); insurance, where an insurance company guarantees that suits are possible in the case of breach of contract; and surety bonding, which is similar but covers a wider range of unsatisfactory completions to the relationship. Most of these make sense in the context of business interactions as well as traditional client/server computing. After a promising introduction, the paper takes a mundane turn, proposing data structures to encode information about these various kinds of "assurance credentials", with slots for what is covered, to what amount, under what conditions it would apply, etc. I think it is way premature to try to specify what kinds of information would be in these credentials. They do get into some more interesting material when they discuss ways in which these credentials might be shown and authenticated. Generally, the assurance credential is created or issued by some 3rd party: a bank, an insurance company, a government, a rating agency like AAA or Consumers Union. (We would probably add, individuals known to the client. The authors have something of an institutional bias, and discuss institutions providing credentials to benefit other institutions, neglecting the problem of how individuals establish their own credibility. This is especially noticable in their section 7.3 where they point out that institutions which hold large sums of money for their clients will have much greater authentication requirements than those which grant credit. The obvious symmetry of the two situations appears to escape the authors' notice.) Once the credential is given to the server, it can then show it to the client. They do appear to allow for something similar to blinded credentials. The term they use for these credentials is "proxies" because in a sense the credential acts as a proxy, a substitute, for the organization which issued the credential. (The real reason for this strained terminology is to tie this paper in with the senior author's other papers, IMO.) They suggest that there would be two classes of proxies: "bearer" proxies, which appear not to have the server's identity explicitly encoded, but which are granted under terms in which only servers knowing a particular secret key are considered to be valid; and "delegate" proxies, which appear to explicitly encode the server's identity. The author's terminology is a bit hard to follow here, so it is possible that I am missing their point, but it does sound like they have the germ of the idea of being able to show a credential in a way where the credential is not explicitly identity-bound. Of course, they have missed the point of blinding of credentials (they give no sign of ever having heard of the concept), and the bearer proxies would actually be linkable by the proxy issuer. It is not really clear what the value is of the very limited form of anonymity allowed by bearer proxies. After this rocky portion (the authors really need to read the literature! this is the same problem that NetCash had) they move into quite a dramatic and impressive vision of a "web of trust" system of credentials backing up credentials. The point is that the issuing agencies themselves may need backup (what is the value of an endorsement by the Direct Mail Marketing Association if you've never heard of them?) This leads to the concept of "transitive assurance" in which A endorses B and B endorses C, allowing you to follow the chain and give some credibility to C. Here is one good point they make: "Transitive assurance may extend to an arbitrary depth, but longer chains generally promote less confidence. Where assurance is rated, heuristics are needed for deriving the combined assurance rating from the metrics and limits associated with the individual credentials involved. Such heuristics are a topic for further study." Alert readers will see a connection to the PGP web of trust, and the authors actually make this connection. They go on to point out that in PGP certifications pertain to identity only. There is no mechanism in PGP to endorse the signing and endorsement policies of other users. This was the point I made some time back in a posting here in which I pointed out that the "web of trust" is a misnomer because you can only trust keys which you have verified directly or where you know and trust someone who knows the end user. In contrast, a system of transitive assurance is a true web of trust, where Consumer's Union endorses the Microwave Manufacturers' Association which endorses Joe's Microwave Repair, allowing me to trust Joe even though I've never heard of the MMA. The authors have a nice diagram showing a web of credentials with clients, and various kinds of authenticating and endorsing agencies, all in a complicated system of connections. I think this is very close to the ideas people have had here for how a system of reputation credentials could work. They also discuss how assurance credentials could be used to give credibility to an issuer of electronic cash. Banks or other financial agencies could provide credentials that the issuer had assets greater than a certain amount (so you know the currency is backed), and auditors could provide credentials that the books balance. Once again they have neglected the interesting topic of how or whether blinded credentials could work but this is not a bad start. In a way it is kind of sad to see how primitive the understanding is of these issues in the "mainstream". OTOH it is good to see any discussion at all. Hopefully papers like this will attract some interest on the part of the many people who are trying to jump onto the internet-business bandwagon. Hal From shamrock at netcom.com Wed Sep 7 01:05:46 1994 From: shamrock at netcom.com (Lucky Green) Date: Wed, 7 Sep 94 01:05:46 PDT Subject: Al Gore's home page Message-ID: <199409070805.BAA24432@netcom7.netcom.com> After reading the official announcement in "What's new with NSCA Mosaic" I just checked out Vice President Al Gore's home page at http://www.financenet.gov/vpgore.html Interersting that except for the "This is the Vice President's Mosaic Home Page" header, it is all empty. This from the man who wants to bring us the Information superhighway. Why can't politicians stay away from stuff they don't understand? Because that would mean that they have to stay away from everything. Just another anarchist, -- Lucky Green PGP public key by finger From hart at chaos.bsu.edu Wed Sep 7 01:14:27 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Wed, 7 Sep 94 01:14:27 PDT Subject: AIDs testing and privacy In-Reply-To: <199409061438.HAA14594@well.sf.ca.us> Message-ID: <199409070814.DAA23167@chaos.bsu.edu> Brian Williams: > After a few weeks, you call a 1-800 number, punch in your code > (from the sticker) and you get a recording telling you if the test > was negative. Besides the ANI, the other weakness in this scheme is that the lab gets a sample of your DNA. Are destruction of these samples performed and audited? Still, it's much better than nothing. Now, how about doing other medical tests like this so that insurance companies don't find out? For example, genetic tests. Challenge: is a crypto protocol possible with the following properties: the doctor writes and signs the prescription, and it is not transferable, but the patient doesn't need to show ID to the pharmacist to fill the prescription? I don't want pharmacists, and whoever else they share the info with (insurance companies? investigators? potential blackmailers?), keeping track of what drugs I take. Jim Hart hart at chaos.bsu.edu From tcmay at netcom.com Wed Sep 7 01:58:53 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 7 Sep 94 01:58:53 PDT Subject: AIDs testing and privacy In-Reply-To: <199409070814.DAA23167@chaos.bsu.edu> Message-ID: <199409070859.BAA28235@netcom4.netcom.com> Jim Hart writes: > I don't want pharmacists, and whoever else they share the info > with (insurance companies? investigators? potential blackmailers?), > keeping track of what drugs I take. > Ah, but they already know. And so do the credit reporting companies. I just got a "Congratulations, you have been pre-approved for a Nonsmoker's Credit Card from Citicorpse" letter. Actually, I'm kidding. But not by much. The amount of cross-linking is astounding, but not once you think about the infrasructure set up to compile the credit dossiers, the collusion with the government on these dossiers (I've posted before about Witness Security and false identities the credit reporting Big Three agree to falsify), etc. Unlinkable credentials is the way to go, but there's no "constituency" for this...Americans, and others, are oblivious to these issues. Personally, I see no chance of changing this. This is why I put my bets on crypto anarchy, which allows opting out of parts of the system, rather than trying to change the ponderous course of the ship of state. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From Rolf.Michelsen at delab.sintef.no Wed Sep 7 02:20:12 1994 From: Rolf.Michelsen at delab.sintef.no (Rolf Michelsen) Date: Wed, 7 Sep 94 02:20:12 PDT Subject: AIDs testing and privacy In-Reply-To: <199409070859.BAA28235@netcom4.netcom.com> Message-ID: On Wed, 7 Sep 1994, Timothy C. May wrote: [...] > Actually, I'm kidding. But not by much. The amount of cross-linking is > astounding, but not once you think about the infrasructure set up to > compile the credit dossiers, the collusion with the government on > these dossiers (I've posted before about Witness Security and false > identities the credit reporting Big Three agree to falsify), etc. [...] There are two pieces in the current comp.risks digest (16.39) about cross-linking of US databases. References are to a cover story in Business Week. Highlights are hospitals selling name/address info on families with newborns and one state having sold it's drivers' licence register... -- Rolf ---------------------------------------------------------------------- Rolf Michelsen "Nostalgia isn't what it Email: rolf.michelsen at delab.sintef.no used to be..." Phone: +47 73 59 87 33 ---------------------------------------------------------------------- From perry at imsi.com Wed Sep 7 05:45:46 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 7 Sep 94 05:45:46 PDT Subject: Al Gore's home page In-Reply-To: <199409070805.BAA24432@netcom7.netcom.com> Message-ID: <9409071245.AA22475@snark.imsi.com> Lucky Green says: > Why can't politicians stay away from stuff they don't understand? > Because that would mean that they have to stay away from everything. I would be much more frightened if they did fully understand. Perry From perry at imsi.com Wed Sep 7 05:52:11 1994 From: perry at imsi.com (Perry E. Metzger) Date: Wed, 7 Sep 94 05:52:11 PDT Subject: AIDs testing and privacy In-Reply-To: <199409070814.DAA23167@chaos.bsu.edu> Message-ID: <9409071251.AA22486@snark.imsi.com> Jim Hart says: > Challenge: is a crypto protocol possible with the following > properties: the doctor writes and signs the prescription, > and it is not transferable, but the patient doesn't need to > show ID to the pharmacist to fill the prescription? > I don't want pharmacists, and whoever else they share the info > with (insurance companies? investigators? potential blackmailers?), > keeping track of what drugs I take. It cannot be done. There is no way to prove that you didn't transfer some cryptographic credential. The only way to know that you are you is to check your credentials against unforgeable physical characteristics. All such characteristics can be used to identify you. On the other hand, I'll point out that a pharmacist has never asked me for ID. Perry From dave at marvin.jta.edd.ca.gov Wed Sep 7 07:24:10 1994 From: dave at marvin.jta.edd.ca.gov (Dave Otto) Date: Wed, 7 Sep 94 07:24:10 PDT Subject: PGP comes of age Message-ID: <9409071422.AA26516@marvin.jta.edd.ca.gov> Got the following blurb from ORA.COM last Friday. Pretty cool! ------- Forwarded Message O'REILLY'S FALL RELEASES PGP: Pretty Good Privacy by Simson Garfinkel 1st Edition November 1994 (est.) 250 pages (est),ISBN: 1-56592-098-8, $17.95 (est) PGP is a freely available encryption program that protects the privacy of files and electronic mail. It uses powerful public key cryptography and works on virtually every platform. PGP: Pretty Good Privacy by Simson Garfinkel is both a readable technical users guide and a fascinating behind-the-scenes look at cryptography and privacy. Part I of the book describes how to use PGP: protecting files and email, creating and using keys, signing messages, certifying and distributing keys, and using key servers. Part II provides background on cryptography, battles against public key patents and U.S. government export restrictions, and other aspects of the ongoing public debates about privacy and free speech. - -- Brian Erwin, brian at ora.com O'Reilly & Associates 103A Morris Street, Sebastopol CA 95472 707-829-0515, Fax 707-829-0104 ------- End of Forwarded Message Dave Otto -- dave at marvin.jta.edd.ca.gov -- daveotto at acm.org "Pay no attention to the man behind the curtain!" [the Great Oz] finger DaveOtto at ACM.org for PGP 2.6 key <0x3300e841> fingerprint = 78 71 3A 5B FD 8A 9A F1 8F BC E8 6A C7 BD A4 DD From joshua at cae.retix.com Wed Sep 7 07:25:11 1994 From: joshua at cae.retix.com (joshua geller) Date: Wed, 7 Sep 94 07:25:11 PDT Subject: How Did This Get Done? In-Reply-To: <199409062323.SAA07861@chaos.bsu.edu> Message-ID: <199409071425.HAA01183@sleepy.retix.com> matt ghio writes: [re abouse of remailers] > Whoever it is, I wish he would quit it, I've gotten several complaints > about someone flaming gays via my remailer in that group. fortunately or unfortunately, it comes with the territory. josh From sandfort at crl.com Wed Sep 7 07:51:00 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 7 Sep 94 07:51:00 PDT Subject: NO THERE, THERE Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Lucky Green informed us: ... I just checked out Vice President Al Gore's home page at http://www.financenet.gov/vpgore.html ... except for the "This is the Vice President's Mosaic Home Page" header, it is all empty.... How symbolically apt. To paraphrase an old adage about the law, "Politics is the triumph of form over substance." S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From prz at acm.org Wed Sep 7 08:11:56 1994 From: prz at acm.org (Philip Zimmermann) Date: Wed, 7 Sep 94 08:11:56 PDT Subject: prz in NYC on Saurday, Sunday Message-ID: Hello PGP users. I'm going to be in NYC on Saturday and Sunday. If anyone in New York wants to get together and conspire to subvert our way of life, send me some email and I'll pick it up on the road. I have become too used to never buying my own lunch when traveling to places where cypherpunkers live. I'll be arriving late Saturday morning and leaving Sunday evening. Saturday night is booked. On Friday I can be reached at 617 253-0161. Philip Zimmermann prz at acm.org From rishab at dxm.ernet.in Wed Sep 7 08:20:57 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 7 Sep 94 08:20:57 PDT Subject: The New World Order Message-ID: John Young : > Tim, would you expand the link to crypto of unipolar > superpower? > Maybe some of the non-US c'punks can add more. I'll illustrate by example. Two years ago, the US bullied Russia to renegue on a deal with the Indian Space Research Organization to transfer cryogenic rocket engine technology for the Indian Geostationary Satellite Launch Vehicle. The US claimed that the technology was dual-use and prohibited by the MTCR. India and the Russian company, Glavkosmos, suggested that the reasons were commercial rather than defence, as such engines are useless in ballistic missiles due to their lengthy preparation period, while an Indian GSLV would pose major competition to the US space industry. Russia backed down after Yeltsin's arm was twisted so hard that he negated a personal statement he made when in New Delhi. Recently the Defence Research and Development Organization made a secure phone for commercial (non-defence) use. It has yet to reach the market, and I am in the process of finding out what technology it uses, but if Clipper passes in the US, India could be pressurized into abandoning it in favour of a Clipper-like alternative. As an aside, the Indian government likes to show that it's not following US orders (not signing the NPT etc) and the GSLV will probably be launched with indigenously developed engines in 1998. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From hfinney at shell.portal.com Wed Sep 7 08:28:55 1994 From: hfinney at shell.portal.com (Hal) Date: Wed, 7 Sep 94 08:28:55 PDT Subject: AIDs testing and privacy In-Reply-To: <199409070814.DAA23167@chaos.bsu.edu> Message-ID: <199409071528.IAA20160@jobe.shell.portal.com> Jim Hart writes: >Challenge: is a crypto protocol possible with the following >properties: the doctor writes and signs the prescription, >and it is not transferable, but the patient doesn't need to >show ID to the pharmacist to fill the prescription? >I don't want pharmacists, and whoever else they share the info >with (insurance companies? investigators? potential blackmailers?), >keeping track of what drugs I take. Let me point out that nothing stops you from filling the prescription and then giving the drugs to someone else, so it would seem that a doctor who would be willing to cooperate in any such protocol should also be willing to make the prescription out to a pseudonym. Chaum's "blinded credential" system is intended to solve exactly this kind of problem, but it requires an extensive infrastructure. There has to be an agency where you physically identify yourself. It doesn't have to know anything about you other than some physical ID like fingerprints. You and it cooperate to create pseudonyms of various classes, for example, a "go to the doctor" pseudonym, and a "go to the pharmacy" pseudonym. These pseudonyms have a certain mathematical relationship which allows you to re-blind credentials written to one pseudonym to apply to any other. But the agency uses your physical ID to make sure you only get one pseudonym of each kind. So, when the doctor gives you a prescription, that is a credential applied to your "go to the doctor" pseudonym. (You can of course also reveal your real name to the doctor if you want.) Then you show it at the pharmacy using your "go to the pharmacy" pseudonym. The credential can only be shown on this one pseudonym at the pharamacy, but it is unlinkable to the one you got at the doctor's. (It would be possible to encode information in the credential about which doctor wrote it, which would help track abuse, although that would obviously make it easier to link up your pharmacy and doctor visits.) Hal From mpj at netcom.com Wed Sep 7 08:34:18 1994 From: mpj at netcom.com (Michael Paul Johnson) Date: Wed, 7 Sep 94 08:34:18 PDT Subject: Where to Get the Latest PGP (Pretty Good Privacy) FAQ Message-ID: -----BEGIN PGP SIGNED MESSAGE----- WHERE TO GET THE PRETTY GOOD PRIVACY PROGRAM (PGP) (Last modified: 7 September 1994 by Mike Johnson) WHAT IS THE LATEST VERSION? There is more than one latest version. Pick one or more of the following that best suits your computer, patent restrictions, and export restrictions. Some countries (like France) may also restrict import or even use of strong cryptography like PGP. |-----------------+---------------------+---------------------------------| | Platform(s) | Latest Version | Distribution File Names | |-----------------+---------------------+---------------------------------| | DOS, Unix, | Viacrypt PGP 2.7 | disk sets | | or WinCIM/CSNav | | | |-----------------+---------------------+---------------------------------| | DOS, Unix, | MIT PGP 2.6.1 | pgp261.zip (DOS + docs) | | others | | pgp261s.zip (source) | | | | pg261s.zip source on CompuServe | | | | pgp261.tar.gz (source) | | | | pgp261.gz (same as above on DOS)| | | | pgp261.tar.Z (source) | | | | pgp261dc.zip (documentation) | | | | pg261d.zip (docs on CompuServe) | |-----------------+---------------------+---------------------------------| | Macintosh | MIT PGP 2.6 | MacPGP2.6.sea.hqx (binary+docs) | | | | macpgp26.hqx (same as above) | | | | MacPGP2.6.src.sea.hqx (source) | | | | macpgp26.src (same as above) | | | | MacPGP2.6-68000.sea.hqx (binary)| | | | mcpgp268.hqx (same as above) | |-----------------+---------------------+---------------------------------| | Mac Applescript | MacPGP 2.6ui v 1.2 | MacPGP-2.6ui-v1.2.sit.hqx | | | | MacPGP2.6ui_V1.2_sources.cpt.hqx| | | | MacPGP2.6uiV1.2en.cpt.hqx | | | | MacPGP2.6uiV1.2src.cpt.hqx | | | | MacPGP2.6uiV1.2.68000.hqx | |-----------------+---------------------+---------------------------------| | Amiga | Amiga PGP 2.3a.4 | PGPAmi23a_4.lha | |-----------------+---------------------+---------------------------------| | Atari | Atari PGP 2.6ui | pgp26uib.lzh (binary, docs) | | | | pgp26uis.lzh | |-----------------+---------------------+---------------------------------| | Archimedes | Archimedes 2.3a | ArcPGP23a | |-----------------+---------------------+---------------------------------| Note: there are other versions available, but these are either old, or outside of the mainstream PGP project. Look for signatures from one of three sources: Viacrypt (Commercial), jis at mit.edu (North American freeware), or mathew at mantis.co.uk (the unofficial international version source). The "unofficial international" versions are really just PGP 2.3a, modified just enough to make it compatible with MIT PGP 2.6, but do not include all of the fixes in MIT PGP 2.6 and MIT PGP 2.6.1. They are named pgp26ui* or have a "ui" somewhere in their file names. I recommend the use of the "ui" versions only if: (1) You are using a Macintosh; (2) You are using a platform for which there is no Viacrypt or MIT PGP; (3) You are outside of North America, and can't obtain Viacrypt or MIT PGP; or (4) You need to use a key longer than 1024 bits (i. e. a 1264 bit key generated with PGP 2.3a or PGP 2.6ui). WHERE CAN I GET VIACRYPT PGP? If you are a commercial user of PGP in the USA or Canada, contact Viacrypt in Phoenix, Arizona, USA. The commecial version of PGP is fully licensed to use the patented RSA and IDEA encryption algorithms in commercial applications, and may be used in corporate environments in the USA and Canada. It is fully compatible with, functionally the same as, and just as strong as the freeware version of PGP. Due to limitations on ViaCrypt's RSA distribution license, ViaCrypt only distributes executable code and documentation for it, but they are working on making PGP available for a variety of platforms. Call or write to them for the latest information. The latest version number for their version of PGP is 2.7. The Windows version is anticipated to ship by (or before) September 15, 1994; the Macintosh version is expected to ship in early October. The formal announcements will go out about one week prior to first ship dates. The Windows version is a high grade Visual Basic front end with the DOS program in the back end. It is a point-and-click, drag-and-drop operation. Here is a brief summary of Viacrypt's currently-available products: 1. ViaCrypt PGP for MS-DOS. Prices start at $99.98 2. ViaCrypt PGP for UNIX. Includes executables for the following platforms: SunOS 4.1.x (SPARC) IBM RS/6000 AIX HP 9000 Series 700/800 UX SCO 386/486 UNIX SGI IRIX AViiON DG-UX(88/OPEN) Prices start at $149.98 Executables for the following additional platforms are available upon request for an additional $30.00 charge. BSD 386 Ultrix MIPS DECstation 4.x 3. ViaCrypt PGP for WinCIM/CSNav. A special package for users of CompuServe. Prices start at $119.98 In September, 1994, ViaCrypt intends to announce two new major product additions: ViaCrypt PGP for Windows ViaCrypt PGP for Macintosh Prices start at $124.98 Viacrypt's licensing and price information is as follows: ViaCrypt PGP Version 2.7 for Windows (Single User $ 124.98 ViaCrypt PGP Version 2.7 for Windows (Five User) $ 374.98 ViaCrypt PGP Version 2.7 for Macintosh(Single User) $ 124.98 ViaCrypt PGP Version 2.7 for Macintosh(Five User) $ 374.98 ViaCrypt PGP Version 2.7 for MS-DOS (Single User) $ 99.98 ViaCrypt PGP Version 2.7 for MS-DOS (Five User) $ 299.98 ViaCrypt PGP Version 2.7 for UNIX (Single User) $ 149.98 ViaCrypt PGP Version 2.7 for UNIX (Five User) $ 449.98 ViaCrypt PGP for WinCIM/CSNav (Single User) $ 119.98 ViaCrypt PGP for WinCIM/CSNav (Five User) $ 359.98 UNIX platforms of Ultrix and BSD 386 have an additional $30.00 charge per platform. Please contact ViaCrypt for pricing of 20 users and above. Orders may be placed by calling 800-536-2664 during the hours of 8:30am to 5:00pm MST, Monday - Friday. We accept VISA, MasterCard, AMEX and Discover credit cards. If you have further questions, please feel free to contact: Paul E. Uhlhorn Director of Marketing, ViaCrypt Products Mail: 9033 N. 24th Avenue Suite 7 Phoenix AZ 85021-2847 Phone: (602) 944-0773 Fax: (602) 943-2601 Internet: viacrypt at acm.org Compuserve: 70304.41 WHERE CAN I GET THE FREEWARE PGP? These listings are subject to change without notice. If you find that PGP has been removed from any of these sites, please let me know so that I can update this list. Likewise, if you find PGP on a good site elsewhere (especially on any BBS that allows first time callers to access PGP for free), please let me know so that I can update this list. Because this list changes frequently, I have not attempted to keep it complete, but there should be enough pointers to let you easily find PGP. There are several ways to get the freeware PGP: ftp, WWW, BBS, CompuServe, America Online (maybe), email ftp server, and sneakernet (ask a friend for a copy). Just don't ask the author directly for a copy. FTP SITES IN NORTH AMERICA These sites generally have some mechanism to (1) discourage export of PGP and violation of the ITAR, (2) protect the site operators from harrassment by the Federal Government, and (3) still allow automated distribution of PGP as far as is allowed under all applicable laws. Telnet to net-dist.mit.edu, log in as getpgp, answer the questions, then ftp to net-dist.mit.edu and change to the hidden directory named in the telnet session to get your own copy. MIT-PGP is for U. S. and Canadian use only, but MIT is only distributing it within the USA (due to some archaic export control laws). 1. Read ftp://net-dist.mit.edu/pub/PGP/mitlicen.txt and agree to it. 2. Read ftp://net-dist.mit.edu/pub/PGP/rsalicen.txt and agree to it. 3. Telnet to net-dist.mit.edu and log in as getpgp. 4. Answer the questions and write down the directory name listed. 5. QUICKLY end the telnet session with ^C and ftp to the indicated directory on net-dist.mit.edu (something like /pub/PGP/dist/U.S.-only-????) and get the distribution files (see the above chart for names). If the hidden directory name is invalid, start over at step 3, above. You can also get PGP from: ftp.csn.net/mpj ftp://ftp.csn.net/mpj/I_will_not_export/crypto_???????/pgp/ See ftp://ftp.csn.net/mpj/README.MPJ for the ??????? See ftp://ftp.csn.net/mpj/help for more help on negotiating this site's export control methods (open to USA and Canada). ftp.netcom.com/pub/mpj ftp://ftp.netcom.com/mpj/I_will_not_export/crypto_???????/pgp/ See ftp://ftp.netcom.com/pub/mpj/README.MPJ for the ??????? See ftp://ftp.netcom.com/pub/mpj/help for more help on negotiating this site's export control methods. TO GET THESE FILES BY EMAIL, send mail to ftp-request at netcom.com containing the word HELP in the body of the message for instructions. You will have to work quickly to get README.MPJ then the files before the ??????? part of the path name changes again (several times a day). ftp.eff.org Follow the instructions found in README.Dist that you get from one of: ftp://ftp.eff.org/pub/Net_info/Tools/Crypto/README.Dist gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ ftp.wimsey.bc.ca /pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/PGP (U. S. and Canadian users only) See /pub/crypto/software/README for the characters for XXXXXXXX This site has all public releases of the freeware PGP. WORLD WIDE WEB ACCESS http://www.matnis.co.uk/pgp/pgp.html http://rschp2.anu.edu.au:8080/crypt.html COMPUSERVE The NCSA Forum sysops have a library (Library 12: Export Controlled) that is available only to people who send them a message asserting that they are within the U. S. A. This library contains PGP. I have also seen PGP in some other places on Compuserve. Try searching for PGP261.ZIP in the IBMFF forum for up-to-date information on PGP in selected other areas. The last time I tried a search like this, PGP 2.6 was found in the PC World Online forum (GO PWOFORUM) new uploads area, along with several PGP shells and accessories. I've also heard that EUROFORUM caries PGP 2.6ui, but have not confirmed this. Compuserve file names are even more limited than DOS (6.3 instead of the already lame 8.3), so the file names to look for are PGP26.ZIP, PG261S.ZIP (source code), PGP261.GZ (Unix source code) and PG261D.ZIP (documentation only). BULLETIN BOARD SYSTEMS Colorado Catacombs BBS Mike Johnson, sysop Mac and DOS versions of PGP, PGP shells, and some other crypto stuff. Also the home of some good Bible search files and some shareware written by Mike Johnson, including DLOCK, CRYPTA, CRYPTE, CRYPTMPJ, MCP, MDIR, DELETE, PROVERB, SPLIT, ONEPAD, etc. v.FAST/v.32bis/v.42bis, speeds up to 28,800 bps 8 data bits, 1 stop, no parity, as fast as your modem will go. Use ANSI terminal emulation, of if you can't, try VT-100. Free access to PGP. If busy or no answer, try again later. Log in with your own name, or if someone else already used that, try a variation on your name or pseudonym. You can request access to crypto software on line, and if you qualify legally under the ITAR, you can download on the first call. For free access: log in with your own name, answer the questions, then select [Q]uestionaire 3 from the [M]ain menu. (303) 772-1062 Longmont, Colorado number - 2 lines. (303) 938-9654 Boulder, Colorado number forwarded to Longmont number intended for use by people in the Denver, Colorado area. Hieroglyphics Voodoo Machine (Colorado) Jim Still (aka Johannes Keppler), sysop. DOS, OS2, and Mac versions. (303) 443-2457 For free access for PGP, DLOCK, Secure Drive, etc., log in as "VOO DOO" with the password "NEW" (good for 30 minutes access to free files). Exec-Net (New York) Host BBS for the ILink net. (914) 667-4567 The Ferret BBS (North Little Rock, Arkansas) (501) 791-0124 also (501) 791-0125 Special PGP users account: login name: PGP USER password: PGP This information from: Jim Wenzel Other BBS -- check your local BBS. Chances are good that it has any release that is at least a month old if it has much of a file area at all. AMERICA ONLINE: Try PC WORLD soft/lib. (key word PGP). Make sure you get ALL of the files, including the documentation. Somebody apparently split up the .ZIP file just to make life more difficult. OTHER FTP SITES These other ftp sites don't have the "export control" hoops to jump through that most North American sites have in deference to archaic laws. ftp.informatik.uni-hamburg.de /pub/virus/crypt/pgp This site has most, if not all, of the current PGP files. black.ox.ac.uk (129.67.1.165) ftp.netcom.com /pub/dcosenza -- Some crypto stuff, sometimes includes PGP. /pub/gbe/pgpfaq.asc -- frequently asked questions answered. /pub/qwerty -- How to MacPGP Guide, largest steganography ftp site as well. PGP FAQ, crypto FAQ, US Crypto Policy FAQ, Steganograpy software list. MacUtilites for use with MacPGP. Stealth1.1 + other steganography programs. Send mail to qwerty at netcom.com with the subject "Bomb me!" to get the PGP FAQ and MacPGP guide if you don't have ftp access. ftp.ee.und.ac.za /pub/crypto/pgp soda.berkeley.edu /pub/cypherpunks/pgp (DOS, MAC) ftp.demon.co.uk /pub/amiga/pgp /pub/archimedes /pub/pgp /pub/mac/MacPGP ftp.informatik.tu-muenchen.de ftp.funet.fi ftp.dsi.unimi.it /pub/security/crypt/PGP ftp.tu-clausthal.de (139.174.2.10) (Atari ST/E,TT,Falcon) /pub/atari/misc/pgp/pgp26uib.lzh (2.6ui ttp, 2.3a docs) /pub/atari/misc/pgp/pgp26uis.lzh (2.6ui sources) /pub/atari/misc/pgp/pgp26ui.diffs (Atari diffs for 2.6 sources) wuarchive.wustl.edu /pub/aminet/util/crypt src.doc.ic.ac.uk (Amiga) /aminet /amiga-boing ftp.informatik.tu-muenchen.de /pub/comp/os/os2/crypt/pgp23os2A.zip (OS/2) iswuarchive.wustl.edu pub/aminet/util/crypt (Amiga) nic.funet.fi (128.214.6.100) /pub/crypt ftp.uni-kl.de (131.246.9.95) /pub/aminet/util/crypt qiclab.scn.rain.com (147.28.0.97) pc.usl.edu (130.70.40.3) leif.thep.lu.se (130.235.92.55) goya.dit.upm.es (138.4.2.2) tupac-amaru.informatik.rwth-aachen.de (137.226.112.31) ftp.etsu.edu (192.43.199.20) princeton.edu (128.112.228.1) pencil.cs.missouri.edu (128.206.100.207) soda.csua.berkeley.edu nctuccca.edu.tw /PC/wuarchive/pgp/ Also, try an archie search for PGP using the command: archie -s pgp26 (DOS & Unix Versions) archie -s pgp2.6 (MAC Versions) FTPMAIL For those individuals who do not have access to FTP, but do have access to e-mail, you can get FTP files mailed to you. For information on this service, send a message saying "Help" to ftpmail at decwrl.dec.com. You will be sent an instruction sheet on how to use the ftpmail service. Another e-mail service is from nic.funet.fi. Send the following mail message to mailserv at nic.funet.fi: ENCODER uuencode SEND pub/crypt/pgp23srcA.zip SEND pub/crypt/pgp23A.zip This will deposit the two zipfiles, as 15 batched messages, in your mailbox with about 24 hours. Save and uudecode. For the ftp sites on netcom, send mail to ftp-request at netcom.com containing the word HELP in the body of the message. IS MY COPY OF PGP GOOD? If you find a version of the PGP package that does not include the PGP User's Guide, something is wrong. The manual should always be included in the package. PGP should be signed by one of the developers (Philip Zimmermann, Jeff Schiller, Viacrypt, etc.). If it isn't, the package is suspect and should not be used or distributed. The site you found it on should remove it so that it does no further harm to others. To be really sure, you should get PGP directly from MIT or check the signatures with a version of PGP that you trust. The copies of PGP on ftp.csn.net/mpj, ftp.netcom.com/pub/mpj, and the Colorado Catacombs BBS are direct copies of the ones on MIT, except that the ones on the BBS include a BBS advertisement (automatically added by the system when it virus scans new files) in the outer .zip files. OTHER PGP DOCUMENTATION PGP is rather counter-intuitive to a Mac user. Luckily, there's a guide to using MacPGP in ftp://ftp.netcom.com/pub/qwerty/Here.is.How.to.MacPGP. There is a Frequently Asked Questions document in ftp://ftp.netcom.com/pub/gbe/pgpfaq.asc For more information on the "time bomb" in PGP, see ftp://ftp/netcom.com/pub/mpj/pgpbomb.asc LANGUAGE MODULES These are suitable for most PGP versions. I am not aware of any export/import restrictions on these files. German * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_german.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/PGP_german_docs.lha Italian * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.italian.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/PGP/pgp-lang.italian.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.italian.tar.gz Japanese * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-msgs-japanese.tar.gz Lithuanian * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp23ltk.zip Russian * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26ru.zip (MIT version) * _RU:_ ftp://ftp.kiae.su/unix/crypto/pgp/pgp26uir.zip (ui version) * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp26ru.zip Spanish * _IT:_ ftp://ftp.dsi.unimi.it/pub/security/crypt/PGP/pgp-lang.spanish.tar.gz * _FI:_ ftp://ftp.funet.fi/pub/crypt/ghost.dsi.unimi.it/pgp-lang.spanish.tar.gz * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp-lang.spanish.tar.gz Swedish * _UK:_ ftp://black.ox.ac.uk/src/security/pgp_swedish.txt * _US:_ ftp://ftp.csn.net/mpj/public/pgp/pgp_swedish.txt ARCHIE WHO? There are many more sites. You can use archie and/or other "net-surfing" tools to find a more up-to-date listing, if desired. WHAT IS ALL THIS NONSENSE ABOUT EXPORT CONTROLS? For a detailed rant, get ftp://ftp.csn.net/mpj/cryptusa.zip The practical meaning, until the law is corrected to make sense, is that you are requested to get PGP from sites outside of the USA and Canada if you are outside of the USA and Canada. If you are in France, I understand that you aren't even supposed import it. Other countries may be worse. It is illegal to export PGP from the USA to any country except Canada, even if that version of PGP originated outside of the USA. Don't do it. Don't ask me to do it. The law is not rational, but it exists, and the Federal Government has no sense of humor. On the other hand, if you should discover a copy of PGP in some place other than the USA, then you are bound by the laws of both that country and your own country with respect to what you can do with it, not necessarily by U. S. Law. Your laws may be more or less restrictive, and may possibly refer to U. S. Law through some sort of treaty. If you live in a place where you can freely distribute and use PGP, then I applaud your government. In spite of the best efforts of MIT and the other primary developers and distributors of PGP not to violate the International Traffic in Arms Regulations, MIT PGP has been observed to migrate to many foreign sites. Whoever is responsible for this export is responsible for their own actions and is not encouraged or endorsed by myself, Philip Zimmermann, or MIT. This doesn't necessarily mean that we agree with the law, or even that the law itself is Constitutional. It just means that becoming a test case is not fun. WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN THE USA? MIT PGP is only for noncommercial use because of restrictions on the licensing of both the RSA algorithm (attached to RSAREF) and the IDEA algorithm. PKP/RSADSI insist that we use RSAREF instead of the mpi library for reasons that make sense to them. For commercial use, use Viacrypt PGP, which is fully licensed to use both the RSA and IDEA algorithms in commercial and corporate environments. WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST IN CANADA? MIT PGP is only for noncommercial use because of restrictions on the licensing of the IDEA algorithm. Because the RSA algorithm isn't patented in Canada, you are free to use the mpi library instead of RSAREF, if you want to, thus freeing yourself of the RSAREF license. For commercial use, use Viacrypt PGP, which is fully licensed to use the IDEA algorithm in commercial and corporate environments. WHAT INTELLECTUAL PROPERTY RESTRICTIONS EXIST OUTSIDE NORTH AMERICA? MIT PGP is only for noncommercial in areas where there is a patent on software implementations of the IDEA algorithm. Because the RSA algorithm isn't patented outside of the USA, you are free to use the mpi library instead of RSAREF, if you want to, thus freeing yourself of the RSAREF license. For commercial use, you cannot buy Viacrypt PGP, but you can arrange to license your use of IDEA directly from ETH Zurich. If software implementations of IDEA are not covered by a patent in your country, then you can use the freeware versions of PGP, provided that you compile it with the mpi library instead of RSAREF. WHAT IS THE "TIME BOMB" IN MIT PGP 2.6? As a concession to the RSA patent holders (in return for endorsement of the legality of the freeware MIT PGP 2.6), MIT placed an inducement in MIT PGP 2.6 to encourage upgrade from the alledgedly patent-infringing PGP 2.3a to the MIT version. The nature of this inducement is a change in a packet ID byte that causes PGP 2.3a and earlier to reject messages created by MIT PGP 2.6 after 1 September 1994. Altering MIT PGP 2.6 to bypass this annoyance (though technically an easy change to the LEGAL_KLUDGE), invalidates the blessing of Public Key Partners on the licence of MIT PGP 2.6. Therefore, it is a bad idea. On the other hand, it is trivial to hack PGP 2.3a to accept these packets, and that (plus a few other bug fixes) is essentially what PGP 2.6ui is. None of the versions of PGP greater than 2.3 have problems reading the old packet ID values, so for maximum compatibility, the ideal is to write the old value and accept either value. Unfortunately, this time bomb has a negative effect on Viacrypt PGP 2.4, as well, which never infringed on anyone's patents. Viacrypt's solution was to issue PGP 2.7, which, by default acts just like MIT PGP 2.6, but has a config.txt option (explained in the release) that allows compatibility with both PGP 2.4 and PGP 2.6. Naturally, this also allows compatibility with PGP 2.3a. The time bomb is annoying for those who still wish to use PGP 2.3a, and for those who use Viacrypt PGP 2.4 and don't want to spend US$10 to upgrade to Viacrypt PGP 2.7, but considering the magnitude of the concession made by Public Key Partners in legitimizing the freeware PGP for use in the USA, it was worth it. For more information on the time bomb, see ftp://ftp.csn.net/mpj/pgpbomb.asc ARE MY KEYS COMPATIBLE WITH THE OTHER PGP VERSIONS? If your RSA key modulus length is less than or equal to 1024 bits (I don't recommend less, unless you have a really slow computer and little patience), and if your key was generated in the PKCS format, then it will work with any of the current PGP versions (MIT PGP 2.6, PGP 2.6ui, or Viacrypt PGP 2.7). If this is not the case, you really should generate a new key that qualifies. Philip Zimmermann is aware of the desire for longer keys in PGP by some PGP fans (like me), but wants to migrate towards that goal in an orderly way, by first releasing versions of PGP in for all platforms and for both commercial (Viacrypt) and freeware (MIT) flavors that ACCEPT long keys, then releasing versions that can also GENERATE long keys. He also has some other neat key management ideas that he plans to implement in future versions. BUGS These are the most annoying: MIT PGP 2.6 -- the function xorbytes doesn't. Replace the = with ^= to fix it. The effect of this bug is that RSA keys aren't quite as random as they should be -- probably not a practical problem, but worth fixing if you are going to compile the code yourself. Fixed in 2.6.1. MIT PGP 2.6 -- DON'T SET PGPPASS when editing your keys, because if you do, and if you don't change your pass phrase, the key is lost. (If this happens, rename your backup keyring files to the primary files before you do anything else). Fixed in 2.6.1. PGP 2.6ui -- Conventional encryption -c option doesn't use a different IV every time, like it is supposed to. (PGP 2.3a had this problem, too). Fixed in 2.6 and 2.6.1. HOW DO I PUBLISH MY PGP PUBLIC KEY? There are lots of ways. One way is to use a key server. Send mail to one of these addresses with the single word "help" in the subject line to find out how to use a key server. pgp-public-keys at pgp.iastate.edu public-key-server at pgp.ai.mit.edu pgp-public-keys at demon.co.uk FTP: ftp.demon.co.uk:/pub/pgp/pubring.pgp (Updated daily) pgp-public-keys at cs.tamu.edu pgp-public-keys at chao.sw.oz.au pgp-public-keys at jpunix.com pgp-public-keys at dsi.unimi.it pgp-public-keys at kiae.su pgp-public-keys at fbihh.informatik.uni-hamburg.de There is also an experimental public key server at http://ibd.ar.com/PublicKeys.html Another way is to upload it to the PGP public keys area of the Colorado Catacombs BBS (303-772-1062). Another way is to just send it to your correspondents. You could add it to your .plan file so that finger returns your key. You could add it to some of your postings. No matter which way you do it, you should have your key signed by someone who verifies that your key belongs to you, so that you don't have someone else generating a key that has your name on it, but that isn't yours. Here is my public key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAi4PT2QAAAEEAPPCZnrshEJ9PSnV+mXEwjM4kzJF0kyg2MnLMzo83vWI40ei jogncqdkXT0c2TQWg+Bsu9ckFoXdId0utumYv0aqd8yI/oU/DwJ1zJrqRL2PFbxe ZLofHoKFjvq1TiNiJq9ps3jW6iYS4IU1SzyKhjmyE+K0+WyrPPX0zg8FAL9FAAUR tCdNaWNoYWVsIFBhdWwgSm9obnNvbiA8bXBqQGNzbi5vcmc+IG1wajiJAJUCBRAu G3chZXmEuMepZt0BAZtAA/0Rw5mintlUDgHycNbeoyIiMHoLu8jWaCSaiGSt+dDU 1A/bUCo+gorv5TYxOClRf3XHjD6zSooWyUz3ehotrzPYLunhVOE2YBxPU+OvKFOc 37mcZrnXGBlF5NblnSYxp0186tGaTm7WMWx7NDlHT4GvhzHJQSOoo48ykDkKm/mk LIkAlQIFEC4PWbs/ZwY8hTPrxQEBKyMD/A7kv91C1ZZIRtkbC9k9lsWOgOnO8wG8 bGMajaco465Z5llWD+Y8QCMdSWcowtOBGfW0Wv1bZ1uebeCpg1L66pJ7C+BOExrk gPqRVCstLLiVerKGeSOZo3yXtxYKYX7mHQPrHp98ef7fUG4IiKS+S+znmGxpJwrV sHZRlhJ3hXUsiQCVAgUQLg9ZefX0zg8FAL9FAQFBTAQAh4u4Vun7WhPuL6fsXiXm paaGfeLtd3biRj/aOMAG1eHuhVdWejx71ormyKTdNB2YV56bpsE3JQ/KhBuYDo0N SkRnqeM2S+Ef7aZEg6Q44uXG52pqCZUldtCeYfOs3aLCR9SMlc6Y3zmpSwB1wKP0 5+tN9zruNYVKKBLWEIFAY7W0K01pY2hhZWwgUGF1bCBKb2huc29uIDxtLnAuam9o bnNvbkBpZWVlLm9yZz60IE1pY2hhZWwgSm9obnNvbiA8bXBqQG5ldGNvbS5jb20+ tChNaWtlIEpvaG5zb24gPDcxMzMxLjIzMzJAY29tcHVzZXJ2ZS5jb20+tCtNaWNo YWVsIFAuIEpvaG5zb24gPG1wam9obnNvQG55eC5jcy5kdS5lZHU+tC1EbyBub3Qg dXNlIGZvciBlbmNyeXB0aW9uIGFmdGVyIDI3IEp1bmUgMTk5Ni4= =rR4q - -----END PGP PUBLIC KEY BLOCK----- ___________________________________________________________ |\ /| | | | | \/ |o| | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....| | ||| \ \_/ |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAgUBLm3RD/X0zg8FAL9FAQGqnwQA5R8PVpgT0tHG7GSY2jjNM9EKnQAngOdy ByZYVhh9lm/7WywiiBsY5XWDwFUEwIC79e+UeCY+8lAhiUEEWQdCAvYO7b/LCtSn D9TL3teei4sH6Z4kpDFFn8peWVwoEc/2l9nWrtUlT1cFvBDKn1KRK8MlZgH0Gld4 J+vPYYYrDMg= =u06H -----END PGP SIGNATURE----- From jya at pipeline.com Wed Sep 7 08:44:37 1994 From: jya at pipeline.com (John Young) Date: Wed, 7 Sep 94 08:44:37 PDT Subject: Reputation Capital papers? Message-ID: <199409071543.LAA09844@pipe1.pipeline.com> Prompted by Hal's post I send the following FTP info on Information Sciences Institute. This is their README file. There is much more there, based on a quick look, juicy DoD stuff for the disloyal. John ------------------- USC INFORMATION SCIENCES INSTITUTE PUBLICATIONS Welcome to USC Information Sciences Institute FTP publications directory. When logging in, please use your complete email address as a password. For example: % ftp ftp.isi.edu NAME: anonymous PASSWORD: techlib at isi.edu (your_email_address at your_machine) ftp> cd isi-pubs ftp> use the standard ftp commands, such as "dir", "get", "cd", etc. ftp> "quit" when finished A few of our technical reports are now available, in postcript format, through ANONYMOUS FTP from ftp.isi.edu. If you would like to order hard copies of ISI technical reports, please send email to "techlib at isi.edu" or written requests can be sent to: USC Information Sciences Institute Library 4676 Admiralty Way, Suite 1001 Marina del Rey, CA 90292-6695 ATTN: Document Distribution If our stock has been depleted, you will be referred to the National Technical Information Service, NTIS. Here is a brief description of the files currently available online: -------------- -------------------------------------------------- ---- filename description -------------- -------------------------------------------------- ---- pubrec.ps This file contains a listing of all the technical reports published by ISI with abstracts. Approximately 50 pages. newpubs0794.ps This is our semi-annual publications announcement newpubs0194.ps newsletter and order form. It is published in January and July. Subsequent newsletters will follow the same filename format, newpubsMMYY.ps, e.g. newpubs0194.ps, newpubs0794.ps. isi-sr-93-374.ps Zoned Analog Personal Teleconferencing (ZAPT) isi-sr-93-374.ps.Z by J.D. Touch December 1993, 23 pages isi-rr-93-372.ps Employing Knowledge Resources in a New Text Planner Architecture by E. Hovy, J. Lavid, E. Maier, V. Mittal, C. Paris, 1992 (Not yet available online. Hard copy only.) 14 pages isi-rr-93-366.ps Synthesis of Asynchronous Systems from Data isi-rr-93-366.ps.Z Flow Specifications by T.-Y. Wuu, S.B.K. Vrudhula December 1993, 73 pages isi-rs-93-364.ps Security Services for Multimedia Conferencing by S. Stubblebine November 1993, 9 pages isi-rs-93-363.ps ATOMIC: A Low-Cost, Very High-Speed, Local Communication Architecture by D. Cohen, G. Finn, R. Felderman, A. DeSchon November 1993, 12 pages isi-rs-93-360.ps The Impact of Scaling on a Multimedia Connection Architecture by E. Schooler August 1993, 14 pages isi-rs-93-359.ps Case Study: Multimedia Conference Control in a Packet-Switched Teleconferencing System by Schooler August 1993, 18 pages isi-sr-93-358.ps The ISI "Tunnel" by A. DeSchon, D. Cohen October 1993 39 pages isi-rs-93-342.ps Parallel Communication by J. Touch March 1993, 12 pages isi-rs-93-301.ps Physics Analogs in Communication Models by J. Touch January 1993, 10 pages isi-rs-92-294.ps An Architecture for Multimedia Connection Management, by E. Schooler, S. Casner August 1992, 8 pages isi-rs-92-293.ps First IETF Internet Audiocast, by S. Casner, S. Deering July 1992, 6 pages isi-rr-92-291.ps ATOMIC: A Low-Cost, Very High-Speed LAN by D. Cohen, G. Finn, R. Felderman, A. DeSchon September 1992, 21 pages isi-rr-91-289.ps A Distributed Architecture for Multimedia Conference Control by E. Schooler November 1991, 18 pages isi-rs-91-286.ps Multimedia Conferencing: Has it Come of Age, by E. Schooler, S. Casner, J. Postel August 1991, 10 pages isi-rs-90-252.ps N-Way Conferencing with Packet Video, by S. Casner, K. Seo, W. Edmond, C. Topolcic April 1990, 10 pages From blancw at microsoft.com Wed Sep 7 09:42:18 1994 From: blancw at microsoft.com (Blanc Weber) Date: Wed, 7 Sep 94 09:42:18 PDT Subject: FW: believing three impossible things before breakfast Message-ID: <9409071642.AA25387@netmail2.microsoft.com> From: Carl Ellison . . . . . someone advocating that all you need to do is just tell teens to say "no" to sex before marriage, then you won't need to distribute condoms without parental permission.... Suddenly it hit me that the same frame of mind was clearly behind the Clipper Initiative. ........................................................ Are you saying that they think that if the phone moderators could just say "no" for us, overt supervisory functions could be eliminated? Blanc From jdwilson at gold.chem.hawaii.edu Wed Sep 7 09:52:03 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Wed, 7 Sep 94 09:52:03 PDT Subject: How Did This Get Done? In-Reply-To: <199409061446.HAA19128@jobe.shell.portal.com> Message-ID: On Tue, 6 Sep 1994 nobody at shell.portal.com wrote: > i am sure that there are other ways to do this...i don't know how usenet > news is passed, but i suspect this is also done in a similar way so if > you know the port number and the format, you could do it like that... With my SLIP software, I can set my domain name to be anything I want. When first implementing it I even made a mistake which gave me a name of sersol..com - note the two periods in succession. It would put out anything else as well. -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " " |P. O. Box 15432 | finger for full PGP key > " " /\ " |Honolulu, HI 96830 |====================================> \" "/ \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From frissell at panix.com Wed Sep 7 10:02:20 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 7 Sep 94 10:02:20 PDT Subject: NYT Fears Cypherpunks Message-ID: <199409071701.AA05832@panix.com> The article suggested that unless people turn to the State for protection from "anarchy" the State will fade. Here is my argument (recycled from a few years ago) as to why State power is fading: I expect that State authority will continue to weaken over the next few years for the following reasons: 1) The ruled outnumber the rulers. 2) The ruled outmass the rulers. 3) Traditionally, the rulers used a number of techniques to maintain their rule: a) Ideology of acquiescence and consent - The will of God, tradition, the will of the people, 'you can't fight City Hall,' Death and Taxes, The Government is All of Us, etc. b) The application of superior mobility and organization - we are everywhere, omniscience, omnipresence, etc. c) Point force. A mass of armed men in the field. 'Reduce the city. Leave no stone standing upon stone and sow the ground with salt.' 4) The effectiveness of the above require an ignorant, docile, immobile, and uncritical population: a) Respect for authority is on a rapid downward trend. Disobedience is widespread. One-third to one-half of the housing units in Nassau and Suffolk counties are illegal "in-law" apartments. Seventy-five percent of those hiring domestic workers in the US do not comply with tax and employment laws. Hundreds of thousands of assault rifle owners in New Jersey and California have not turned in their guns. I see no examples of any increase in respect for state authority. b) The mobility and organization of bureaucratic organizations is now less than the average private organization. Nation states are still geographically bound, we are not. The individual or small group has always had better organization than the State - he/it has just had less power. c) Point force only works against concentrated opponents. It is useless against mass movements of goods nd people like the market unless a totalitarian clampdown is used. If movement continues, State power is lost. 5. Freedom is not only an ideology, it is also what you get when people make relatively unconstrained choices. Even the most broken slave makes choices. When a modern, technologically advanced, mobile people makes choices, they can overwhelm control mechanisms. All they have to do is *choose*. They need not be ideologically committed libertarians. 6. Is there immigration control if millions of immigrants are on the march (here *and* in Europe)? Is there gun control if the number of guns possessed by the population (here *and* in Europe) continues to increase. If the amount of the world's wealth that is legally or illegally outside of the tax system increases, is taxation succeeding? 7. Predictions. Per capita gun ownership will continue to increase in all of the OECD countries as it has for years. Legal and illegal immigrants as a percentage of total population will continue to grow. The percentage of the Gross World Product that does not flow through the coffers of the world's States will continue to grow as it has for the last ten years. 8. Unless the above trend lines reverse and the "coercive sector" regains some moral authority freedom of choice will continue to grow. For example, if gun ownership per capita continues to grow, at some point everyone who wants a gun will have one. No gun control. 9. Controlling people is difficult. It has all of the normal problems of hydrology with the added complication that in this case the "water" is intelligent. Controlling smart, rich, well- equipped people is a doomed occupation. Unless they can figure some way to chain us back in the fields, they're doomed. DCF "Though he may be poor He will never be a slave" From mech at eff.org Wed Sep 7 10:39:22 1994 From: mech at eff.org (Stanton McCandlish) Date: Wed, 7 Sep 94 10:39:22 PDT Subject: O'Reilly PGP book Message-ID: <199409071738.NAA02023@eff.org> coming soon, PGP hits the mainstream: PGP: Pretty Good Privacy by Simson Garfinkel 1st Edition November 1994 (est.) 250 pages (est),ISBN: 1-56592-098-8, $17.95 (est) PGP is a freely available encryption program that protects the privacy of files and electronic mail. It uses powerful public key cryptography and works on virtually every platform. PGP: Pretty Good Privacy by Simson Garfinkel is both a readable technical users guide and a fascinating behind-the-scenes look at cryptography and privacy. Part I of the book describes how to use PGP: protecting files and email, creating and using keys, signing messages, certifying and distributing keys, and using key servers. Part II provides background on cryptography, battles against public key patents and U.S. government export restrictions, and other aspects of the ongoing public debates about privacy and free speech. -- Stanton McCandlish

Online Activist From tcmay at netcom.com Wed Sep 7 10:48:45 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 7 Sep 94 10:48:45 PDT Subject: AIDs testing and privacy In-Reply-To: Message-ID: <199409071748.KAA05151@netcom3.netcom.com> > There are two pieces in the current comp.risks digest (16.39) about > cross-linking of US databases. References are to a cover story in > Business Week. Highlights are hospitals selling name/address info on > families with newborns and one state having sold it's drivers' licence > register... > > -- Rolf And don't forget that hospitals and doctors will be forwarding patient records to the National Health Recovery Act headquarters outside Washington, right near the CIA, NSA, NRO, Central Imagery Office, FBI, and, of course, the Big Three credit agencies. I'm less worried that a pharmacist will add me to some database he keeps than that my doctor will be instructed to compile a dossier to government standards and then zip it off over the Infobahn to the authorities. Buying "a la carte" insurance for specific conditions and not others is surely a "cypherpunkish" free choice, and neatly sidesteps the problems of having to pay for others in the current way. (For example, someone with no tendency toward Foobar's Disease can elect to exclude this coverage.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From talon57 at well.sf.ca.us Wed Sep 7 10:59:37 1994 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 7 Sep 94 10:59:37 PDT Subject: MISC: public key revocation certificate Message-ID: <199409071759.KAA11412@well.sf.ca.us> -----BEGIN PGP SIGNED MESSAGE----- 'punksters After carefull consideration of the matter I have decided to follow Philip Zimmermans request, revocation certificate follows. - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiwobjEAAAEEAMvfOcPMSdd8EASpRCj5H2KdXR8f/nVcOyQ1vg6SaX6yCQb0 aO4fRgfZg2aoyQVLRPmrpV0YzeRjHwadUz3THLK3LUtA5RR6W+MHoxSQB5iVIqek Lzg5cl4O9wzovzDjc0zSQW/prCGLs9aYx/WYWWXaYngZe7kTRKKSjm8cgaFtAAUR iQCVAgUgLm34g6KSjm8cgaFtAQEunAP+MZB2xfL0mDP+OjjQDqpkn/u32SRKZ5ZF VjGhIFglJuyE+JehqmiT0liy8PJzeif95aWDtT1IOAuk9L6BwZpx9+m0PMRKkjNH 1InjapVYVPyb5JBJKo5LjcWLVdx3eyiJ0GOzb+zBQEnrBkGWe13xj9UNs37o/TjF utQ7Oi1jOAC0KEJyaWFuIEQgV2lsbGlhbXMgPHRhbG9uNTdAd2VsbC5zZi5jYS51 cz4= =3HLA - -----END PGP PUBLIC KEY BLOCK----- Please note the new key; - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAy5t4PAAAAEEANaECzfBmf3e0wSsuObKfi0xVb74347rNH+HX3yEPPLi0b+Z pQFRLvw9ClCwOpRGBTNgaARp/Y8/eQeyzmSOIhwHfR57X5J/XGMYmGWbQ9+84jUD xE9m+2Gux1L9L0YvvekuG486PfpHNgP8US9KpOn9zXEJJ89VkFmp8FjpRfTVAAUX tChCcmlhbiBEIFdpbGxpYW1zIDx0YWxvbjU3QHdlbGwuc2YuY2EudXM+ =C1+Q - -----END PGP PUBLIC KEY BLOCK----- Brian Williams Extropian Cypherpatriot "Cryptocosmology: Sufficently advanced communication is indistinguishable from noise." --Steve Witham "Have you ever had your phones tapped by the government? YOU WILL and the company that'll bring it to you.... AT&T" --James Speth -----BEGIN PGP SIGNATURE----- Version: 2.6.1 iQCVAwUBLm39GFmp8FjpRfTVAQGbggP+M0ulfpczRkDXz335N++miPPn0zkY1gJ6 XrfGuPjVUduxcj3flDBPXSw1MHi6AqB9Hv+X2+1eD9Vta9CHGEfcsdc7SVvuhyGD +xA8SLLkbrQjoYYpegFYi2cRCO7CJUGqB39bgnG0mXp1aKn5cfyKxa8cB22Uy5UO /ZE/dtRMK1I= =0Psj -----END PGP SIGNATURE----- From tcmay at netcom.com Wed Sep 7 11:37:20 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 7 Sep 94 11:37:20 PDT Subject: (fwd) Re: NETCOM/FBI Spying "Business as Usual" Message-ID: <199409071837.LAA10783@netcom3.netcom.com> I found this in the eff group, and think it has some implications for remailer operators and their logs. (That the FBI is subpoenaing e-mail records is not news, but the connection to the Kevin Mitnick case is.) Explanation: In an earlier message, Glen Roberts of "Full Disclosure" gave his informed speculation that this subpoena has to do with the FBI's search for uber-hacker Kevin Mitnick. The guy being subpoenaed and monitored, Lewis De Payne, comments below. The concern for remailer operators is that while I was reading this saga, all I could think of was 'Why didn't they use remailers?" I planned to comment on this in the public groups. (And I may still, if somebody else doesn't beat me to it.) But of course the concern is that if the FBI is going on a fishing expedition (a legal term :-}) for e-mail records, and Netcom is cooperating, then had they used remailers to communicate, we could now be seeing subpoenas of *remailer logs*. (This will happen eventually. All the more reasons for multiple national jurisdictions, for destruction of logs, for bonding of remailers, and for "forward secrecy" (a la Diffie-Hellman) to be implemented somehow.) > Xref: netcom.com alt.2600:23077 alt.2600hz:100 alt.privacy:18575 comp.org.eff.talk:39275 > Newsgroups: alt.2600,alt.2600hz,alt.privacy,comp.org.eff.talk > Path: netcom.com!lewiz > From: lewiz at netcom.com (Lewis De Payne) > Subject: Re: NETCOM/FBI Spying "Business as Usual" > Message-ID: > Followup-To: alt.2600,alt.2600hz,alt.privacy,comp.org.eff.talk > Organization: NETCOM On-line Communication Services (408 261-4700 guest) > X-Newsreader: TIN [version 1.2 PL1] > References: > Date: Wed, 7 Sep 1994 17:24:35 GMT > Approved: mitnick at hideout.com > Lines: 25 > > Glen Roberts (glr at ripco.com) wrote accurately: > : > : Some of you may be aware of the FBI subpeona for email transactions of > : lewiz at netcom.com. > : > : She wouldn't discuss the particulars of lewiz at netcom.com, and said they > : were "not open to talking about it." > > I will be sending you a story for Full Disclosure. In it, I will discuss > how tech support at netcom told another party (whose name will remain > anonymous until I receive a subpoena) that the FBI was watching my acct, > and that they were served with an order. This was disclosed to a > third-party by tech support! I will also discuss my conversation with > the various people at netcom regarding this matter, as well as the > letter I sent to netcom explaining to them that their "monitoring" of > my account to conform with the _sealed_ court order was slowing me > down too much, and that if they didn't correct it, I might go find > another provider, and then they wouldn't be able to monitor me. > > Lots more to come... in Full Disclosure Live. > > -- > cc: Kathleen Carson, S.A., FBI, LA, CA. || Pursuant to Court Order > Kenneth G. McGuire, III. S.A., FBI, LA, CA. || served August 11, 1994 > Stanley E. Ornellas, S.A., FBI, LA, CA. || on Netcom Communications > From rishab at dxm.ernet.in Wed Sep 7 11:50:07 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Wed, 7 Sep 94 11:50:07 PDT Subject: Social punishment 1/3: law without enforcers Message-ID: Social punishment 1/3: law without enforcers I live in a country where many laws are simply not followed. As laws are always behind the times, this can lead to an environment that, ignoring laws, follows the times. (For example due to no legal precedents there is theoretically no electronic privacy and all my mail is read. This is not, in practice the case - if my mail is indeed read, then it's probably by the NSA). When the legal system is lax, society falls back on age-old methods of keeping order - a system of taboos and 'social' punishment such as ostracization. In small tribes or villages ostracization is the most passive of punishments - indeed by definition it implies _non_-cooperation or having _nothing_ to do with a person. It is also the most powerful, often better for the society than capital punishment which simply gets rid of a person who might be useful if following the rules. Of course societies that continue to use 'social' punishment do so to enforce antideluvian values (don't talk to those people, don't engage in pre/extra- marital or deviant sex, etc). This is not the fault of the system of social punishment, rather that of the society itself. The system of social punishment can easily be adapted to educated, liberal inhabitants of cyberspace, much more easilty than can present law enforcement systems. My next post will examine the similarities between tribal and cyberspatial society. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From vaccinia at med.unc.edu Wed Sep 7 12:58:48 1994 From: vaccinia at med.unc.edu (Scott G. Morham) Date: Wed, 7 Sep 94 12:58:48 PDT Subject: T-shirts Message-ID: <9409071958.AA07734@earl.med.unc.edu> -----BEGIN PGP SIGNED MESSAGE----- Since we're on the subject of T-shirts, does anyone have any X-large or XX-large T-shirts with the "1984, We're a little behind Schedule!" logo on them? If someone is ever going to do another run of them I would be interested in buying one or two of them. The "Big Brother Inside" on the front and the "1984" logo on the back would be an ideal shirt! Anyway, if anybody knows where I could purchase such a shirt please contact me at the below address. Thanks. Scott G. Morham !The First, VACCINIA at uncvx1.oit.unc.edu! Second PGP Public Keys by Request ! and Third Levels ! of Information Storage and Retrieval !DNA, ! Biological Neural Nets, ! Cyberspace -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLmolmD2paOMjHHAhAQGBLgP/RipTDTCeY4IcGP3padoDcNWDexgy8M94 5YUZb4rzjmv3lu/WoSI4jXV4SZAxOW8F5lia8dkxtkeKAYTVwPdmWJvJ8V3BbEYv vg4juygrULe1wX3toHnI4ueQCFDoBxacCzM1KRhpcD6q2sKyWsfZKbMniko/AhvY InA/gnPiVJo= =akOU -----END PGP SIGNATURE----- From frissell at panix.com Wed Sep 7 12:59:06 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 7 Sep 94 12:59:06 PDT Subject: AIDs testing and privacy Message-ID: <199409071957.AA24790@panix.com> At 10:48 AM 9/7/94 -0700, Timothy C. May wrote: > >And don't forget that hospitals and doctors will be forwarding patient >records to the National Health Recovery Act headquarters outside >Washington, right near the CIA, NSA, NRO, Central Imagery Office, FBI, >and, of course, the Big Three credit agencies. > >I'm less worried that a pharmacist will add me to some database he >keeps than that my doctor will be instructed to compile a dossier to >government standards and then zip it off over the Infobahn to the >authorities. I suppose I shouldn't admit this as a privacy advocate but I wonder why anyone is interested in all this health/credit data. Since they can't *do* anything with it in the real world, seems like a waste of time. Especially the health data. Suppose "they" find out something about your health status and "they" deny you insurance. Under the system "they" have constructed, you just show up and get "health care" anyway -- whether at the local hospital or in Toronto or London. The only "advantage" that "they" get from finding out about your health status and denying you insurance is that you no longer have to pay them any money. You still get the same level of care. If you are a bright person with a big mouth, you can get them to spend as much dough on you -- sans insurance -- as they would on a normal schlubb *with insurance*. That's the way "they" set up the system. It may not even be too illibertarian of you to play the system like that since they have used force to prevent you from buying your care on an open market. As for the credit info, since you can get whatever you *really* want without a good (personal) credit history, what is the point of all these conflicts over credit reporting. I like to practice privacy and, like normal medical intervention, it can help individuals on the margin, neither personal privacy nor personal medical intervention are statistically significant when we consider the well-being of the general population. Strong market institutions are more important than privacy and sewers and vector control are more important than office visits for securing (respectively) human wealth and human health. DCF "You don't have to be nice to nation states that you meet on the way up if you're not coming back down." From cactus at bb.com Wed Sep 7 14:24:51 1994 From: cactus at bb.com (L. Todd Masco) Date: Wed, 7 Sep 94 14:24:51 PDT Subject: Al Gore's home page In-Reply-To: <9409071245.AA22475@snark.imsi.com> Message-ID: <34lbaq$eci@bb.com> In article <9409071245.AA22475 at snark.imsi.com>, Perry E. Metzger wrote: > >Lucky Green says: >> Why can't politicians stay away from stuff they don't understand? >> Because that would mean that they have to stay away from everything. > >I would be much more frightened if they did fully understand. Actually, what's frightened me the most about this administration is that they have half a clue; And they seem to be willing to learn, if only by making mistakes that affect the rest of us. Gore's always kept up on technical issues, but hasn't actually lived them, and that's the problem: the routine use of the technology changes your POV far more than reading the specs. -- L. Todd Masco | "Which part of 'shall not be abridged' didn't cactus at bb.com | you understand?" From mmarkley at microsoft.com Wed Sep 7 14:34:05 1994 From: mmarkley at microsoft.com (Mike Markley) Date: Wed, 7 Sep 94 14:34:05 PDT Subject: AIDs testing and privacy Message-ID: <9409072133.AA12197@netmail2.microsoft.com> Duncan Frissell wrote: | | I suppose I shouldn't admit this as a privacy advocate but I wonder why | anyone is interested in all this health/credit data. Since they can't *do* | anything with it in the real world, seems like a waste of time. What about being denied a job because you have been treated for some disease? How about being denied a loan because your medical history has a profile that indicates that your life expectancy is shorter than the duration of the loan? It seems that the potential for abuse is so great that we should not allow such cross referencing. Mike. ===================================================== Mike Markley I'm not a Microsoft spokesperson. All opinions expressed here are mine. ===================================================== From jamiel at sybase.com Wed Sep 7 15:14:54 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Wed, 7 Sep 94 15:14:54 PDT Subject: AIDs testing and privacy Message-ID: At 7:28 AM 09/07/94, Mike Markley wrote: >What about being denied a job because you have been treated for some >disease? How about being denied a loan because your medical history has >a profile that indicates that your life expectancy is shorter than the >duration of the loan? It seems that the potential for abuse is so great >that we should not allow such cross referencing. Another example- A Lyndon LaRouche type could get elected. (I personally don't have enough faith in the Folk At Large not to hand someone like that power) "Starting tomorrow, all Hawiian Citizen Units will begin moving to the mainland. Some of the smaller islands have been cleared, and HIV+ units are being relocated as this address is being broadcast..." -j From jkreznar at ininx.com Wed Sep 7 15:29:16 1994 From: jkreznar at ininx.com (John E. Kreznar) Date: Wed, 7 Sep 94 15:29:16 PDT Subject: NYT Fears Cypherpunks In-Reply-To: <199409071701.AA05832@panix.com> Message-ID: <9409072228.AA05063@ininx> -----BEGIN PGP SIGNED MESSAGE----- frissell at panix.com (Duncan Frissell) writes: > The article suggested that unless people turn to the State for protection > from "anarchy" the State will fade. > Here is my argument (recycled from a few years ago) as to why State power is > fading: Fading of government power must begin with popular refusal to gratuitously accept the favors of government. Since this looks unlikely, it appears to me that the trend to ever-more oppressive government will continue for a while yet. It will probably only end in catastrophic collapse. > I expect that State authority will continue to weaken over the next few > years for the following reasons: > 1) The ruled outnumber the rulers. Big government is caused not by ``rulers'', but by the demand created by its beneficiaries. Kill the rulers, and the beneficiaries will erect new ones in their place. Kill the beneficiaries and the rulers will find themselves without a job. More useful than the rulers-ruled division is the division into those who gratuitously accept the benefits of government (usually without even realizing that this is why government gets so big), and those who scrupulously avoid gratuitous involvement with government. The latter are an infinitesimal fraction who are being overwhelmed by the former. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLm49n8Dhz44ugybJAQHnawP/UOT7s5ciyUSYwsBdrlsswLUeJNlI/s6n aEuH8pxdxRLmNTPYj378oxa3VpPx5vqbsCvLFtTgydVsbO9Jfu6kjkmJIn8BqOSt 5/c/9kMG0isvRDQNzKyfvKoRmzZ84zztDWsQMi0xXd+QeW0+KF4gv4Fh3wzhOrl4 SDVzfWTV6Kk= =Iscn -----END PGP SIGNATURE----- From jya at pipeline.com Wed Sep 7 15:32:51 1994 From: jya at pipeline.com (John Young) Date: Wed, 7 Sep 94 15:32:51 PDT Subject: Al Gore's home page Message-ID: <199409072232.SAA28227@pipe1.pipeline.com> Anybody noticed that Al is being ported around Cairo tourist traps to divert attention from more articulate and threatening targets of the fundamentalists? Creeping slowly around on bright shiny crutches for laser-aiming, yet. His home page is empty because he wont be needing it? Naw. From tcmay at netcom.com Wed Sep 7 16:14:01 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 7 Sep 94 16:14:01 PDT Subject: AIDs testing and privacy In-Reply-To: <9409072133.AA12197@netmail2.microsoft.com> Message-ID: <199409072314.QAA17630@netcom7.netcom.com> Mike Markley wrote: > What about being denied a job because you have been treated for some > disease? How about being denied a loan because your medical history has > a profile that indicates that your life expectancy is shorter than the > duration of the loan? It seems that the potential for abuse is so great > that we should not allow such cross referencing. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ There's the rub! While I may not _like_ what people or companies do with data about me, I generally don't support laws telling them what they can do, what they can't do, etc. And such normative laws ("they shouldn't keep such records and hence we'll outlaw them") won't work in an era of strong crypto and privacy. In fact, some of us support data havens precisely to have records of, say, terminal diseases so we'll not lend money to Joe-who-has-AIDS. It may not be "fair" to Joe, but it's my money. (Same idea as in using offshore or cryptospatial data havens to bypass the nonsense in the "Fair Credit Reporting Act" that outlaws the keeping of certain kinds of facts about credit applicants, such as that they declared bankruptcy 10 years ago or that they left a string of bad debts in Germany in the 1970s, etc.) I won't go into the many issues here, as this is an ideological digression. Cypherpunks understand that laws won't protect their privacy. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From meconlen at IntNet.net Wed Sep 7 17:02:15 1994 From: meconlen at IntNet.net (Michael Conlen) Date: Wed, 7 Sep 94 17:02:15 PDT Subject: AIDs testing and privacy In-Reply-To: <199409072314.QAA17630@netcom7.netcom.com> Message-ID: > > What about being denied a job because you have been treated for some > > disease? How about being denied a loan because your medical history has > > a profile that indicates that your life expectancy is shorter than the > > duration of the loan? It seems that the potential for abuse is so great > > that we should not allow such cross referencing. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > There's the rub! While I may not _like_ what people or companies do > with data about me, I generally don't support laws telling them what > they can do, what they can't do, etc. Lets say a place wont hire blacks, and you happend to be black, and wanted to work for such a company. Would you do what you can to hide your color, if possible, to get hired, then let them try to fire you over it, or would you decide that you wouldnt want to work for this company at all? What if MOST companys had this policy... ...and the ones that didnt, wouldnt pay anyone what they are worth. What then? If one or two companys would be the ones deciding what to do based on this information then I wouldnt see much problem in it, I would choose to do buisness with other companys based on there ethic, however I dont think many companys that I will do buisness with are the likes that wont use anything they can get there hands on. Assuming this to be true, it could be very difficult to live if every company knew I was such and such. Groove on Dude Michael Conlen From jya at pipeline.com Wed Sep 7 17:33:12 1994 From: jya at pipeline.com (John Young) Date: Wed, 7 Sep 94 17:33:12 PDT Subject: Data havens Message-ID: <199409080032.UAA22826@pipe1.pipeline.com> Responding to msg by tcmay at netcom.com (Timothy C. May) on Wed, 7 Sep 4:14 PM >And such normative laws ("they shouldn't keep such >records and hence we'll outlaw them") won't work in an >era of strong crypto and privacy. In fact, some of us >support data havens precisely to have records of, say, >terminal diseases so we'll not lend money to >Joe-who-has-AIDS. It may not be "fair" to Joe, but >it's my money. It is worth noting that private "data havens" of all sorts abound, especially for financial matters, and most are not subject to governmental regulation. Some banks have research departments that are older and more comprehensive than credit reporting agencies. Favored customers can use them for evaluation of private deals. Large law firms maintain data banks that approach those of banks, and they grow with each case, through additions of private investigators paid for by successive clients. Security professionals, like Wackenhut and Kroll, also market the fruits of substantial data collections. To these add those of insurance, bonding, investment, financial firms and the like which help make or break business deals. It's probable that massive government-regulated consumer data banks contain far less useful information than that of the private market where serious money is made with the best, privileged information. Some may be porous but most are guarded better than Ft. Knox, with special protection against Uncle Sam's snoopers, indeed more secure than consumer records because more valuable. Any c'punkers in the security side of the financial industry want to comment? Anonymously of course. John From tcmay at netcom.com Wed Sep 7 17:38:30 1994 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 7 Sep 94 17:38:30 PDT Subject: Hiring Blacks In-Reply-To: Message-ID: <199409080019.RAA01639@netcom9.netcom.com> Michael Conlen writes: > Lets say a place wont hire blacks, and you happend to be black, and > wanted to work for such a company. Would you do what you can to hide your > color, if possible, to get hired, then let them try to fire you over it, > or would you decide that you wouldnt want to work for this company at > all? What if MOST companys had this policy... ...and the ones that didnt, > wouldnt pay anyone what they are worth. What then? Were I black, I wouldn't want to work for them. However, if they asked my race, and I lied/deceived them, and they discovered it later (naturally), I would expect to be fired. That's life in a society based on voluntary interactions. Libertarianism 101. (It's also part of Libertarianism 101 that such a company would not likely do well in this day and age. Before you cite America's racist past, read up on who it was that enforced segregation. Hint: not the corporations. Ditto for South Africa (the "other" RSA), where the Apartheid Laws came into being because companies were looking to hire blacks and coloreds to fill job position, and the whites didn't like that much.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From shamrock at netcom.com Wed Sep 7 17:42:54 1994 From: shamrock at netcom.com (Lucky Green) Date: Wed, 7 Sep 94 17:42:54 PDT Subject: AIDs testing and privacy Message-ID: <199409080042.RAA27432@netcom7.netcom.com> Tim wrote: > >And don't forget that hospitals and doctors will be forwarding patient >records to the National Health Recovery Act headquarters outside >Washington, right near the CIA, NSA, NRO, Central Imagery Office, FBI, >and, of course, the Big Three credit agencies. > I have not heard of this. Would someone please elaborate? -- Lucky Green PGP public key by finger From shamrock at netcom.com Wed Sep 7 17:43:25 1994 From: shamrock at netcom.com (Lucky Green) Date: Wed, 7 Sep 94 17:43:25 PDT Subject: Introduction: Telephone traffic analysis Message-ID: <199409080043.RAA27552@netcom7.netcom.com> I stumbled upon this great explanation of telephone traffic analysis and thought I'd share it with the list: Remember also, as far as security goes, that individuals always have the ability to add their own encryption to a system. But I would argue that encryption is also of minimal protection against a knowledgable telephone company or government with message traffic flow tracking capability. This is a capability that every phone company has since they use it to generate your bill every month. Consider the following: Some undesirable activity (to the govt or phoneco) is happening. The govt/phoneco (govco) is able to identify one or more persons involved. (now known as targets.) Targets: *1* *2* *3* They track and compare the frequency of calling patterns made by the targets. Now they know the "calling circle" of the targets. They expand the tracking pattern and start looking for cross overs. Targets: *1* *2* *3* / | \ / | \ | Level 1: A B C D E A F When they start to find a commonality (by Phone # or account holder(s)) they can begin to build the list of those persons most often called within the identified target group. In the above 'A' is common to targets *1* and *2*, thereby implying that the "group" is composed of *1*, *2*, and 'A'. Those most often called are the "key communicators", regardless of any formal or informal organization or public presence. By iterating this process recursively the entire organization and any supporting sympathizers can eventually be located. Both by members of the target group and by others outside the group who may not have any knowledge of other members of the group or even of themselves being in a group. Further, since all phone numbers are tied in the planning databases to physical locations and to billing addresses, enough data can be gathered to completely locate and identify (for further evidence research and cross referencing) members and supporters. Notice that this works even in those cases where no formal organization exists. Notice that this works regardless of whether the communications in question are encrypted or not. Applying this means that a movement, or any organized or coordinated activity could be disrupted by proper targeting of those who are the true key communicators. Actions as simple and subtle as cutting off phone service, placing bad credit reports, starting a tax audit, getting the person a better paying job in a different area, etc., etc. could all be just as effective as outright arrest and harassment. If they don't work, then things would escalate. So consider this as well and don't rely just on encryption to keep yourself secure. -- Lucky Green PGP public key by finger From meconlen at IntNet.net Wed Sep 7 18:51:32 1994 From: meconlen at IntNet.net (Michael Conlen) Date: Wed, 7 Sep 94 18:51:32 PDT Subject: Hiring Blacks In-Reply-To: <199409080019.RAA01639@netcom9.netcom.com> Message-ID: > (It's also part of Libertarianism 101 that such a company would not > likely do well in this day and age. Before you cite America's racist > past, read up on who it was that enforced segregation. Hint: not the > corporations. Ditto for South Africa (the "other" RSA), where the > Apartheid Laws came into being because companies were looking to hire > blacks and coloreds to fill job position, and the whites didn't like > that much.) Only ment as an example... ...not as an accuatual pratice. I agree that a company that praticed thoes polices would not make it far. The Minority is enough to pull a company down on there own. The Minority has friends that are not minority. Enough to quickly bankrupt the comany. Hiring pratices based on things other then the quality of work produced is another thing. Groove on dude Michael Conlen From M.Gream at uts.EDU.AU Wed Sep 7 18:56:45 1994 From: M.Gream at uts.EDU.AU (Matthew Gream) Date: Wed, 7 Sep 94 18:56:45 PDT Subject: Aust crypto regulations In-Reply-To: <9409070857.ZM12456@simple.sydney.sgi.com> Message-ID: <9409080153.AA18297@acacia.itd.uts.EDU.AU> "Ian Farquhar" wrote: > > It's kinda interesting, because another contact I have in DSD said that > he wasn't aware of any restrictions on the distribution of crypto > software. This may have been simply a personal lack of knowledge, but it > also may indicate the obscurity of the restriction itself. It also interests > me in that their charter gives DSD absolutely no responsibility for the > control of domestic crypto. This intrigued me, as I too see no basis for their controls. The prohibited exports come under the Customs Act, and it may well be that the upfront "general software note" which excludes public domain and other software isn't yet instilled in legislation. I'll have to look at the Customs Act itself to see how the prohibited exports ties in. Finding out what group constructed this documentation and hence the relevance of that note is another avenue. I wouldn't hesitate to speculate that they are asserting controls over crypto that they don't really have. The issue still requires further investigation though. cheers, Matthew. -- Matthew Gream (02) 821-2043 (sw/hw engineer) From frissell at panix.com Wed Sep 7 21:01:31 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 7 Sep 94 21:01:31 PDT Subject: AIDs testing and privacy Message-ID: <199409080401.AA23344@panix.com> At 02:28 PM 9/7/94 TZ, Mike Markley wrote: >What about being denied a job because you have been treated for some >disease? There are more than 1,000,000,000 employers on earth (not counting yourself). Get a job from someone else. Try contract employment. >How about being denied a loan because your medical history has >a profile that indicates that your life expectancy is shorter than the >duration of the loan? It seems that the potential for abuse is so great >that we should not allow such cross referencing. Borrow from someone else. Save the money. Buy something cheaper. Use your wife's/kid's/friend's credit. There are plenty of options. DCF From frissell at panix.com Wed Sep 7 21:02:24 1994 From: frissell at panix.com (Duncan Frissell) Date: Wed, 7 Sep 94 21:02:24 PDT Subject: AIDs testing and privacy Message-ID: <199409080401.AA23420@panix.com> At 03:19 PM 9/7/94 -0700, Jamie Lawrence wrote: >Another example- A Lyndon LaRouche type could get elected. >(I personally don't have enough faith in the Folk At Large >not to hand someone like that power) "Starting tomorrow, >all Hawiian Citizen Units will begin moving to the mainland. >Some of the smaller islands have been cleared, and HIV+ >units are being relocated as this address is being broadcast..." Obviously, privacy is more important in a totalitarian society but those sorts of social arrangements have become less likely since markets would largely prevent their development. Capital flight and punishingly high interest rates would squash any developed country that tried the totalitarian route these days. They couldn't afford it. DCF From shamrock at netcom.com Wed Sep 7 21:10:27 1994 From: shamrock at netcom.com (Lucky Green) Date: Wed, 7 Sep 94 21:10:27 PDT Subject: Al Gore's other home page Message-ID: <199409080410.VAA19094@netcom7.netcom.com> What do you know. Al Gore's home page might be a bust, but he presents the "Tool kit to reinvent government" at http://www.npr.gov/ The page features a huge picture of Al hacking away on his computer. Still, I have the suspicion that his ideas of reinventing the government are somewhat different from ours. Well, he is asking for feedback through his electronic townhall. Let's give him some. -- Lucky Green PGP public key by finger From alano at teleport.com Wed Sep 7 21:56:50 1994 From: alano at teleport.com (Alan Olsen) Date: Wed, 7 Sep 94 21:56:50 PDT Subject: AIDs testing and privacy Message-ID: <199409080456.VAA22359@teleport.com> >Obviously, privacy is more important in a totalitarian society but those >sorts of social arrangements have become less likely since markets would >largely prevent their development. Capital flight and punishingly high >interest rates would squash any developed country that tried the >totalitarian route these days. They couldn't afford it. The nature of control freaks is that they ignore the actual costs of their actions. Is the government actually concerned with the true costs of installing monitoring devices into every phone switch in the country? Do they really think of the financial costs associated every little decision designed to control our lives? The true concern is *POWER*. How they can get it, how they can keep it, and how they can extend their grasp into more and more of your/mine/everyone's lives. What must be determined is how to identify control freaks and what to do with/to them when you find them. /========================================================================\ |"I would call him a Beastialic Sadomasochistic | alano at teleport.com | |Necrophile but that would be beating a dead | Disclaimer: | |horse." -- Teriyaki (What's up Tiger Lily?) | As if anyone cares! | \========================================================================/ From blancw at pylon.com Wed Sep 7 22:37:59 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Wed, 7 Sep 94 22:37:59 PDT Subject: AIDs testing and privacy Message-ID: <199409080538.WAA25986@deepthought.pylon.com> Responding to msg by Mike Markley: What about being denied a job because you have been treated for some disease? How about being denied a loan because your medical history has a profile that indicates that your life expectancy is shorter than the duration of the loan? It seems that the potential for abuse is so great that we should not allow such cross referencing. ................................................................. ..... Hey, Mike, just remember in the real world no one is required to be kind. If some hospital or company makes a decision to deny service for whatever reason they justify to themselves, it's their call as long as they are not owned by the State. They would likely make the same decisions upon receiving any information which represented a potential loss of revenue, whether that information came from special history files or from a client's personal admission. Even though having information about oneself passed around among agencies is odious to contemplate, what a private company decides to do as a consequence of their information is not really 'abuse'. (How they get that information in the first place, however, could be.) Blanc From blancw at pylon.com Wed Sep 7 22:38:22 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Wed, 7 Sep 94 22:38:22 PDT Subject: Social punishment 1/3: law without enforcers Message-ID: <199409080538.WAA25992@deepthought.pylon.com> Responding to msg by rishab: The system of social punishment can easily be adapted to educated, liberal inhabitants of cyberspace, much more easilty than can present law enforcement systems. My next post will examine the similarities between tribal and cyberspatial society. ........................................................ I don't know yet what you are going to say about the similarities between tribal & cyberspatial societies, but one thought which immediately struck me in your sentence is that you are putting two very different ideas of society into the same category. The associations which occur in cyberspace are not like the ones which occur in the physical plane. The expectations are different - you don't expect to live with these other people in close proximity, you don't expect to identify with them as a group in the same way, you are not going to get the same benefits on a daily basis or even an extended time period, as you might from those with whom you interact on more than one level or kind of contact. I personally don't see interactions in cyberspace as constituting a 'society', even if they are 'social'. Maybe a drive-by society. Maybe drive-by law enforcement. :>) Blanc From blancw at pylon.com Wed Sep 7 22:39:21 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Wed, 7 Sep 94 22:39:21 PDT Subject: NYT Fears Cypherpunks Message-ID: <199409080538.WAA25984@deepthought.pylon.com> Responding to msg byJohn E. Kreznar: More useful than the rulers-ruled division is the division into those who gratuitously accept the benefits of government (usually without even realizing that this is why government gets so big), and those who scrupulously avoid gratuitous involvement with government. The latter are an infinitesimal fraction who are being overwhelmed by the former. ................................................................. .......... The latter must find a way to live their way in spite of the rest of them. It's the individual against the mindless State, you know. (or the Mindless Condition) Blanc From hart at chaos.bsu.edu Thu Sep 8 00:29:43 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Thu, 8 Sep 94 00:29:43 PDT Subject: Privacy regulations In-Reply-To: <199409072314.QAA17630@netcom7.netcom.com> Message-ID: <199409080729.CAA20260@chaos.bsu.edu> > I won't go into the many issues here, as this is an ideological > digression. Cypherpunks understand that laws won't protect their privacy. > Timothy C. May | Crypto Anarchy: encryption, digital money, There is a central contradiction running through the dabase regulations proposed by many so-called "privacy advocates". To be enforceable they require massive government snooping into database activities on our workstatins and PCs, especially the activities of many small at-home businesses (such as mailing list entrepreneurs who often work out of the home). Thus, the upshot of these so-called "privacy" regulations is to destroy our last shreds of privacy against government, and calm us into blindly letting even more of the details of our personal lives into the mainframes of the major government agencies and credit reporting agenices, who if they aren't explicitly excepted from the privacy laws (as is common) can simply evade them by using offshore havesn, mutual agreements with foreign investigators, police and intelligence agencies. If cypherpunks contribute nothing else we can create a real privacy advocacy group, advocating means of real self-empowerment, from crypto to nom de guerre credit cards, instead of advocating further invasions of our privacy as the so-called privacy advocates are now doing! The first political lobbying task of any real privacy advocacy group should be pushing for the reissue of Lotus Marketplace. A "privacy" group that works to keep the public misinformed about the information we are giving out, at the same time increasing the detail of government snooping of our private commerical data, itself displays the kind of bovine bliss that is the most dangerous threat to our privacy, and ultimately our freedom. Jim Hart hart at chaos.bsu.edu From hart at chaos.bsu.edu Thu Sep 8 00:53:28 1994 From: hart at chaos.bsu.edu (Jim Hart) Date: Thu, 8 Sep 94 00:53:28 PDT Subject: Introduction: Telephone traffic analysis In-Reply-To: <199409080043.RAA27552@netcom7.netcom.com> Message-ID: <199409080753.CAA20933@chaos.bsu.edu> This is a good argument for using e-mail digital mixes for even routine communications, and eschewing house-to-house phone conversations with one's closest associates. Here are some other alternatives: + Use public phones with transferable phone cards + Phone redialing services + Call large numbers of wrong numbers from your home phones. This is easy to do with a modem script, but might be hard to arrange so that you don't run up the phone bill or annoy lots of people. Jim Hart hart at chaos.bsu.edu From j.hastings6 at genie.geis.com Thu Sep 8 05:13:55 1994 From: j.hastings6 at genie.geis.com (j.hastings6 at genie.geis.com) Date: Thu, 8 Sep 94 05:13:55 PDT Subject: Karl Hess Club-L.A. area Message-ID: <199409081213.AA294876386@relay2.geis.com> -----BEGIN PGP SIGNED MESSAGE----- "Extremism in the defense of liberty is no vice, and let me remind you, moderation in the pursuit of justice is no virtue." -- Karl Hess Libertarian, anti- and pro-Party, joint meeting: VAN NUYS (the Valley) CALIFORNIA U-S-A- ------------------------------------------------ The following text was written by SEK3: --- T H E K A R L H E S S C L U B --- invites you to our fourth meeting on Monday, September 19, 1994 Joseph Miranda asks us, COUP D'ETAT, U.S.A.? Soon? And...So What? Seven Days in May. Now, The Enemy Within. Is a military takeover of these United States still a possibility? Can it happen here? And...who would care? Would a dictatorship be worse than democratic oppression? Would State trains...or buses...run on time? Could more be privatized? Come and find out. Feel free to join in the...interrogation! MC for 4: Mike Everling TIMES: 7pm dinner. 8 pm Libertarian Party presentation. 8:15 announcements 8:30 pm Joseph Miranda speaks! PLACE: Van Nuys Dugout, 14032 Oxnard Street 1 block from Hazeltine, in the Valley, at last. (p.15, E6, Old Thomas Brothers, says Mike). Or call Dugout at (818) 780-9458. DINNER: $12 each, includes soup or salad, garlic bread, coffee or iced tea, and a potato (baked or fried) (except with first entree choice) and one of four entrees: Spaghetti with meatballs, Fried Chicken, Fried Filet of Sole, or Acapulco Special (ground beef, cheese, onions & ortega pepper). Dessert extra. Full bar at hand. No charge for presentations only, of course. BUSES: The 420 is the most frequent, all-night bus in the Valley, running all the way downtown. NEXT MONTH: Oktoberfest -- and Elections! Kent - j.hastings6 at genie.geis.com Ham radio AX25: WA6ZFY @ WB6YMH.#SOCA.CA.USA.NA -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLm6XFzQYUX1dU7vxAQGutQQAvoNqZ214bQM3r+ECEF4TaoRJusOB9eLk UiC4PWVyaSuL4Yd4gp45pzRGGxW5sp9oNMXtEkQottGoBdNRGkwXYEyKUfVB9MvZ Tymc9yaGAvDr24vP4XIRXEf33tITS0KkYDf/qO7Ozv/fT2j2zS+7SOgDH4jp5brc y2VLs5uFX3Y= =xueN -----END PGP SIGNATURE----- From pckizer at tamu.edu Thu Sep 8 09:44:17 1994 From: pckizer at tamu.edu (Philip Kizer) Date: Thu, 8 Sep 94 09:44:17 PDT Subject: Al Gore's home page In-Reply-To: <34lbaq$eci@bb.com> Message-ID: <27196.779042547@gonzo> >>> Why can't politicians stay away from stuff they don't understand? >>> Because that would mean that they have to stay away from everything. *Grin* >>I would be much more frightened if they did fully understand. Yep..."Never attribute to malice..." and all that. >Actually, what's frightened me the most about this administration is >that they have half a clue; And they seem to be willing to learn, if >only by making mistakes that affect the rest of us. >Gore's always kept up on technical issues, but hasn't actually lived >them, and that's the problem: the routine use of the technology changes >your POV far more than reading the specs. It looks like the work of a "Kristian 'Kris' Chubb", rather than Al Gore, but check out: http://www.npr.gov/ it's got several pictures of Gore (sitting at a computer with his ultra serious expression, no less), and a voice intro by him. (sunsite.unc.edu seems to not be answering if you cannot follow some links) -philip ____________________________________________________________ Philip Kizer ___ Texas A&M CIS Operating Systems Group, Unix fnord pckizer at tamu.edu "Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds." -John Perry Barlow, EFF co-founder From jdwilson at gold.chem.hawaii.edu Thu Sep 8 09:48:09 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Thu, 8 Sep 94 09:48:09 PDT Subject: AIDs testing and privacy In-Reply-To: Message-ID: On Wed, 7 Sep 1994, Jamie Lawrence wrote: > Another example- A Lyndon LaRouche type could get elected. > (I personally don't have enough faith in the Folk At Large > not to hand someone like that power) "Starting tomorrow, > all Hawiian Citizen Units will begin moving to the mainland. > Some of the smaller islands have been cleared, and HIV+ > units are being relocated as this address is being broadcast..." AUWE! What a way to get the heart pumping in the morning - remember that this has happenned twice here: once sending victims of Hanson's Disease to Moloka'i, and again to send our Japanese-Americans to the mainland... -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " o " |P. O. Box 15432 | finger for full PGP key > " " / \ " |Honolulu, HI 96830 |====================================> \" "/ G \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From tcmay at netcom.com Thu Sep 8 10:42:55 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 8 Sep 94 10:42:55 PDT Subject: Privacy regulations In-Reply-To: <199409080729.CAA20260@chaos.bsu.edu> Message-ID: <199409081742.KAA13522@netcom7.netcom.com> Jim Hart writes: > > digression. Cypherpunks understand that laws won't protect their privacy. > > > Timothy C. May | Crypto Anarchy: encryption, digital money, > > There is a central contradiction running through the dabase regulations > proposed by many so-called "privacy advocates". To be enforceable > they require massive government snooping into database activities > on our workstatins and PCs, especially the activities of many > small at-home businesses (such as mailing list entrepreneurs > who often work out of the home). Exactly. The "principle of locality" is violate when people demand that _others_ not keep certain records, diaries, files, etc. If something is worth keeping secret, keep it secret! The "Data Privacy Laws" of several European nations are especially brain-damaged in their unenforceability (not that "enforceability" is something I want to see, but an unenforceable law is generally bad and leads to capricious situations). > Thus, the upshot of these so-called "privacy" regulations is to > destroy our last shreds of privacy against government, and > calm us into blindly letting even more of the details of our personal > lives into the mainframes of the major government agencies and > credit reporting agenices, who if they aren't explicitly excepted > from the privacy laws (as is common) can simply evade them by using > offshore havesn, mutual agreements with foreign investigators, police > and intelligence agencies. "Calm us into..." is a very good description. Most privacy laws create the comforting illusion that the government is protecting our privacy, all as it is eroded by corporate-government "deals." (The examples people have cited here: states that require personal data for driver's license's, then _sell_ the data bases to private firms!) > If cypherpunks contribute nothing else we can create a real > privacy advocacy group, advocating means of real self-empowerment, > from crypto to nom de guerre credit cards, instead of advocating > further invasions of our privacy as the so-called privacy advocates > are now doing! > > The first political lobbying task of any real privacy advocacy group > should be pushing for the reissue of Lotus Marketplace. A > "privacy" group that works to keep the public misinformed about > the information we are giving out, at the same time increasing > the detail of government snooping of our private commerical data, > itself displays the kind of bovine bliss that is the most dangerous > threat to our privacy, and ultimately our freedom. Yes, Mark Miller made the same points about Lotus Marketplace (a CD-ROM of government data on phone numbers, zip codes, etc.--never released because "privacy advocates" rasied an uproar) in a interview in the zine "Extropy" a couple of years back. The illusion of privacy is deemed preferable to actual privacy. (Actual privacy could be increased very easily by simply reducing the number of "permission slips" that people are obligated by law to show in various transactions. Lots of ways to do this. Suffice it to say that our credential-happy society is getting very little real benefit for demanding credentials at every turn and is instead providing precise dossier material for those who keep dossiers. Shudder.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From doug at OpenMind.com Thu Sep 8 10:46:42 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Thu, 8 Sep 94 10:46:42 PDT Subject: AIDS testing and privacy Message-ID: Tim May writes on the subject of racist hiring practices: >(It's also part of Libertarianism 101 that such a company would not >likely do well in this day and age. Before you cite America's racist >past, read up on who it was that enforced segregation. Hint: not the >corporations. Ditto for South Africa (the "other" RSA), where the >Apartheid Laws came into being because companies were looking to hire >blacks and coloreds to fill job position, and the whites didn't like >that much.) I'm not sure I buy this argument... who is it that "enforces" discrimination based on sexual orientation, today? If sexual orientation is a matter of status, rather than choice, then this form of discrimination is analogous to racism. Would you suggest that employers that refuse to hire homosexuals are simply bowing to the pressures of society at large? Unlike Apartheid, there are no laws that *enforce* discrimination based on sexual orientation (at least in the USA). In a fundamental situation of conflict between two entities, I agree that "anything goes", in the spirit of voluntary interactions between two entities. In the case of a conflict between a small number of large, powerful entities (corporate employers) and a vast number of small, powerless entities (the employment pool), I don't see how you can argue that this vast horde should not team up and utilize whatever means to achieve an advantage over the few in power. Today and in the future, "power" may reside increasingly in economic positioning. Thus, the power of the many individuals vs. the power of the few corporate entities may derive largely from their collective voice in the social conventions of society at large, which ultimately derives power from the tax base of the society at large. As long as these social conventions (and the tax base that empowers them) is in place, I see nothing wrong with the "voluntary interaction between individuals" which consists of banding together to pass, and enforce, laws in favor of the goals of these individuals. This is the basis of democracy. Along a similar vein, Blanc Weber writes: >... just remember in the real world no one is required >to be kind. If some hospital or company makes a decision to >deny service for whatever reason they justify to themselves, >it's their call as long as they are not owned by the State. In the real world, the voting public is not required to be kind to the hospital or the company, either. If a large political block can put into place structures (laws and enforcement) which effectively provide coercion against such denials of service, this is fair play as well. Doug ___________________________________________________________________ Doug Cutrell General Partner doug at OpenMind.com Open Mind, Santa Cruz =================================================================== From tcmay at netcom.com Thu Sep 8 11:12:31 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 8 Sep 94 11:12:31 PDT Subject: AIDS testing and privacy In-Reply-To: Message-ID: <199409081812.LAA16740@netcom7.netcom.com> Doug Cutrell writes: > Tim May writes on the subject of racist hiring practices: > > >(It's also part of Libertarianism 101 that such a company would not > >likely do well in this day and age. Before you cite America's racist > >past, read up on who it was that enforced segregation. Hint: not the > >corporations. Ditto for South Africa (the "other" RSA), where the > >Apartheid Laws came into being because companies were looking to hire > >blacks and coloreds to fill job position, and the whites didn't like > >that much.) > > I'm not sure I buy this argument... who is it that "enforces" > discrimination based on sexual orientation, today? If sexual orientation > is a matter of status, rather than choice, then this form of discrimination > is analogous to racism. Would you suggest that employers that refuse to Personally, I don't tell other people who they can hire to babysit their kids, who they can hire to paint their house, who they can hire as fitness instructors, who they can hire as design engineers, etc. Neither who they _can_ hire, nor who they _must_ hire. So from this premise the answers are pretty clear. > hire homosexuals are simply bowing to the pressures of society at large? > Unlike Apartheid, there are no laws that *enforce* discrimination based on > sexual orientation (at least in the USA). > > In a fundamental situation of conflict between two entities, I agree that > "anything goes", in the spirit of voluntary interactions between two > entities. In the case of a conflict between a small number of large, > powerful entities (corporate employers) and a vast number of small, > powerless entities (the employment pool), I don't see how you can argue > that this vast horde should not team up and utilize whatever means to > achieve an advantage over the few in power. I don't buy the "small, powerless entity" vs. "large, powerful entity" argument. When I, for example, deal with Safeway or Apple, the dollars in my pocket are as important to _them_ as what they provide is as important to _me_. We are, in an important sense, entering the transaction with essentially equal powers. (It is true that I have very little influence over their choice of Snapple flavors, or over their design choices for new Macs, but so what? The don't have much influence over me, either.) The belief that when a business reaches a certain size it suddenly becomes a "large, powerful entity" that warrants control by "the people" is wrong-headed. Many nations have tried that route. (Off on a tangent: In the example I cited, South African corporations were actively hiring blacks and colored in the 1940s--it was _government_ that stepped in an implemented the Apartheid Laws. When governments set corporate policies, expect things like this. You can translate the examples to whatever policies on hiring gays, women, etc., are fashionable. In countries today, the official policies are not conducive to hiring women, for example, regardless of their merit or of the companies' desire.) > Today and in the future, "power" may reside increasingly in economic > positioning. Thus, the power of the many individuals vs. the power of the > few corporate entities may derive largely from their collective voice in > the social conventions of society at large, which ultimately derives power > from the tax base of the society at large. As long as these social > conventions (and the tax base that empowers them) is in place, I see > nothing wrong with the "voluntary interaction between individuals" which > consists of banding together to pass, and enforce, laws in favor of the > goals of these individuals. This is the basis of democracy. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Democracy in its current populist form, indeed. That's why strong crypto is needed to undermine this herd notion of democracy. "On the Net no one knows you're a dog." --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From raph at CS.Berkeley.EDU Thu Sep 8 11:56:38 1994 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Thu, 8 Sep 94 11:56:38 PDT Subject: PGP mail netiquette Message-ID: <199409081857.LAA12071@kiwi.CS.Berkeley.EDU> I've been thinking about the netiquette of sending PGP mail messages to people, especially "people you've never met." There are some people who publicize the existence of their PGP public key in their .sig or .plan or whatever, but do not like to actually receive PGP encrypted mail because it is such a hassle to decode. Others, like myself, have PGP integrated in their mail, so it's no problem. I would be quite pleased if every single piece of email I received was PGP-encrypted. How to tell us apart? I've placed the line "PGP encrypted mail is very welcome!" into my .plan. Others who have automated mail decryption, or who just like typing PGP command lines, might find it useful to do something similar. Just my $2E-2. Raph -- Raph Levien raph at cs.berkeley.edu PGP encrypted mail is very welcome! -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQA9Aitm+zMAAAEBfiyEycCjO+sar1wmxy2RkCBjyr5+4JH/u5DLOvfLHsguqKB5 TwdxjrRkbio+Q+cdiQAFEbQoUmFwaGFlbCBMLiBMZXZpZW4gPHJhcGhAY3MuQmVy a2VsZXkuRURVPg== =jc6E -----END PGP PUBLIC KEY BLOCK----- From Gerald.R.Martinez at att.com Thu Sep 8 12:31:59 1994 From: Gerald.R.Martinez at att.com (Gerald.R.Martinez at att.com) Date: Thu, 8 Sep 94 12:31:59 PDT Subject: Zmail PGP mail netiquette In-Reply-To: <199409081857.LAA12071@kiwi.CS.Berkeley.EDU> Message-ID: <9409081329.ZM5083@dr.att.com> Any Zmail users out there with nifty PGP encrypt/decrypt scripts they are willing to share? Curious, -- gerald.r.martinez at att.com / grmartinez at attmail.att.com / att!drmail!grm @ AT&T GBCS Bell Labs, Denver (303) 538-1338 @ WWW: http://info.dr.att.com/~grm/info.html & life is a cabernet ...o&o ))) From pjm at gasco.com Thu Sep 8 12:32:24 1994 From: pjm at gasco.com (Patrick J. May) Date: Thu, 8 Sep 94 12:32:24 PDT Subject: AIDS testing and privacy In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Doug Cutrell writes: [ . . . ] > > I see > nothing wrong with the "voluntary interaction between individuals" which > consists of banding together to pass, and enforce, laws in favor of the > goals of these individuals. So long as the enforcement is limited to those who agreed to the laws and goals, neither do I. You are suggesting that it is acceptable for these individuals to use force to make others accept those goals. Hardly "voluntary interaction between individuals". - ------------------------------------------------------------------------ A contract programmer is always intense. Patrick May pjm at gasco.com (public key available from servers) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLm9mlxByYwhWPvz1AQH+PgP/SoUKX8u/cvMBHjhbgfdEc4uH6Rqz6ddD euK1Ob3PX6n2p6Eo3Wigw5areYCSmJecUESARDAuuGFc3rzbPZRSR6S3XnYoBkJk O2T1mVAHkY2EafaeGBUt9XesqTg9SC8nGYX8sK3FkpOt/AsWQF1tvECfWWK+XYJ1 K7Iza9blfCA= =pjes -----END PGP SIGNATURE----- From adam at bwh.harvard.edu Thu Sep 8 13:04:03 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Thu, 8 Sep 94 13:04:03 PDT Subject: Privacy regulations In-Reply-To: <199409081742.KAA13522@netcom7.netcom.com> Message-ID: <199409082002.QAA07020@freud.bwh.harvard.edu> Tim writes: | (Actual privacy could be increased very easily by simply reducing the | number of "permission slips" that people are obligated by law to show | in various transactions. Lots of ways to do this. Suffice it to say | that our credential-happy society is getting very little real benefit | for demanding credentials at every turn and is instead providing | precise dossier material for those who keep dossiers. Shudder.) On a happy note, when I switched to MCI recently, they asked for my socialist security number, but the person had no problem at all not getting it. Yes, it would be nice for them not to ask at all, but I didn't even have to raise my voice when declining to provide it. Adam From cactus at bb.com Thu Sep 8 13:36:43 1994 From: cactus at bb.com (L. Todd Masco) Date: Thu, 8 Sep 94 13:36:43 PDT Subject: Fwd: FBI RAIDS SMALL MICHIGAN RPG COMPANY Message-ID: <199409082041.QAA19146@bb.com> Interesting tidbit, forwarded to me by a friend. ------- Start of forwarded message ------- From: tucholka at aol.com (Tucholka) Newsgroups: rec.games.frp.announce Subject: FBI RAIDS SMALL MICHIGAN RPG COMPANY Date: 7 Sep 1994 13:09:02 -0400 Organization: America Online, Inc. (1-800-827-6364) OK, there have been some wild rumors about the FBI raid on Tri Tac Games just after GENCON. Lets set them straight. FBI RAIDS SMALL GAME COMPANY PRESS RELEASE At 10am Tuesday morning, August 23rd, a special tactical team from the FBI gained swift and overwhelming entry into the corporate offices of Tri Tac Games in Pontiac Michigan to the great surprise of the entire staff who were still sipping coffee. Richard Tucholka, owner and president of Tri Tac, was duly informed of his rights as the squad of federal agents neatly and politely searched the offices of Tri Tac claiming to be looking for 'phony FBI Identification Badges' and 'Illicit government operation manuals.' It is to be noted that Tri Tac Games publishes an award-winning Role-Playing Game called Bureau 13, detailing the adventures of a secret division of the FBI which uses magic and Harrier Jump Jets to defend America from supernatural criminals and monsters. After painstakingly searching everything from the yet-to-be released CD ROM computer game version of Bureau 13, through the paperback copies of the Cult -hit novels from Ace Books in New York, absolutely nothing incriminating or illegal was discovered-- an incident close to the precedent setting invasion of Steve Jackson Games a few years ago by the US secret service which resulted in a major lawsuit rightfully won by the innocent game company. In preparation for another government visit, Mr. Tucholka has informed his lawyer, alerted the media, and set an extra pot of coffee to brew for the agents if they return. **************** Yes, it happened. No kidding. Apparently some fool at GENCON thought a $1 double sized Plastic ID badge on flaming orange and pink paper was a threat to national security. These badges were given to players of Bureau 13 as promotional material. **************** The agents were professional and Tri Tac cooperated with them. Computers were not touched (It is a federal law that a writers 'Works in Progress' may not be taken.) They removed plastic Bureau 13/FBI ID badges from a display shelf and versions of a Department of Justice ID badge produced by Databank Press. On Thursday the 25th Richard Tucholka was informed that the Federal Prosecutor would not be pressing charges for the badges because there was no malice or intent in their production. There would be a file established at the FBI with these badge examples for future reference. He was instructed to send in all production copies and masters as well as destroy the ID Badge Computer Graphics file in question. Richard Tucholka shook his head and said "Only an idiot could think these badges were real. Wonderful to see my tax dollars at work." And that's the story. 8) From broadley at turing.ucdavis.edu Thu Sep 8 13:53:22 1994 From: broadley at turing.ucdavis.edu (Bill Broadley) Date: Thu, 8 Sep 94 13:53:22 PDT Subject: timestamps Message-ID: <9409082050.AA03775@turing.ucdavis.edu> I heard that timestamp at lorax.MV.COM was down and/or notworking. My recent ping worked, I received a PGP signed copy of my message back after about 24 hours. -- Bill Broadley Broadley at math.ucdavis.edu UCD Math Sys-Admin Linux is great. http://ucdmath.ucdavis.edu/~broadley PGP-ok From tcmay at netcom.com Thu Sep 8 17:00:11 1994 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 8 Sep 94 17:00:11 PDT Subject: Privacy regulations In-Reply-To: <199409082002.QAA07020@freud.bwh.harvard.edu> Message-ID: <199409082330.QAA02207@netcom12.netcom.com> Adam Shostack writes: > On a happy note, when I switched to MCI recently, they asked > for my socialist security number, but the person had no problem at all > not getting it. Yes, it would be nice for them not to ask at all, but > I didn't even have to raise my voice when declining to provide it. > Actually, they don't even need to ask for it anymore....it's attached to so many _other_ things that pop up when they enter your name that it's a moot point. In other words, the same dossiers that allow the credit card companies to send you "preapproved credit cards" every few days are the same dossiers that MCI, Sprint, AT&T, etc. are using to sign you up. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From vznuri at netcom.com Thu Sep 8 17:02:57 1994 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 8 Sep 94 17:02:57 PDT Subject: internet pricing paper Message-ID: <199409082316.QAA11013@netcom2.netcom.com> Hope that this is new to everyone here-- === \\ Paper: ewp-comp/9401001 From: Hal Varian Date: Tue, 18 Jan 94 14:58:07 -0500 Title:Some Economics of the Internet Author:Jeffrey K.~MacKie-Mason Hal R. Varian Institution: University of Michigan, Dept of Economics WPA References: None Comments: Postscript file submitted via ftp in compressed format. \\ This is a preliminary version of a paper prepared for the Tenth Michigan Public Utility Conference at Western Michigan University March 25--27, 1992. We describe the history, technology and cost structure of the Internet. We also describe a possible smart-market mechanism for pricing traffic on the Internet. \\ \\ Paper: ewp-comp/9401002 From: Hal Varian Date: Tue, 18 Jan 94 15:00:22 -0500 Title:Pricing the Internet Author:Jeffrey K.~MacKie-Mason Hal R. Varian Institution: University of Michigan, Dept of Economics WPA References: None Comments: Postscript file submitted via ftp in compressed format. \\ This paper was prepared for the conference ``Public Access to the Internet,'' JFK School of Government, May 26--27 , 1993. We describe some of the technology and costs relevant to pricing access to and usage of the Internet, and discuss the components of an efficient pricing structure. We suggest a possible smart-market mechanism for pricing traffic on the Internet. \\ The easiest way to locate these papers is to do a Veronica search on the string "Economics of the Internet". If you can only handle ftp, the documents are archived on the anonymous ftp server in the Department of Economics at Washington University. ftp:econwpa.wustl.edu:/econ-wp/comp/papers/9401 The two papers whose abstract appears above are in compressed postscript form as, 9401001.ps.Z and 9401002.ps.Z From alano at teleport.com Thu Sep 8 18:27:46 1994 From: alano at teleport.com (Alan Olsen) Date: Thu, 8 Sep 94 18:27:46 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) Message-ID: <199409090127.SAA12377@teleport.com> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > >C'punks, > >In response to Duncan's post which said, in part, that developing >countries could not afford totalitarianism, Alan Olsen opined: > > The nature of control freaks is that they ignore the > actual costs of their actions.... Do they really think > of the financial costs associated every little decision > designed to control our lives? The true concern is > *POWER*... > >Well to paraphrase Star Trek's Scotty, "They canno' change the >laws of economics." What would-be totalitarians want, and what >they can get, are two different things. The massive Soviet Union >took three-quarters of a century to grind to a halt. It would >have been much quicker, but for the Czar's strong agricultural >and burgeoning industrial base, "liberated" German technology, >the absorption of richer, more savvy Eastern Bloc countries and >massive infusions of capital, food and technology from the West. But it is also the case that industrial countries, when they fall on hard times tend to fall back on an authoritarian "bread and circuses" approach to governing. Fascism in 1930's Germany was one such govenment. The current government was unable to deal with the financial and social problems and so reactionary elements were able to seize control of the government and impose their own brand of totalitarianism. (Remember that Hitler was elected.) I think that this country is ripe for such a movement. We have a number of groups that are ripe for scapegoating. We have the economic conditions (although this seems to be changing for the better...). We have the control freaks just wating to gain the power and more waiting in the wings. They have the money and they have the technology. And they have a population that is willing to give up alsmost any right to gain "security". > >The underdeveloped countries, on the other hand, don't even have >"seed corn" to eat--unless we give it to them. Let them try to >go down the totalitarian road; if they do, they are doomed to >self-destruct. > >History and technological progress are on our side. There will >be some temporary, local setbacks in the coming years, and have >some mopping up to do, but we've already won. Don't be too smug yet... There are people in power who have not figured out that totalitarian states cannot survive. (They also do not seem to care about the long run.) All they are concerned about is making people follow their rules under their conditions. Logic and reason have nothing to do with the "thought patterns" of these people. Besides, it is not their money they are spending on this. It is yours. As far as I have been able to determine, the only thing that you can do with a control freak is to kill him before he obtains any position of power. (Or wrap him in duct tape and feed him lots of Thorazine(tm).) /========================================================================\ |"I would call him a Beastialic Sadomasochistic | alano at teleport.com | |Necrophile but that would be beating a dead | Disclaimer: | |horse." -- Teriyaki (What's up Tiger Lily?) | As if anyone cares! | \========================================================================/ From MJMISKI at macc.wisc.edu Thu Sep 8 18:33:17 1994 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 8 Sep 94 18:33:17 PDT Subject: Title VII v. Liberty Message-ID: <24090820325010@vms2.macc.wisc.edu> Granted I deleted about 1000 messages before starting to follow the thread (tangental at best to crypto...) but... Title VII of the CRA covers the already illegal actions of Tim's hypothetical firm refusing to hire Blacks. Granted Tim firmly believes this kind of law is a bad idea, but nonetheless it is the law. To avoid the flame, yes I am wel versed in Libertarian ideals, save it, i already subscribe. As to sexual orientation, um no federal law protects the class. And yet magic- ally, massive discrimination exists. This is a natural result of the condition of falesly free markets. To those involved with Libertarian causes, a free market player in this example would openly admit that th basis of orientation, but they dont. They also hide their racist activities. I in no way suggest all corp's are involved in this activity but if you deny it exists Id like to live in your world. Sometimes intervention works. Granted, usually it does not. But removing the regs now would work to do one thing - perpetuate the past effects of discriminatory intent in today's world. Flame on! - Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From frissell at panix.com Thu Sep 8 18:44:18 1994 From: frissell at panix.com (Duncan Frissell) Date: Thu, 8 Sep 94 18:44:18 PDT Subject: AIDS testing and privacy Message-ID: <199409090143.AA16733@panix.com> At 10:41 AM 9/8/94 -0700, Doug Cutrell wrote: >In a fundamental situation of conflict between two entities, I agree that >"anything goes", in the spirit of voluntary interactions between two >entities. In the case of a conflict between a small number of large, >powerful entities (corporate employers) and a vast number of small, >powerless entities (the employment pool), I don't see how you can argue >that this vast horde should not team up and utilize whatever means to >achieve an advantage over the few in power. You mean mass executions of "corporate officers" for example if the 'peepul' felt like it. Last time I looked there were millions of employers (not a small number) and the average size of companies was declining. >Today and in the future, "power" may reside increasingly in economic >positioning. Thus, the power of the many individuals vs. the power of the >few corporate entities may derive largely from their collective voice in >the social conventions of society at large, which ultimately derives power >from the tax base of the society at large. You seem to think that the power of corporations -- which consists in the cases cited merely of refusing to hire or deal with certain people -- is the same as the power of a "democratically appointed" armed force. This armed force is to bash down doors to force these evil corporations into an association with people they would rather not associate with. In other words non-violent "refusal to deal" by corporations is *evil* while armed breaches of the peace by law enforcement (including shooting resisters) is *good*. Not a very "humanistic" perspective. Note too that anti-discrimination laws also punish small powerless entities (individuals) who discriminate not just massive corporations. And what law protects those who the "peepul/government" don't like from discrimination. As a member of a hated minority (crypto anarchists) I'd rather take my chances on an open market than risk official discrimination by the state. Mercifully, the technology we are developing will allow everyone who cares to to decline to participate in this coercive allocation of power. DCF From meconlen at IntNet.net Thu Sep 8 21:03:39 1994 From: meconlen at IntNet.net (Michael Conlen) Date: Thu, 8 Sep 94 21:03:39 PDT Subject: Privacy regulations In-Reply-To: <199409082002.QAA07020@freud.bwh.harvard.edu> Message-ID: > On a happy note, when I switched to MCI recently, they asked > for my socialist security number, but the person had no problem at all > not getting it. Yes, it would be nice for them not to ask at all, but > I didn't even have to raise my voice when declining to provide it. They have your current name and current address... ...anyone who has worked with credit reporting services can tell you that thoes two things are enough to get your Social Security number. The person getting the informaiton may have already had the number in front of her. With your name and address someone can find out what your date of birth is. In many states that is enough for a drivers licens... ...name and dob... ...anyway they also have your SSN and everyone you have owed money to in the last ten years. From your Drivers licens the story goes on. Groove on dude Michael Conlen From blancw at pylon.com Thu Sep 8 22:22:12 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 8 Sep 94 22:22:12 PDT Subject: Mandated Forfeiture Message-ID: <199409090522.WAA10477@deepthought.pylon.com> Responding to msgs by: Jim Hart: Thus, the upshot of these so-called "privacy" regulations is to destroy our last shreds of privacy against government, and calm us into blindly getting even more of the details of our personal lives into the mainframes of the major government agencies and credit reporting agenices........ Timothy C. May: . . . . Suffice it to say that our credential-happy society is getting very little real benefit for demanding credentials at every turn and is instead providing precise dossier material for those who keep dossiers. ................................................................. ..... The regulations regarding privacy and the demands for them by the 'credential-happy' society leaves me with the impression that this phenomena has the role of acting as substitute for something, as any time that the voting public makes demands from the big G it indicates a need to compensate for a sense of inadequacy relative to some area of their social co-existence. In this case it is as though the demand for personal information & credentials replaces sensitivity to, & understanding of, human nature. As services become more automated the opportunity for human contact is diminished, while the need to certify the verity of remote data becomes more critical. When the information has been centralized, it has the effect of displacing personal responsibility away from the individual up to the State, as the State becomes the official keeper of the data. And how else could the governors be expected to fulfill their obligation of keeping the peace and general welfare, if they cannot gather & keep information on all their remote & moving targets? When the centralized databank gatherers have the required info, then the general populace expects to feel safe that everyone can be dealt with - by their Official Caretakers, sinced it cannot be done by themselves. ("I don't know you, but I can still keep track of you and therefore keep you under control, if you get out of hand.") These things self-perpetuate: the more that one group gives it up, the more that the other takes it up & away; the more inadequate that those who abdicate from responsibility feel, the more they look to their governors to substitute their overriding supervisory powers. The less that the governed exercise their abilities to know themselves and each other, the less capable they become in the art of doing so, and the more convinced they become of the necessity for mandated forfeiture of personal data. When you don't live by reason, you must live by recourse to coercion. Blanc From blancw at pylon.com Thu Sep 8 22:22:13 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Thu, 8 Sep 94 22:22:13 PDT Subject: Kindness & the Voting Public Message-ID: <199409090522.WAA10473@deepthought.pylon.com> Responding to msg by Doug Cutrell: In the real world, the voting public is not required to be kind to the hospital or the company, either. If a large political block can put into place structures (laws and enforcement) which effectively provide coercion against such denials of service, this is fair play as well. ................................................................. All's fair in love and war. But how many of the voting public does it take to squeeze blood out of a turnip? (i.e. create something from nothing?) Before the voting public which bands together can coerce a service out of some corporate entity, there must first be a Provider in existence. This Provider most probably would not have materialized miraculously out of the good intentions of the State but would had to go through all the time and trouble of gathering the ideas, the resources, and the manpower to make their services available to customers. Once the corporation, that enterprise, that commerical entity, had been created and constructed - once the building was in place, the system set up along with the required equipment, and all of the administrative functions had been set in motion, *then* the voting public would have an object for their attention; they could come together and attempt to take over the operation and coerce the Provider into delivering the benefits indiscriminately to everyone. They could probably even conspire to have this service for free. They might even succeed in accomplishing it, and maybe it would work for a bit. But I don't know how long Providers could survive without remuneration, in the real world, nor how long they would tolerate the image of themselves as Slaves to the Voting Public. Blanc From dave.hodgins at canrem.com Thu Sep 8 22:29:27 1994 From: dave.hodgins at canrem.com (Dave Hodgins) Date: Thu, 8 Sep 94 22:29:27 PDT Subject: The only? CRS cypberpunk? Message-ID: <60.12715.6525.0C1AE6F1@canrem.com> Am I the only subscriber of crs, that is interested in privacy? Over the last few months, when the addressee list got wiped, I seemed to be the only person complaining, about the lack of message traffic. (Thanks to the volume of the conferences I pick up, it took me over a week to notice the first time the list got wiped). I've made a point of uploading privacy orientated software, such as the latest versions of pgp, sfs, secure drive, secure device, to crs, when I've found such things, primarily through this list. Am I the only person on crs (currently advertised as around 9,500 subscribers), who is interested in privacy? If there are lurkers here, from crs, who would like me to continue to monitor for new software, and obtain/upload the software to crs, please let me know. Regards, Dave Hodgins, Toronto, Ontario, Canada. --- * RM 1.3 00820 * Internet:Dave.Hodgins at Canrem.com Rime->118 Fido(1:229/15) From jamesd at netcom.com Thu Sep 8 22:33:05 1994 From: jamesd at netcom.com (James A. Donald) Date: Thu, 8 Sep 94 22:33:05 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) In-Reply-To: <199409090127.SAA12377@teleport.com> Message-ID: <199409090533.WAA04550@netcom3.netcom.com> Alan Olsen writes > But it is also the case that industrial countries, when they fall on hard > times tend to fall back on an authoritarian "bread and circuses" approach to > governing. Fascism in 1930's Germany was one such govenment. ... > ... > ... (Remember that Hitler was elected.) I > think that this country is ripe for such a movement. Not so. Fascism was a more sophisticated and coherent philosophy than you give it credit for. Hitler mass marketed a vulgarized mass market version to the ignorant unwashed masses, but this was only after the political romantic philosophies came to have substantial support among the intellectuals, and this philosophical support was translated into political support by intellectuals for the various volkish parties, one of which was the National German Socialist Workers party, which Hitler later joined and swiftly came to dominate. There really is no similar contender on the scene today. The fascists were able to take power only after the ideas that underly fascism had been growing in support and sophistication for three hundred years. When put into practice this system of ideas suffered a devastating setback, not only the particular form that we called fascism, but all forms. While a military dictatorship is possible, a military dictatorship that is not armed with good volkish philosophy is unlikely to be capable of doing much harm, because military dictatorships are continually and gravely threatened by loss of internal cohesion and discipline. A military takeover might well be a good thing. The soldiers could in the short term impose discipline on a corrupt and lawless government, and in the long term would profoundly weaken that which they sought to strengthen. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From hughes at ah.com Thu Sep 8 22:52:26 1994 From: hughes at ah.com (Eric Hughes) Date: Thu, 8 Sep 94 22:52:26 PDT Subject: ANNOUNCE: September meeting is Third Annual Cypherpunks Conference Message-ID: <9409090507.AA01473@ah.com> ANNOUNCEMENT ============ What: The Grotesquely Overnamed Third Annual Cypherpunks Conference When: Saturday, September 10, 1994 12:00 noon - 6:00 p.m. PDT Where: Silicon Graphics, Cafe Iris In the annual tradition of overblown announcements of the September Meeting, this greeting invites you to the Third Annual Cypherpunks Conference, Worldwide Media Event, Gala Schmooze Festival, and Anarchic Capitalist Celebration Banquet, all to be held at the usual date, the second Saturday of the month, at noon. Featured will be an overview of CRYPTO '94 with lots of good results including an experimentally attained known plaintext attack on DES, cryptanalysis of a chaos-linked telephone scrambler, and new and unproven hash functions. Join us! Eric ----------------------------------------------------------------------------- [Thanks to Katy Kislitzin for directions--EH] DIRECTIONS: Silicon Graphics, Inc. Building 5 (SGI Cafeteria) 2025 North Shoreline Boulevard Mountain View, CA >From 101 take Shoreline East. This is towards Shoreline Amphitheatre. It's also "logical east", and points more north that east. (That is, it's east with respect to 101 North, which points west near the exit.) If you're coming in on 101 South, you'll cross over the bridge. Continue on Shoreline and go past a whole bunch of other SGI buildings. Turn right onto Steirlin Court at the big red metal sculpture. There will be even more SGI buildings surrounding you--take note of the building numbers. Go almost to the end of this street. Building 5 is on the right. From andreas.elbert at gmd.de Fri Sep 9 03:03:12 1994 From: andreas.elbert at gmd.de (andreas.elbert at gmd.de) Date: Fri, 9 Sep 94 03:03:12 PDT Subject: AIDs testing and privacy Message-ID: >> After a few weeks, you call a 1-800 number, punch in your code >> (from the sticker) and you get a recording telling you if the test >> was negative. Or: After a few weeks, you tune into the evening news, and after the weather forecast, your code is broadcast (or not). i've heard this of Petersburg in GUSland. (do they have freephone numbers there ?) From frissell at panix.com Fri Sep 9 03:33:42 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 9 Sep 94 03:33:42 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) Message-ID: <199409091031.AA06267@panix.com> >But it is also the case that industrial countries, when they fall on hard >times tend to fall back on an authoritarian "bread and circuses" approach to >governing. Fascism in 1930's Germany was one such govenment. The current >government was unable to deal with the financial and social problems and so >reactionary elements were able to seize control of the government and impose >their own brand of totalitarianism. Few note how much the world has changed since the 1930s, however. In order to be able to pay its secret police and welfare clients, the US government has to borrow about $12 Billion a *day* (averaging National Debt financing over time). In addition, the economy is depedent on quite a bit of domestic and foreign investment. A totalitarian takeover here would make financing this debt very difficult and cause capital outflows on a scale never before seen in human history. As James Carvil (sp?) (Slick Willie's campaign manager) says - "When I die, I want to be reincarnated as the Bond Market so everyone would be afraid of me." DCF Hillary to Bill: "Why don't you play a game of solitaire?" From matsb at sos.sll.se Fri Sep 9 04:23:59 1994 From: matsb at sos.sll.se (Mats Bergstrom) Date: Fri, 9 Sep 94 04:23:59 PDT Subject: AIDs testing and privacy In-Reply-To: Message-ID: > > all Hawiian Citizen Units will begin moving to the mainland. > > Some of the smaller islands have been cleared, and HIV+ > > units are being relocated as this address is being broadcast..." > > AUWE! What a way to get the heart pumping in the morning - remember that > this has happenned twice here: once sending victims of Hanson's Disease to > Moloka'i, and again to send our Japanese-Americans to the mainland... Actually, this points to a potential problem for anarchic societies. Suppose that HIV would spread by airborne droplets, like the flu. Then measures of isolation, like those stated here, would seem very adequate. But could such measures be taken without strong government? Mats From perry at imsi.com Fri Sep 9 06:13:30 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 9 Sep 94 06:13:30 PDT Subject: Title VII v. Liberty In-Reply-To: <24090820325010@vms2.macc.wisc.edu> Message-ID: <9409091313.AA26119@snark.imsi.com> Matthew J Miszewski says: > As to sexual orientation, um no federal law protects the class. And > yet magically, massive discrimination exists. Sorry, but the point is being missed. It is certainly the case that massive bigotry exists against homosexuals and that some companies make hiring decisions that way. However, all credible studies show that homosexuals have substantially above average income. Furthermore, discrimination is dropping with time in spite of the lack of laws. I would say that the problem is taking care of itself. Perry From sandfort at crl.com Fri Sep 9 06:46:00 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 9 Sep 94 06:46:00 PDT Subject: CONTROL FREAKS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Alan Olsen still thinks totalitarians can succeed in industrial countries. He wrote: ... But it is also the case that industrial countries, when they fall on hard times tend to fall back on an authoritarian "bread and circuses" approach to governing. Examples, please. Fascism in 1930's Germany was certainly NOT one such government. National Socialism, of course, had its "bread" aspect, but their were no "circuses" in the Roman sense. While Bread and Circuses is one technique to keep a population in line, it is quite separate from the military/police state method chosen by the NAZIs. In any event, NAZI Germany supports the proposition that modern totalitarianism, by its nature, must be short lived. How long did the "Thousand Year Reich" last? ... We have the control freaks just wating to gain the power and more waiting in the wings. They have the money and they have the technology.... "They," again? I thought it might be "them." The Illuminati, right? Or is it the Trilateral Commission, the Jesuits, or the CIA? Who are these control freaks who "have the money and ... the technology"? Jeez, and some call me paranoid for being a privacy advocate. When I wrote, "There will be some temporary, local setbacks in the coming years, and have some mopping up to do, but we've already won." Alan responded: Don't be too smug yet... There are people in power who have not figured out that totalitarian states cannot survive.... Logic and reason have nothing to do with the "thought patterns" of these people. Roadrunner logic. Wiley Coyote runs over the edge of a cliff. Miraculously, he is suspended in the air until he makes the mistake of looking down. Only when he becomes aware of his predicament does he fall. My point still is, the totalitarians don't have to figure out anything; their "thought patterns" are irrelevant; reality still rules. They will not survive. Besides, it is not their money they are spending on this. It is yours. Are you sure they're spending *my* money? With each advance in privacy technology, they have less access to *anyone's* money. As far as I have been able to determine, the only thing that you can do with a control freak is to kill him before he obtains any position of power. (Or wrap him in duct tape and feed him lots of Thorazine(tm).) Or, with a little ingenuity, you could structure your life so you could just ignore him. Living well is the best revenge. S a n d y "Who finds he needs to spend far less time fighting the Great Enemy, than educating the nattering nabobs of negativism." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From perry at imsi.com Fri Sep 9 06:46:42 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 9 Sep 94 06:46:42 PDT Subject: AIDs testing and privacy In-Reply-To: Message-ID: <9409091346.AA26182@snark.imsi.com> Mats Bergstrom says: > Actually, this points to a potential problem for anarchic societies. > Suppose that HIV would spread by airborne droplets, like the flu. > Then measures of isolation, like those stated here, would seem very > adequate. But could such measures be taken without strong government? We don't have to imagine fatal illnesses spread by casual contact. We've had plenty of experience with such diseases even into this century -- polio, tuberculosis, and the like -- and government did a lousy job with them. I'm not sure market based mechanisms would necessarily do extremely well, but I do know that the alternatives aren't so amazing as to make me pine for them. .pm From paul at poboy.b17c.ingr.com Fri Sep 9 07:17:13 1994 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Fri, 9 Sep 94 07:17:13 PDT Subject: Privacy 101 digest on WWW Message-ID: <199409091419.AA19319@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- With permission, I am automatically digestifying and archiving the "Privacy 101" seminar & teach-in that Duncan Frissell and Sandy Sandfort are offering and making the digest available via WWW. To reach the WWW digest, point your browser at http://www.iquest.com/~fairgate/privacy/index.html. - -Paul - -- Paul Robichaux, KD4JZG | Demand that your elected reps support the perobich at ingr.com | Constitution, the whole Constitution, and Not speaking for Intergraph. | nothing but the Constitution. ### http://www.intergraph.com ### -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLnBu0afb4pLe9tolAQGLlwP9El77wi7RoDBGbHVxH0de3RMKY2JbnvOi 17EwaltSp2DWwZ/QZd5vK5Lc2ClIYJsXTZ1rr4LrDXXs7lF8mKJqFoLSwerRADGH giJdWSzqm5I+hAP/XrbwiuwG9IU6oLeLP/rox+M2snb5J2elSWh42/84AuuKwOpX eJmeBe8b4RU= =rkjR -----END PGP SIGNATURE----- From frissell at panix.com Fri Sep 9 07:18:35 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 9 Sep 94 07:18:35 PDT Subject: Crypto, Tech, and Choice Message-ID: <199409091417.AA15062@panix.com> In a valiant attempt to link the libertarian political debates of recent days to the stated purpose of this list... The future social environment will offer more than adequate challenges for everyone; but libertarians should have an easier time of it than the surviving advocates of "social justice." People -- bless their little hearts -- are different. If you give each person a pile of cash as high as their eye and more than 1,000,000,000 things to spend it on, they will go out in as many directions as there are people. Students of human individuation (see "Free & Unequal" by Roger J. Williams) have discovered the obvious fact known to all mothers that babies are different even before birth and they continue to get more different as they develop into adults. Computers (the first consumer product produced by nanotechnology), the Nets and the modern business environment, are collectively involved in a full-scale test of the above premise. In spite of complaints from the "Generation of Whiners," the current expansion of wealth and choice will be surpassed by the (very near) future explosion of wealth and choice. People with money, information, opportunity, and choice are *going* to choose. They are not going to let themselves get pushed around by others. Oh sure, for a while old habits may restrain them from directly challenging traditional mechanisms of control but if they have the money and the choices of things to do with it they won't be held down long. This change will occur is because "the young" and "outsiders" (foreigners) will ignore traditional restraints (since they haven't internalized them) and explore the full range of choices available to them. If you take an animal out of a cage, it may observe the non-existent bars for a while and pace back and forth but it will eventually discover that it is free. And most of us are smarter than animals. The only hope for control freaks to continue to control us is to restrain our range of choices. They can't count on mere words or traditions to bind us. But the range of choices continues to go up. Trade is way up. Wealth is way up. International travel is way up. Migration is way up. Resource prices are the lowest in human history. Communications costs are way down. Electronics costs are way down. We are in a zero or negative inflation environment. The quantity and quality of goods and services offered on the markets is at an all-time high. The percentage of the world's countries headed by dictators is the lowest it's ever been. What all this means is that political philosophies that depend on force of arms to push people into line, will increasingly fail to work. Rich people with choices will, when coerced, tend to change their investments and business affairs into a friendlier form or to move to a friendlier environment. Choice is real. If choices exist, they will be made. An ever higher proportion of the world's people will be "rich" in wealth and choice as the years go on. Only a political philosophy that depends on the uncoerced cooperation of very different people has a chance of functioning in the future. I, obviously, have an idea as to what that philosophy is. DCF "You can horsewhip your Gascony Archers you can torture your Picardy Spears. But don't try that with the Saxons or you'll have the whole brood round your ears. >From the highest Thane in the County to the lowest chained serf in the fields they'll be on you and at you like hornets and if you are wise you will yield." From m1tca00 at FRB.GOV Fri Sep 9 07:25:50 1994 From: m1tca00 at FRB.GOV (Tom Allard) Date: Fri, 9 Sep 94 07:25:50 PDT Subject: pgp key servers Message-ID: <9409091423.AA26657@mass6.FRB.GOV> -----BEGIN PGP SIGNED MESSAGE----- What's up with the key servers now? My last request (to pgp-public-keys at io.com) was finally bounced after a week. I tried to finger @wasabi.io.com and was told "Connection timed out". - ------- Forwarded Message Date: Fri, 09 Sep 94 08:55:15 -0500 From: MAILER-DAEMON at io.com (Mail Delivery Subsystem) Subject: Returned mail: Cannot send message for 1 week The original message was received at Fri, 2 Sep 1994 08:37:02 -0500 from newfed.frb.gov [198.3.221.5] ----- The following addresses had delivery problems ----- pgpkeys at wasabi.io.com (unrecoverable error) (expanded from: ) ----- Transcript of session follows ----- pgpkeys at wasabi.io.com... Deferred: Connection timed out with wasabi.io.com. Message could not be delivered for 1 week Message will be deleted from queue ----- Original message follows ----- Received: from newfed.FRB.GOV by pentagon.io.com (8.6.5/PERFORMIX-0.9/08-16-92) id IAA07205; Fri, 2 Sep 1994 08:37:02 -0500 From: m1tca00 at FRB.GOV Received: from FRB.GOV by newfed.FRB.GOV (4.1/SMI-4.0) id AA02381; Fri, 2 Sep 94 09:36:52 EDT Received: from mass6.FRB.GOV by frbgate.FRB.GOV (4.1/SMI-4.0) id AA03293; Fri, 2 Sep 94 09:34:46 EDT Received: from localhost by mass6.FRB.GOV (4.1/SMI-4.0) id AA14292; Fri, 2 Sep 94 09:34:44 EDT Message-Id: <9409021334.AA14292 at mass6.FRB.GOV> To: pgp-public-keys at io.com Subject: get 0x8467D261 Date: Fri, 02 Sep 94 09:34:43 -0400 - ------- End of Forwarded Message rgds-- TA (tallard at frb.gov) I don't speak for the Federal Reserve Board, it doesn't speak for me. pgp fingerprint: 10 49 F5 24 F1 D9 A7 D6 DE 14 25 C8 C0 E2 57 9D -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLnBvuKAudFplx0TNAQGJHwP+OqwSKkZeUMPCzXTJ0l0Qbv1MqxTIOlQP 4WkmtVXLd5f7BXrKwhQn97eGPu30Ghaq8IojpV1erRghAEeBYKmE6s82as4s/fAg ghyChlO6v52xsKM9UOophcY6pkAOWp128J8I8rwK0apinuzV0AE90sdtxssJWOrT SMNQ9PZAU68= =a/bq -----END PGP SIGNATURE----- From ravage at bga.com Fri Sep 9 08:14:44 1994 From: ravage at bga.com (Jim choate) Date: Fri, 9 Sep 94 08:14:44 PDT Subject: CONTROL FREAKS In-Reply-To: Message-ID: <199409091511.KAA27869@zoom.bga.com> > > Examples, please. Fascism in 1930's Germany was certainly NOT > one such government. National Socialism, of course, had its > "bread" aspect, but their were no "circuses" in the Roman sense. > While Bread and Circuses is one technique to keep a population in > line, it is quite separate from the military/police state method > chosen by the NAZIs. In any event, NAZI Germany supports the > proposition that modern totalitarianism, by its nature, must be > short lived. How long did the "Thousand Year Reich" last? > I take it you don't take the comparison between the Roman circuses where prisoners and other misfits (ie Christians) were fed to the lions and and the Tutonic cirucses of the 30's and 40's (ie prison or relocation camps) where the criminal and other misfits (ie Jewish) were fed to the masochistic 'system' as comparable? The Warsaw Ghetto was not a form of 'circus' then? I beg to differ. Both the Germans and the Romans held sway because of one over-bearing fact, each controlled the best 'ass-kickers' around at the time. > > "They," again? I thought it might be "them." The Illuminati, > right? Or is it the Trilateral Commission, the Jesuits, or the > CIA? Who are these control freaks who "have the money and ... > the technology"? Jeez, and some call me paranoid for being a > privacy advocate. > 'They' are the persons with money and influence and have also made it in their best interest to sustain the status quo. Just take a look at the Federal Reserve and how they manage the money in this country. Take a look at the special interest political groups who make it their job to get law-makers to look at it 'their' way. > > Roadrunner logic. Wiley Coyote runs over the edge of a cliff. > Miraculously, he is suspended in the air until he makes the > mistake of looking down. Only when he becomes aware of his > predicament does he fall. My point still is, the totalitarians > don't have to figure out anything; their "thought patterns" are > irrelevant; reality still rules. They will not survive. > Just exactly whose reality are we talking about ruling here? It seems to me that when talking about 'reality' and thought processes one has managed to jump track in a major sort of way. The problem with this view is that people do not analyze their choices the same way you analyze some physical problem like building a bridge. Christians definately look at the worl around them in a different 'reality' then the way that a pantheist like myself look at it. Consider, if you will, the difference in outlook of a commen every day occurance when viewed with the concept of a 'ghost in the machine' versus the purely mechanistic. I think you will find that the most trivial things take on very different appearances. > Besides, it is not their money they are spending on > this. It is yours. > I can assure you that the folks out there will spend their money if it is clear that they will make more of it in the long run. While it is true that public monies are the easiest to spend because of its anonymity it is not the only resource that is there. Consider under-the-table bribes and such. > > Or, with a little ingenuity, you could structure your life so you > could just ignore him. Living well is the best revenge. > > I am afraid that if you ignore a control freak you build the perfect environ for their growth. We are not talking about roses here but rather ideas, a decidedly different animal. Ideas can grow long after the original thinker is gone. To ignore rather than confront and expose is the best way possible to get what you don't want. From ravage at bga.com Fri Sep 9 08:29:06 1994 From: ravage at bga.com (Jim choate) Date: Fri, 9 Sep 94 08:29:06 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) In-Reply-To: <199409090533.WAA04550@netcom3.netcom.com> Message-ID: <199409091528.KAA28635@zoom.bga.com> > > Fascism was a more sophisticated and coherent philosophy than > you give it credit for. Hitler mass marketed a vulgarized > mass market version to the ignorant unwashed masses, but this > was only after the political romantic philosophies came to have > substantial support among the intellectuals, and this philosophical > support was translated into political support by intellectuals > for the various volkish parties, one of which was the National > German Socialist Workers party, which Hitler later joined > and swiftly came to dominate. > I hate to burts your bubble but the masses of the Germany of the first half of this century were no more unwashed or ignorant than today. The Germany of that day was technologicaly sophisticated and education was as wide spread as it is today. The vast majority of Germans could read and do their cyphers (couldn't resist). The reason that Nazi success was so great was because of two simple reasons. First they were so heavily 'victimized' by the peace treaty of WWI and secondly, because they saw as a means to bypass this humiliation a return to the past, ie monarchy and more ideal Germanic ideals. The Germans of that time thought they were the best and the brightest and saw their predicimate as a humiliating turn of events. These people got tires of everyone else blaiming them. > There really is no similar contender on the scene today. > There is always a contender. > The fascists were able to take power only after the ideas that > underly fascism had been growing in support and sophistication > for three hundred years. When put into practice this system > of ideas suffered a devastating setback, not only the particular > form that we called fascism, but all forms. > In Italys case, the fascist were voted in. They did not 'take' the power it was given to them. A case can be made that Hindenburg in Germany gave the power to Hitler (even though there was clearly a case of threat imposed as a sweetner). > While a military dictatorship is possible, a military dictatorship > that is not armed with good volkish philosophy is unlikely to > be capable of doing much harm, because military dictatorships > are continually and gravely threatened by loss of internal cohesion > and discipline. > Germany, Italy, and Japan did not start out as military dictatorships. Both Germany and Italy were relative demecrocies which did not take into account a lot of their 'reality'. The powers that be were more interested in making a 'ideal' society but not realizing that folks outside of their borders were not going to play along. This is the exact same reason that the USSR failed today. Competition. > A military takeover might well be a good thing. The soldiers could > in the short term impose discipline on a corrupt and lawless government, > and in the long term would profoundly weaken that which they sought > to strengthen. > Whose discipline? Exactly whose ideals and morality do we impose? A military takeover is NEVER a good thing. Implicit in its existance is the assumption that people can't take care of themselves. This particular dichotomy harks back to the Enlightenment and the Great Awakening. The real root of th e problem is that we (as humans) have never devised a system which is Janus faced in that it recognizes that some people believe a strong central structure is good and those that disagree. To build a system which forces either to compromise is wrong (either way you become what you hate the most). What needs to be developed (and may be created as a fate acompli through technology) is a system that lets 'control freaks' control and 'freedom hounds' be free. In a certain way (though admittedly less than perfect) the structure of Internet is a good example. What you have is little islands of freedom (ie each system) controlled very tightly by a commen thread or standard of communication. Democracy in our country should work the same way. There should be a very tightly controlled methodology for states to communicate and assist each other (ie Federal beurocracy) but at the same time the individual states can do pretty much as they want in their own borders. > > --------------------------------------------------------------------- > We have the right to defend ourselves and our > property, because of the kind of animals that we James A. Donald > are. True law derives from this right, not from > the arbitrary power of the omnipotent state. jamesd at netcom.com > > > From hfinney at shell.portal.com Fri Sep 9 08:40:00 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 9 Sep 94 08:40:00 PDT Subject: Cracking MD5 for $10M Message-ID: <199409091539.IAA19642@jobe.shell.portal.com> I mentioned a few days ago that one of the "rump session" papers at the crypto conference claimed that a machine could be built which would find MD5 collisions for $10M in about 20 days. I wanted to write a little more detail about how this attack could work. It is similar to a "meet in the middle" (MITM) attack which Norm Hardy suggested here in July when we were discussing double DES: >There may be more than one way that MITM (meet in the middle) may be used >to attack Double block cyphers. I assume the following attack. You know >some block of plain-text P and corresponding cypher text C. You believe >that C = E(k, E(j, P)) where E(k, p) is the encypherment of p with key k. >D(k, E(k, p)) = p. You need to find keys k and j. Classic MITM is to >produce a file A with records: for each k, and file B with >records for each j. Sort both A and B on the second field. >Pass over the sorted files looking for a record from file A whose second >field is the same as a record in file B. >To substantially shorten the ammount of tape used by a factor 2^n at the >expense of evaluating C and D 2^n more often do the following: >For m from 0 to 2^n-1 Do > Produce file A with records: for each k where > (the right n bits of E(k, P)) = m. (discarding other records) > Produce file B with records for each j where > (the right n bits of D(j, C)) = m > Sort files A and B on second field. > Pass over files looking for records from A that match records from b in the > second field. >Enddo. The idea of saving only outputs where certain bits are constant is the key to the "distinguished points" method which is used to save space with only a modest cost in time. The other key idea is that instead of evaluating MD5(n) where n iterates on its own, you look for cycles in the recurrence x = MD5(x). Any cycle which is found which does not include the x you start with will lead to a case where two values hash to the same MD5 value. For a trivial example, suppose the output of a formula like this consists of the values 1,4,5,2,7,8,5,2,7,8,5,2,7,8,.... Here we have a four element cycle which leads to two different predecessors for the value 5. The brute-force way to solve this would be to save all outputs from the formula, and with each new value to compare it with all earlier values. With MD5, which has a presumably random structure and 128 bits of output, the birthday paradox suggests that you would have to create and save about 2^64 output values before finding a match. Creating 2^64 values might be possible today for the time and dollar values we are talking about, but storing them appears to be out of the question, as our earlier discussion of double DES (and other discussions of MITM here) have made clear. The distinguished points method reduces the space requirements by only saving a fraction of the output values. For example, in the list above, we might only save multiples of 4. This would lead to 4,8,8... and it is easy to discover the match without nearly as much storage. Note, though, that 8 is not actually the value which has two predecessors, but that once this match is discovered, you can go back to the previous points (4 and 8 in this case) and run them forward more carefully, looking for a match. The other real advantage of the distinguished points method is that it parallelizes very nicely. Several machines can run x=MD5(x) with different starting values, saving all of the distinguished outputs, and we can look for matches between machines as well as in one machine. Again, a match implies two different predecessors for the same value, which is an MD5 collision. With the size of MD5, suppose we generate 2^64 outputs but only save those for which the low-order 32 bits are 0 as our distinguished points. Only 1/2^32 of values will match, so we will end up with about 2^32 outputs, probably a manageable amount. Chances are there will be a match among that set. We then go back to the previous distinguished points before the match and work forward carefully to look for the exact pair of values which lead to the same successor. Distinguished points will be about 2^32 apart so this step is easy and quick. If you want to speed it up still more you can do a recursive distinguished points pass for this step using maybe d.p.'s with the low-order 16-bits of 0 and do it in two steps that will both be very short. The net result is that we have taken virtually no more time (the 2^64 creations of MD5 will dominate) and virtually no space (compared to 2^64 stored values) and we get the effect of a birthday attack. This is another cautionary data point about the risks of relying on space costs for security rather than time costs. Hal From shamrock at netcom.com Fri Sep 9 09:35:28 1994 From: shamrock at netcom.com (Lucky Green) Date: Fri, 9 Sep 94 09:35:28 PDT Subject: Need ride from SF Message-ID: <199409091635.JAA21325@netcom7.netcom.com> I need a ride to the CP meeting. Can pay for gas. Send email or call my VM at (451) 435-7939 Thanks, -- Lucky Green PGP public key by finger From jim at rand.org Fri Sep 9 09:40:14 1994 From: jim at rand.org (Jim Gillogly) Date: Fri, 9 Sep 94 09:40:14 PDT Subject: Cracking MD5 for $10M In-Reply-To: <199409091539.IAA19642@jobe.shell.portal.com> Message-ID: <9409091639.AA29959@mycroft.rand.org> Hal discusses using the Distinguished Points method to find hash collisions presented by Michael Wiener with Paul van Oorschot at Rump Crypto '94, and lists two benefits: (1) saves space in searching for loops on a single processor; (2) allows parallel searches for collisions over multiple processors. I claim it's useful only for (2), because another algorithm dominates it for single processor loop detection... at least in storage space. It works as follows: get a sequence of values v(i+1) = MD5(v(i)); simultaneously get another sequence w(i+1) = MD5(MD5(w(i))), and start them at the same place, v(0) = w(0). That is, you're running one of them twice as fast as the other. At each iteration you compare v(i) with w(i), and if they're equal, you've looped. Drawing a few rho-shaped trajectories on paper and following them around with two pencils should be enough to complete a proof by hand-waving that it always catches a cycle; but perhaps not as soon as the distinguished points would. The distinguished points across machines is a great idea for (2), though, and doesn't depend on anything looping... cool stuff! Do you (Hal?) or anybody else know whether Wiener and van Oorschot were taking into account the contraction of the range each time you iterate MD5? I think the size of the set of all numbers that are the result of MD5ing a 128-bit number is considerably smaller than 2^128... is it 1/e of that? Anybody know about random mappings? Subsequent iterations reduce it further, though of course not by 1/e each time, so that the set of numbers that are the result of iteratively MD5ing a number N times should be an appreciably smaller set to be groping around in. For example, I iterated the right-most 14 bits of SHA 26,539 times from one seed before the range shrank to a single point. Note that it need not shrink that far in general, since some of the survivors would typically map into each other. Jim Gillogly 18 Halimath S.R. 1994, 16:12 From adam at bwh.harvard.edu Fri Sep 9 09:47:17 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 9 Sep 94 09:47:17 PDT Subject: digital reputation capital Message-ID: <199409091646.MAA16843@bwh.harvard.edu> I'm currently writing up a design for a digital reputation capital system. The intent is not to provide a framework for licensing or formal endorsement system, but instead, allow people to automatically discover the opinions of others about various entities. I'd like to know how much people would want anonymity in a system like this. My preferred solution would be to allow anonymity through the established services of remailers. This has the advantage of having people who use a nym constantly (and well) get more respect when doing it then those who use a nym occasionally. The reason this solution is preferred is that it allows a fully distributed system to exist, with no centralization needed at all. Is losing that distributed characteristic of the system worth gaining a system that supports anonymity? (It might be possible to design a work intensive system to handle distributed anonymity, based on Merritt's protocol for voting without any central facility (Applied Crypt section 6.5), but the amount of work involved is quite high, thus the system wouldn't work in a production environment.) Adam From jamesd at netcom.com Fri Sep 9 10:49:23 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 9 Sep 94 10:49:23 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) In-Reply-To: <199409091528.KAA28635@zoom.bga.com> Message-ID: <199409091748.KAA04399@netcom8.netcom.com> Jim choate writes > I hate to burts your bubble but the masses of the Germany of the first > half of this century were no more unwashed or ignorant than today. The They may be clean but they are still ignorant as ever. > Germany of that day was technologicaly sophisticated and education was > as wide spread as it is today. The vast majority of Germans could read > and do their cyphers Exactly so. > In Italys case, the fascist were voted in. 1. They have not been voted in - they are a junior partner in a multi party coalition. 2. They are a mere political party - no longer a powerful, attractive, and superficially plausible ideology. > > While a military dictatorship is possible, a military dictatorship > > that is not armed with good volkish philosophy is unlikely to > > be capable of doing much harm, because military dictatorships > > are continually and gravely threatened by loss of internal cohesion > > and discipline. > > > Germany, Italy, and Japan did not start out as military dictatorships. Both > Germany and Italy were relative demecrocies which did not take into account > a lot of their 'reality'. Read before flaming: I am quite aware that the fascists were a political movement, not a military coup. My point was exactly that. That though a military coup is possible, the ideology that made that political movement possible is dead, dead, dead, dead. Get it. Dead. Fascism was an idea. That idea has been proven false. The end. From hfinney at shell.portal.com Fri Sep 9 11:25:43 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 9 Sep 94 11:25:43 PDT Subject: Cracking MD5 for $10M In-Reply-To: <9409091639.AA29959@mycroft.rand.org> Message-ID: <199409091825.LAA00257@jobe.shell.portal.com> Jim Gillogly writes: >Hal discusses using the Distinguished Points method to find hash >collisions presented by Michael Wiener with Paul van Oorschot at Rump >Crypto '94, and lists two benefits: >(1) saves space in searching for loops on a single processor; >(2) allows parallel searches for collisions over multiple processors. >I claim it's useful only for (2), because another algorithm dominates it >for single processor loop detection... at least in storage space. >["rho" method elided] Yes, this is a good point, the main advantage of the DP algorithm is that it parallelizes. Rho does have the problem that you have to run 3 MD5's for each step, but OTOH it does not have the overhead of saving and checking the distinguished points, so which one would be best on a single processor would depend on the relative costs. >Do you (Hal?) or anybody else know whether Wiener and van Oorschot were >taking into account the contraction of the range each time you iterate >MD5? I think the size of the set of all numbers that are the result of >MD5ing a 128-bit number is considerably smaller than 2^128... is it 1/e of >that? Anybody know about random mappings? They didn't mention anything about this, and I would think they would have if they had considered it. My intuition was that x=MD5(x) would cover a large fraction of the 128 bit output space, but on further thought Jim appears to be right: with n input values into a random function (n would be 2^128 in this case), the chance of a particular output being missed for any one input would be 1-1/n, and the chance of it being missed for all n inputs would be (1-1/n)^n. Taking the limit as n approaches infinity gives 1/e as the fraction of values which would be missed. This means that the fraction of hits would be 1 - 1/e, much lower than I had guessed. >Subsequent iterations reduce >it further, though of course not by 1/e each time, so that the set of >numbers that are the result of iteratively MD5ing a number N times should >be an appreciably smaller set to be groping around in. The way I figure it, if the fraction of the original n is f (which would be 1 before the first iteration, and 1 - 1/e before the 2nd iteration based on the above), the chance of a point being missed is (1-1/n)^(nf), which is 1/e^f. So f would be found by f = 1 - 1/e^f, iterating once per MD5 iteration and starting f at 1. I just did an experiment of iterating this. After 100 times f was about .02; after 1000 times f was about .002, suggesting f = 2/iterations. If this is right, you might be able to get a birthday match after only the cube root of n tries rather than the square root of n, or about 2^44 iterations or so rather than 2^64, because at that point you are only looking at 2^85 possible output values. This result is only really valid for serial machines; parallel ones search more per iteration so this would move you back towards the 2^64 number. It does imply that you don't really get k-fold speedup with k machines if you take this effect into consideration. > Jim Gillogly > 18 Halimath S.R. 1994, 16:12 Gee, my calendar must be off! Hal From warlord at MIT.EDU Fri Sep 9 11:28:00 1994 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 9 Sep 94 11:28:00 PDT Subject: pgp key servers In-Reply-To: <9409091423.AA26657@mass6.FRB.GOV> Message-ID: <9409091827.AA07446@toxicwaste.media.mit.edu> Well, I dont know about the IO.COM keyserver, but the keyserver at pgp-public-keys at pgp.mit.edu is up and running fine! In fact, I know _most_ of the keyservers are up and running fine. I wonder why you said "key servers" when the only one you couldn't talk to was io.com! -derek > What's up with the key servers now? My last request (to > pgp-public-keys at io.com) was finally bounced after a week. > I tried to finger @wasabi.io.com and was told "Connection > timed out". From emw at ima.com Fri Sep 9 11:38:30 1994 From: emw at ima.com (Ed Wilkinson) Date: Fri, 9 Sep 94 11:38:30 PDT Subject: CONTROL FREAKS, fascism, etc In-Reply-To: <199409090533.WAA04550@netcom3.netcom.com> Message-ID: <9409091702.AA12893@ima.com> > > Fascism was a more sophisticated and coherent philosophy than > you give it credit for. Hitler mass marketed a vulgarized > mass market version to the ignorant unwashed masses, but this > was only after the political romantic philosophies came to have > substantial support among the intellectuals, and this philosophical > support was translated into political support by intellectuals > for the various volkish parties, one of which was the National > German Socialist Workers party, which Hitler later joined > and swiftly came to dominate. > > There really is no similar contender on the scene today. I would recommend reading "the Ominous Parallels" by Leonard Peikoff (spelling?). It discusses this in great detail, as well as how the US of today is moving more and more in that direction. Many good ideas to mull over. Ed From ravage at bga.com Fri Sep 9 11:50:10 1994 From: ravage at bga.com (Jim choate) Date: Fri, 9 Sep 94 11:50:10 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) In-Reply-To: <199409091748.KAA04399@netcom8.netcom.com> Message-ID: <199409091849.NAA09278@zoom.bga.com> > > My point was exactly that. That though a military coup is possible, > the ideology that made that political movement possible is dead, > dead, dead, dead. > > Get it. > > > Dead. > > Fascism was an idea. That idea has been proven false. > Somebody needs to tell the Aryian Brotherhood, The KKK, Louis Farackim (sp?), etc. that what the beliefes they are acting on have been disproven. From jamiel at sybase.com Fri Sep 9 11:57:14 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Fri, 9 Sep 94 11:57:14 PDT Subject: Title VII v. Liberty Message-ID: At 6:13 AM 9/9/94, Perry E. Metzger wrote: >It is certainly the case that massive bigotry exists against >homosexuals and that some companies make hiring decisions that way. >However, all credible studies show that homosexuals have substantially ^^^^^^^^^^^^^^^^^^^^ >above average income. Refs on this one? Even on ref. would do me. The only 'studies' I've seen like this are bullshit paid for by fundies. Seeing how one of their major weapons is convincing folk that queers are taking over big business, I wouldn't exactly call them credible. >Perry -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From mccoy at io.com Fri Sep 9 12:09:47 1994 From: mccoy at io.com (Jim McCoy) Date: Fri, 9 Sep 94 12:09:47 PDT Subject: pgp key servers In-Reply-To: <9409091423.AA26657@mass6.FRB.GOV> Message-ID: <199409091909.OAA13003@pentagon.io.com> > From: Tom Allard > > What's up with the key servers now? My last request (to > pgp-public-keys at io.com) was finally bounced after a week. > I tried to finger @wasabi.io.com and was told "Connection > timed out". Wasabi is undergoing a hardware move of sorts. The pgp key server will return in a week or so at pgpkeys.io.com (things sent to wasabi will continue to work when the new hardware comes up.) jim From f_griffith at TITAN.SFASU.EDU Fri Sep 9 12:18:10 1994 From: f_griffith at TITAN.SFASU.EDU (f_griffith at TITAN.SFASU.EDU) Date: Fri, 9 Sep 94 12:18:10 PDT Subject: Introduction: Telephone traffic analysis Message-ID: <01HGWTBH6U4M0007DA@TITAN.SFASU.EDU> >They track and compare the frequency of calling patterns made by the targets. >Now they know the "calling circle" of the targets. They expand the tracking >pattern and start looking for cross overs. Tom Clancy in _Clear and Present Danger_ has a description of the CIA doing something like this to the Columbia drug cartel. From doug at OpenMind.com Fri Sep 9 12:40:48 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Fri, 9 Sep 94 12:40:48 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) Message-ID: I would like to thank Blanc Weber, Tim May, and Duncan Frissell for their responses to my message on the subject of employer hiring practices and liberty in a society. Tim and Duncan seem to be concerned with the freedom of an employer to make whatever hiring decisions he prefers. Blanc seems to be concerned principally with the soundness and health of the business entity. I am trying to understand the arguments for these points of view... I consider myself to be extremely "liberal" in my political philosophy, and I have a lot of respect for the arguments of libertarians. But I am continually pulled back to the "test case" issue of racist employment practices. This is the case where the argument is most difficult for me to buy. I am not sure whether Blanc would hold that businesses should be free to engage in racist hiring policies if that is their decision, but it seems clear that Tim May does hold this position, and I understand that this is in fact the classic libertarian position. The argument seems to be that in a free society, natural cooperative processes will provide a form of "autoregulation" to discourage the widespread development of oppression of specific classes of individuals. There further seems to be an assumption that the tools of strong crypto will facilitate this system of checks and balances through natural cooperative processes. I am not convinced. Moreover, it seems to me that cryptoanarchy may in fact facilitate a new type of "mob rule". For example, imagine the development of a multitude of secret "crypto-posse" organizations. Individuals could join any number of these secret societies, which might require some sort of dues payment for participancy. They might be fleeting in duration, forming spontaneously to achieve some specific aim (thus my term "posse"). Virtually everything about these organizations could be secret -- their size, power, and even their very existence. Participating companies could secretly create trade monopolies. Organizations such as the KKK could accrue the financial support of large numbers of members to create strong social and economic pressures to oppress segments of the population in specific areas, yet the source of these pressures may be impossible to trace. Even apart from this, the availability of truly secure anonymity, strong encryption, and untraceable digital cash could allow contract killing to be an openly conducted business. For example, an anonymous news post announces a public key which is to be used to encode a contract kill order, along with a digital cash payment. The person placing the contract need only anonymously place the encrypted message in alt.test. Perhaps it is even possible to make it impossible to tell that the message was encrypted with the contract killer's public key (the killer would have to attempt decryption of all similarly encoded messages on alt.test, but that might be quite feasible). Thus it could be completely risk free for anyone to place a contract on anyone else. If there is a reason why these concerns are unfounded, I would very much appreciate hearing refutations. I certainly don't want any of these possibilities to materialize, but I don't see any way around them in a completely "cryptoanarchic" society. Doug ___________________________________________________________________ Doug Cutrell General Partner doug at OpenMind.com Open Mind, Santa Cruz =================================================================== From mccoy at io.com Fri Sep 9 13:10:47 1994 From: mccoy at io.com (Jim McCoy) Date: Fri, 9 Sep 94 13:10:47 PDT Subject: Title VII v. Liberty In-Reply-To: Message-ID: <199409092010.PAA17748@pentagon.io.com> jamiel at sybase.com (Jamie Lawrence) writes: > At 6:13 AM 9/9/94, Perry E. Metzger wrote: [...] > >However, all credible studies show that homosexuals have substantially > >above average income. > > Refs on this one? Even on ref. would do me. The only 'studies' I've > seen like this are bullshit paid for by fundies. Seeing how one of > their major weapons is convincing folk that queers are taking over > big business, I wouldn't exactly call them credible. Actually a recent study was reported a month or so ago (done by UMich or some other big surveying group with no visible axes to grind) that showed that homosexuals as a group have a _lower_ average income than the general population. I will poke around and see if I can find a ref to this study. jim From m5 at vail.tivoli.com Fri Sep 9 13:13:32 1994 From: m5 at vail.tivoli.com (Mike McNally) Date: Fri, 9 Sep 94 13:13:32 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) In-Reply-To: Message-ID: <9409092012.AA12184@vail.tivoli.com> Though I acknowledge that Doug's fears are real, there's one thing to keep in mind: cryptography is not by any means a magic shield for criminals. It eliminates, perhaps, one avenue by which crimes might be discovered. However, it is most certainly not the case that someone who places an open anonymous contract for a murder in an open forum is doing so "risk free". There are *plenty* of ways she might be found out. Likewise, big secret societies that nefariously undermine the free world via cryptography are as vulnerable as ever to the motivations of their own members to expose the groups in a double-cross. Crime is crime. Crime (in the philosophical sense; crime against individuals, crime against the environment, and so on, as opposed to crime as defined by the current establishment in power) is conducted by criminals no matter what the tools are. Every object on the planet is a potential accomplice to the criminal. | GOOD TIME FOR MOVIE - GOING ||| Mike McNally | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" | From sandfort at crl.com Fri Sep 9 13:16:49 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 9 Sep 94 13:16:49 PDT Subject: PRIVACY REGULATIONS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Michael Conlen adding to comments by Adam Shostack and Tim May wrote: With your name and address someone can find out what your date of birth is. In many states that is enough for a drivers licens... ...name and dob... Federal agencies such as the FBI, and most if not all states, use your NAME and DATE OF BIRTH as their primary means of locating you in their databases. When it comes to being charged with giving false information to the authorities, it could be argues that you "accidentally" misremembered or forgot your SSN. It would be a real stretch, though, to assert that you got your own name or birthday wrong. If you are stopped by the police, you are required to identify yourself if asked. Is your DOB required? May you decline to answer that question if it is not relevant to the stop? (To drive a car, to buy booze, you much be of requisite age. Maybe you could say, "I'm over 21, officer.") I don't know if it's ever been tested in court. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From rishab at dxm.ernet.in Fri Sep 9 13:33:29 1994 From: rishab at dxm.ernet.in (Rishab Aiyer Ghosh) Date: Fri, 9 Sep 94 13:33:29 PDT Subject: Social punishment 1/3: law without enforcers In-Reply-To: <199409080538.WAA25992@deepthought.pylon.com> Message-ID: <3cVHTc2w165w@dxm.ernet.in> blancw at pylon.com writes (in private mail): > than can present law enforcement systems. My next post will > examine the similarities between tribal and cyberspatial > society. > ........................................................ > > I don't know yet what you are going to say about the > similarities between tribal & cyberspatial societies, but one I guessed as much ;) > same category. The associations which occur in cyberspace are > not like the ones which occur in the physical plane. The > expectations are different - you don't expect to live with > these other people in close proximity, you don't expect to > identify with them as a group in the same way, you are not > going to get the same benefits on a daily basis or even an > extended time period, as you might from those with whom you > interact on more than one level or kind of contact. I > personally don't see interactions in cyberspace as constituting > a 'society', even if they are 'social'. > Maybe a drive-by society. Well, as I put it, the primary characteristic of tribe (versus city) has been portrayed as _physical_ proximity. I would say the more relevant characteristic is _mental_ proximity, or _social_ proximity, if you accept my classification of tribes and cyberspace as 'communication societies'. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Fri Sep 9 13:34:25 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 9 Sep 94 13:34:25 PDT Subject: Introduction: Telephone traffic analysis Message-ID: shamrock at netcom.com (Lucky Green): > I stumbled upon this great explanation of telephone traffic analysis and > thought I'd share it with the list: It is to evade this sort of traffic analysis that complex routing, batching and clustering of anon remailer traffic is being evolved. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From adam at bwh.harvard.edu Fri Sep 9 13:40:16 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Fri, 9 Sep 94 13:40:16 PDT Subject: Quick item re cellular encryption In-Reply-To: Message-ID: <199409092039.QAA18465@bwh.harvard.edu> SafeCall 617 330 8890 Cellular Privacy Unit attaches to the mothpeice & earpeice of your phone, uses variable split band inversion. The cost, depending on the phone, is about $599 one coming out for Motorola flip phones, might be more ($699). 2 modes of operation: call 1 800 number checks customer, gives dial tone $25 activation $ 5/month .75/minute anywwhere in the US + airtime from your celular carrier. In this mode, you connect to their system, get decrypted, sent out on their phone lines to the other end. Incoming voice gets 'encryted' and sent to you. or buy two units, bypass their system. They also make a fax unit. Seems that $600 only buys you a little bit of on-air security. When I asked about the possibility of using real encryption, she said that they might, but couldn't give me any firm commitments. I've asked for their literature, and will pass on if it has anything more interesting. Adam Netsurfer wrote: | This was parsed off Edupage - anyone know what type of encryption they are | using? | | -NetSurfer | | BEWARE CELLULAR CONFIDENCES | Lawyers who use cellular phones to discuss private matters with clients are | increasingly turning toward encryption technology to protect confidential | information. Boston-based SafeCall, a company that guarantees secure | cellular conversations by routing the calls through its scrambler, says its | largest and fastest growing contingent of customers is lawyers. Meanwhile, | a six-step set of how-to instructions for turning a Motorola flip-phone | into a cellular call receiver was posted on the Internet. (Wall Street | Journal 9/1/94 B1) | From perry at imsi.com Fri Sep 9 13:41:22 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 9 Sep 94 13:41:22 PDT Subject: Title VII v. Liberty In-Reply-To: Message-ID: <9409092040.AA00273@snark.imsi.com> Jamie Lawrence says: > Refs on this one? Even on ref. would do me. The only 'studies' I've > seen like this are bullshit paid for by fundies. Seeing how one of > their major weapons is convincing folk that queers are taking over > big business, I wouldn't exactly call them credible. Actually, as I recall these have mostly been marketing studies. For whatever reason (perhaps the same "oppressed group syndrome" that tends to make several other minorities work harder) gay men tend to be higher up on the income scale. No, I can't find a reference in a second -- but if you insist I'll dig one up. Those knowing my opinions closely enough will know that I loathe fundamentalist christians and that I'm quite rabbid in attacking discrimination against homosexuals. Let me note that Jews and Asians are not protected groups under Title 10 -- there are no affirmative action laws for us, and there *is* discrimination against them -- sometimes even very violent discrimination. Somehow, however, they have managed to do just fine in society. Perry From perry at imsi.com Fri Sep 9 13:44:52 1994 From: perry at imsi.com (Perry E. Metzger) Date: Fri, 9 Sep 94 13:44:52 PDT Subject: Introduction: Telephone traffic analysis In-Reply-To: <01HGWTBH6U4M0007DA@TITAN.SFASU.EDU> Message-ID: <9409092044.AA00292@snark.imsi.com> f_griffith at titan.sfasu.edu says: > Tom Clancy in _Clear and Present Danger_ has a description of the CIA > doing something like this to the Columbia drug cartel. I was unaware that the cartels at the University had achieved that much noteriety -- although we alumini have long known that they controlled most of the international trade in tylenol... Perry From kkk at asc.bu.edu Fri Sep 9 14:01:27 1994 From: kkk at asc.bu.edu (kkk at asc.bu.edu) Date: Fri, 9 Sep 94 14:01:27 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) Message-ID: <199409092101.RAA14180@BU.EDU> >I am trying to understand the arguments for these points of view... I >consider myself to be extremely "liberal" in my political philosophy, and I >have a lot of respect for the arguments of libertarians. But I am >continually pulled back to the "test case" issue of racist employment >practices. This is the case where the argument is most difficult for me to >buy. I am not sure whether Blanc would hold that businesses should be free >to engage in racist hiring policies if that is their decision, but it seems >clear that Tim May does hold this position, and I understand that this is >in fact the classic libertarian position. The argument seems to be that in >a free society, natural cooperative processes will provide a form of >"autoregulation" to discourage the widespread development of oppression of >specific classes of individuals. So, what gives you the right to stick your nose into other peoples business practices. I believe that if I hire a person to do some task it should be my decision as to what sort of person I hire as it is my money that I am paying them and my business that suffers if I am forced into hiring someone based on something other than good business reasons. >Organizations such as the KKK could accrue the financial support of large >numbers of members to create strong social and economic pressures to >oppress segments of the population in specific areas, yet the source of >these pressures may be impossible to trace. The same could be said about the Democratic Party in the USA. >If there is a reason why these concerns are unfounded, I would very much >appreciate hearing refutations. I certainly don't want any of these >possibilities to materialize, but I don't see any way around them in a >completely "cryptoanarchic" society. I think that it would be a Healthy Change instead of the crap that you seem to perfer. From frissell at panix.com Fri Sep 9 14:03:45 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 9 Sep 94 14:03:45 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) Message-ID: <199409092102.AA06974@panix.com> At 12:36 PM 9/9/94 -0700, Doug Cutrell wrote: >I am trying to understand the arguments for these points of view... I >consider myself to be extremely "liberal" in my political philosophy, and I >have a lot of respect for the arguments of libertarians. But I am >continually pulled back to the "test case" issue of racist employment >practices. This is the case where the argument is most difficult for me to >buy. Cypherpunks is becoming "horrors" libernet. The only legitimate hook for this issue is the fact that many would oppose crypto anarchy (if they knew it existed) because it makes things like anti-discrimination laws possible. To avoid too much damage to the list, I will try and restrain myself to two observations on the subject of laws against racial discrimination (which libertarians do oppose): 1) Laws are enforced by threat of (or by actual) violence. Supporters of outlawing racial discrimination are in the position of arguing that non-violent social disagreements (the decision by someone not to deal with someone else on *bad* grounds) should be "solved" by sending armed men out to punish the person deciding to refuse to hire -- say -- whites. And of course to kill him if he resists his punishment. I would rather see deadly force limited to situations in which there has at least been a breach of the peace of some kind. 2) I have never met a person (and don't believe that there ever has been a person) who has not discriminated on all of the "prohibited" bases frequently. Has there ever been anyone who selected -- say -- their friends and lovers *purely* using random selection. Never discriminating on the basis of race, creed, color, sex, age, alienage, previous condition of servitude, marital status, sexual or affectional preference, handicap, etc. It would be hard to imagine someone who didn't use these prohibited classifications in their personal sexual lives. I observe little use of RNGs (see -- a cypherpunks technical reference after all) in social intercourse. Since it is legal (and indeed considered OK) to discriminate on all these grounds in our personal lives, libertarians believe that discrimination should at least be legal. Freedom of Choice in *everything*. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail. From sandfort at crl.com Fri Sep 9 14:20:48 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 9 Sep 94 14:20:48 PDT Subject: CONTROL FREAKS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Where do I begin? Jim Choate has now retreated into subjectivism rather than Come on, Jim, you've been arguing that totalitarians can ignore economics. Answer my questions. How long did the "Thousand Year Reich" last? What totalitarian states can you name that have had any legs at all? There are none. I take it you don't take the comparison between the Roman circuses where prisoners and other misfits (ie Christians) were fed to the lions and and the Tutonic cirucses of the 30's and 40's (ie prison or relocation camps) where the criminal and other misfits (ie Jewish) were fed to the masochistic 'system' as comparable? The Warsaw Ghetto was not a form of 'circus' then? No, of course not. The Roman circuses were public spectacles. They were a form of entertainment (like professional sports today). Their propose was to distract the populace, not to eliminate enemies of the state. That's what Crucifixion and other types of execution were for. Often, the participants were pros, free men who did it for gold and glory. Hell, Rome wasn't even a totalitarian state. Where do you get these ideas? The Nazis were another matter, but they still didn't make the cut. Show me your successful totalitarian states. 'They' are the persons with money and influence and have also made it in their best interest to sustain the status quo. Just take a look at the Federal Reserve and how they manage the money in this country. Take a look at the special interest political groups who make it their job to get law-makers to look at it 'their' way. I've looked. I repeat, who are "they"? You know, like some names. They can't be too powerful, since social/cultural/legal non-compliance is a growth industry. God, what the hell are you so afraid of? Just exactly whose reality are we talking about ruling here?... people do not analyze their choices the same way you analyze some physical problem like building a bridge.... But that's the point. Economics *is* like building a bridge. You can't spend money you don't have. You can't create wealth by printing money. There are rules, and no amount of subjectivism or Roadrunner logic will exempt totalitarian states from them. But if you disagree, please prove me wrong by naming the states that have "created their own reality." I bet you can't. When I alluded that "they" weren't spending *my* money you wrote: I can assure you that the folks out there will spend their money if it is clear that they will make more of it in the long run. While it is true that public monies are the easiest to spend because of its anonymity it is not the only resource that is there. Consider under-the-table bribes and such. I give up, I don't have a clue what you're taking about. Do you? If so, please elucidate. Apparently, my comment about *structuring your life* so that you could ignore the control freaks went right over your head at the speed of light. FLAME ALERT: All Cypherpunks who disdain flamish exchanges should tune out now. I'm feeling peevish today and this sort of mindless drivel pisses me off. I have decided, therefore, to amuse myself by fucking with Mr. Choate's head for the remainder of this post. I am afraid [we know that, the question is why you are afraid?] that if you ignore a control freak you build the perfect environ [I'm sure you don't mean "environ," a verb. Perhaps "environment" or "environs" would be more suitable. Sloppy thinking; sloppy language.] for their growth. We are not talking about roses [now you've gotten SOMETHING right] here but rather ideas, a decidedly different animal. [Neither roses nor ideas are animals, Mr. Choate. Can you say mixed metaphor?] Ideas can grow long after the original thinker is gone. [Yes, but what has that got to do with our discussion. Focus, Mr. Choate.] To ignore rather than [to?] confront and expose [them?] is the best way possible [possible is redundundundant, Mr. Choate] to get what you don't want. [Interesting use of the negative in your sentence construction, but you never addressed my thesis, to wit: it is possible to structure your life so that you can ignore would-be controllers. There is no substitute for critical thinking, Mr. Choate.] Love and kisses, S a n d y "Who promises to go back on his medication tomorrow." ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jamiel at sybase.com Fri Sep 9 14:37:14 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Fri, 9 Sep 94 14:37:14 PDT Subject: Title VII v. Liberty Message-ID: At 1:40 PM 9/9/94, Perry E. Metzger wrote: >Actually, as I recall these have mostly been marketing studies. For >whatever reason (perhaps the same "oppressed group syndrome" that >tends to make several other minorities work harder) gay men tend to be >higher up on the income scale. No, I can't find a reference in a >second -- but if you insist I'll dig one up. Those knowing my opinions If you happen across one, I'd like to see it, but don't go out of your way >closely enough will know that I loathe fundamentalist christians and >that I'm quite rabbid in attacking discrimination against homosexuals. I have at least a rough sketch of your political views in mind, Perry. I wasn't trying to attack you - I was trying to correct something that is a very common misconception. Just happens to be on a rather charged topic. Assuming it was a marketing survey, this makes a lot more sense. They are going to look places where people selling things have a good chance to sell, which tends not to be the blue collar sections (where due to violence and educational differences, people are also much more likely to be closeted, and results are skewed anyway) Also note that income brackets are, to my experience, extremely variant among gays depending on location, race and (here's the biggest, it seems) sex. >Let me note that Jews and Asians are not protected groups under Title >10 -- there are no affirmative action laws for us, and there *is* >discrimination against them -- sometimes even very violent >discrimination. Somehow, however, they have managed to do just fine in >society. Although I believe this is an apples/oranges situation on a number of grounds (no comments on discussing fruit, please :), I see your point. I still strongly disagree that such legislation isn't nessessary, but that's neither here nor there... >Perry -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From tcmay at netcom.com Fri Sep 9 14:48:22 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 9 Sep 94 14:48:22 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) In-Reply-To: Message-ID: <199409092148.OAA01362@netcom11.netcom.com> (I can only respond very briefly to the excellent post Doug Cuttrell has made....I'm trying to finish something by tonight in preparation for tomorrow's Cypherpunks meeting in Mountain View.) Doug has correctly figured out what strong crypto implies, and just how badly it nukes the "liberal" view of society. Like I said, I'll be brief, even telegraphic: > I am trying to understand the arguments for these points of view... I > consider myself to be extremely "liberal" in my political philosophy, and I > have a lot of respect for the arguments of libertarians. But I am There's no time for any of us to write pro-libertarian essays here. Plenty of books. Etc. > to engage in racist hiring policies if that is their decision, but it seems > clear that Tim May does hold this position, and I understand that this is > in fact the classic libertarian position. The argument seems to be that in > a free society, natural cooperative processes will provide a form of > "autoregulation" to discourage the widespread development of oppression of > specific classes of individuals. I never worry about whether my choices are "racist" or "sexist" or "ageist" or "looksist" (a real term used here in Santa Cruz), etc. They're just my choices. Nobody else's business. Of course, they don't have to do business with me, either. Sounds fair to me. The original meaning of "liberalism" (yes). > There further seems to be an assumption that the tools of strong crypto > will facilitate this system of checks and balances through natural > cooperative processes. I am not convinced. Moreover, it seems to me that > cryptoanarchy may in fact facilitate a new type of "mob rule". For > example, imagine the development of a multitude of secret "crypto-posse" Yes, though I've called them "digilantes." Crypto Star Chambers. > organizations. Individuals could join any number of these secret > societies, which might require some sort of dues payment for participancy. > They might be fleeting in duration, forming spontaneously to achieve some > specific aim (thus my term "posse"). Virtually everything about these > organizations could be secret -- their size, power, and even their very > existence. Participating companies could secretly create trade monopolies. > Organizations such as the KKK could accrue the financial support of large > numbers of members to create strong social and economic pressures to > oppress segments of the population in specific areas, yet the source of > these pressures may be impossible to trace. Yep. I call this the "Crypto Anarchy Principle": The Crypto Anarchy Principle: Strong crypto permits unbreakable encryption, unforgeable signatures, untraceable electronic messages, and unlinkable pseudonomous identities. This ensures that some transactions and communications can be entered into only voluntarily. External force, law, and regulation cannot be applied. This is "anarchy," in the sense of no outside rulers and laws. Voluntary arrangements, back-stopped by voluntarily-arranged institutions like escrow services, will be the only form of rule. This is "crypto anarchy." > Even apart from this, the availability of truly secure anonymity, strong > encryption, and untraceable digital cash could allow contract killing to be > an openly conducted business. For example, an anonymous news post > announces a public key which is to be used to encode a contract kill order, > along with a digital cash payment. The person placing the contract need > only anonymously place the encrypted message in alt.test. Perhaps it is > even possible to make it impossible to tell that the message was encrypted > with the contract killer's public key (the killer would have to attempt > decryption of all similarly encoded messages on alt.test, but that might be > quite feasible). Thus it could be completely risk free for anyone to place > a contract on anyone else. Markets for assassinations--untraceable and unlinkable--have been a topic of discussion for a long time. You'll find them explicitly mentioned in my 1988 "Crypto Anarchist Manifesto." Doug is to be congratulated for realizing the implications, if he hadn't heard about them before. This topic has been written about by me, David Friedman, Robin Hanson, Hal Finney, and others. A lot of stuff to consider. Not now. > If there is a reason why these concerns are unfounded, I would very much > appreciate hearing refutations. I certainly don't want any of these > possibilities to materialize, but I don't see any way around them in a > completely "cryptoanarchic" society. Can't be stopped. If strong crypto is allowed (and most of us don't think even a police state could stop it at this point), then these "voluntary associations" cannot be stopped. Hence..... Welcome to the New Underworld Order! (a term I have borrowed from Claire Sterling.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jamiel at sybase.com Fri Sep 9 15:05:07 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Fri, 9 Sep 94 15:05:07 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) Message-ID: Looks like someone was listening to the discussion of fake mail that took place here earlier... Hint to the sender of this - think about how to get rid of the underscored line. After that, think *content*. At 2:01 PM 9/9/94, kkk at asc.bu.edu wrote: >Return-Path: [deletia] >Date: Fri, 9 Sep 1994 17:01:12 -0400 >From: kkk at asc.bu.edu >Message-Id: <199409092101.RAA14180 at BU.EDU> >Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) >Apparently-To: cypherpunks at toad.com ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >Sender: owner-cypherpunks at toad.com >Precedence: bulk >Content-Length: 1876 -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From cactus at bb.com Fri Sep 9 15:49:37 1994 From: cactus at bb.com (L. Todd Masco) Date: Fri, 9 Sep 94 15:49:37 PDT Subject: Title VII v. Liberty In-Reply-To: <9409092040.AA00273@snark.imsi.com> Message-ID: <34qovq$iv@bb.com> In article <9409092040.AA00273 at snark.imsi.com>, Perry E. Metzger wrote: >Actually, as I recall these have mostly been marketing studies. For >whatever reason (perhaps the same "oppressed group syndrome" that >tends to make several other minorities work harder) gay men tend to be >higher up on the income scale. No, I can't find a reference in a >second -- but if you insist I'll dig one up. Those knowing my opinions >closely enough will know that I loathe fundamentalist christians and >that I'm quite rabbid in attacking discrimination against homosexuals. My understanding is that it's a bimodal distribution: the marketing studies have shown the higher modality because that's the segment that they're interested in. -- L. Todd Masco | "Hide, witch, hide! The good folk come to burn thee, their cactus at bb.com | keen enjoyment hid behind a gothic mask of duty." -JS/BATE From vvallopp at eniac.seas.upenn.edu Fri Sep 9 15:49:59 1994 From: vvallopp at eniac.seas.upenn.edu (Vinod Valloppillil) Date: Fri, 9 Sep 94 15:49:59 PDT Subject: Ecash mailing list? In-Reply-To: Message-ID: <199409092244.WAA02304@red.seas.upenn.edu> Hello all, Is anybody interested in forming a mailing list explicitly for e-cash discussion? After looking at the c'punks list for at least a year, there seems to be the critical mass of interest to create a medium volume mailing list. The most critical benefit that such a dedicated list would have is that we could probably generate interest from parties who may have an interest in alternate currency/cash systems but have no interest/ knowledge of crypto (a lot of hard core financiers that I know of come to mind...). I don't have the resources to create a list but I'd be more than glad to help out someone who has access to 'em. ------------------------------+---------------------------------------------- Vinod Valloppillil | Even if you're one in a million, Telecom/MIS/Strategic MGMT | there's still a thousand more of you Engineering/Wharton | in China..... vvallopp at eniac.seas.upenn.edu | ------------------------------+---------------------------------------------- "When buying and selling are controlled by legislation, the first things to be bought and sold are legislators." - P.J. O'Rourke From cactus at bb.com Fri Sep 9 15:55:28 1994 From: cactus at bb.com (L. Todd Masco) Date: Fri, 9 Sep 94 15:55:28 PDT Subject: CONTROL FREAKS In-Reply-To: Message-ID: <34qpd0$mb@bb.com> To try to cool the flames a bit... In article , Sandy Sandfort wrote: >Come on, Jim, you've been arguing that totalitarians can ignore >economics. Answer my questions. How long did the "Thousand Year >Reich" last? What totalitarian states can you name that have had >any legs at all? There are none. I think the point isn't that totalitarian states won't last: we know that. The point is that those trying to establish a totalitarian state can do a hell of a lot of damage to the rest of us before they fail. -- L. Todd Masco | "Hide, witch, hide! The good folk come to burn thee, their cactus at bb.com | keen enjoyment hid behind a gothic mask of duty." -JS/BATE From jamesd at netcom.com Fri Sep 9 16:15:09 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 9 Sep 94 16:15:09 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) In-Reply-To: Message-ID: <199409092315.QAA02725@netcom7.netcom.com> Doug Cutrell writes > The argument seems to be that in > a free society, natural cooperative processes will provide a form of > "autoregulation" to discourage the widespread development of oppression of > specific classes of individuals. Actually the argument is that who I choose to associate with is no damned business of the state. If you want a utiltarian argument, no problem: Obviously laws regulating who can associate with who, can be used, will be used, and are being used to oppress those minority groups that are out of favor with the state. For example jews and Asians are not "protected groups" and the anti discrimination laws are enforced in a selective fashion to harass businessmen of Korean origin in California. Obviously if some individuals choose not to associate with some group for irrational reasons it will harm those who so choose more than it harms the group - but only the state can enforce discrimination with guns, and it does, thus only state sponsored discrimination is significant in practice. Plenty of Koreans have been put out of business by the state. How many homosexuals have been put out of business by private discrimination? But I piss on utilitarian arguments. From the fact that anti discrimination laws violate peoples rights, we could have immediately inferred that the unjust use of force would follow, and that this would lead to undesired and unintended outcomes, without bothering with the specific details. > Moreover, it seems to me that > cryptoanarchy may in fact facilitate a new type of "mob rule". For > example, imagine the development of a multitude of secret "crypto-posse" > organizations. Individuals could join any number of these secret > societies, which might require some sort of dues payment for participancy. > They might be fleeting in duration, forming spontaneously to achieve some > specific aim (thus my term "posse"). That is the plan. Consider the excellent and great campaign of intimidation and harassment against Cantor and Segal. We really trashed those guys. Hurray for cybervigilantes and Silicon cowboys. > Virtually everything about these > organizations could be secret -- their size, power, and even their very > existence. Right on. It is called "freedom of association". You will just have to get used to it. > If there is a reason why these concerns are unfounded, I would very much > appreciate hearing refutations. I certainly don't want any of these > possibilities to materialize, but I don't see any way around them in a > completely "cryptoanarchic" society. Most of us hope, desire, and intend, that your worst fears will be realized. As for contract killings - what else is new. Just as today you will have to start by asking "who has motive and money to put out a contract on X". Of course you could prevent contract killings by requiring everyone to carry government "escrowed" tape recordings to record all their conversations and requiring them to keep a diary at all times alibing their all their activities. This would also make it much easier to stamp out child pornography, plutonium smuggling, and social discrimination against the politically correct. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From turner at telecheck.com Fri Sep 9 16:30:58 1994 From: turner at telecheck.com (Joe Turner) Date: Fri, 9 Sep 94 16:30:58 PDT Subject: Title VII v. Liberty In-Reply-To: <24090820325010@vms2.macc.wisc.edu> Message-ID: <9409092330.AA01303@TeleCheck.com> > As to sexual orientation, um no federal law protects the class. And yet >magic- ally, massive discrimination exists. This is a natural result >of the condition... [snip] > In my last position there were 43 women working and 2 men. I was one of those men. Not to flame, but what is the motivation for claiming massive discrim- ination exists? I have worked with a wide array of people from many different countries, ethnic backgrounds, and sexual orientation. I have never been in a situation where I believe someone else was descriminated against. As far as descrimination goes, I am a white male just out of high school. I applied for government grants but uncle sam thought my unemployed father was just too rich. While my minority friends were getting grants and loans, I was forced to get a job and work my way through community college. I'm not complaining-- Two years later, I am now a Systems Engineer for Telecheck International (and they are going to pick up the tab for my tuition), programming on a myriad of computer operating systems (VMS, OpenVMS, OSF, AIX, and MS-DOS) in C, C++ and assembly language, while my friends are still trying to figure out what they want to major in. I just get really frustrated when I hear about is being discriminated against. More often then not its just used as a justification for government funding, an excuse for a light prision sentence, or to gather a few liberal votes at the polling place. I have never felt that whinning about discrimination or making excuses will get you anywhere. > Sometimes intervention works. Granted, usually it does not. But removing > the regs now would work to do one thing - perpetuate the past effects of > discriminatory intent in today's world. Just the other day I was reading the Business section of the Houston Chronicle, in which a Clinton administrative official was quoted as saying, "its OK to fire whites to promote ethnic diversity." My interpritation of this is that its OK to fire people because of thier skin color. I thought this was illegal. I am scared of the day when I go into a job interview and before I am able to shake the CEO's hand he stops me from proceeding futher by saying, "I'm sorry we've already hired our white person for this quarter. We were looking for a asian woman. Or perhaps a black homosexual.. we'll get bonus points for that!" -- Joe N. Turner Telecheck International turner at telecheck.com 5251 Westheimer, PO BOX 4659, Houston, TX 77210-4659 compu$erv: 73301,1654 (800) 888-4922 * (713) 439-6597 From jya at pipeline.com Fri Sep 9 16:47:44 1994 From: jya at pipeline.com (John Young) Date: Fri, 9 Sep 94 16:47:44 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killings) Message-ID: <199409092347.TAA03412@pipe1.pipeline.com> Responding to msg by doug at OpenMind.com (Doug Cutrell) on Fri, 9 Sep 12:36 PM: Your critique has elicited some of the best responses I've seen here. There is still, indeed, the task of proving that cryptoanarchy is not itself a play for power by those who write and master its cryptographic code. But better to test that in the public arena rather remain hidden and protected like the state secrecy of governmental cryptography. The state will probably fiercely oppose it, not least by stigmatizing cryptoanarchy and impugning its motives by exaggeration and distortion. (It is worth recalling that classical black anarchy, the secret, lethal version as distinguished from open black flag type, is used by despots to justify their ruthless measures. Black anarchists, as agents of despots, mingle with avowed flag-wavers to spy and provoke acts that lead to repressive crackdowns. Black anarchists never announce themselves as such but may freely admit to being "anarchistic" as a wild-eyed subterfuge. Inept provocations sometimes reveal them but the most able are never detected.) I may be helpful to read one writer's view of how cryptoanarchy may be lumped with and targeted like other stigmatized groups whose attributes it may claim: Quotes are from: "Stigma, Notes on the Management of Spoiled Identity", Erving Goffman, Simon and Schuster, 1963. pp. 143-45: DEVIATIONS AND DEVIANCE One such deviation is important here, the kind presented by individuals who are seen as declining voluntarily and openly to accept the social place accorded them, and who act irregularly and somewhat rebelliously in connection with our basic institutions -- the family, the age-grade system, the stereotyped role-division between the sexes, legitimate full-time employment involving maintenance of a single governmentally ratified personal identity, and segregation by class and race. These are the "disaffiliates." Those who take this stand on their own and by themselves might be called eccentrics or "characters." Those whose activity is collective and focused within some building or place (and often upon a special activity) may be called cultists. Those who come together into a sub-community or milieu may be called "social deviants", and their corporate life a deviant community. They constitute a special type, but only one type, of deviator. If there is to be a field of inquiry called "deviance," it is social deviants as here defined that would presumably constitute its core. Prostitutes, drug addicts, delinquents, criminals, jazz musicians, bohemians, gypsies, carnival workers, hobos, winos, show people, full time gamblers, beach dwellers, homosexuals, and the urban unrepentant poor -- these would be included. These are the folk who are considered to be engaged in some kind of collective denial of the social order. They are perceived as failing to use available opportunity for advancement in the various approved runways of society; they show open disrespect for their betters; they lack piety; they represent failures in the motivational schemes of society. Once the core of social deviancy is established, one can proceed to peripheral instances: community-based political radicals who not only vote in a divergent way but spend more time with those of their own kind than is politically necessary; the traveling rich who are not geared into the executive's work week, and spend their time drifting from one summering place to another; expatriates, employed or not, who routinely wander at least a few steps from the PX and the American Express; the ethnic assimilation backsliders who are reared in the two worlds of the parent society and the society of their parents, and resolutely turn away from the conventional routes of mobility open to them, overlaying their public school socialization with what many normals will see as a grotesque costume of religious orthodoxy; the metropolitan unmarried and merely married who disavail themselves of an opportunity to raise a family, and instead support a vague society that is in rebellion, albeit mild and short-lived, against the family system In almost all of these cases, some show of disaffiliation is made, as is also true of eccentrics and cultists, providing in this way a thin line that can be drawn between all of them and deviators on the other side, namely, the quietly disaffiliated--hobbyists who become so devoted to their avocation that only a husk remains for civil attachments, as in the case of some ardent stamp collectors, club tennis players, and sports car buffs. Social deviants, as defined, flaunt their refusal to accept their place and are temporarily tolerated in this gestural rebellion, providing it is restricted within the ecological boundaries of their community. Like ethnic and racial ghettos, these communities constitute a haven of self-defense and a place where the individual deviator can openly take the line that he is at least as good as anyone else. But in addition, social deviants often feel that they are not merely equal to but better than normals, and that the life they lead is better than that lived by the persons they would otherwise be. Social deviants also provide models of being for restless normals, obtaining not only sympathy but also recruits. (Cultists acquire converts too, of course, but the focus is on programs of action not styles of life.) The wise can become fellow-travelers. p. 25: STIGMA AND SOCIAL IDENTlTY Often those with a particular stigma sponsor a publication of some kind [list cypherpunks?] which gives voice to shared feelings, consolidating and stabilizing for the reader his sense of the realness of "his" group and his attachment to it. Here the ideology of the members is formulated -- their complaints, their aspirations, their politics. The names of well-known friends and enemies of the "group" are cited, along with information to confirm the goodness or the badness of these people. Success stories are printed, tales of heroes of assimilation who have penetrated new areas of normal acceptance. Atrocity tales are recorded, recent and historic, of extreme mistreatment by normals. Exemplary moral tales are provided in biographical and autobiographical form illustrating a desirable code of conduct for the stigmatized. The publication also serves as a forum for presenting some division of opinion as to how the situation of the stigmatized person ought best to be handled. Should the individual's failing require special equipment [crypto?], it is here advertised and reviewed. The readership of these publications provides a market for books and pamphlets which present a similar line. It is important to stress that, in America at least, no matter how small and how badly off a particular stigmatized category is, the viewpoint of its members is likely to be given public presentation of some kind. It can thus be said that Americans who are stigmatized tend to live in a literarily-defined world, however uncultured they might be. If they don't read books on the situation of persons like themselves, they at least read magazines and see movies; and where they don't do these, then they listen to local, vocal associates. An intellectually worked-up version of their point of view is thus available to most stigmatized persons End quotes From jamiel at sybase.com Fri Sep 9 16:54:29 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Fri, 9 Sep 94 16:54:29 PDT Subject: Title VII v. Liberty Message-ID: At 4:30 PM 9/9/94, Joe Turner wrote: >I just get really frustrated when I hear about is being >discriminated against. More often then not its just used as a justification >for government funding, an excuse for a light prision sentence, or to gather >a few liberal votes at the polling place. I have never felt that whinning >about discrimination or making excuses will get you anywhere. Oh, Christ. -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From jamesd at netcom.com Fri Sep 9 16:55:08 1994 From: jamesd at netcom.com (James A. Donald) Date: Fri, 9 Sep 94 16:55:08 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) In-Reply-To: <199409091849.NAA09278@zoom.bga.com> Message-ID: <199409092323.QAA03690@netcom7.netcom.com> I wrote: > > the ideology that made that political movement possible is dead, > > dead, dead, dead. > > > > Get it. > > > > > > Dead. > > > > Fascism was an idea. That idea has been proven false. Jim choate writes > Somebody needs to tell the Aryian Brotherhood, The KKK, Louis Farackim (sp?), > etc. that what the beliefes they are acting on have been disproven. Fascism is not racism. Racism, like war and trade restrictions, was an accidental and almost unintentional byproduct of a complex ideological system that is now dead as stone, even though racism and so forth still live. This is now totally off cypherpunk issues, so I will not respond to further replies on this topic. > > -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From jamiel at sybase.com Fri Sep 9 17:03:46 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Fri, 9 Sep 94 17:03:46 PDT Subject: Lame security software Message-ID: In showing a co-worker why a lot of the cryptographic software out there is really bad to use, I found one of the worst examples I've ever run across, and I'm in a sharing mood today. For those Mac users out there, get ahold of Norton Partition, which ships with Norton Utilities 2.0. I was demoing the only way it should be counted on for anything, and then not much, by setting up a non-automounting DES encrypted soft partition. I chose the password 'cheesetoast', and explained why this was a bad choice, etc. Well, upon mounting the disk to demo something else, I misstyped 'cheeseto " (that last character is a space), and whad do you know, it mounted. I suspect it checks a hash of the first eight characters, tossing the rest, but don't have time to check and see if that is the case. Happy ending - My coworker then asked "What is that PGP think again?" -j -- "Blah Blah Blah" ___________________________________________________________________ Jamie Lawrence From ravage at bga.com Fri Sep 9 17:30:13 1994 From: ravage at bga.com (Jim choate) Date: Fri, 9 Sep 94 17:30:13 PDT Subject: CONTROL FREAKS In-Reply-To: Message-ID: <199409100029.TAA24880@zoom.bga.com> > > Come on, Jim, you've been arguing that totalitarians can ignore > economics. Answer my questions. How long did the "Thousand Year > Reich" last? What totalitarian states can you name that have had > any legs at all? There are none. > You have obviously misinterpreted my statements intent. I do not hold that any government can ignore economics. As a matter of fact, back there a ways I alluded to the fall of most totalitarian regimes being linked to the economics of open trade. As long as their is a market outside the totalitarian keen there is a threat to its stability. The Thousand Year Reich lasted less than a thousand years. I fail to see how this is relevant to the discussion. I have not addressed in any manner the concept that governments, totalitarian or otherwise, are guaranteed a endless bounty of curruption. All governments and structures fail. As to legs, I assume you mean sufficient force to exist? The fist couple that come to mind are China and Singapore. Neither are at this moment in any kind of collapse that is apparent. As to their being good examples from your point of view, they have only existed since the end of WWII so they may be too young... > > No, of course not. The Roman circuses were public spectacles. > They were a form of entertainment (like professional sports > today). Their propose was to distract the populace, not to > eliminate enemies of the state. That's what Crucifixion and > other types of execution were for. Often, the participants were > pros, free men who did it for gold and glory. Hell, Rome wasn't > even a totalitarian state. Where do you get these ideas? The > Nazis were another matter, but they still didn't make the cut. > Show me your successful totalitarian states. > I fail to understand how 'public' the spectacle needs to be before it qualifies under your definition. Littery thousands of Christians were killed in the Arena because of failure to make their citizenship oaths. I see this as the main point and why I feel justified in making the comparison between the Romans and the Germans (not to mention the fact that Hitler was a big Roman freak..ever look at standards for Rome and for Nazi Germany?). > I've looked. I repeat, who are "they"? You know, like some > names. They can't be too powerful, since social/cultural/legal > non-compliance is a growth industry. God, what the hell are > you so afraid of? > How about the folks involved in Whitewater? About The Pentagon Papers, Air America, etc. Afraid? I am not afraid. > > But that's the point. Economics *is* like building a bridge. > You can't spend money you don't have. You can't create wealth by > printing money. There are rules, and no amount of subjectivism > or Roadrunner logic will exempt totalitarian states from them. > But if you disagree, please prove me wrong by naming the states > that have "created their own reality." I bet you can't. > The US government does exactly that, they print money that has no backing other than a few equations and then wonder why our economy cycles the way it does. Economics is NOT like building a bridge. A bridge consists of aa few well known interactions and a basic understanding of the limits of the materials that you use. Economics is about trying to understand what happened and why in a system revolving around the concepts of stock exchanges, banks that are government backed, etc. In Oregon there is no longer any reference to 'pornography' in their laws. In short their legal body has decided that such concepts are not applicable to their society. The French have government enforced board which reviews the language and decides on what is leglal or not; they also prohibit the use of crypto by their citizens to a large extent. The Mormons build a religion which strongly influences a government in Utah which effects all those peoples reality. In Shanghai, China it is against the law to own a cat or dog without government permission. > > Apparently, my comment about *structuring your life* so that you > could ignore the control freaks went right over your head at the > speed of light. > And in the process you become a control freak. You become what you most hate (or want to avoid). From frissell at panix.com Fri Sep 9 18:13:25 1994 From: frissell at panix.com (Duncan Frissell) Date: Fri, 9 Sep 94 18:13:25 PDT Subject: Copulating Camels and Digital Cash Message-ID: <199409100113.AA29404@panix.com> This week's Economist has one (or rather two) of the subject items on the cover and an article on the other inside. Also one on "Doing Business on the Net." DCF From tcmay at netcom.com Fri Sep 9 18:47:58 1994 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 9 Sep 94 18:47:58 PDT Subject: Ecash mailing list? In-Reply-To: <199409092244.WAA02304@red.seas.upenn.edu> Message-ID: <199409100147.SAA08070@netcom9.netcom.com> > Is anybody interested in forming a mailing list explicitly for e-cash > discussion? After looking at the c'punks list for at least a year, > there seems to be the critical mass of interest to create a medium > volume mailing list. Half a dozen such special sub-list exists on Cypherpunks--bet you didn't know that, eh? That's because they go unused, for reasons I've written about before. And there _are_ money-related lists: IMP-Interest, DigLib, AltInst, and probably others I've missed. Why start yet another one? > The most critical benefit that such a dedicated list would have is > that we could probably generate interest from parties who may have > an interest in alternate currency/cash systems but have no interest/ > knowledge of crypto (a lot of hard core financiers that I know of > come to mind...). If you're not on _their_ lists, why do you think they'll join _your_ list? > > I don't have the resources to create a list but I'd be more than > glad to help out someone who has access to 'em. > > ------------------------------+---------------------------------------------- > Vinod Valloppillil | Even if you're one in a million, Creating such a list is the easy part (Duncan and Sandy just did it for PRIVACY 101)..the hard part is having it survive infancy. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From nobody at jpunix.com Fri Sep 9 20:12:29 1994 From: nobody at jpunix.com (nobody at jpunix.com) Date: Fri, 9 Sep 94 20:12:29 PDT Subject: Thank you Bob Anderson Message-ID: <199409100311.WAA12423@jpunix.com> SUBJECT: RC4 Source Code I've tested this. It is compatible with the RC4 object module that comes in the various RSA toolkits. /* rc4.h */ typedef struct rc4_key { unsigned char state[256]; unsigned char x; unsigned char y; } rc4_key; void prepare_key(unsigned char *key_data_ptr,int key_data_len, rc4_key *key); void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key); /*rc4.c */ #include "rc4.h" static void swap_byte(unsigned char *a, unsigned char *b); void prepare_key(unsigned char *key_data_ptr, int key_data_len, rc4_key *key) { unsigned char swapByte; unsigned char index1; unsigned char index2; unsigned char* state; short counter; state = &key->state[0]; for(counter = 0; counter < 256; counter++) state[counter] = counter; key->x = 0; key->y = 0; index1 = 0; index2 = 0; for(counter = 0; counter < 256; counter++) { index2 = (key_data_ptr[index1] + state[counter] + index2) % 256; swap_byte(&state[counter], &state[index2]); index1 = (index1 + 1) % key_data_len; } } void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key) { unsigned char x; unsigned char y; unsigned char* state; unsigned char xorIndex; short counter; x = key->x; y = key->y; state = &key->state[0]; for(counter = 0; counter < buffer_len; counter ++) { x = (x + 1) % 256; y = (state[x] + y) % 256; swap_byte(&state[x], &state[y]); xorIndex = state[x] + (state[y]) % 256; buffer_ptr[counter] ^= state[xorIndex]; } key->x = x; key->y = y; } static void swap_byte(unsigned char *a, unsigned char *b) { unsigned char swapByte; swapByte = *a; *a = *b; *b = swapByte; } From blancw at pylon.com Fri Sep 9 20:25:55 1994 From: blancw at pylon.com (blancw at pylon.com) Date: Fri, 9 Sep 94 20:25:55 PDT Subject: Societies & Your Health Message-ID: <199409100326.UAA21830@deepthought.pylon.com> Responding to msg by Doug Cutrell: "Blanc seems to be concerned principally with the soundness and health of the business entity." Well, if you mean that I was defending the prerogative of a corporate entity against an angry mob of voters descending upon it to coerce services from it, health (& safety!) is the concern. But actually I was taking your argument of equal fairness and noting that voters who responded that way to a denial of service would be expecting automatic beneficence, without considering the means to the end: if there is no existing service, there is no one to coerce into providing it. The voting public which bands together to use coercion takes services & benefits for granted, without any respect for the source. " I am not sure whether Blanc would hold that businesses should be free to engage in racist hiring policies if that is their decision...." Since I wouldn't claim to own either the corporations or the society within which they operate, I wouldn't presume to direct their hiring policies either. "The argument seems to be that in a free society, natural cooperative processes will provide a form of "autoregulation" to discourage the widespread development of oppression of specific classes of individuals." Societies, I hear tell, develop with the intent of deriving positive benefits from an association with people who want to interact with each other. In a "free" society, oppressed classes of individuals would be at liberty to leave to form their own, repressive arrangements and establish their own discriminative hiring policies. "....... imagine the development of a multitude of secret "crypto-posse" organizations. .......Organizations such as the KKK could accrue the financial support of large numbers of members to create strong social and economic pressures to oppress segments of the population. . . . . . " One thing I can say about this, is that there already exist a large number of this type of organization, and they are not very secret about it. In Bosnia, in Iran, in South America, in South Africa, et al. They suppress & decimate whole populations in full view. Perhaps if there were a larger number of secret organizations, they would target each other and kill each other off. The world could become one big, happy family of paranoids instead of just a horde of " nattering nabobs of negativism" ( is that an endangered species?). Blanc From vznuri at netcom.com Fri Sep 9 20:29:35 1994 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Fri, 09 Sep 94 20:29:35 -0700 Subject: help! Message-ID: <7fb00796f6fa0266f4390bb3e7b04079@NO-ID-FOUND.mhonarc.org> I'm having problems posting to the cypherpunks list. I was hoping you might be able to help me. could you post this? thanks-- Subject: beta test volunteers wanted I am in the process of starting beta tests on some server-based email filtering software. I need some volunteers to help debug the system. I'll have to ask you to commit to an informal, temporary nondisclosure agreement. If you are interested, please send me mail. Thanks-- vznuri at netcom.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From rishab at dxm.ernet.in Fri Sep 9 20:31:04 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 9 Sep 94 20:31:04 PDT Subject: Social punishment 2/3: communication societies Message-ID: Social punishment 2/3: communication societies If one examines the use of social punishment, one sees that that it is strongest in the smallest of units (a family - 'if you do that again, we won't talk to you') and while best seen as a way of keeping order in small villages or tribes, is gradually replaced by more formal legal systems, with some form of judiciary, police and prison as populations gather in towns and cities. Social punishment also works best with non-lethal 'crimes' rather than murder and rape, presumably more common in cities than in villages (or cyberspace). It has been argued that cities need formal legal systems due to the complex situations created by a large, concentrated population. More people means more people who don't know (and therefore trust) each other, and leads to more crime. Taboo and other social punishment can't work because the people are not as strongly bound together as in a smaller community. This may be partially true. I would say, however, that the primary reason that social punishment works in a village is that it is a _communication society_. People depend on each other (rather than on faceless municipal corporations or public utilities) for most activities. Most of all, they depend on each other to _talk_ - for social interaction. Social interaction is a far more important component of life in a village than in a big city. It is because of this greater need for communication, rather than the size of the population, that ostracization is so effective. Cyberspace is also a communication society. While McLuhan's Global Village has become extremely cliched, in this aspect cyberspace does resemble a village. People on the Net may not be dependent on each other for food and clothing, but they are for almost anything else concerned with a cyber life. There is thankfully no Internet Municipal Corporation that takes care of all roads (net connections), supplies (of information and public keys), and order (through centralized credentials or certification). Most would be repelled at the thought of such a thing. Cyberspace is full of vibrant communities that do little else but talk. Social interaction is at a higher level than at any time in history. The 'crimes' committed in cyberspace are non-lethal and primarily violations of protocol. Like the other communication society, the tribe or village, cyberspace is well suited to a system of social punishment. It's not as if taboos and ostracization don't already exist in cyberspace, to keep people within the few unwritten rules that exist at present. Flames, newbies, kill files etc. As a variety of activities take place in cyberspace, from digital cash transfers to elections to escrow, the number of rules will grow, but there is no reason why the system of punishment cannot be equally effective. No, I'm not saying that you can solve electronic fraud by putting a name in your kill file. More recent technologies - cancelbots, reputation systems (in concept if not in fact) - can make social punishment in cyberspace highly practical. And in cyberspace, if noone reads your posts, you're dead. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From hfinney at shell.portal.com Fri Sep 9 20:38:50 1994 From: hfinney at shell.portal.com (Hal) Date: Fri, 9 Sep 94 20:38:50 PDT Subject: digital reputation capital In-Reply-To: <199409091646.MAA16843@bwh.harvard.edu> Message-ID: <199409100338.UAA09358@jobe.shell.portal.com> Adam Shostack writes: > I'm currently writing up a design for a digital reputation >capital system. The intent is not to provide a framework for >licensing or formal endorsement system, but instead, allow people to >automatically discover the opinions of others about various entities. At one time there was something similar to this called the Hawthorne Exchange (or HEX) associated with the Extropians list. Various entities (like people and nyms, and later, confusingly, ideas) could be registered and people could buy and sell "shares" in these registered entities. The market price of a share was supposed to in some sense represent the value of the reputation. At least, that's how I understood it. The goals were never 100% clear to me. It did not seem to work very well. You need to give people an incentive to participate, to register their opinions. Because you could actually make "monetary units" by buying low and selling high, there seemed to be a lot of volatility and price manipulation in the market, especially since there wasn't much to tie the prices to reality. You might check on the Extropians list for more information. Hal From rishab at dxm.ernet.in Fri Sep 9 20:48:22 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 9 Sep 94 20:48:22 PDT Subject: ITARs around the world Message-ID: M.Gream at uts.EDU.AU (Matthew Gream): > [quoting alt.pgp.security] > I'm afraid I have to post a clarification to a clarification. I've just > been in contact with the relevant people at the Defence Signals > Directorate. It seems that regardless of advice obtained from other > departments and documentation that points to the contrary, there are > restrictive controls on software. Is the document mentioned the equivalent (with similar legal standing) of the US ITAR? When the Scandinavian countries join the EU next year, what will the implications for crypto be? France bans it, is there any EU policy proposal? Maybe crypto software should all be written by cheap programmers in Bangalore. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Fri Sep 9 22:30:10 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 9 Sep 94 22:30:10 PDT Subject: Social punishment 3/3: reputation systems Message-ID: Social punishment 3/3: reputation systems Social punishment works because individuals know that someone has broken rules, and _voluntarily_ cooperate with enforcing the accused's punishment. (Of course part of the reason is the risk of similar punishment for non-cooperation, but a major part, particularly in cybercrimes, is that if an individual could harm someone else, he or she could harm you too.) Social punishment works through reputation. XXX, after breaking rules, is seen to be a 'bad character'. Soon everyone knows XXX as a 'bad character' and behaves accordingly, usually by avoiding contact. Once XXX gets a bad REPUTATION (and this is how _I_ define the term, not as some centrally imposed certificate), in traditional societies it is very difficult for XXX to regain a good one. People _individually_ decide whether a 'bad character' is indeed 'bad' and depending on the stature of the individual and the bad character, may or may not cooperate with any punishment. A priest in traditional society or someone else with impeccable reputation is permitted to interact with even the worst of characters. One problem with such a wildfire reputation system is it can be _too_ effective. Once ostracized, the decentralized system makes it very difficult for someone to rejoin society, to have his/her 'reformation' recognized. The channels in traditional societies include lots of 'good work' and recommendation by 'good citizens' such as the priest etc. The other is a new identity. The most powerful illustration of a reputation system I can think of is Victor Hugo's Les Miserables, where ex-convict Jean Valjean finds himself ostracized by society despite having been released. A priest's kindness is not enough, and he later gains a very good reputation building an industry. The notable thing is that he rejoins society only when he gets a _new identity_ - and later gets back into prison when his old identity is discovered. This is a strong case for universal pseudonymity - BAN TRUE NAMES - which, together with strong voluntary reputation and social punishment systems can form the basis for cyberspatial order. I can't really say as yet how a cyberspace reputation system should be implemented. Old-timers will recognize the distinction between my proposed voluntary reputation and certification - the difference between PGP and central public key directories. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Fri Sep 9 23:49:07 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Fri, 9 Sep 94 23:49:07 PDT Subject: Citizen-Unit Donald De-Certified Message-ID: To all Certified Citizen-Units, We are most disappointed to inform you of the sad fate of a bright young Citizen-Unit, James A Donald. Citizen-Unit Donald has fallen prey to the increasingly common disease of incorrect thinking. He has actually suggested the possibility that this august and universally respected Board be replaced with what he calls a 'reputation' system. In his system, Citizen-Units would not be Certified by a central Board of Credentials, but would actually have 'reputations' - semi-certificates of approval by each Citizen-Unit. These reputations would be independent of any group of Citizen-Units, and would represent the trust placed by _individual_ Units in the recipient. In such a system, a wrong-thinking Unit may have a bad reputation with most people, but a good one with others! This suggestion seems dangerously close to pre-civilization tribal society, and makes the insupportable assumption that a Citizen-Unit knows what is best for itself. As we all know, any individual's opinions are hopelessly inadequate when compared with the Collective, as expressed by this Board. It is hoped that other Units will keep themselves away from such incorrect attitudes. Citizen-Unit Donald shall henceforth be treated as De-Certified. Citizen-Unit Rishab Ghosh, Senior Certifier, Central Board of Credentials and Certification ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From usura at vox.xs4all.nl Sat Sep 10 03:26:54 1994 From: usura at vox.xs4all.nl (Alex de Joode) Date: Sat, 10 Sep 94 03:26:54 PDT Subject: ITARs around the world Message-ID: rishab at dxm.ernet.in writes: : M.Gream at uts.EDU.AU (Matthew Gream): : > [quoting alt.pgp.security] : > I'm afraid I have to post a clarification to a clarification. I've just : > been in contact with the relevant people at the Defence Signals : > Directorate. It seems that regardless of advice obtained from other : > departments and documentation that points to the contrary, there are : > restrictive controls on software. : : Is the document mentioned the equivalent (with similar legal standing) of the : US ITAR? : : When the Scandinavian countries join the EU next year, what will the : implications for crypto be? France bans it, is there any EU policy proposal? : The EU has published a plan of action for how to proceed into the informationsociety. -> COM(94) 347 def. Brussels, 19.07.1994 This document only states that: (translated from dutch, lousy english I know) The Commision plans, advised by a group of officials concerning the security of informationsystems, to make a proposal in september 1994 for requirements that encryption systems and signature verification systems must follow. [..] The Community will research the possiblities for cooperation in the field of encryption with third countries, notably the US. Other relevant publications are: -> COM(94) 128 def. COD 288 Brussels, 13.06.1994 ISDN and mobile networks (cellular for US folks) -> COM(92) 422 Outline of Privacy Protection [If you are in the EU, most University Law Libraries will have these documents, in the US or elsewhere one should look for an depository Library for EU publications] EnJoY -- Exit! Stage Left. Alex de Joode From merriman at metronet.com Sat Sep 10 06:41:39 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 10 Sep 94 06:41:39 PDT Subject: Bumper Stickers Message-ID: I finally got around to calling the number that was posted along with the announcement of Williams and Macias' bumper sticker printer stock of a few weeks ago. They were quite willing to send me samples of it :-) When it shows up, I'll take it for a 'test drive' and let you all know how it turns out. Their number is 1-800-310-0890, if you want to play with it yourself. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From sandfort at crl.com Sat Sep 10 06:47:09 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 10 Sep 94 06:47:09 PDT Subject: FORWARD Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . From smart at mel.dit.csiro.au Sat Sep 10 07:04:23 1994 From: smart at mel.dit.csiro.au (Bob Smart) Date: Sat, 10 Sep 94 07:04:23 PDT Subject: Proposal for an Electronic Commerce Testbed Message-ID: <199409101403.AA28987@shark.mel.dit.csiro.au> As Tony Rutkowski said recently in Tokyo, the Internet works best when things come from the bottom up. Things that require a lot of sophisticated infrastructure before you can even get started are hard to get off the ground. This tends to be a problem with all security technology and particularly with proposals for electronic commerce. We need a testbed where we can play with the various proposals without having the dangers associated with using real money in an experimental environment. On the other hand we need a large number of people using the experimental software because scalability and usability are two key criteria. This document will describe: 1. The technical requirements for such a testbed. 2. The social engineering necessary to get a large number of Internet users participating in the testbed. Testbed Structure ----------------- Initially there would be only one bank. Multiple banks and inter-bank issues would be brought in later. Protocols should be designed to allow for multiple banks. The intention would be to implement (and thus compare) multiple forms of electronic money: everything from open electronic cheques (and other EDI) to sophisticated double-blinded digital cash schemes. All source for software used in the testbed is openly available. It is not necessarily available for reuse - all that is required for the testbed's purposes is to ensure that there is no security-through- obscurity. The system must support multiple currencies in simultaneous use. The only requirement for a currency is that the mechanism for creating new money is defined and does not allow people to get an arbitrarily large amount of money. [E.g. if it is done by allowing registered people to receive an "income" then people shouldn't be able to register multiple times in different guises without sustaining a real cost for doing so.] I discuss some ideas for how to do this later. A currency market should be set up at an early stage, if only as a fun application. People are encouraged (preferably by real physical prizes) to try to break the electronic commerce protocols. To facilitate this all communication for the system goes through "virtual" paths which are are on one or more computers. People who register as attackers can take over one or more virtual links and can delete/insert/change packets on those links. Denial of service attacks are not allowed. Nor (obviously) are attacks that don't use the officially sanctioned attack points. While the last sentence seems obvious it needs to be made strongly so we don't get people claiming in court "I broke into their machine because they wanted people to try to break their system". Finally, and this is perhaps the hardest part, we need applications which use the electronic commerce protocols and which a lot of people will want to use. This is hard with only "play" money, but I have a few ideas below. The protocols and the applications will not be tied to particular currencies. Particular servers and users will only accept particular currencies. This might be partly handled by having a currency market but ultimately some currencies may have real value while others don't, and the problem of acquiring the currencies with real value will be no different to our experience of real life. Possible Detail: Creation of Money ---------------------------------- The Internet Society might issue "Internet Dollar" play money to all its (financial) members who are interested, at some steady rate. Then organizations wishing to support the Internet Society while participating in the testbed might provide some services (e.g. by www) and charge with Internet$s. This would encourage people to join the Internet Society to use those services. It will also allow people to provide services which they would provide free except for a fear that they would be overused and thus affect the organizations network link - the play money charge limits possible use. A charity (or group of charities) could provide play money to people making donations. For example a donation of $100 to charity X might get you 100 X$s. Then organizations wishing to support charity X can provide services which are charged for in X$s. All the people involved in these experiments need to be aware that the software is experimental and that people are encouraged to break the protocols and "steal" the play money. So they shouldn't use it for anything serious. However when things stabilize and become trusted it is possible to imagine slightly more serious uses before we get to pure commercial applications. Network providers could experiment with charging algorithms. For example AARNet could issue AARNet units to its customers in proportion to their bill. A certain amount, say 40%, of the international link could be reserved for priority traffic. Users wanting a share of that priority component of the link would participate in an auction that is run every 30 minutes using AARnet units as currency. Possible Detail: Competitions and Gambling ------------------------------------------ I've speculated above on the possibility of people supporting the testbed by providing some useful services while charging play money. We shouldn't depend on that. There is a class of applications which are fun but need (or at least are helped by) money to give the measure of success or failure. These are games, competitions and gambling. I believe that done right they can be sufficiently interesting with play money that people will want to take part: enough people to test the scalability of the various proposals. Some of the games that can be played between individuals on the Internet really need the ability to have a bet to make play really meaningful: poker and backgammon are examples. The question is: will betting with "play" money work or will people play frivolously because the money does not have real value? The key here is that the currency used is reasonably hard to obtain. If you play badly and lose your money you can't play. If you win and get a lot of money you can move into the higher stake games where, presumably, the better and thus more interesting opponents play. I think it could work quite well. Beyond that we can produce a lot of gambling games which we know interest a lot of people and perhaps if they played with play money on the Internet their kids would eat better: casino games, lotteries, numbers games, bingo, poker machines, betting on events like horse races. I have some ideas in this area that can only be done on a computer network. Possible Detail: Getting Things Done ------------------------------------ I think the best way to move this forward would be through the IETF. There would be an ect working group. The rules for taking part in the testbed would be published as informational or experimental RFCs. We would need machines to run the Internet Experimental Bank and the attacker-accessible virtual links. I imagine that many organizations would be keen for the cachet of providing these services provided that the banks protocols didn't require human intervention. I imagine that account numbers will be PGP public keys. Subscribers claiming to be financial members of the Internet Society will receive an initial allocation and steady income of Internet-dollars. Other currencies will be created as required. The particular electronic commerce protocols experimented with may require additional infrastructure. For example accounts can be associated with other keys, for the use with protocols which don't use RSA, by means of appropriate PGP-signed documents. Clearly there is a lot of coding to be done, from hack to cryptographic. I think if we got the support of the IETF then we'd get support from individuals and organizations. The fact that it would add a certain respectability to playing games over the Internet would also help to attract some young and talented contributors. Interest? --------- Without endorsing the particular details above, if you think an Electronic Commerce Testbed is possible and that you would be prepared to contribute to an IETF WG on the subject then let me know. With sufficient interest I will propose the idea to Jeff Schiller (IETF Security Area Director). Bob Smart From merriman at metronet.com Sat Sep 10 10:03:05 1994 From: merriman at metronet.com (David K. Merriman) Date: Sat, 10 Sep 94 10:03:05 PDT Subject: E.C.T. Message-ID: The ECT proposal sounds pretty good, and I'd like to toss in my nickle's worth.... What to do about the non-Unix (and Unix variants) world? Granted that the majority of the net is "unix" based, there are still a *lot* of folks that run MSDOS, Windows, Amigas, Ataris, and god-knows-what-else. If they can't 'play', that would seem to put a semi-serious limitation on the testbed. What hooks are going to be available to let the other kids play? (I count myself in there - I run Windows) There was recently a not-so-brief thread about what to call the electronic "cash" - why not just go with that old Sci-Fi standby of "credits" (abbreviated C| ? Or the copyright symbol?)? It's not specific to any country/currency, and fairly accurately describes the nature of the medium. Are the creditbanks going to be available on a 24-hour basis, with the attendant load/reliability questions? If not, what to do about overdrafts, or refusals-of-service because a creditbank is 'down'? How to deal with getting account balances (if appropriate)? Do we handle the transactions as cash (each "bill" serial numbered and sealed)) or checks (available in virtually any "denomination" - with the related check-based concerns)? If it's going to be in "denominational" form, how are these "bills" going to be identified? This is related to the unix/MSDOS/Atari/Amiga/??? question - discrete monetary denominations should at least have filenames that are usable by all participants (regrettably, that means the MSDOS limitation of 8.3 - *sigh*). If checks, what format do they take (I'll assume they'll still meet the minimum filename limitations of MSDOS)? How are the credits actually transferred (ie, how would I send C|35 to Tim May :-) - attachment, inclusion (uuencoded? MIME?), or ???? Would I be correct that these credits would only be available in integer units? Please understand - I'm not trying to throw cold water on the idea, or pretend I'm playing "devil's advocate", or anything of the sort. I like the idea of implementing a testbed for e-money, and would like to contribute whatever I can: I've followed the e-money discussions as theory, but my 'real world' job is as an engineering tech - the one who tries to get from the design/theory stage to real implementation. You "engineers" get to work out the gory details of what's the best "design"; us "technicians" have to work out the details of how to implement your designs - and provide feedback when something doesn't "look right", or ask questions when there's a _perceived_ problem with the implementation. The design/implementation process generally works best when the engineer can tell the technician what he's trying to do, and the technician gets to provide feedback by asking dumb questions about why and how and what-happens-if :-) Finally, I think it would be better if the foundation for the ECT were in place before trying to spread the gospel, so to speak. I know that's kind of obvious, but if we had the creditbanks in place, the creditnotes or creditchecks available, and the tools (MS-Windows CreditWriter? Atari CreditPurse?) to allow unix/DOS/Atari/Amiga users to actually use the system, more folks would be willing to at least give it a *try*. It's the old bird-in-the-hand vs two-in-the-bush deal....... One thing did occur to me after reading the ECT proposal: it would seem to be ideal for mailing lists and moderated newsgroups. Someone wanting to post an article/message pays (say) C|10 for the privelege; if others like it, they send the author C|1. Flamers don't make much (if any) money, and good stuff increases wealth. Leaves folks free to write whatever they want, but not for free (translation: you've *really* got to want to say it before you'll pay for it). Kinda brings new meaning to the phrase "putting in my .02 worth" :-) Dave Merriman - Playing "Straight Man" to the Cypherpunks Comedy Troupe :-) - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From pierre at shell.portal.com Sat Sep 10 11:18:19 1994 From: pierre at shell.portal.com (Pierre Uszynski) Date: Sat, 10 Sep 94 11:18:19 PDT Subject: E.C.T. Message-ID: <199409101818.LAA12810@jobe.shell.portal.com> Dave Merriman explains: > > One thing did occur to me after reading the ECT proposal: it would seem to be > ideal for mailing lists and moderated newsgroups. Someone wanting to post an > article/message pays (say) C|10 for the privelege; if others like it, they > send the author C|1. Flamers don't make much (if any) money, and good stuff > increases wealth. You don't need any Testbed Administration to do that. You can start such a mailing list right now, based on "silly name" NetCash/NetBank. They have the advantage of being right here, right now, and they are real money (so far :-). The fact that they receive their funds only through 900 numbers does not even necessarily limit them to USA residents: others can easily buy and sell "credits" through said USA residents. After all, people have been selling software and T-shirts internationally for a while. AMIX was based on such a system, albeit somehow considering they didn't need internet access, and building a pricing schedule more in line with Dialog than with internet (read "out of this world" :-). Pierre. pierre at shell.portal.com From cwalton at earthlink.net Sat Sep 10 12:00:26 1994 From: cwalton at earthlink.net (Conrad Walton) Date: Sat, 10 Sep 94 12:00:26 PDT Subject: Crypto Anarchist Manifesto Message-ID: At 2:48 PM 9/9/94 -0700, Timothy C. May wrote: > >Markets for assassinations--untraceable and unlinkable--have been a >topic of discussion for a long time. You'll find them explicitly >mentioned in my 1988 "Crypto Anarchist Manifesto." > >--Tim May > And is it possible to obtain a copy of your 1988 "Crypto Anarchist Manifesto."? Sounds like fun. FTP Site? ***************************************** Conrad Walton cwalton at earthlink.net ***************************************** Without JOY there can be no STRENGTH. Without STRENGTH, all other virtures are worthless. Edward Abbey From klbarrus at owlnet.rice.edu Sat Sep 10 12:20:49 1994 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Sat, 10 Sep 94 12:20:49 PDT Subject: Crypto Anarchist Manifesto (location) In-Reply-To: Message-ID: <9409101920.AA24297@snowy.owlnet.rice.edu> Conrad Walton wrote: > And is it possible to obtain a copy of your 1988 "Crypto Anarchist > Manifesto."? Sounds like fun. FTP Site? It is available via FTP at ftp.csua.berkeley.edu (I'm pretty sure this is the new name of soda.berkeley.edu!) in pub/cypherpunks. It is also available via gopher at chaos.bsu.edu in the Essays subdirectory of the "Cypherpunks Archive Site" directory (gopher://chaos.bsu.edu/Cypherpunks Archive Site/Essays/Cypherpunks Manifesto) I guess it should be renamed it to "Crypto Anarchist Manifesto" ;) It is probably elsewhere too; I'm currently reorganizing the gopher site (still have to do "Anonymous Mail" and "Misc") and hope to finish with adding extra material, including pointers to other the other sites I know exist. -- Karl L. Barrus: klbarrus at owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper From mark at unicorn.com Sat Sep 10 12:28:34 1994 From: mark at unicorn.com (Mark Grant) Date: Sat, 10 Sep 94 12:28:34 PDT Subject: Crypto Anarchist Manifesto (location) Message-ID: On Sat, 10 Sep 1994, Karl Lui Barrus wrote: > It is probably elsewhere too; I have an HTML version on the WWW at : http://www.c2.org/~mark/lib/ca.html feel free to add links to it from anywhere else... Mark From jburrell at crl.com Sat Sep 10 12:32:40 1994 From: jburrell at crl.com (Jason Burrell) Date: Sat, 10 Sep 94 12:32:40 PDT Subject: Crypto Anarchist Manifesto Message-ID: <199409101931.AA06053@mail.crl.com> >And is it possible to obtain a copy of your 1988 "Crypto Anarchist Manifesto."? >Sounds like fun. FTP Site? I found it on soda.csua.berkeley.edu last night. I don't think it was there before. Look for it in /pub/cypherpunks/rants/. -- Jason Burrell Finger for PGP public key. There is no such thing as limited censorship. If you want your freedom, fight now. Don't wait until you've lost it. From adam at bwh.harvard.edu Sat Sep 10 12:53:47 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 10 Sep 94 12:53:47 PDT Subject: Reputation credits 1/3 Message-ID: <199409101953.PAA01613@bwh.harvard.edu> After Rishab's posts on the uses of digital reputation credentials, I'd like to present some thoughts on how to implement them. Thoughts on creating a Reputation Capital Framework This document is split into three parts: A creating a useful, basic system of service, methods of distribution and implementation of reputation information, and possibilities for extending the system which may make the whole thing unworkably complex, but also may make it much more useful. I am going to begin by not rigorously defining reputation capital. The initial application, IMHO anyway, is magic filtering. The cypherpunks list gets up to 500 messages per week. Right now, I filter based on whose messages I like to read. This is a weak system that requires manual updating. It does not automatically respond when someone who I respect says "I've enjoyed XX's posts." I think that the framework I outline here can do magic filtering well. It also has the ability to evolve into a full fledged system for complex digital reputations in various realms. The simplest system would be where people collect statements of the form "I respect Alice. /s/ Bob." * Alice would collect statements like this, and append them to the bottom of her writings so that people who respected Bob would have a clue that they might be interested in what Alice has to say. A 'web of respect' could easily be formed, with each step away causing some reduction in value. The number would have to be large enough that reputations could spread--ie, that people could get some use out of this beyond an elaborate name for a kill/hotfile. It would also need to be small enough that reputations lines do not extend forever. Eventually, you don't care what Kim thinks of Loius. I would guess that some multiplier between .9 and .05 would work well. People you respect directly get the highest rating, people further away lose some amount of that respect until it trickles down to nothing. * the statement "I respect Alice. /s/ Bob." is analogous to "I find Alice's work interesting, informative, or otherwise worth reading. If someone would like to suggest a name other than reputation credentials for this, I'd be happy to hear it. Note that in this simple system, statements do not have any numerical value attached. Bob can not respect Alice 30% or 99% of the time, he only gets a binary statement. Its an obvious extension to let Bob say "I respect Alice 80% of the time. /s/ Bob." I only point this out because it is not mandatory that a system be constructed this way, and in fact, even a very simple system could be quite useful. With the addition of partial respect, the need for an automatic reduction in value becomes much less clear. If Alice respects Bob 50% of the time, and Bob respects Charlie 50% of the time, then Alice will probably find that a 25% respect rating for Charlie is good enough. (I'm not going to get into possible variations here; things seem to work well using percentages for reputation credentials and negative percentages for disrespect. The numbers are multiplied together, shrinking away to nothing pretty quickly, except in the case of a group of people with a good deal of mutual respect for each other.) Also, if several reputation credentials come in for one entity, they can simply be averaged together. This respect rating is relative; there is no central organization to say that Charlie's Used Cars sells great vehicles 25% of the time, its just what Alice's agents will be able to gauge how interesting Alice might consider someones work to be. Someone she occasionally respects sometimes thinks well of Charlie, so its more likely that she will be interested in what Charlie has to say, at least in comparison to someone Alice has never heard of at all. In this system, it makes sense for Charlie to spend a lot of time making his customers happy at first, and holding on to their endorsements of him, because there is no time limit on the statements, and no way to retract opinions. So, those are two natural enough extensions. Decaying reputations, based on the age of the signature, cause a reputation cred. to eventually become useless. Then there is the matter of retracting, or post-facto changing your statement of a reputation. This is more problematic. Remember right now, Alice, Bob and Charlie are simply collecting these reputation credentials, and storing them themselves. If Bob sends Alice a statement "I no longer respect Alice at all. /s/ Bob, 1 Sept 1994," Alice can simply forget to include it in her list of reputation credentials. If she commits to it through some crytpographically strong protocol based on her actions, she can probably dump it, and do business for some period of time before someone runs through all the work to confirm her reputation is as she presents it, and discovers she is lying based on outdated credentials. A solid system needs to ensure that up to date, complete credentials are available for most people most of the time. In my next message, I'll show several possible designs for systems that could exist in parallel to distribute reputation information, and explain why each would be useful. I'll also sketch out a set of programs to demontstrate how the system could be used. From adam at bwh.harvard.edu Sat Sep 10 12:54:18 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 10 Sep 94 12:54:18 PDT Subject: reputation credit 2/3 Message-ID: <199409101954.PAA01625@bwh.harvard.edu> Design criterion for a reputation service: * Reliable * trustworthy * resistant to dropping unflattering credentials * decentralized * easy to use * easier to automate * needs to support distributions of pseudonyms reputations without providing information about the nym. Designing a solid credential server is not an easy task. There are many requirements that one should meet. The basic server I am considering is designed for Internet as it is today. Mostly academics, researchers and students, operating on a highly insecure internet for mostly personal reasons. There are few large transactions occurring on the net; there is not a lot at stake in the grand scheme of things. OTOH, there is an awful lot at stake; specifications, especially bad ones, tend to live forever. Remember the RISKS piece on trains and horses? Thus the server I present could work well today in conjunction with MPAs, (Mail Processing Agents, such as procmail and filter) with newsreaders, and other similar software in order to handle bright filtering (the next generation of kill & hot files should be based on a distributed idea of whose work is worth reading, and whose is not. After that, the system should expand to cover reputations in various realms, reputations for various characteristics, and other things which I'll talk about in the next message. There are three basic models for sophisticated reputation distribution. The simplest method, of each person handling their own, has too many failure modes to be useful. The sophisticated models are essentially mail, Usenet and server based. I assume all transactions are signed, and encrypted at the users request to provide some amount of security against forgeries and traffic analysis. In a server based system, some set of databases exists to collect reputation certificates. A user (better yet, their agent) asks for a reputation certificate for some entity. The server sends it back. This could be built on the send everything you know model, or the request could be for certificates of people who the requester respects. Such filtering might be better done on local CPU. The system has the advantage of carrying all information in an easily queried format. It also has the advantage of concentrating certifications. Thus you could say things like 'The well regarded spaf' or 'The often ignored Marjorie Simpson,' because the server would collect such data. The next system would be based on Usenet. People would occasionally post their opinions to a newsgroup, and people who respected those people, directly or transitively, would pull in their postings. This system has the advantage of using existing technologies, and propagating widely, probably even past most firewalls. A third system would be based on mail. People would subscribe to lists, or send mail to folks they respect saying 'please put me on your reputations list.' The folks thus honored would then respond by sending out regular lists of who they respect or disrespect. This really requires everyone to run some sort of filtering agent. It has the advantage of allowing people to set up closed lists for propagation, and only distributing information on a demand basis. Note that this mail system is not the only one that could use mail for propagation, it simply uses mail as an automatic and regular carrier of information, while a server system would only do so on request. Both the mail and news systems may fail to provide timely information about new individuals who may have a reputation, but because you never asked for it in mail anywhere, or because articles have expired on your newserver, you can not find it. This is the reason the server system would be useful. Not so much in a filtering context, but instead in a system where reputations are relied on for various semi-real time services. The expandability of the system relies on part on its ability to find arbitrary reputation information quickly and automatically. That is something that a server system does well, but a mail or news system does not. To build a mail system, you would need some sort of decent filter (such as MH filter, procmail, or mailagent) which can run programs based on a set of conditions. You would need a rule which would watch for incoming reputation cred. certificates (which would be signed, maybe encrypted). This would pipe into your assesment program, which would keep track of how you relate to each of the various people who send you reputations cred. certificates. It would turn all the information into a database. On any high volume forum, you could filter incoming mail into a set of filters which react based on the numeric scores given to a person by your assesment program. Anyone whose carries enough reputation credits to pass your filter goes into one box, everyone else goes into another. (Clearly, you can be more selective, set up several boxes, or whatever else you want.) The tough part of making this system work is in the generation of reputations credits. Hal mentioned that the Extropians built a system based on buying and selling of reputations on a market. I don't see these reputation credits as being something tangible. You can't carry your reputation credit with you; they exist as a result of your participation in a web of respect. I don't care that Homer Simpson is a well respected authority in rec.drink.brewing; his worlds and mine rarely cross. He can't pick up his reputation credit and plop down in cypherpunks, expecting to be well respected; none of us know him. Or maybe someone does, in which case, they can (automatically) tell us what they think. Becuase reputation credit is not fungible, and because it propogates itself, buying and selling it may be confusing. If someone well respected gets an additional unit of reputation, then all the people who he/she respects will also gain slightly. I expect that a system based on giving away reputation credits would work well. If you respect too many people too mcuh, your value as a link in peoples chain will decrease, and people will start disrepecting you, becuase you disturb their filter. Eventually, if you keep it up, the value of your reputation credit will drop close to zero, as no one cares about what you have to say anymore. This may fail if someone with interesthing things to say decides to disrupt the system. I'm not sure why someone with interesting things to say would think it was worthwhile to disrupt the system, but I don't like designing things on expect and oughts. Perhaps a system could be implemented that would allow you to give reputation credit in 'transferable' and 'non-transferable' forms, so you could respect what someone had to say, but pay no attention to their opinions of people. I hope, but don't know if I can expect, that a system like this would get its initial momentum from people who want to be able to use it for their own smart filtering. If the system were well designed (easy to change how much reputation credit you give someone), then making a change in your filtering would be as simple as saying "slander tcmay at netcom.com +50" (slander is the working name I've been using to describe the program to enter reputations, good or bad. It came from thinking of this as a Usenet based system.) If the system could build up some initial momentum from people using it for personal filtering, then it would probably accelerate from there. As more people use the system, it becomes more useful to use it, accelerating its growth. Its growth hopefully, is not constrained by the underdesign of servers, since each person serves themselves. As the software becomes more useful, it is easy to build and design alterate systems of spreading reputations because the system is decentralized. If I decide I want to build a system where each person whose first name begins with a vowel gets an extra 5% added to their reputation, and then add 10% to my perception of the reputation credits of any one who three people I give more than 75% reputation credit to, then I can implement that in my local assesment program without disturbing everyone who relies on my server. (Admittedly, the people who currently pay attention to who I gvie rep cred to may no longer do so, after strange credits start coming out, but thats a seperate problem.) From adam at bwh.harvard.edu Sat Sep 10 12:58:50 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sat, 10 Sep 94 12:58:50 PDT Subject: reputation credit 3/3 Message-ID: <199409101958.PAA01656@bwh.harvard.edu> Assume the distribution problem to be solved, in that people can now easily and reliably get the complete reputation information on an identity that interests them. What extensions to the basic system can be made to make it more useful? What will these extension do to the usability of the system? I think the most interesting extension would be to make reputations that apply only in one realm, a realm being some online community, whether that community consists of a single mailing list (Cypherpunks) or several lists, newsgroups (firewalls, bugtraq, comp.security.unix), or even a larger area, perhaps compromising mail, news, www, other interactive service. Clearly, there is some overlap between some realms (security, cypherpunks, hackers). A good reputation in one area might carry over into another, or it might lead to a negative reputation. This effect will probably arise spontaneously from the webs of interaction. Initially, I was going to propose that it be somehow formalized, but now I see that it will arise on its own accord, given a sufficiently flexible and strong system of distributing digital reputation capital on the net. This does require that negative opinions be made possible, not just low opinions. If Charlie can say "I disrespect David 90% of the time. /s/ Charlie 1 sept 94" and those opinions can spread the same way as positive ones, then most of the useful interaction between groups is possible in a decentralized, out of control sort of way. I've sort of assumed in other places that negative opinions were possible, I just wanted to explicitly state it. Another potential extension would be the addition of more varying formalized opinions than the formalistic "I respect/disrespect..." that I've been basing this on. This also has the possibility of just taking way too much work, but has the possibility, with careful design, to be a very useful tool. What if Alice can say "I think David is a fanatic. I also think David is a windbag." and she says these things in such a way that they can be automatically responded to by software? This would require a carefully chosen list of opinions that the system would support. If you had too many opinions, then the system would be worthless, because, in all probability, people would pick different descriptors, and the information would not correlate into anything useful. The list could probably be fairly short, allowing for terms like windbag, funny, fanatical, reasonable, knowledgeable, trustworthy. That would greatly expand what you could say (or hear) about someone in a simple digital format for automatic scanning and filtering. The inclusion of terms like trustworthy or reliable could act as the basis for some business. A set of 'reliable' endorsements stretching back 20 years would make me much more comfortable with a remailer business than one that sprung up yesterday and is now well respected by 300 federal agents. None of these endorsements need be formal "I'd do business with them again" statements, the objective is to give an idea of who is thought of well, and who is not. With the addition of an encrypted open books protocol then people could automatically get an idea of what businesses are stable, and liked by their customers. I've toyed with the idea of being able to rate personalities this way, which would be useful at times, since there reputations do exist in the personal world as well as the professional. But any system of personal reputations would fail, because bad mouthing someone with a digital reputation is an open act. Very few people would talk about Alice in a negative light if they know she will hear about it. And even if they do want to, there doesn't need to be an automated system to make it easier. However, this does raise the interesting idea of a private reputations system. If a group for one reason or another wants to build a reputation service that is closed; in who may add to it and who may access it, would they be able to? It would probably be fairly simple. The slander program could be modified so that no one who didn't already have some reputation capital could be discussed. Using a system that A useful bit of reputation capital can not be anonymous, although it can be pseudononymous. If it is anonymous, there is no way to give it weight. Cooperative protocols for undeniable digital signatures could probably be designed and made workable. However, I would expect that it would be far too much work to run. I prefer to design a system that requires much less effort. If you want to protect your privacy while participating, work under a nym. There you have it, an outline of a system for possibly efficient, decentralized digital reputation capital. A bunch of extensions that may or may not work. How to distribute is addressed, but needs more work, and probably a prototype. The big question in my mind is how to get people to feed enough information into it to seed the system? Once it gets started, it will run for a while on slow growth, and then explode at some random point. (Probably right after a serious design bug is discovered. :) After it explodes in terms of use, it will be self-perpetuating because of its usefulness. Please feel free to comment on what wouldn't work. How could the system be extended to make it more useful? It might be that building something would be the best way to answer these kinds of questions. From hfinney at shell.portal.com Sat Sep 10 13:37:53 1994 From: hfinney at shell.portal.com (Hal) Date: Sat, 10 Sep 94 13:37:53 PDT Subject: reputation credit 3/3 In-Reply-To: <199409101958.PAA01656@bwh.harvard.edu> Message-ID: <199409102037.NAA19749@jobe.shell.portal.com> Adam Shostack writes a very interesting set of articles on a concrete proposal for reputation credentials. A couple of suggestions: maybe you should distinguish between respecting someone as a writer and respecting them as a reviewer. In the real world, we have editors, publishers, and others whose main job is to discover and facilitate the good writers. Just because you write well doesn't mean you will be good at recommending other writers, and vice versa. Adam brings this up himself when he talks about a good writer who intentionally makes bad recommendations. Creating these two different kinds of credentials would help solve this. A related point is that doing this helps remove some of the normative or reward/punishment aspects of this system. Saying that you like someone's recommendations is similar to saying that you have similar tastes to theirs. There is not so much stigma or insult associated with refusal to give a credential saying that you like someone as a reviewer. It just means your tastes differ. OTOH refusing to endorse someone as a writer is a stickier business. It may offend others and it could bring retribution upon yourself. It could be a way to create enemies. Especially if you went with numerical rankings so you said "I like John Doe's writing 5% of the time", this could be insulting. If you don't have these "negative" credentials it is not so bad but it still may be noticable if someone endorses a lot of people with a few notable exceptions. The problem, then, is that people may be reluctant to be honest with their opinions. They may find it safer to follow the crowd and add their own endorsements to those already popular than to take a chance with honest praise of some pariah. There was some discussion about this in the development of PGP. Should there be a way for people to say how much they trust another person as a signer? If you had this (in a public way) then you could have transitive trust to some extent and it would expand the web of trust considerably. But again the concern was that people would not want to expose what they truly thought of the signing policies of their friends. I suppose you could get around this by having one set of opinions for public consumption and another set used for personal message rankings, but that seems a bit extreme. Still, I think it would be a worthwhile thing to try. It would be nice if we could do some more interesting cryptographic stuff than just simple signatures, though. Hal From lcottrell at popmail.ucsd.edu Sat Sep 10 17:12:48 1994 From: lcottrell at popmail.ucsd.edu (Lance Cottrell) Date: Sat, 10 Sep 94 17:12:48 PDT Subject: Black Cryptoanarchy (KKK, monopolies, contract killing) Message-ID: <199409110008.RAA01851@ucsd.edu> -----BEGIN PGP SIGNED MESSAGE----- James A. Donald writes >Obviously if some individuals choose not to associate with some >group for irrational reasons it will harm those who so choose >more than it harms the group - but only the state can enforce >discrimination with guns, and it does, thus only state sponsored >discrimination is significant in practice. > Only the state can enforce discrimination with guns?!?!? In the South there is a long history of non-governmental groups enforcing discrimination with guns. The argument that discriminating companies will be at a competitive disadvantage is only valid if all players are rational and informed. There is good historical evidence that whole cultures are willing to assume this "disadvantage" in order to perpetuate some status quo. It could easily become the case than non-discriminating companies would be boycotted putting the disadvantage on them. I know that anarchy is near and dear to many hearts here, but there are some really nasty drawbacks to it tyranny of the majority being just one. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBLnJR4VVkk3dax7hlAQGKGwP9EelH2mqmVDqQJ7k9a0ADGkJH+lkXzIBQ gImHALeHsYe5U7MKVbAyVVoRbDfUsEoRN2L1pJ7Yze1tJd3woPxpHspCmBZuYYqQ CMQSx9ly2RNtKa7hcoarHgxuLepBaMTcPE0ka8L79365kzTLplUH4N2a8QZ1tAQb BzHxy2GtRHE= =LQeH -----END PGP SIGNATURE----- -------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki at nately.ucsd.edu PGP 2.6 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche From nobody at vox.xs4all.nl Sat Sep 10 17:21:30 1994 From: nobody at vox.xs4all.nl (An0nYm0Us UsEr) Date: Sat, 10 Sep 94 17:21:30 PDT Subject: No Subject Message-ID: <199409110021.AA03772@xs1.xs4all.nl> Is PGP v 2.6.1 up on any ftp sites where we poor non-US scum could get a look at it? As Sat. Sept. 10 it seems like mathew over in the UK hadn't seen the source code yet. From hibbert at netcom.com Sat Sep 10 18:20:35 1994 From: hibbert at netcom.com (Chris Hibbert) Date: Sat, 10 Sep 94 18:20:35 PDT Subject: PRIVACY REGULATIONS In-Reply-To: Message-ID: <199409110120.SAA14980@netcom8.netcom.com> >>If you are stopped by the police, you are required to identify >>yourself if asked. This is not true. If you're driving a car you are required to have a license. If you're just walking around, you're not required to have a name, or to tell it. A cop has to have a probable cause to arrest you, and not giving your name doesn't provide it. If you're surly, a cop can take you in, but if you politely decline to identify yourself, the cop has to work harder to find a reason to do anything. Just say "Officer, someone is waiting for me. May I go now?" This has been tested in court. There was a black lawyer several years ago who liked to walk a lot. He lived in one of the fashionable neighborhoods in LA, and occasionally got picked up becasue he "looked like he didn't belong there". He sued them and won in court every time, and got the police to leave him alone. [No, I don't have references.] Chris From hibbert at netcom.com Sat Sep 10 18:23:25 1994 From: hibbert at netcom.com (Chris Hibbert) Date: Sat, 10 Sep 94 18:23:25 PDT Subject: SSNs and Privacy regulations In-Reply-To: Message-ID: <199409110123.SAA15189@netcom8.netcom.com> The reason not to give your Social Security Number when MCI asks is not to keep MCI from knowing it, but to keep them from treating your knowledge of it as proof of your identity. Insist that they use a different number so anyone willing to pay TRW for a credit report can't get access to your account. Chris (author of the SSN FAQ) From nobody at kaiwan.com Sat Sep 10 22:34:31 1994 From: nobody at kaiwan.com (Anonymous) Date: Sat, 10 Sep 94 22:34:31 PDT Subject: Anon MailSources of Remailers Keys Message-ID: <199409110534.WAA17529@kaiwan.kaiwan.com> Can someone post again the source for the various cypherpunks remailers public keys? I assume they are all in one file somewhere (likely on berkeley.edu) thats ftp'able. From sameer at c2.org Sun Sep 11 00:23:17 1994 From: sameer at c2.org (sameer) Date: Sun, 11 Sep 94 00:23:17 PDT Subject: Crypto Anarchist Manifesto (location) In-Reply-To: <9409101920.AA24297@snowy.owlnet.rice.edu> Message-ID: <199409110720.AAA14131@infinity.c2.org> > > It is available via FTP at ftp.csua.berkeley.edu (I'm pretty sure this > is the new name of soda.berkeley.edu!) in pub/cypherpunks. > The new name of soda.berkeley.edu is soda.csua.berkeley.edu. The ftp site should be referenced as ftp.csua.berkeley.edu because although right now the ftp site is on soda.csua, it will move soon to scotch.csua. -- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer at c2.org From Anonymous Sat Sep 10 17:21:24 1994 From: Anonymous (Anonymous) Date: Sun, 11 Sep 1994 02:21:24 +0200 Subject: No Subject Message-ID: <0216bb45273b1b707ea67d63a32f8eb3@NO-ID-FOUND.mhonarc.org> When I have a moment I will diff the sources. Maybe someone will anon. post 2.6.1. onto alt.security.pgp just to annoy S***light. -- Richard Parratt From dawagner at phoenix.Princeton.EDU Sun Sep 11 02:28:25 1994 From: dawagner at phoenix.Princeton.EDU (David A. Wagner) Date: Sun, 11 Sep 94 02:28:25 PDT Subject: Cracking MD5 for $10M In-Reply-To: <9409091639.AA29959@mycroft.rand.org> Message-ID: <9409091916.AA01012@bow.Princeton.EDU> > > Hal discusses using the Distinguished Points method to find hash > collisions presented by Michael Wiener with Paul van Oorschot at Rump > Crypto '94, and lists two benefits: > > (1) saves space in searching for loops on a single processor; > (2) allows parallel searches for collisions over multiple processors. > > I claim it's useful only for (2), because another algorithm dominates it > for single processor loop detection... at least in storage space. > [...describes nifty algorithm (which seems to be well-known in the folklore?) for finding cycles in linear time and constant space...] Yeah! I was discussing this algorithm 4 or 5 months ago on alt.math.iams; it's quite elegant. If there is a collision after the n-th value, then I believe this algorithm will find it after generating (at most) 2n values. It's been kinda simmering in the back of my head for months, me wondering how to parallelize this algorithm -- and it's really cool to see how Wiener and van Oorschot found a way to find cycles efficiently in parallel! Apparently two professors here (Yao & Sedgewick) wrote a paper on this in SIAM Journal of Computer in 1981 -- I'm gonna go dig through the library to see if I can find this, when I get a chance... > > The distinguished points across machines is a great idea for (2), though, > and doesn't depend on anything looping... cool stuff! > Uh.. I think it *does* depend on looping! A collision in *any* point means that there will soon be a collision in a distinguished point, when you use looping. This probably won't be true with any other generation method. Suppose we use the sequence a_n = MD5(n). Then a collision a_i = a_j will only be detected if a_i is a distinguished point. But because we use the sequence a_n = MD5( a_{n-1} ), a collision a_i = a_j implies that there will soon be a collision a_{i+m} = a_{j+m} with a_{i+m} a distinguished point (after m ~= 2^32 extra iterations, on average, if 1 in 2^32 points are distinguished). > > Do you (Hal?) or anybody else know whether Wiener and van Oorschot were > taking into account the contraction of the range each time you iterate > MD5? I think the size of the set of all numbers that are the result of > MD5ing a 128-bit number is considerably smaller than 2^128... is it 1/e of > that? > Hrmm, why should this change the expected number of iterations required to find a collision? If I'm being dense, hopefully you'll spell it out for me. :-) I've been thinking about writing a program to test the single-processor cycling algorithm with (for example) crypt(3) for a while now -- maybe this'd be a good excuse to write it now, and try the parallel distinguished point stuff, too. Does anybody think it'd be interesting to get some practical experience here? Sound like an interesting doable project? A few things I've been thinking about, which maybe will spark your interest enough to answer all my questions. (one can always hope! :-) First of all, there's some non-zero probability that (when using the parallelized distinguished points algorithm) two processors will have their streams match exactly without yielding a useful collision. Suppose one processor picks the random starting value 3 and generates a sequence starting with 3,1,4,5,2,7,9,... Now further suppose that MD5(6)=3 and that another processor picks the random starting value 6; then the second processor will generate 6,3,1,4,5,2,7,9,... We'll eventually notice this: if 9 is a distinguished point, then we'll see that two processors have seen the value 9, and we'll start backtracing, but we won't get any useful collision in MD5 out of this -- we'll only get the information that MD5(6)=3, which is useless, since both 6 and 3 were random choices. This means that the second processor's computer power was wasted. Can anyone estimate how often this will happen so that we can know it won't slow things down too much? Also, there was the arbitrary choice of making the distinguished points be those with the lower 32 bits all zero -- I wonder what is the effect of requiring (say) all 48 least significant bits to be zero? This will increase the time required to backtrack (unless some fancy schmancy rescursive or parallel algorithm is used?) but it would also decrease the space and inter-chip communication required significantly. Any comments? Another thing -- I'm not sure this method is (directly) useful for generating lots of collisions, if that is what is desired. I believe Dr. Hellman wrote some paper about the cycling properties of random functions (out of interest in DES), and he concluded (if I remember correctly) that when you generate lots of random starting values and look at their cycling properties, most starting values will drain into a very few specific cycles. [I think this was in some volume of CRYPTO: maybe '86 or so? I think the title was something like "Drainage properties of the DES" or somesuch. I'll have to look it up.] Doesn't that reduce the number of different collisions that you can generate by a large factor? If so, are there any simple modifications to the iteration function which would help? How about a_n = MD5( a_{n-1} XOR V ) for some random V picked anew each time we want a new collision? Finally, is there a way to adopt an approach like this to reduce the space requirements needed to break double DES? Let P and P' be two plaintexts, and C=E(k,E(k',P)) and C'=E(k,E(k',P')) be their encipherment under double DES; we want to find the unknown keys k, k'. For any X in {0,1}^128, , define the function function h : {0,1}^128 -> {0,1}^128 by h(X) = E(y,P) concatenated with E(y,P') if z=0, or h(X) = D(y,P) concatenated with D(y,P') if z=1 where y consists of bits 0-55 of X and z is bit 56 of X. If h(X)=h(X') and X != X' and w != w', then with high probability the collision in h gives us the enciphering keys y and y'. Can we use some parallel distinguished points cycling - like algorithm to find the appropriate collision in h? If we generate enough values of h, we will exhaust the entire keyspace, and will necessarily find the enciphering keys. (By the coupon collector's paradox, this should require something like 2^57 * 57 * log 2 iterations or so on average.) The only problem is that there will probably be lots of collisions X,X' with h(X)=h(X') and X != X' and w = w' -- I think. Can anyone think of a way to deal with these useless collisions in h to make finding a useful collision in h easy? If so, this should give a method to break double DES in 2^64 time and very little memory. But maybe this all useless drivel... Anyhow, this message has gotten very long. Thanks for reading. And many many thanks to Hal for typing in the description of Wiener and van Oorschot's idea! ------------------------------------------------------------------------------- David Wagner dawagner at princeton.edu From frissell at panix.com Sun Sep 11 08:04:46 1994 From: frissell at panix.com (Duncan Frissell) Date: Sun, 11 Sep 94 08:04:46 PDT Subject: CONTROL FREAKS Message-ID: <199409111501.AA02333@panix.com> >I think the point isn't that totalitarian states won't last: we know >that. The point is that those trying to establish a totalitarian >state can do a hell of a lot of damage to the rest of us before they >fail. That's not clearly true. The totalitarian states we know of developed years ago in a much less fluid environment. A few years ago, there was a UK TV drama about a contemporary Labour Party Prime Minister. In the course of the show, the new PM announced that he would immediately impose exchange controls to "keep money in Britain." (This was written before the real Labour Party officially eschewed exchange controls in a furtue Labour government.) The joke is that two weeks before the election of a Labour PM, all the loose investment funds would have left the UK anyway. Nothing left to block. I think that a *new* totalitarian state would have a hell of a time borrowing money and all of the existing states are cash poor. They need to borrow. They don't want to be distracted by rioting pensioners. Even the secret police don't work for free. Currency devaluation would hurt as well. After all, there can't be a totalitarian state that doesn't massively change (introduce uncertainly into) the conduct of life and business in its country (and if it is large, in the world). Markets have a way of dealing with uncertainty. Capital flight (seeking safer investments) and high interest rates (to compensate for risk). DCF From jya at pipeline.com Sun Sep 11 09:09:17 1994 From: jya at pipeline.com (John Young) Date: Sun, 11 Sep 94 09:09:17 PDT Subject: RFC Crypto Anarchist Manifesto Message-ID: <199409111608.MAA27707@pipe1.pipeline.com> Kudos, Tim, for adept mix of philosophy and gritty specifics, for brevity and wit. When the mood strikes you, an update would be appreciated. And, please, comments from those who have not seen this before or who may have forgotten. John -------------------- The Crypto Anarchist Manifesto Timothy C. May tcmay at netcom.com A specter is haunting the modern world, the specter of crypto anarchy. Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation. The technology for this revolution--and it surely will be both a social and economic revolution--has existed in theory for the past decade. The methods are based upon public-key encryption, zero-knowledge interactive proof systems, and various software protocols for interaction, authentication, and verification. The focus has until now been on academic conferences in Europe and the U.S., conferences monitored closely by the National Security Agency. But only recently have computer networks and personal computers attained sufficient speed to make the ideas practically realizable. And the next ten years will bring enough additional speed to make the ideas economically feasible and essentially unstoppable. High-speed networks, ISDN, tamper-proof boxes, smart cards, satellites, Ku-band transmitters, multi-MIPS personal computers, and encryption chips now under development will be some of the enabling technologies. The State will of course try to slow or halt the spread of this technology, citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration. Many of these concerns will be valid; crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded. An anonymous computerized market will even make possible abhorrent markets for assassinations and extortion. Various criminal and foreign elements will be active users of CryptoNet. But this will not halt the spread of crypto anarchy. Just as the technology of printing altered and reduced the power of medieval guilds and the social power structure, so too will cryptologic methods fundamentally alter the nature of corporations and of government interference in economic transactions. Combined with emerging information markets, crypto anarchy will create a liquid market for any and all material which can be put into words and pictures. And just as a seemingly minor invention like barbed wire made possible the fencing-off of vast ranches and farms, thus altering forever the concepts of land and property rights in the frontier West, so too will the seemingly minor discovery out of an arcane branch of mathematics come to be the wire clippers which dismantle the barbed wire around intellectual property. Arise, you have nothing to lose but your barbed wire fences! -- ................................................................. Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP Public Key: by arrangement From hal at alfred.econ.lsa.umich.edu Sun Sep 11 11:45:15 1994 From: hal at alfred.econ.lsa.umich.edu (Hal Varian) Date: Sun, 11 Sep 94 11:45:15 PDT Subject: Proposal for an Electronic Commerce Testbed Message-ID: <9409111839.AA01802@alfred.econ.lsa.umich.edu> Bob Smart > I've speculated above on the possibility of people supporting the > testbed by providing some useful services while charging play > money. We shouldn't depend on that. There is a class of applications > which are fun but need (or at least are helped by) money to give the > measure of success or failure. These are games, competitions and > gambling. I believe that done right they can be sufficiently > interesting with play money that people will want to take part: enough > people to test the scalability of the various proposals. > > Some of the games that can be played between individuals on the > Internet really need the ability to have a bet to make play really > meaningful: poker and backgammon are examples. The question is: will > betting with "play" money work or will people play frivolously because > the money does not have real value? You should take a look at the Iowa Electronic Markets. There have been a few thousand participants betting real money on these markets for two or three years. They would be a natural testbed for Internet dollars. To see what it's like look at telnet://iem.biz.uiowa.edu. --- Hal.Varian at umich.edu Hal Varian voice: 313-764-2364 Dept of Economics fax: 313-764-2364 Univ of Michigan Ann Arbor, MI 48109-1220 From kinney at bogart.Colorado.EDU Sun Sep 11 12:59:25 1994 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Sun, 11 Sep 94 12:59:25 PDT Subject: Lame security software In-Reply-To: Message-ID: <9409111958.AA00309@bogart.Colorado.EDU> Jamie Lawrence writes: > I found one of the worst examples > I've ever run across, and I'm in a sharing mood today. For those > Mac users out there, get ahold of Norton Partition, which ships > with Norton Utilities 2.0. I was demoing the only way it should > be counted on for anything, and then not much, by setting up a > non-automounting DES encrypted soft partition. I chose the password > 'cheesetoast', and explained why this was a bad choice, etc. Well, > upon mounting the disk to demo something else, I misstyped 'cheeseto " > (that last character is a space), and whad do you know, it mounted. I > suspect it checks a hash of the first eight characters, tossing the > rest, but don't have time to check and see if that is the case. Oh, it's worse than that. Try it out and you'll find that Norton Partition gets 56 bits from 64 by throwing away the _low_ bit in each of the eight characters of your password. Worse still, Norton Partition includes a block of data at the beginning of the disk partition you create, which encrypts your password with an xor cipher. I haven't had time to work out the complete mapping as of yet, but change one bit in your password, and one bit in the header block changes. This goes beyond a poor implementation and into the territory of a deliberate back door. Damned irresponsible. -- Will From tcmay at netcom.com Sun Sep 11 13:26:13 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 11 Sep 94 13:26:13 PDT Subject: Announcement: "CYPHERNOMICON" FAQ available Message-ID: <199409112025.NAA08719@netcom15.netcom.com> [I haven't received Cypherpunks list mail since Friday. I don't know if the list is down or if Netcom is simply not delivering mail...it's been having severe problems. So I'm sending this blind to the list, and copying Hugh Daniel and Eric Hughes, to make sure it at least gets to _somebody_.] Greetings Cypherpunks, The FAQ I've been working on for many months is now available by anonymous ftp, details below. Because there is no "official" Cypherpunks group, there shouldn't be an "official" Cypherpunks FAQ, as I see it. Thus, others can write their own FAQs as they see fit. Cypherpunks write FAQs? I've decided to give my FAQ a name, to prevent confusion. "THE CYPHERNOMICON" is what I call it. (If the reference is obscure, I can explain.) The main file is 1.3 MB. It takes about 12-15 minutes to transfer with a 14.4 modem, proportionately slower with a slower modem. And of course very fast if you're already on Netcom or on a T1 connection. (I may split the 20 chapters into pieces, later, but this could add unwelcome confusion. And I'm holding off on gzip compressing the file(s) right now, for similar reasons.) Yes, the FAQ is very long. Yes, it is not what others may have wanted (the MFAQ, described below, is the "short" version that newcomers can get, or have mailed to them if they lack anonymous ftp access). It is the FAQ I _wanted_ to write, which is reason enough for the form it's in. The CYPHERNOMICON is especially detailed in the areas that have gotten little coverage in existing books: crypto anarchy, reputations, black merkets, and the uses of digital cash. The crypto and PGP sections are fairly long, but not nearly as long as they could be, given the vast amount of material out there already. (I didn't see the need to cover these areas in great detail.) The "anonymity and remailers" chapter is also very long, and is the most disorganized, in my opinion. The plethora of sites, URLs, various remailers, features, ideas, issues, and miscellaneous cruft is just overwhelming....I hope I've made some order out of it. (The "Release-Notes" and "README" docs have more explanations of the form and rationale, including the meta-FAQ question of why this FAQ is not a Web doc.) Details: anonymous ftp site: ftp.netcom.com cd to pub/tcmay "get" the files in the standard anonymous ftp way (feel free to move it to other sites, but for now it may be best to leave it here; I think the files are all reasonably OK, with no fatal flaws (Harry Bartholomew helped test the access), but wider distribution should perhaps be slowed for several days, to make corrections of serious flaws easier to make) The following 6 files are included: Contents-Long (A detailed table of contents, about 10 KB) CP-FAQ (The complete CYPHERNOMICON, uncompressed for the time being, about 1.3 MB) Contents-Short (A brief table of contents) MFAQ (One of the chapters, the "Most Frequently Asked Questions") Release-Notes (Some comments on the FAQ.) README (Much more detailed comments, also included as the final chapter) Here is the Contents-Short: THE CYPHERNOMICON 1. Introduction 2. MFAQ--Most Frequently Asked Questions 3. Cypherpunks -- History, Organization, Agenda 4. Goals and Ideology -- Privacy, Freedom, New Approaches 5. Cryptology 6. The Need For Strong Crypto 7. PGP -- Pretty Good Privacy 8. Anonymity, Digital Mixes, and Remailers 9. Policy: Clipper,Key Escrow, and Digital Telephony 10. Legal Issues 11. Surveillance, Privacy, And Intelligence Agencies 12. Digital Cash and Net Commerce 13. Activism and Projects 14. Other Advanced Crypto Applications 15. Reputations and Credentials 16. Crypto Anarchy 17. The Future 18. Loose Ends and Miscellaneous Topics 19. Appendices 20. README Comments should be sent to me. Future releases will be coming. Enjoy. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From cactus at bb.com Sun Sep 11 15:40:55 1994 From: cactus at bb.com (L. Todd Masco) Date: Sun, 11 Sep 94 15:40:55 PDT Subject: CONTROL FREAKS In-Reply-To: <199409111501.AA02333@panix.com> Message-ID: <35019f$8p@bb.com> In article <199409111501.AA02333 at panix.com>, Duncan Frissell wrote: > >>I think the point isn't that totalitarian states won't last: we know >>that. The point is that those trying to establish a totalitarian >>state can do a hell of a lot of damage to the rest of us before they >>fail. > >That's not clearly true. The totalitarian states we know of developed years >ago in a much less fluid environment. In the rise of a sudden totalitarian state, you're probably right: frankly, I don't think that's got a high probability. Even were a radical group to win elections, it takes time to change the way a country works: a real example is that Clinton was elected two years ago, and he's only now gotten around to gutting the second amendment. I think the biggest danger we face is graduaully increasing totalitarianism across the board, through mechanisms such as GATT and European Union -- there seems to be a world-wide push to smooth differences among nations out into a single (yes, here it comes) "New World Order." It's not the sudden that'll cause the damage: it's the gradual. "Picture world boiling frogs." -- L. Todd Masco | "Hide, witch, hide! The good folk come to burn thee, their cactus at bb.com | keen enjoyment hid behind a gothic mask of duty." -JS/BATE From tcmay at netcom.com Sun Sep 11 16:46:14 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 11 Sep 94 16:46:14 PDT Subject: Crypto Anarchist Manifesto In-Reply-To: <199409101931.AA06053@mail.crl.com> Message-ID: <199409112345.QAA10420@netcom11.netcom.com> > >And is it possible to obtain a copy of your 1988 "Crypto Anarchist Manifesto."? > >Sounds like fun. FTP Site? > > I found it on soda.csua.berkeley.edu last night. I don't think it was there > before. Look for it in /pub/cypherpunks/rants/. My "rant" has been there since the beginning of the ftp site at soda, nearly 2 years ago. I suspect it was why the directory was named "rants." (I'm just starting to get mail again...AVOID NETCOM IF YOU CAN!) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sandfort at crl.com Sun Sep 11 16:55:32 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 11 Sep 94 16:55:32 PDT Subject: PRIVACY REGULATIONS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, When I wrote: >>If you are stopped by the police, you are required to >>identify yourself if asked. Chris Hibbert responded: This is not true. If you're driving a car you are required to have a license. If you're just walking around, you're not required to have a name, or to tell it. Nope, *this* is wrong. In most jurisdictions, you do not have to provide *physical ID* if you are not in a car, but you do have to identify yourself AND give some account as to what you are up to. A cop has to have a probable cause to arrest you, and not giving your name doesn't provide it. /Au contraire/, you are "interfering with an investigation" or "obstructing justice" or whatever it's called in the particular jurisdiction. If you're surly, a cop can take you in, ... Nonsense. Where do you non-lawyers get this stuff? Surly, rude, impolite, etc. are all protected speech. (Threatening *ACTS* or physical resistance, however, is another thing.) ... Just say "Officer, someone is waiting for me. May I go now?" Just say "no"? I *guarantee* this won't work. If you are asking permission ("May I go?"), aren't you ceding to the officer the legal right to say "no"? If you believe you don't have to interact with the nice man, why not just turn your back and walk away without a word? (I wouldn't advise it.) This has been tested in court. There was a black lawyer several years ago who liked to walk a lot. He lived in one of the fashionable neighborhoods in LA, and occasionally got picked up because he "looked like he didn't belong there". He sued them and won in court every time, and got the police to leave him alone. [No, I don't have references.] A little knowledge is a dangerous thing. The gentleman in question was not a lawyer. He was a black man who was dressed and coiffured in dreadlocks and Rasta man clothes. He did not live in Beverly Hills nor Belaire, but he did like to take long walks in those neighborhoods in the middle of the night. He was arrested for not identifying himself with an "official" ID. When he sued, the court issued a temporary injunction against the police for requiring *documentary* identification. The right of the police to require a person to identify himself was never in question. I'm not sure what the disposition of this particular case was, but that's irrelevant, as it only went to the issue of documentary ID. (If memory serves, there was an interesting result of this case. The California legislature attempted to pass, or passed, a law that required to showing of official identification if demanded by a police officer. I don't know how this law ended up, unfortunately.) S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From lile at art.net Sun Sep 11 17:00:04 1994 From: lile at art.net (Lile Elam) Date: Sun, 11 Sep 94 17:00:04 PDT Subject: PRIVACY REGULATIONS Message-ID: <199409112358.QAA08118@art.net> I just always remember that the cop has the gun, I don't. -lile From adam at bwh.harvard.edu Sun Sep 11 17:08:26 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Sun, 11 Sep 94 17:08:26 PDT Subject: CONTROL FREAKS In-Reply-To: <35019f$8p@bb.com> Message-ID: <199409112341.TAA06256@bwh.harvard.edu> Todd Masco: | I think the biggest danger we face is graduaully increasing totalitarianism | across the board, through mechanisms such as GATT and European Union -- | there seems to be a world-wide push to smooth differences among nations | out into a single (yes, here it comes) "New World Order." While the harmonization of laws can threaten freedoms, it can also substantially reduce the cost of doing buisness in multiple jurisdications, while only slightly reducing the amount of jurisdictional hacking that can be dome to protect yourself from governments. The substantial reductions in cost that harmonization bring will create stronger multinational companies, while weakening the control of governments. As multinationals grow in strength, governments become more willing to bow before them; witness the bidding war that both Toyota and BMW got state governments into when building plants lately. The New World Order being created is one of multinationals that control huge amounts of money, capital and talent. Companies such as Honda, Mitsubishi, IBM, GE, Boeing and AT&T control a goodly portion of the world. And they are not able to react to market conditions as fast as smaller companies that are eating their lunch. The order created, much to the dismay of Governments and the CEOs of these companies, will be one where small companies manage to do much that big companies do today, and do it cheaper and better. Exceptions come in a few areas where economies of scale really exist; aircraft and computer chips spring to mind. The real new world order will not be controlled by any 'super power,' (althoguh we will have to contend with the remains of the great powers for a long time), but by the international nature of buisness, which doesn't like the added cost of working in a totalitarian state. Adam From paul at hawksbill.sprintmrn.com Sun Sep 11 17:09:40 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 11 Sep 94 17:09:40 PDT Subject: Curious content Message-ID: <9409120112.AA11016@hawksbill.sprintmrn.com> Tim, I'm not so sure I'm very fond of the quote that you used in the CP-FAQ: - As Paul Ferguson, Cypherpunk and manager at US Sprint, puts it: "We're located in Herndon, Virginia, right across the street from Dulles Airport and a hop, skip & jump down the street from the new NRO office. ,-)" [P.F., 1994-08-18] As I did say this, and it _is_ true, it somehow lends conjecture to the scenario that Sprint is somehow involved with US Gov't wiretapping schemes. I'd appreciate it if you could either strike the quote or clarify it to reflect the true meaning of my remarks. Concerned, _______________________________________________________________________________ Paul Ferguson US Sprint Managed Network Engineering tel: 703.904.2437 Herndon, Virginia USA internet: paul at hawk.sprintmrn.com From pkm at maths.uq.oz.au Sun Sep 11 17:21:07 1994 From: pkm at maths.uq.oz.au (pkm at maths.uq.oz.au) Date: Sun, 11 Sep 94 17:21:07 PDT Subject: Proposed changes to the Queensland criminal code. Message-ID: <9409120020.AA22505@hypothesis.maths.uq.oz.au> It seems the fight against evil never ends... This is a clipping from the Sunday Mail, the local sunday newspaper (althogh tabloid would be a better word for it). As you can observe, it is one of those papers that have a paragraph:sentence ratio of 1:1. I hope it is of interest to you all. All spelling mistakes are mine. All grammatical awkwardness are his. :-) .... ONLINE MOVES 'OUT OF LINE'. [Date: 11/09/94 - PKM.] (COMPUTERS with Peter Young) [Title of a regular column - PKM.] Proposed changes to the Queensland Criminal Code to crack down on computer networks carrying information used for criminal acts are sparking an outcry. The proposals have been denounced as unworkable by a number of online information providers who claim their businesses will become untenable if the changes are brought in. As part of a sweeping overhaul of the State's criminal code, Attourney-General Wells plans to create two new offences falling into the category of unlawful use of a computer. They would make persons liable for up to 10 years for providing information via computer networks which contributes to a crime. One charge would relate to aiding the commission of a crime and the other would deal with being an accessory before the fact. Instructions on how to make bombs [like gunpowder? -PKM] or set up a child pornography ring are the type of material the proposed legislation wants to target. The laws would apply equally to material downloaded from a local electronic bulleting board system or that acquired by using a commercial gateway to the international Internet system. The legislation is intended to facilitate prosecution of people who knowingly make such information available on their systems, a spokesman for the Attorney-General said. But Australian Internet service providers have condemned the proposals as impractical and unable to be policed and have called for "common carrier" protection similar to that enjoyed by Telecom. Ian Peter, founder of Queensland-headquartered Internet provider Pegasus Networks, branded the proposed laws "unworkable", saying that they were out of touch with overseas thinking on the problem of balancing free speech against the need to control access to unsuitable information. Rhys Weatherley, president to the non-profit Internet access group BrisNet [Brisbane Net, for the geopolitically deprived - PKM], said the proposed laws would give police "licence to arrest" power over any computer network operator merely because offending material was available on their networks. He said the legislation would make scapegoats out of honest network operators while failing to catch real offenders. BrisNet would be forced to shut down rather than run the risk of prosecution if the laws were adopted in their reputed form. Hugh Irvine, a Melbourne businessman, whose company Connect.com.au is a leading commercial gateway to the Internet, said he was happy to co-operate with authorities to prevent hackers or child molesters from using his service to pursue their practices. However, he said that the planned Queensland legislation was equivalent to charging Australia Post executives because criminals used the mail to help plan a bank robbery. "It is heading down the path of the wrong sort of State-run surveillance and Connect.com.au would be unable to continue functioning as a business if laws in the proposed form become a reality, he said. Also wading into the fray is Electronic Frontiers Australia (EFA), a public interest group set up to monitor threats to civil liberties in cyberspace. EFA skokesman Garth Kidd labelled the Queensland proposals "a worrying development that would stifle the implementation of online services in Australia". .... Comments: The article (and also the proposed legislation) were brought to my attention by my father late last night. As a com- puter professional with ~30 years experience, he was as disgusted as I am with the proposals. He also understood quite clearly how it was unworkable in practice. Some time this week, he will be having a little chat on the subject with Wendy Edmonds, the local MLA (Member of the [State] Legislature Assembly). It seems representative cluelessness is the same the world over. :-< Peter Murphy. From tcmay at netcom.com Sun Sep 11 17:27:28 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 11 Sep 94 17:27:28 PDT Subject: Curious content In-Reply-To: <9409120112.AA11016@hawksbill.sprintmrn.com> Message-ID: <199409120026.RAA13682@netcom11.netcom.com> Paul Ferguson writes: ... > I'm not so sure I'm very fond of the quote that you used in the > CP-FAQ: .... > As I did say this, and it _is_ true, it somehow lends conjecture to the > scenario that Sprint is somehow involved with US Gov't wiretapping > schemes. > > I'd appreciate it if you could either strike the quote or clarify it > to reflect the true meaning of my remarks. > > Concerned, I will remove it, in an upcoming release (may not be for several weeks, as I noted in the docs), but it illustrates some interesting points: 1. That people's words on open lists are of course archived in many places. 2. Unless Paul's a speed reader, he probably grepped for his own name to find what quotes were used, what credit was given, what mention was made. I suspect a _lot_ of people will do that first thing. Some will be pissed to _not_ find their name enough times (or at all, perhaps). Others will want their words changed, their thoughts expanded upon. 3. In general, I don't want to encourage the dozens of you who are quoted to send me messages asking for this. Your words are your words, and others have been linking them in Web pages, quoting them, etc. 4. If someone thinks I _seriously_ am misrepresnting them (and I don't think Paul can claim my comment did...after all, I was discussing the heavy concentraiton of spooks and telcos in the Northern Virginia nexus, and Paul was making the same point when he added the bit about the NRO headquarters in Chantilly), then send me a private not and I will consider taking some action. (But don't take this as an invitation to grep for your name and then ask for changes.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jdwilson at gold.chem.hawaii.edu Sun Sep 11 17:33:44 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Sun, 11 Sep 94 17:33:44 PDT Subject: AIDs testing and privacy In-Reply-To: Message-ID: > Actually, this points to a potential problem for anarchic societies. > Suppose that HIV would spread by airborne droplets, like the flu. > Then measures of isolation, like those stated here, would seem very > adequate. But could such measures be taken without strong government? See the xtians "Old Testament" re Hansons's (Leprocy) - their government was little better than anarchy yet dealt with this - perhaps not as well as Castro has dealt with AIDS (by segragating them to date.) -NetSurfer #include standard.disclaimer >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> == = = |James D. Wilson |V.PGP 2.7: 512/E12FCD 1994/03/17 > " " o " |P. O. Box 15432 | finger for full PGP key > " " / \ " |Honolulu, HI 96830 |====================================> \" "/ G \" |Serendipitous Solutions| Also NetSurfer at sersol.com > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> From tcmay at netcom.com Sun Sep 11 17:50:10 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 11 Sep 94 17:50:10 PDT Subject: Running PGP on Netcom (and Similar) Message-ID: <199409120049.RAA15757@netcom11.netcom.com> A "Cypherpunk RISK" (apologies to the "RISKS" list) to running PGP on Netcom, Portal, America Online, etc. systems (and on university, corporate, etc. systems), is the obtaiing of *all* records, directories, etc. by court order. This has happened more than once, and will likely happen more and more in the future, as law enforcement realizes what a treasure trove this can be. (The person being monitored may not be told about it, of course.) The latest such case involved Lewis De Payne, a user, and Netcom, his (and my) Internet provider. Details are being discussed in Usenet groups, and were brought up also at yesterday's Cypherpunks meeting. Not that had Mr. De Payne been using PGP on Netcom, with his secret key stored there, the cops would have it. (The passphrase maybe not, depending on whether he stored _that_ there, too. And whether Netcom had logs of keystrokes entered, which strikes me as something they would probably have--we really need a "zero knowledge" kind of "reach-back" for remotely-run PGP.) I just don't think the dangers are worth it. All the theoretical hot air about whether kestroke timings are "random enough" is moot if Netcom is turning over records to investigators. It creates a dangerous illusion of security. (For those with no home machines, and perhaps those who mainly use campus services, workstations, etc., I'm not faulting you; people use what they have to use. Longer term, though, PGP needs to run on secure hardware. Secure meaning not easily grabbed by the authorities without even one's knowledge!!) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From paul at hawksbill.sprintmrn.com Sun Sep 11 17:55:20 1994 From: paul at hawksbill.sprintmrn.com (Paul Ferguson) Date: Sun, 11 Sep 94 17:55:20 PDT Subject: Curious content In-Reply-To: <199409120026.RAA13682@netcom11.netcom.com> Message-ID: <9409120158.AA11207@hawksbill.sprintmrn.com> An additional note: I appreciate Tim's effort to compile a document we can all call our own. In my opinion, its been a long time in coming. Tim and I share many idealisms, including those of cryptoanarchy, zero-tolerance and non-governmental manipulation. Any and all remarks I make to the list are public, and believe it or not, I understand that when I make them. One would be a fool not to understand the implications. Just thought I'd toss in these few pennies... Cheers, - paul From alano at teleport.com Sun Sep 11 18:54:31 1994 From: alano at teleport.com (Alan Olsen) Date: Sun, 11 Sep 94 18:54:31 PDT Subject: Just In Case You Missed It Message-ID: <199409120154.SAA02958@teleport.com> >Date: Sun, 11 Sep 1994 18:33:16 -0700 >From: Bruce Baugh >To: alano at teleport.com >Subject: Just In Case You Missed It > > >>Path: news.teleport.com!news.world.net!news.sprintlink.net!redstone.interpath.net! ddsw1!panix!zip.eecs.umich.edu!newsxfer.itd.umich.edu!europa.eng.gtefsd.com! swiss.ans.net!malgudi.oar.net!news.ysu.edu!doug >>From: acbul1 at penfold.cc.monash.edu.au (Andrew Bulhak) >>Newsgroups: alt.humor.best-of-usenet >>Subject: [alt.discordia] "official" Discordian secret code >>Followup-To: alt.humor.best-of-usenet.d >>Date: 12 Sep 1994 01:09:02 GMT >>Organization: best of usenet humor >>Lines: 89 >>Approved: best at cc.ysu.edu >>Message-ID: <3509ne$4rm at news.ysu.edu> >>NNTP-Posting-Host: unix1.cc.ysu.edu >>X-Disclaimer: the "Approved" header verifies header information for article transmission and does not imply approval of content. See .sig below. >>Originator: doug at unix1.cc.ysu.edu > >From: snorri at nwu.edu (Snorri Abrahamsen) >Newsgroups: alt.discordia >Subject: "official" Discordian secret code > > > In these days of NSA and Clipper and Key/Escrow and PGP and Wilkesman >Kid Ranger Decoder Rings, it seems one of the things most on everyone's >collective hive-like minds must be security. Security and privacy, make >that. > Now Discordians have always had a versatile and powerful secret code, >one that has defied the efforts of the world's greatest spy-masters and >crypto-fiends to crack for countless centuries (or at least since 1962 or >so). It goes like this: > > A B C D E F G H I J K L M N O P Q R S T U V W X Y Z > 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 > > It's a damn fine code, and whoever invented it should get a big gold >star, lots of LDD medals, and a beefy slap on the ass for good effort and >sheer genius. But I'm afraid that now I have some *SHOCKING NEWS*! > > I have reason to believe that the Discordian secret code has been >_compromised_. You know, "Loose lips sink ships" and all that, right? >(Or is it, "Loose lips sink Golden Apple Corps"? I'm never sure...). >Well, it was worse than loose lips. It is my suspiscion that some >traitorous Discordian actually gave the code to the NSA. > > What to do now for all your Discordian encryption needs? I mean, it >would now be insanely dangerous (or at least not very private) to use the >old encryption scheme. > > I therefore propose creating a new Discordian secret code, perhaps based >on a cypher model (where each character is represented by some word), >although other models might work really well, too. Anyway, here's a start >to a Discordian cypher... > > A Andersianism > B Quasimodo > C yorba linda > D colostomy > E chao > F mojo > >etc... > > This is a fun scheme because the utter apparent randomness of it. Or at >least it seems random... Anyway, it's probably not the best possible >scheme for a Discordian Secret Code. Here's are some alternate schemes I >had for encoding messages: > > * Implosion Method. Write message on lightbulb. Implode lightbulb. >Recipient then reverses time continuum and grabs pre-imploded lightbulb >from alternate timeline, reads message, and tosses back for implosion >before anybody notices. > Advantages: NSA Clipper plans (oddly enough) do not extend as far as >including key/escrow chips in all time travel devices. > Disadvantages: Useless against the Great Race of Yith. > > * St. Gulik Method. Write the message in radioactive ink on box paste >and feed to specially trained homing cockroaches. Release the homing >cockroaches to skitter home. Reassemble message from roach entrails. > Advantages: Enemy cryptographers don't like touching roaches. > Disadvantages: Kills the roaches; difficult to train them to go home. > > * O'Leary's Cow Method. Write message on paper and burn to ashes. >Send ashes to recipient. > Advantages: No way for enemy to decode message. > Disadvantages: No way for recipient to decode message. > > * Formless Spawn Method. Write message on outer surface of trained >Shoggoth in really strong permanent ink. As Shoggoth moves, message will >be scrambled on its surface. With the proper command word, recipient can >command shoggoth to assume original form(lessness), descrambling the >message. > Advantages: Message devours any enemy crytographer who tries to decode it. > Disadvantages: No good if recipient fails sanity check. > > > Any other suggestions for good encryption schemes would be welcome... >I'm beginning to feel insecure already, as well as a little on the insane >side (you try training a shoggoth to act as your message-pod...) > > >-- >Postings to alt.humor.best-of-usenet reflect what the submittor considers to be >the best in usenet humor, and the poster is responsible for the content. The >moderator removes duplicates, copyrighted material, posts without headers, but >does not drop articles based on content. See the group charter for more info. >Sigs may be truncated. Moderator address: best at cc.ysu.edu >-- >/-------------------------------------------------------------------------\ >|bruceab at teleport.com Bruce Baugh, thoroughly unaffiliated with Teleport| >| "An' besides you IS a rabbit." "Not a 'nothing-BUT-a-rabbit', tho'." | >\-------------------------------------------------------------------------/ > > |"I would call him a Beastialic Sadomasochistic | alano at teleport.com | |Necrophile but that would be beating a dead | Disclaimer: | |horse." -- Teriyaki (What's up Tiger Lily?) | Ignore the man | | -- PGP 2.61 key available on request -- | behind the keyboard.| From tcmay at netcom.com Sun Sep 11 18:58:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 11 Sep 94 18:58:21 PDT Subject: Stone Soup FAQs, and Mechanics of Information Gathering In-Reply-To: <9409120158.AA11207@hawksbill.sprintmrn.com> Message-ID: <199409120157.SAA15071@netcom3.netcom.com> Paul Ferguson wrote: > An additional note: > > I appreciate Tim's effort to compile a document we can all call our > own. In my opinion, its been a long time in coming. Thanks...I also think my doc has been slow in coming. Like I said, it's taken too long to write. Out of curiousity, I did a search of the doc for Paul's name and was surprised to see that I'd only used one of his quotes. Oh well. People should bear in mind the random nature of how I pulled quotes. Since there may be some interest in this, I'll comment: - Though the FAQ covers material going back for _years_, especially the past 2 years, more recent material is more heavily weighted. That is, recent stuff is likelier to be used. - In particular, once the overall structure took shape (the major chapter headings, the themes), I often would see something that looked "interesting" and would directly attach it, with some massaging of the text, selective elisions, etc., to the appropriate branch of my outline structure. - This means that postings in the last several months are over-represented as compared to earlier stuff from the "archives." (Side Note: I spent perhaps too long, several months back, laboriously using Eudora to sort into folders the many thousands of posts I had on nearly as many topics. The result was awe-inspiring: an optical cartridge containing folders on every conceivable variant of digital money, for example, and containing many hundreds of folders on other topics. The *usefulness* of all this effort--which was by no means a "set it up and walk away" filtering job, as I had to decide on the search criteria, created the filters, etc.--has been less awe-inspiring, as I don't have time to _re-read_ the sorted posts to find good stuff! Still, on each and every topic in the FAQ, I can call up multiple posts by people, and I could probably double the size of the FAQ just by including tidbits from these posts. The Cypherpunks have written a truly astounding amoun to good stuff.) I also don't want to leave the impression that I am not looking for additional comments and elaborations. I am. But there's great danger in people using the points made in the FAQ to just expand or elaborate on. I know how addictive it is to comment on what people have written.... So, send your comments. I'm skeptical of "stone soup FAQs" ("Here's a short outline...send me stuff"), which is why I've written what I've written. But comments and corrections are always welcome, as I make clear in the accompanying docs. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From sw at tiac.net Sun Sep 11 20:40:14 1994 From: sw at tiac.net (Steve Witham) Date: Sun, 11 Sep 94 20:40:14 PDT Subject: Cracking MD5 for $10M Message-ID: <199409120339.XAA22462@zork.tiac.net> >...another algorithm dominates it >for single processor loop detection... at least in storage space. It >works as follows: get a sequence of values v(i+1) = MD5(v(i)); >simultaneously get another sequence w(i+1) = MD5(MD5(w(i))), and start them >at the same place, v(0) = w(0). That is, you're running one of them twice >as fast as the other. I like to call this the "two race cars" algorithm--you start a fast car ahead of a slow car on a single-lane track, and if the fast one runs into the slow one it's a looped track. Funny, just two weeks ago a coworker put a 32-bit CRC function into the programming language I use, and I was playing with finding collisions. (I bet a dollar there would be a non-trivial collision between CRCs of the 76,000 files on our biggest disk and lost.) Has anyone mentioned using this sort of method to generate same-hash texts with, say, opposite meanings? David Wagner says-- >Another thing -- I'm not sure this method is (directly) useful for >generating lots of collisions, if that is what is desired. I believe >Dr. Hellman wrote some paper about the cycling properties of random >functions (out of interest in DES), and he concluded (if I remember >correctly) that when you generate lots of random starting values and >look at their cycling properties, most starting values will drain into >a very few specific cycles. Seems to me that even if lots of random starting points drain into the same cycle, you've still got lots of collisions. Either points where the sequences join the cycle, or points where different tributaries join each other before joining the cycle. --Steve - - - - - - - - - - They say the User exists *outside* of the net. No one knows for sure, but I intend to find out! --ReBoot (Saturday morning 3D animated cartoon) From CCGARY at MIZZOU1.missouri.edu Sun Sep 11 21:35:00 1994 From: CCGARY at MIZZOU1.missouri.edu (Gary Jeffers) Date: Sun, 11 Sep 94 21:35:00 PDT Subject: CEB September 11, 1994 issue 2 Message-ID: <9409120434.AA27988@toad.com> CYPHER-REBELS ELECTRONIC BOOK (CEB) SEPTEMBER 11, 1994 ISSUE 2 Publisher Gary Lee Jeffers ccgary at mizzou1.missouri.edu A compendium of the best software & info for today's electronic privacy freedom fighters. This text may be distributed in part or in full anywhere you want. It may be given away freely or copies may be sold. CEB wants to be free & valuable. If, as Chairman Mao says: "Political power grows out of the barrel of a gun.", then what is democracy? TABLE OF CONTENTS Chapter 1. PGP Section 1. PGP general Section 2. Michael Johnson's PGP FAQ contribution Section 3. Stealth PGP. Chapter 2. Steganography. "A picture is worth a thousand words." Chapter 3. Shells for PGP Section 1. Christopher W. Geib's WinPGP26.ZIP Section 2. Ross Barclay's WinFront 3.0 Chapter 4. Generally cool things. Section 1. Loompanics sources. Section 2. Viruses sources. Chapter 5. Getting the Cypherpunks' archived & indexed list. Chapter 6. Remailers & chained remailers. Chapter 7. Current problems in Crypt. Chapter 8. Text sources. Section 1. Books Section 2. Rants Section 3. CYPHERNOMICON - Tim May's "official" Cypherpunks' FAQ. Chapter 9. Cypherpunks' mailing list. getting on etc.. CCCCCCCCCC YYYY YYYY PPPPPP HH HH EEEEEEE RRRRRRRRR CCCCCCCCCC YY YY PP PP HH HH EEEEEEE RRRRRRRRR CCC YY YY PP PP HH HH EE RR RR CCC YY YY PPPPPP HHHHHHHH EE RR RR CCC YYY PP HHHHHHHH EEEEEEE RR RR CCC YYY PP HH HH EEEEEEE RRRRRRRR CCC YYY PP HH HH EE RRRRRRR CCC YYY PP HH HH EE RRRRRR CCCCCCCCCC YYY PP HH HH EE RR RR CCCCCCCCCCC YYY PP HH HH EEEEEEE RR RR PP HH HH EEEEEEE RR RR RRRRRRRRRRR RR RR RRRRRRRRRRRRRR EEEEEEEEE RRRRRRRRRRR EEEEEEEEEEE BBBBBBBB EEEEEEEEEE SSSSSSS RRRRRRRR EEEEEEEEE BBBBBBBBBBB EE EEEEEEE SSSSSSSSS RR RRRR EEEEEEEEEE BBBBBBBBBB EEEEEEE SSSSSSSSS RRR RRRR EEEEEEEE BBBBBBBB EEEEEEE SSSSSSSS RRR RRRRR EEEEEE BBBBBB EEEEEEEE SSSSSSSSS RRRRRRRRRRRRRR EEEEEEE BBB EEEEEEEEEEE SSSSSSSSSS RRRRRRRRRRRRRR EEEEEEEEEE BB EEEEEEEEEEE SSSSSSS RRRRRRR RRRR EEEEEEEEEE BBB EEEEEEEEEEEEEE SSSSSSSSSSSSS RRR RRRRR EEEEEEEEEEEE BBBBB EEEEEEEEEEEEEEE SSSSSSSSSSSS RRRRR RR EEEEEEEE BBBBBBB EEEEEEEEE SSSSSSSSSS RR RRRRR EEEEEE BBBBBBBBB EEEEEEE SSSSSSSSSS RR RRRRR EEEEEE BBBBBBBBB EEEEEEE SSSSSSSSSS RRR RRRRRR EEEEEEEEEEE BBBBBBBB EEEEEEEEEEEE SSSSSSSSSSS RRRR RRRRRRR EEEEEEEEEEEEE BBBBBBB EEEEEEEEEEEEE SSSSSSSSSSSS PPPPPPPPPPP GGGGGGGGG PPPPPPPPPPP PPPPPPPPPPP GGGGGGGGG PPPPPPPPPPP PPP PP GGG PPP PP PPPPPPPPPPPP GGG GGGGGGG PPPPPPPPPPP PPPPPPPPPP GGG GGGGGGG PPPPPPPP PPP GGG GG PPP PPP GGGGGGGGGGGGG PPP PPP GGGGGGGGGGGG PPP Chapter 1. PGP general. PGP is Pretty Good Privacy from Phil Zimmermann. It is currently the best available encryption available to civilians at large. Zimmermann is the programmer on the original PGP versions but now, apparently, just guides other programmers in making improved versions. PGP uses two encryption algorithms: RSA for its Public Key powers & IDEA for its bulk encryption. The advantages of PGP over other crypt/decrypt systems are: 1. RSA algorithm. Allows users to communicate without needing a secure channel to exchange keys. - PUBLIC KEY ENCRYPTION. 2. The program system has been very well done & has huge development support. 3. It has huge popularity. 4. Security is guaranteed with distribution of source code & public investigation. 5. Its free. 6. Both RSA & IDEA are "STRONG" algorithms. MIT,s PGP 2.6 has the blessing of Zimmermann. PGP 2.6 ui is believed to have Zimmermann's approval because he has not attacked it. It is believed that Zimmermann will not endorse the ui version due to possible legal problems. Section 2: Michael Johnson's PGP FAQ contribution Michael Paul Johnson has an excellent faq on Subject: Where to Get the Latest PGP (Pretty Good Privacy) FAQ (Last modified: 7 September 1994 by Mike Johnson) You can get this faq by anonymous ftp to: ftp.csn.net /mpg/getpgp.asc It is also posted monthly on alt.security.pgp The latest versions of PGP are VIACRYPT PGP 2.7 , MIT PGP 2.6.1 & PGP 2.6ui. Which is best? I would say MIT PGP 2.6.1. It has source code which VIACRYPT doesn't give you & it is more advanced than the ui version. In comparing the MIT & ui versions, Michael Johnson had this to say: "The "unofficial international" versions are really just PGP 2.3a, modified just enough to make it compatible ust with MIT PGP 2.6, but do not include all of the fixes in MIT PGP 2.6 the and MIT PGP 2.6.1. They are named pgp26ui* or have "ui" somewhere a in their file names." In his faq, he gives some instances in which sions the ui version might be preferable. Section 3: Michael Johnson's PGP bomb contribution. From: Michael Johnson Subject: PGP Time Bomb FAQ PGP TIME BOMB FAQ Michael Johnson writes: "There has been some confusion about the annoying "Time Bomb" in MIT PGP2.6, as well as some other PGP version compatibility issues. This is an attempt to clear up some of that confusion." You can get this faq by anonymous ftp to: ftp.csn.net /mpj/pgpbomb.asc Section 3. Stealth PGP 37 Stealth PGP refers to a PGP file that does not have the RSA prefix tag on the beginning of a PGP encrypted file or to PGP utility software that disguises this tag. Possibly, a later version of PGP with have this as an option. The advantages of "Stealthy" PGP are that its files cannot be found by Internet search programs that hunt for the PGP/RSA tag & that a "Stealthy" file may be more securely hidden by a good steganography program. From: Mark Grant Subject: Stealth PGP Responding to my question "Has Stealth PGP been done yet?" Mark Grant says: Kind of, there's a 'stealth' filter available that strips and attaches headers to PGP messages after encryption. It's available from various places, and the documentation is available on my 'other people's PGP addons' WWW page : http://www.c2.org/~mark/pgp/other.html There's also information about Privtool, my PGP-aware mail program for Sun workstations at : http://www.c2.org/~mark/privtool/privtool.html Mark EMAIL: mark at unicorn.com URL : http://www.c2.org/~mark/ Chapter 2. Steganography "A picture is worth a thousand words." ============================================= %% = !I = %% %%% = !!! BB = %%%* *%%%% = **!!** & = *** @** = u \ x! ) < = * *** + m ) c $ = ** = # k } � = � = $%- & u = = ------- = @!p +e$ ~ # = � = h �6& ; | = � = =,# {{ = � = = � � = = � � = = � � ============================================= � � STILL LIFE WITH CRYPT +++++++++++++++++++++++++++++++++++++++++++++ Steganography is the craft of hiding messages in pictures. The text is, of course, encrypted text rather than plain text. The current best steganography program has been done by Arsen Arachelian Below, follows his text contribution: From: rarachel at prism.poly.edu (Arsen Ray Arachelian) WNSTORM is available from: ftp.wimsey.bc.ca:/pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/Steg Usual routine to get it. i.e. cd /pub/crypto/software, get the README file, and if you agree to the terms then follow the instructions. Short description off the top of my head (I wrote the beastie) Another info scrap should be in the same directory as WNSTORM. WNSTORM is a data encryption/steganography utility which is pretty secure for most uses. Unlike some stego systems WNSTORM is expandible, all you have to do is write your own LSB injector/extractor for whatever data format you wish to hide information into. WNSTORM doesn't require the recipient of the host picture, sound, movie, etc. to have the original un-stormed picture. Unlike primitive stego programs, WNSTORM doesn't compare an stormed picture with an unstormed picture. WNSTORM will cover its tracks statistically. If it changes a 0 bit in the LSB data stream to a zero, or a 1 bit to a 1, it does nothing. If it changes a 1 bit to a zero, it will balance itself by changing an unused adjacent 0 bit to a 1. Ditto for a 0->1 transform. WNSTORM will NOT change every bit of the LSB in order to prevent detection. It will use a passkey along with a probabilistic algorithm to decide which bits it will change. The algorithm for picking bits depends on the previous succesfully encoded/decoded cyphertext AND the passkey. Internally WNSTORM works by picking "windows" or "packets" of bytes out of either a random number stream or an LSB stream extracted from a picture, sound, movie, etc. It then injects eight bits of cyphertext into this window. Each window is of variable size. The bit locations where the bits are inserted are randomly exchanged for each pass. The bit values are also randomly exchanged for each pass. WNSTORM includes an injector/extractor for PCX images, however I will write more injecotr/extractor programs for it in the future, and OTHERS can do so as well. Chapter 3. Shells for PGP. Section 1. Christopher W. Geib's WinPGP26.ZIP From: "David K. Merriman" Subject: Christopher W. Geib's Windows PGP shell I've just finished making an ftp deposit to soda in the cypherpunks/ incoming directory of WinPGP26.ZIP; it's the latest version of the Windows PGP shell Shareware, and understands 2.6/2.6ui/2.7. Dave Merriman Section 2. Ross Barclay's WinFront 3.0 From: Ross Barclay Subject: PGP WinFront 3.0 Now Available! (New Windows front end for PGP) To: cypherpunks at toad.com, ~rbarclay at TrentU.ca -----BEGIN PGP SIGNED MESSAGE----- Announcing PGP WinFront 3.0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ A freeware Windows front end for PGP 2.3a and 2.6 Copyright 1994 Ross Barclay (rbarclay at trentu.ca) WHAT IT IS: - PGP WinFront is the most fully featured free (or otherwise) Windows front end available. It will make using PGP easy for beginners, and it will drastically increase the speed at which experts use it too. PGP WinFront is now into is third revision and I have tried to implement as many of the suggestions that I received as possible. PGP WinFront was designed by its users, but was coded by me. Features: - Supports secret key ring placement on floppy drive - Support en/decryption to/from clipboard - Move / Copy / Delete files - Online hypertext help - Online hypertext PGP help - Keyring reader to pick names, view key characteristics - Keyring reader supports less-often used "huge" keyrings - Signature Checker - Very configurable - over 25 user-definable settings - more . . . This program does too much to list here. And it's free! This version is a complete rewrite of the popular PGP WinFront 2.0. The feature-set has largely been set by users who sent in suggestions. Please read the file README.TXT and peruse the help files. Please send me your comments. HOW TO GET IT: At the moment, there are 2 ways to get this program: 1) Via FTP - The PGP WinFront 3.0 filename is called PWF30.ZIP. - It has been uploaded to the incoming directories of the following FTP sites: ftp.cica.indiana.edu ftp.eff.org ftp.wimsey.bc.ca black.ox.ac.uk soda.berkeley.edu ftp.informatik.uni-hamburg.de ftp.ee.und.ac.za ftp.demon.co.uk - Hopefully, they will be slotted into the PGP directories soon. On CICA, it will be placed into \pub\pc\win3\utils. That is where PWF20.ZIP was placed. - Once you get the program, please upload it to other FTP sites! 2) From Colorado Catacombs BBS - dial (303)772-1062. The file is called PWF30.ZIP - once you get the program, please upload it to other BBSs. *** The mail access system I had was discontinued. This is because the file was too big to fit into my account. However, you can still register PWF and request certain PGP and PWF related items using my mail access system. Details of these are on the "About" screen of PWF 30. - --Ross Barclay - ------------------------------------------------------------------------- Ross Barclay (rbarclay at trentu.ca), Assistant Editor | To receive my PGP | public key, send PC NEWS Review: Windows Edition | me e-mail with the Bellevue, WA (206) 399-8700 | subject: GET KEY - ------------------------------------------------------------------------- To receive PC NEWS Review, send me e-mail with the subject: GET PNR. - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAwUBLmZ7fdgpRteEZ9JhAQFeXgIAxIpvJQeMsx7YecNgtusBDMqL662XFeX2 qL0qF8HcN4ReZ9MYjtn9t8N1zWGxkPOXQEI3KfM7uk8JTzxjZ5LG2g== =gSYT -----END PGP SIGNATURE----- Chapter 4. Generally cool things. Section 1. Loompanics sources. Something cool from Vincent: Most of the Loompanics Unlimited catalog is online as: gopher://gopher.well.sf.ca.us/00/Business/catalog.asc And you can send mail to them at: loompanx at pt.olympus.net You can also get their catalog at: Loompanics Unlimited PO box 1197 33 Port Townsend, Wa. 98368 P id Send $5.00 for their general catalog - free with any order. Section 2. Viruses sources. AMERICAN EAGLE PUBLICATIONS Cypherpunks, I have found a source of info. that I just must share! American Eagle Publications, Inc. P. O. Box 41401 Tucson, AZ 85717 I'm sure they will send you a catalog just for the asking. So, what are they about? They are about VIRUSES! They don't just carry a couple of virus things - they are the VIRUSES-ARE-US of the virus world! They have a journal: Computer Virus Developments Quarterly. They have books on viruses, virus protection, cryptanalysis, the science fiction book "Heiland", a CD-ROM for $99.95 of several thousand live viruses, disks of viruses with source code, executable & utilities, programs & cards for boot protection, & even a virus IDEA computer system protector. Copy follows for two items of particular interest to Cypherpunks: POTASSIUM HYDROXIDE, KOH By the "King of Hearts" A sophisticated piece of software which uses ideas first developed by computer virus writers to secure your computer system against those who would like to get their hands on the information in it. You give KOH a pass phrase, & it uses state of the art IDEA data encryption algorithm to encrypt all of the information on your hard disk & your floppies. It is, for all intents & purposes, unbreakable, & works well with DOS & Windows. Many encryption programs offered commercially are easily cracked, but this one is not. Some people call this program a virus, come say it is not. In ways, it acts like a virus to do some of your security housekeeping for you. Yet at worst it is a friendly virus that lets you choose when & how it will replicate. program & manual on disk, $10 program, full source, & manual on disk, $20 (Overseas customers add $12: KOH cannot be exported from the US, but since it was not developed in the US, we will forward your order to the overseas distributor. Please allow 6 weeks for delivery) HEILAND By Franklin Sanders 276 pages, Paperback, 1986 Here's an entertaining book about America in the year 2020. If you wonder if it's proper to use viruses in wartime or if such a virus could be termed "good", this book will give you some food for thought. Sanders makes use of computer "worms" when the oppressed people of the US attack the federal government in an all-out war against tyranny. Sanders uses his worms right too - not as some all-powerful monster. Rather, they are deployed as part of a larger military strategy. For a book written in 1986, that's not bad! And if you're fed up with the government, this book is sure to give you a vision for the future. Sanders has been part of the mounting tax protest in this country. He's fought the IRS in court for years & won some important battles. Unfortunately the government seems to be con- firming some of his worst suspensions about them. Now you can get a good dose of his philosophy & his ideas about remedying our problems. And if you work for the government, don't be offended - this book is doubly recommended for you! Book, $8.00 for shipping add $2 per book. 5% sales tax for AZ. residents. It is my belief that in the next few years more uses for viruses than just being a vandal will be found. Also, they may find a place in protecting our electronic freedom. - for instance virus remailers. Also see my previous post - The FREEDOM DEAMON. Also, they have a place in my CHATTERBOX concept(a remailer for chat mode or commands). "Viruses aren't just for Sociopaths anymore!" Also, I suspect the state may start cracking down on virus tech- nology. Incidentally, did you all know that crypt has a place in modern viruses? Encryption is used to hide "nasty" code & virus signatures until they get into the system & decrypt. Yours Truly, Gary Jeffers PUSH EM BACK! PUSH EM BACK! WWWAAAYYY BBBAAACCCKK! BBBEEEAAATTTTT STATE ! Chapter 5. Getting the Cypherpunks' archived & indexed list. Vincent also tells us about the complete Cypherpunk's text on line & indexed with fast access times: Eric Johnson has put one together as: http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src Please don't think that you used to be safe doing something illegal on this list and that you no longer are. That would be foolish. -- Vince The "http" is for "Hyper-Text Transport Protocol". This is not FTP, though it is a protocol similar in function to FTP. It is used by "WWW" (World Wide Web) of which Mosaic is the most popular implementation. If you have Mosaic, you can just give the above path. If you do not have mosaic, you should spend some time trying to get it. Mosaic makes it really easy to quickly move through lots of information on the net. Mosaic is a point and click hypertext interface. You can FTP to ftp.ncsa.uiuc.edu and go into Mosaic. WWW has a simple language for writting your own hypertext documents - "HTML" (Hyper Text Markup Language). You can think of this as sort of like Troff, LaTeX or Postscript, but for hypertext documents. One page of HTML can make dozens of normal files easy to access. For example, my README.html security page points to many normal files: ftp://furmint.nectar.cs.cmu.edu/security/README.html It turns out that the mail database is really in "WAIS" (Wide Area Information Server). You can use WAIS directly, though I think it is easier to use through mosaic. To use WAIS you would do: ws -h pmip.maricopa.edu -d cpindex/Cypherpunks The "ws" may be "waissearch" on your system. You can get lots of info on WAIS from ftp://wais.think.com/comp.infosystems.wais-FAQ As someone pointed out, this "http" method does not yet work with "lynx" (a text only implementation of WWW) on the cypherpunks mail database. It seems it will take a new version of lynx or WAIS for this to work. But the Unix "xmosaic" works fine. :-) This form of global filename starting with something like "ftp://", "http://", "gopher://" etc is also part of the WWW architecture. These names are called "URLs" for Universal Resource Locator. Well, that is probably enough acronyms for today. :-) -- Vince From: Vincent.Cate at FURMINT.NECTAR.CS.CMU.EDU To: cypherpunks at toad.com Subject: WWW Acronyms (was Re: Cypherpunks' mail database does exist) Gary Jeffers: > Vincent, you state that a fully archived, indexed cypherpunks >mailing list exists as: >http://pmip.maricopa.edu/crypt/cypherpunks/cypherpunks.src >Ok, so I ftp'ed to pmip.maricopa.edu & tried to get to cypherpunks.src, >but even the subdirectories weren't there. The "http" is for "Hyper-Text Transport Protocol". This is not FTP, though it is a protocol similar in function to FTP. It is used by "WWW" (World Wide Web) of which Mosaic is the most popular implementation. If you have Mosaic, you can just give the above path. If you do not have mosaic, you should spend some time trying to get it. Mosaic makes it really easy to quickly move through lots of information on the net. Mosaic is a point and click hypertext interface. You can FTP to ftp.ncsa.uiuc.edu and go into Mosaic. You also have a typo, it is "Cypherpunks.src" with a capital C. WWW has a simple language for writting your own hypertext documents - "HTML" (Hyper Text Markup Language). You can think of this as sort of like Troff, LaTeX or Postscript, but for hypertext documents. One page of HTML can make dozens of normal files easy to access. For example, my README.html security page points to many normal files: ftp://furmint.nectar.cs.cmu.edu/security/README.html It turns out that the mail database is really in "WAIS" (Wide Area Information Server). You can use WAIS directly, though I think it is easier to use through mosaic. To use WAIS you would do: ws -h pmip.maricopa.edu -d cpindex/Cypherpunks The "ws" may be "waissearch" on your system. You can get lots of info on WAIS from ftp://wais.think.com/comp.infosystems.wais-FAQ As someone pointed out, this "http" method does not yet work with "lynx" (a text only implementation of WWW) on the cypherpunks mail database. It seems it will take a new version of lynx or WAIS for this to work. But the Unix "xmosaic" works fine. :-) This form of global filename starting with something like "ftp://", "http://", "gopher://" etc is also part of the WWW architecture. These names are called "URLs" for Universal Resource Locator. Well, that is probably enough acronyms for today. :-) -- Vince PS I only read cypherpunks once a day, some time after midnight when my collection for the day is done. From: rishab at dxm.ernet.in Subject: Accessing the Cpunk WAIS archive "Gary Jeffers" > http://pmip.maricopa.edu/crypt/cypherpunks/Cypherpunks.src > is the location of all the Cypherpunks' posts with index. I can > get to this place by placing a "www" in front of this instruction. Do an archie search for lynx or mosaic or some other decent browser. This is a WAIS indexed archive; no hyper links; you type in a keyword, and get a list of matching articles, and select one (or more) of them to look at. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA Chapter 6. Remailers & chained remailers. From: wcs at anchor.ho.att.com (bill.stewart at pleasantonca.ncr.com +1-510-484-6204) Message-Id: <9408300753.AA22369 at anchor.ho.att.com> To: CCGARY at MIZZOU1.missouri.edu Subject: Re: Using remailers, chained remailers? There's somebody who posts a remailer summary to the list about monthly. There are three or four sets of remailers out there: - anon.penet.fi, which gives you an account an12345 at anon.penet.fi which people can reply to. Send "Subject: help" to anon at anon.penet.fi and it'll probably give you a useful reply. Its big use is for anonymous Usenet posting with working replies. - The cypherpunks remailers, which are mostly one-way no-reply mailers; some also support Usenet posting. Soda is pretty typical. - Various enhanced cypherpunks remailers, which have features like encrypted reply addresses you can attach at the end. You can get information on using the soda remailer by sending email to remailer at csua.berkeley.edu, with "help" somewhere in the posting; I'm not sure if it wants it in the Subject: or in the body. That's the remailer that posts from "Tommy the Tourist" with random NSA-bait at the bottom of postings. Here's a recent posting on getting status of remailers. Note that some really only remail once per day, so they may be working fine even if it says they're not. ---- Date: Mon, 15 Aug 1994 13:39:33 -0700 From: Raph Levien To: cypherpunks at toad.com Subject: "finger remailer-list at kiwi.cs.berkeley.edu" now operational Hi all, I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at http://http.cs.berkeley.edu/~raph/remailer-list.html Please do not take the uptime figures too seriously, at least for another week or so. The script has only been running reliably for a few days. Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Raph Levien ------- # Bill Stewart AT&T Global Information Solutions, aka NCR Corp # 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399 # email bill.stewart at pleasantonca.ncr.com billstewart at attmail.com # ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465 Chapter 7. Current problems in Crypt. 1. We need an Internet Chat PGP system for conversations in real time. Note: #Freedom channel on the Internet Chat system has carried out fast encrypted conversations for years. When a Cypherpunk contacted one of their members (Sargent someone), he was politely told that their system was private. Sargent was unwilling to disclose method. Is their system some kind of security by obscurity code that cannot be varied (like by a drop in crypt/decrypt algorithm)? Or maybe the crypt method could be a drop in variable method & Sarge was unaware of it? Possibly other #Freedom members would be more knowledgeable? Possibly, a knowledgeable & diplomatic Cypherpunk could hit paydirt by pursuing this. 2. Has Arsen Arachelian really solved the problem of discovery of crypt in steganograpy by statistical examination of the least significant bits in his WNSTROM? I have seen no debate on this. 3. If the Feds capture the internet & put their anti-privacy hardware & protocols in place & outlaw remailers, does anyone have any idea how to build secure & effective remailers? A "Fortress remailer"? 4. If the above possibility happens & Cyperpunks' list is outlawed, does anyone have ideas how to make a "Fortress list"? Chapter 8. Text sources. Section 1. Books. From: Stanton McCandlish Subject: O'Reilly PGP book Date: Wed, 7 Sep 1994 13:38:58 -0400 (EDT) coming soon, PGP hits the mainstream: PGP: Pretty Good Privacy by Simson Garfinkel 1st Edition November 1994 (est.) 250 pages (est),ISBN: 1-56592-098-8, $17.95 (est) PGP is a freely available encryption program that protects the privacy of files and electronic mail. It uses powerful public key cryptography and works on virtually every platform. PGP: Pretty Good Privacy by Simson Garfinkel is both a readable technical users guide and a fascinating behind-the-scenes look at cryptography and privacy. Part I of the book describes how to use PGP: protecting files and email, creating and using keys, signing messages, certifying and distributing keys, and using key servers. Part II provides background on cryptography, battles against public key patents and U.S. government export restrictions, and other aspects of the ongoing public debates about privacy and free speech. -- Stanton McCandlish

mech at eff.org

Electronic Frontier Fndtn.

Online Activist The best book in cryptography is: APPLIED CRYPTOGRAPHY Protocols, Algorithms, and Source Code in C by Bruce Schneier Loompanics advertising copy follows: In Applied Cryptography, data security expert Bruce Schneier details how programmers can use cryptography - the technique of enciphering messages - to maintain the privacy of computer data. Covering the latest developments in practical cryptographic techniques, the book shows programmers who design computer software and systems we use every day. Along with more than 100 pages of actual C source code of working cryptographic algorithms, this pratical handbook: * Explains data encryption protocols and techniques currently in use and likely to be used in the future. * Offers numerous present day applications - from secure correspondence to anonymous messaging. * Includes numerous source code fragments and shows how to incorporate them into larger programs. * Discusses related issues like patents, export laws, and legal rulings. And much more! 1994, 7 1/2 x 9, 636 pp, Illustrated, indexed, soft cover. APPLIED CRYPTOGRAPHY: $44.95 (order number 10062) $4.00 for shipping and handling. UPS ground. Additional $7.50 if you want UPS w day air(blue)- that would be $11.50. Loompanics Unlimited PO Box 1197 Port Townsend, WA 98368 Section 2. Rants. For good rants FTP to soda.berkeley.edu /pub/cypherpunks/rants Section 3. CYPHERNOMICON - Tim May's "official" Cypherpunks' FAQ. This is a giant (1.3MB uncompressed) faq by Tim May. To get it by anonymous ftp: ftp to ftp.netcom.com /pub/tcmay - This directory has it & its associated files. Chapter 9. Cypherpunks' mailing list. getting on etc.. ======================================================================== 63 X-Delivery-Notice: SMTP MAIL FROM does not correspond to sender. Received: from MIZZOU1 (SMTP) by MIZZOU1 (Mailer R2.10 ptf000) with BSMTP id 8875; Sun, 11 Sep 94 23:25:40 CDT Received: from relay2.UU.NET by MIZZOU1.missouri.edu (IBM VM SMTP V2R2) with TCP; Sun, 11 Sep 94 23:25:39 CDT Received: from toad.com by relay2.UU.NET with SMTP id QQxgzh01248; Mon, 12 Sep 1994 00:22:38 -0400 Received: by toad.com id AA27527; Sun, 11 Sep 94 21:22:46 PDT Date: Sun, 11 Sep 94 21:22:46 PDT Message-Id: <9409120422.AA27527 at toad.com> To: CCGARY at MIZZOU1.missouri.edu From: Majordomo at toad.com Subject: Majordomo results Reply-To: Majordomo at toad.com -- >>>> help This is Brent Chapman's "Majordomo" mailing list manager, version 1.92. In the description below items contained in []'s are optional. When providing the item, do not include the []'s around it. It understands the following commands: subscribe [

] Subscribe yourself (or

if specified) to the named . unsubscribe [

] Unsubscribe yourself (or

if specified) from the named . get Get a file related to . index Return an index of files you can "get" for . which [

] Find out which lists you (or

if specified) are on. who Find out who is on the named . info Retrieve the general introductory information for the named . lists Show the lists served by this Majordomo server. help Retrieve this message. end Stop processing commands (useful if your mailer adds a signature). Commands should be sent in the body of an email message to "Majordomo at toad.com". Commands in the "Subject:" line NOT processed. If you have any questions or problems, please contact "Majordomo-Owner at toad.com". PUSH EM BACK! PUSH EM BACK! WWWAAAYYYY BBBAAACCCK! BBBEEEAAATTTT STATE! From doug at OpenMind.com Mon Sep 12 00:10:42 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Mon, 12 Sep 94 00:10:42 PDT Subject: Crypto Anarchy and the Social Body (Meta Strong Crypto) Message-ID: Thanks to all for the responses to my "Black Cryptoanarchy" post (flames and all!) I apologize for rehashing old libertarian debates, on which I am not well-informed, and I will focus here exclusively on the subject of "crypto anarchy". As I wrote the following post, it grew in size to the point where it made sense for me to cast it into "essay" format (at the risk of looking like just another net-kook). CRYPTO ANARCHY AND THE SOCIAL BODY (META STRONG CRYPTO) Let me begin by making it clear that it is not my intent to discredit cypherpunks or the goals of crypto anarchy. I have embraced these notions wholeheartedly until quite recently, when I began to question some of the assumptions about the consequences of this technology. I wish to raise these concerns openly here, and if my reasoning is flawed, I hope to have the flaws exposed. It seems likely that the complete suite of tools for crypto anarchy *will* become widely deployed in the next few years -- certainly by the end of the decade. I will argue that there are aspects of this technology which have the potential to induce powerful changes in the structure of the "social organism" of man, which have no counterpart in prior human history. The qualitatively fundamental nature of these changes makes their impact very difficult to predict. Therefore it is imperative that cypherpunks, who are perhaps best qualified to examine these issues, consider carefully what social impact these changes may have. We should discuss what, if anything, may be done with respect to development and deployment of the tools of crypto anarchy, in order to influence the final outcome for the greater liberty and standard of living of mankind as a whole. I will argue that cypherpunks should examine ways to influence the deployment and patterns of use of strong crypto tools in society, and not merely consider the construction of the tools alone. The study of social dynamics in the presence of strong crypto, and of how to introduce strong crypto tools in such a manner so as to achieve desirable patterns of deployment and social dynamics, is what I term "meta strong crypto". THE SOCIAL ORGANISM My background is in the disparate fields of biology and mathematics, so I begin in these areas. In biological terms, man is a social animal. We are evolved to survive through cooperative interactions with each other. We are by no means unique in this regard... cooperating societies of individuals have evolved many times throughout nature, often arriving at similar structures from independent origins. Almost all primates are social animals of one type or another, and the social structures of the larger primates such as baboons and chimpanzees are particularly complex. Very complex social structures also occur in distantly related (but highly intelligent) species such as porpoises and elephants. In all such cases, the social interactions are complex enough to justify describing the whole in terms of a "social body". There are universal properties of interaction which create the social body in these species, and in all human societies throughout history. These properties depend fundamentally on the publicly visible nature of most social interactions. Individual social animals exist in a relationship to the social body deriving from the visibility of their actions to others. This *defines* individuality. Relationship to group is fundamental, and creates the context of consequence, reprisal, negotiation, and positioning upon which all animal or human societies are based. Strong crypto -- the tools of crypto anarchy -- represents a break in these primal functions upon which the social body is based. The significance of this break is difficult to comprehend... it is not only a first for human societies, but a first for all of biological evolution. Picture a visual image for the traditional social body as a graph. The graph consists of numerous nodes -- individuals -- and a complex web of interrelationships between them. Now consider what the tools of strong crypto do to this graph. Nodes -- "individuals" -- may appear and disappear over extremely short time periods, as anonymous identities come and go. All nodes may have any number of unknowable links, or links which are unknowable by arbitrarily large sections of the net. Links may have new properties, such as asymmetry of identity. Individual nodes may "unknowably" represent (equate with) entire collections of other nodes. The point is that the social structure is altered along dimensions that have been constant since the dawn of the evolution of social animals. This picture implies the development of something radically different than what we now think of as a social body. It is far more complex, with new types of basic components and operations. There is no reason to expect it to resemble any society in the history of man, or to bear any resemblance to any social body which has evolved to date. It is something radically new and different. POSSIBILITIES Many people have embraced with unreserved enthusiasm the dawn of a new era to be ushered in by strong crypto. There is an expectation that the power of the new tools, and the extent of the social changes, must necessarily lead to desirable improvements. For my purposes, desirable changes would include an increased standard of living for all humans, increased communications and interactions between individuals across the whole of human civilization, as well as increased personal liberty to pursue any desired avenue of exploration/growth. On the other hand, undesirable changes would include a massive lowering in the standard of living for most peoples, the creation of Orwellian societies, increased fragmentation and decreased communications between the peoples of the world, or more marked catastrophes such as the advent of massive terrorism on a global scale (whether nuclear, biological, or merely conventional terrorist attacks are involved). SIMULATIONS/SPECULATIONS Since the effect of strong crypto on the social body of man is so difficult to understand or predict, it seems that a reasonable approach would be to conduct computer simulations of the spontaneous forms of self organization that occur in populations participating under various game-theoretic and economic models, when these populations have access to strong crypto. It would be very instructive to examine what kinds of long-term stable structures can arise under various initial conditions. It would be particularly relevant to attempt to model what structures can develop when the strong-crypto tools are introduced in various ways, rather than starting out as a ubiquitous presence in society. Various models for the spread of the technology could be developed. These are the tools of meta strong crypto. I will here venture into the realm of blatant speculation: I speculate that stable patterns of organization with the highest degrees of global liberty and prosperity would arise from scenarios in which the access to strong crypto tools is ubiquitous and uniform. I speculate that many of the more disastrous scenarios and unpleasant steady-state societies would be characterized by inhomogeneities in the deployment of strong crypto. SELF-CATALYSIS AND INSTABILITY When reading the views of those who are most optimistic about the potentials of crypto anarchy, there seems to be an implicit assumption that the advent of strong crypto will be self-catalytic and rapidly spread throughout all segments of society. I think this assumption is natural, given the history of the information age, wherein technological advances have inevitably become ever more accessible to the general public. I believe that strong crypto does indeed have the potential to be "auto-catalytic" and to rapidly spread throughout society in an unstoppable wave. However, I see this auto-catalysis as susceptible to various forms of instability that may result from immaturity in its initial deployment. The principle weakness of this auto-catalysis is the fact that strong-crypto relies upon technology which requires a certain standard quality of living. It requires computers of adequate speed and networks of sufficient bandwidth and interconnectivity. If the threshold standard of living necessary to acquire this technology lies well below the average standard of living in society, then the deployment of strong crypto may spread rapidly and uniformly throughout society. However, if this threshold standard of living is very near or above the average standard of living, then the tools of strong crypto will necessarily spread only through certain privileged channels of society. Any pre-existing class divisions in the society may become greatly pronounced, and in general inhomogeneous dynamics make predictions in the absence of simulations very difficult. CONCLUSIONS Strong crypto and crypto anarchy may well provide the mechanisms for a type of social body never before seen in the history of biological evolution. However, the mere existence of this technology in and of itself does not guarantee any particular qualities for this new social body. The new dynamics are extremely complex and will be unlike anything previously encountered. Computer simulations of populations of individuals with access to strong crypto tools under various models may give us some clues as to the stable patterns of organization likely to emerge. The modeling skills of sociobiologists, economists, and game theorists could all be applied to this problem. The exact details of the introduction and spread of the tools of strong crypto into the population may be expected to have important effects on the eventual new stable patterns which emerge. Cypherpunks should consider not just the implementation of the tools of strong crypto, but also the dynamics of its spread throughout society and the dynamics of its pattern of use. Although it is tempting to focus exclusively on the mathematical algorithms and protocols, economics and sociobiology are critical to understanding and influencing the eventual impact of strong crypto on the quality of human life. History teaches that it is a mistake to assume that a ground breaking new technology will necessarily produce the most positive changes it is capable of. Let us not follow in the foosteps of those who have made this mistake in the past. From hibbert at netcom.com Mon Sep 12 00:20:30 1994 From: hibbert at netcom.com (Chris Hibbert) Date: Mon, 12 Sep 94 00:20:30 PDT Subject: PRIVACY REGULATIONS In-Reply-To: Message-ID: <199409120719.AAA20925@netcom7.netcom.com> I was too succinct in my message about dealing with cops. I didn't want to write a long message, but by responding briefly, I said things that could easily be misconstrued, and now I'll have to spend the time. Sandy is right about a number of things. As he points out, you are not required to have documents on your person saying who you are, but you do have to give a name (and probably an address) when the police ask. However, there are many times when a cop asks a question that you don't have to answer. Cops are allowed to just "nose around," and it's in this situation that you aren't required to be very forthcoming. Cops are allowed to ask idle questions (as anyone is). They don't have as many special rights at these times. When they do have probable cause, they can insist that you cooperate or allow a search. And if you don't cooperate, they can arrest you. If they don't have probable cause, and are just poking around, they have to let you go if they haven't found anything suspicious. If you assume they always have the right to insist, you will spend more time talking to cops than you have to, and will let them dig deeper than they have a right to. The longer they poke around the better the chances they'll find something you thought of as innocent that they think is suspicious. Many people let police search when they don't have to, thinking they don't have a choice. When a cop asks if he can look in the trunk of your car, or take a look around your apartment, you can say "I'd rather not," and ask if you're free to go. **Remember that they have a gun** and the right to use it in some situations. Be polite. They'll let you know if they're insisting on your cooperation. Physical resistance is a very bad idea. But there's no need to let them look if they don't insist, and they are prohibiting from insisting if they don't have a legally justifiable reason. In my previous message, I said ... Just say "Officer, someone is waiting for me. May I go now?" and Sandy responded: Just say "no"? I *guarantee* this won't work. If you are asking permission ("May I go?"), aren't you ceding to the officer the legal right to say "no"? If you believe you don't have to interact with the nice man, why not just turn your back and walk away without a word? (I wouldn't advise it.) Again, I spoke too quickly, and so left out the caveats and details. Cops have to have probably cause before they can detain you. When they have probably cause, they'll let you know. "Just turn[ing] your back and walk[ing] away without a word" is a bad idea, but if you give them everything they ask for without objecting, you're giving in too quickly. Cops are not always your friends. If a cop asks to search you, your car or your apartment, the proper response is "I'm real busy right now, I'd rather not." "May I go" is a question that forces a cop to either claim he has a reason to hold or search you or admit that you can go. If they have a legally justifiable reason for insisting, they'll let you know. Many people try to claim in court that a search was "without probable cause," and lose because they didn't object, and so the search is deemed to have been voluntary. Anything they find in a voluntary search is admissible in court. The question isn't "Do you have something to hide?" but "Does everything you own look completely innocent from all viewpoints?" Chris Sorry for the length. From SAMUEL.KAPLIN at warehouse.mn.org Mon Sep 12 00:58:56 1994 From: SAMUEL.KAPLIN at warehouse.mn.org (SAMUEL KAPLIN) Date: Mon, 12 Sep 94 00:58:56 PDT Subject: CONTROL FREAKS Message-ID: <4FDCD93D@warehouse.mn.org> Subject: Re: CONTROL FREAKS To: cactus at bibliob.slip.netcom.com (L. Todd Masco) From: frissell at panix.com (Duncan Frissell) Subject: Re: CONTROL FREAKS Cc: cypherpunks at toad.com >> After all, there can't be a totalitarian state that doesn't massively chan >> (introduce uncertainly into) the conduct of life and business in its count >> (and if it is large, in the world). Markets have a way of dealing with >> uncertainty. Capital flight (seeking safer investments) and high interest >> rates (to compensate for risk). The main assumption here is that the populous and the markets realize that they are in a totalitarian state. We in the U.S. are evolving closer and closer to this and most seem not to see it, and if they do, not to care about it. The senario that I see, is the borders being closed. (After all we HAVE to stop all of these illegal aliens.) All of the firearms and weapons being removed from private hands. (The crime rate is SO high this is the only way to solve it.) The U.S. economy being isolated from the rest of the world. (The world doesn't trade fair with us, so we just won't trade with you.) Once your economy is isolated from the rest of the worlds who cares what a dollar is worth. If the government says a dollar buys a loaf of bread, then I guess it does. After all they have all of the weapons. The most incideous thing is that the average American would go along with all of the rationalizations listed above. --BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAy5pUekAAAEEAKrDj64Zj9AJU+gC7/Ivdk8b1ef6a1T9K5CGFeu1yFDSXLyD DLIdGunZR/4ilosLMxdlZcNqPwZ3HgxL+Gk3y2SwYfqKpeWExWPgb696lgzf2BRC tED15ZAwi3UDIkcouv2PBiDwPNUUmnLb5diDXdA3qtALb+XzlwpnimeWAf3FAAUT tCFTYW11ZWwgS2FwbGluIDwrMSAoNjEyKSA1MzAtNzMxNj6JAJUCBRAuaVLjQqfV nzRSzxkBAcXuA/47yIN+sltMyIRqCgUZz/gubdI6LUcpFsTcXsFWppROpAWFPJv0 J9z/UoP1kjJ+nrAAizuKuhmC5eg5OOxUE+tUgSPl6hAtu2xJYmKtCbQpxF0sG8ni 4e8I8Zsk5vcopO5Vub96CiVgPjI5vITCb32kcLKI1yyFaztbHdtOasUthg== =M8Dh --END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin at warehouse.mn.org | 75240,131 at compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- =========================================================================== Processed by WILDUUCP! v1.00 for WILDCAT! =========================================================================== From SAMUEL.KAPLIN at warehouse.mn.org Mon Sep 12 00:59:03 1994 From: SAMUEL.KAPLIN at warehouse.mn.org (SAMUEL KAPLIN) Date: Mon, 12 Sep 94 00:59:03 PDT Subject: Proposed changes to the Q Message-ID: Subject: Proposed changes to the Queensland criminal code. From: pkm at maths.uq.oz.au To: cypherpunks at toad.com Subject: Proposed changes to the Queensland criminal code. Cc: ijc at axiom.maths.uq.oz.au, ma157727 at mailbox.uq.oz.au, >> It seems the fight against evil never ends... >> This is a clipping from the Sunday Mail, the local >> sunday newspaper (althogh tabloid would be a better >> word for it). As you can observe, it is one of those >> papers that have a paragraph:sentence ratio of 1:1. >> I hope it is of interest to you all. All spelling >> mistakes are mine. All grammatical awkwardness are his. :-) .... >> ONLINE MOVES 'OUT OF LINE'. [Date: 11/09/94 - PKM.] Sounds like Australia is catching up with the U.S.A. :( Many local governments here are trying to implement this type of crap. Welcome to 1984 ten years late!! :) ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin at warehouse.mn.org | 75240,131 at compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- =========================================================================== Processed by WILDUUCP! v1.00 for WILDCAT! =========================================================================== From SAMUEL.KAPLIN at warehouse.mn.org Mon Sep 12 00:59:09 1994 From: SAMUEL.KAPLIN at warehouse.mn.org (SAMUEL KAPLIN) Date: Mon, 12 Sep 94 00:59:09 PDT Subject: Running PGP on Netcom (an Message-ID: Subject: Running PGP on Netcom (and Similar) From: tcmay at netcom.com (Timothy C. May) Subject: Running PGP on Netcom (and Similar) To: cypherpunks at toad.com Cc: tcmay at netcom.com (Timothy C. May) >> Not that had Mr. De Payne been using PGP on Netcom, with his secret >> key stored there, the cops would have it. (The passphrase maybe not, >> depending on whether he stored _that_ there, too. And whether Netcom >> had logs of keystrokes entered, which strikes me as something they >> would probably have--we really need a "zero knowledge" kind of >> "reach-back" for remotely-run PGP.) Never mind the keystroke logs, if his line was wiretapped they have all of the keystrokes coming in and going out. Get his secret keyring from Netcom and they could monitor his communications with out a problem. >> I just don't think the dangers are worth it. All the theoretical hot >> air about whether keystroke timings are "random enough" is moot if >> Netcom is turning over records to investigators. >> It creates a dangerous illusion of security. What illusion of security? If I have my secret keyring residing someplace where I can't physically control who has access to it, no way is this keyring secure!! It goes against the definition of a secret. Once you tell someone a secret, It no longer is a secret. In effect this person has told Netcom his secret, therefore it no longer is a secret. Just because you're paranoid, doesn't mean they're not out to get you. Be paranoid!! >> (For those with no home machines, and perhaps those who mainly use >> campus services, work stations, etc., I'm not faulting you; people use >> what they have to use. Longer term, though, PGP needs to run on secure >> hardware. Secure meaning not easily grabbed by the authorities without >> even one's knowledge!!) This just goes to prove that no matter how secure the crypto system is, if it is implemented in an insecure way, the whole system is compromised. If you are using a "One Time Pad" to communicate with someone and you make an extra set of pages and give them to someone that you really don't know and trust (Netcom), no way can you call this secure. Even though most will agree that the "One Time Pad" is the most secure crypto system, it is being implemented in an insecure way hence it is insecure. --BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAy5pUekAAAEEAKrDj64Zj9AJU+gC7/Ivdk8b1ef6a1T9K5CGFeu1yFDSXLyD DLIdGunZR/4ilosLMxdlZcNqPwZ3HgxL+Gk3y2SwYfqKpeWExWPgb696lgzf2BRC tED15ZAwi3UDIkcouv2PBiDwPNUUmnLb5diDXdA3qtALb+XzlwpnimeWAf3FAAUT tCFTYW11ZWwgS2FwbGluIDwrMSAoNjEyKSA1MzAtNzMxNj6JAJUCBRAuaVLjQqfV nzRSzxkBAcXuA/47yIN+sltMyIRqCgUZz/gubdI6LUcpFsTcXsFWppROpAWFPJv0 J9z/UoP1kjJ+nrAAizuKuhmC5eg5OOxUE+tUgSPl6hAtu2xJYmKtCbQpxF0sG8ni 4e8I8Zsk5vcopO5Vub96CiVgPjI5vITCb32kcLKI1yyFaztbHdtOasUthg== =M8Dh --END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin at warehouse.mn.org | 75240,131 at compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- =========================================================================== Processed by WILDUUCP! v1.00 for WILDCAT! =========================================================================== From anonymous at extropia.wimsey.com Mon Sep 12 02:07:16 1994 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 12 Sep 1994 02:07:16 -0700 Subject: "Will You Be a Terrorist?" Message-ID: <199409120907.AA15385@xtropia> in [Check it out - Cross-posted from Fidonet:] The "Crime Bill" passed by Congress recently (truename: Violent Crime Control and Law Enforcement Act of 1994) has a frightening provision that hides a boogeyman under its superficially appealing surface: *----------* *----------* *----------* SEC. 120005. PROVIDING MATERIAL SUPPORT TO TERRORISTS. (a) Offense.--Chapter 113A of title 18, United States Code, is amended by adding the following new section: ``Sec. 2339A. Providing material support to terrorists ``(a) Definition.--In this section, `material support or resources' means currency or other financial securities, financial services, lodging, training, safehouses, false documentation or identification, communications equipment, facilities, weapons, lethal substances, explosives, personnel, transportation, and other physical assets, but does not include humanitarian assistance to persons not directly involved in such violations. ``(b) Offense.--A person who, within the United States, provides material support or resources or conceals or disguises the nature, location, source, or ownership of material support or resources, knowing or intending that they are to be used in preparation for, or in carrying out, a violation of section 32, 36, 351, 844 (f) or (i), 1114, 1116, 1203, 1361, 1363, 1751, 2280, 2281, 2331, or 2339 of this title or section 46502 of title 49, or in preparation for or carrying out the concealment of an escape from the commission of any such violation, shall be fined under this title, imprisoned not more than 10 years, or both. ``(c) Investigations.-- ``(1) In general.--Within the United States, an investigation may be initiated or continued under this section only when facts reasonably indicate that-- ``(A) in the case of an individual, the individual knowingly or intentionally engages, has engaged, or is about to engage in the violation of this or any other Federal criminal law; and ``(B) in the case of a group of individuals, the group knowingly or intentionally engages, has engaged, or is about to engage in the violation of this or any other Federal criminal law. ``(2) Activities protected by the first amendment.--An investigation may not be initiated or continued under this section based on activities protected by the First Amendment to the Constitution, including expressions of support or the provision of financial support for the nonviolent political, religious, philosophical, or ideological goals or beliefs of any person or group.''. (b) Technical Amendment.--The chapter analysis for chapter 113A of title 18, United States Code, is amended by adding the following new item: ``2339A. Providing material support to terrorists.''. *----------* *----------* *----------* In the U.S. Title 18 Code, terrorism is defined as "engaging in any act or conspiring to engage in any act intended to intimidate or coerce the civilian population or the government" or close words to that effect. What does this mean? Suppose you organize a militia and some little jot or tittle is just that much off -- and the thugs at the BATF or FBI or NatPol decide that your militia is an "armed group"? They can now seize your house, your car, your bank account and anything else even remotely connected with the maintenance or support of the militia, and make *you* prove your innocence before the Federal thugs will grudgingly return your life to you. Suppose you participate in a demonstration against abortion and just one member of the peaceful demonstration gets into a fistfight with an escort. You had given a ride to this demonstrator -- is the fistfight "terrorism" and you a collaborator in this "terrorism" to be arrested and thrown in jail and your car seized until you can prove that you did not know that the other demonstrator did intend to fight with an escort? Suppose you demonstrate against national health care and you yell that Clinton should be thrown out of office and make a threatening gesture -- will the thugs treat this as an "attempt to intimidate the government" and take your car and perhaps your home if you used it to prepare materials for the demonstration? Suppose you quote Thomas Jefferson's words about a revolution being due every twenty years -- will you be thrown into jail for that? Note that the above section does not allow anything but "NON-violent" goals. This is another direct attack upon the First Amendment and deeply disturbing in its implications when considered as part of a set of other federal statutes scattered across Title 18 criminal law. ***end of quoted section*** -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, From usura at xs4all.nl Mon Sep 12 03:58:11 1994 From: usura at xs4all.nl (Alex de Joode) Date: Mon, 12 Sep 94 03:58:11 PDT Subject: Running PGP on Netcom (and Similar) Message-ID: <199409121057.AA01026@xs1.xs4all.nl> Timothy C. May (tcmay at netcom.com) did write: : Not that had Mr. De Payne been using PGP on Netcom, with his secret : key stored there, the cops would have it. (The passphrase maybe not, : depending on whether he stored _that_ there, too. And whether Netcom : had logs of keystrokes entered, which strikes me as something they : would probably have--we really need a "zero knowledge" kind of : "reach-back" for remotely-run PGP.) Would a "challange response" type of verification do the "trick", ie is it secure enough for passphrase monitering ? : I just don't think the dangers are worth it. All the theoretical hot : air about whether kestroke timings are "random enough" is moot if : Netcom is turning over records to investigators. : --Tim May -- ____ Alex de Joode \ /__ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- \/ / "It's dangerous to be right when the government is wrong." \/ --Voltaire --finger usura at xs4all.nl for PGPpublicKEY-- From snyderra at dunx1.ocs.drexel.edu Mon Sep 12 06:16:20 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Mon, 12 Sep 94 06:16:20 PDT Subject: Running PGP on Netcom (an Message-ID: At 3:52 AM 9/12/94, SAMUEL KAPLIN wrote: >What illusion of security? If I have my secret keyring residing someplace >where I can't physically control who has access to it, no way is this >keyring secure!! It goes against the definition of a secret. Once you tell >someone a secret, It no longer is a secret. In effect this person has told >Netcom his secret, therefore it no longer is a secret. Just because you're >paranoid, doesn't mean they're not out to get you. Be paranoid!! But keeping it on your home machine, the bad guys could break into your house, set up a keyboard monitoring program, and get it that way. Or if they wanted to, grab you and force you to reveal your key. It's not black and white. There are degrees of security. I keep my encrypted secret key on dunx1, a UNIX box used by many other people. Anyone who has the ability to can either watch my keystrokes, probe through memory to retrieve my key or message, or probably a few other things I haven't thought of. The benefit, though, of being able to decode messages as soon as I receive them, and being able to send encrypted messages when I'm not at home is major. For me at least, it's a fair trade-off. There isn't anything I send right now that I would find particularly embarassing should it become public knowledge. If I did get into that situation, I'd probably create a second key pair for use only at home, and keep both in use. The bad guys will almost always be able to get your key. Even if they have to get you to get it. The goal is to raise the difficulty such that they aren't willing to do it. Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From habs at panix.com Mon Sep 12 06:37:03 1994 From: habs at panix.com (Harry S. Hawk) Date: Mon, 12 Sep 94 06:37:03 PDT Subject: Interns Sought (tele-commute), c++, tech writers & requirements Message-ID: <199409121336.AA10482@panix.com> ____________ The Position ____________ We are looking for several Interns from now through December. Internships are unsalaried. At the successful completion of the Internship a $200 stipend will be paid. These are "work at home" and telecommuting internships. ___________ Who We Want ___________ We are looking for C++ programmers We are looking for Tech Writers We are looking for Technical Requirements Researchers ___________ Requirements ___________ Must have the ability to communicate in English (mostly written, but verbal as well). Experience with mail applications, sendmail, and mime a plus. Programmers must have access to a system with the g++ 2.5.8 and the ability to send RFC-822 E-mail. Tech Writers should have access to an ASCII editor (emacs preferred). Researchers should be able to surf the Internet and have access to technical libraries. You can be located anywhere in the world. We hire without regard to race, religion, gender, sexual orientation, or any physical disabilities. Be able to sign and return by mail a non-disclosure agreement. __________ Who we are __________ We are PowerMail, Inc. a privately funded commercial venture incorporated in the state of Delaware. We are building a state of the art e-mailing list software in C++; The name of the product is MailWeir(tm). _______ Details _______ We are looking for programmers with solid C++ skills to build objects for us. There a lots to chose from; many are quite interesting. We are looking for tech writers to help with system level and end user documentation. We are looking for technical requirements researchers. These researchers will investigate various standards including RFC, ISO, IEEE, etc. and write functional requirements for various objects to be compliant with these standards. __________________ Please get in touch __________________ Please send your resume and qualifications to: exi-powermail at powermail.com Please send ASCII resumes only. _______________ For Information _______________ For more information on any position, please send mail to habs at powermail.com Don't send resumes here. /hawk -- Harry S. Hawk habs at panix.com Product Marketing Manager PowerMail, Inc. Producers of MailWeir(tm) & PowerServ(tm) From raph at CS.Berkeley.EDU Mon Sep 12 06:49:44 1994 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Mon, 12 Sep 94 06:49:44 PDT Subject: List of reliable remailers Message-ID: <199409121350.GAA03322@kiwi.CS.Berkeley.EDU> I have written and installed a remailer pinging script which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, at: http://www.cs.berkeley.edu/~raph/remailer-list.html Please let me know about any other remailers which I missed. I've only included remailers which can mail to arbitrary addresses, so I already know chop and twwells are missing. This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail, which is available at: ftp://kiwi.cs.berkeley.edu/pub/raph/premail-0.22.tar.gz For the PGP public keys of the remailers, as well as some help on how to use them, finger remailer.help.all at chaos.bsu.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 10-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"chaos"} = " cpunk hash ksub"; $remailer{"vox"} = " cpunk oldpgp. post"; $remailer{"avox"} = " cpunk oldpgp post"; $remailer{"extropia"} = " cpunk pgp special"; $remailer{"kaiwan"} = " cpunk pgp hash latent cut"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"bsu-cs"} = " cpunk hash ksub"; $remailer{"rebma"} = " cpunk pgp hash"; $remailer{"jpunix"} = " cpunk pgp hash latent cut post"; $remailer{"wien"} = " cpunk pgp hash nsub"; $remailer{"c2"} = " eric pgp hash"; $remailer{"soda"} = " eric pgp. post"; $remailer{"penet"} = " penet post"; $remailer{"ideath"} = " cpunk hash ksub"; $remailer{"usura"} = " cpunk pgp. hash latent cut post"; $remailer{"leri"} = " cpunk pgp hash"; $remailer{"desert"} = " cpunk pgp."; Last ping: Mon 12 Sep 94 6:00:01 PDT remailer email address history latency uptime ----------------------------------------------------------------------- wien remailer at ds1.wu-wien.ac.at -*+*******-* 17:09 99.99% bsu-cs nowhere at bsu-cs.bsu.edu ****##****+* 7:12 99.99% c2 remail at c2.org -+***+*+**** 18:16 99.99% jpunix remailer at jpunix.com **++##**** * 5:40 99.99% extropia remail at extropia.wimsey.com --..-+-++-- 2:29:43 99.99% chaos remailer at chaos.bsu.edu ######*****# 1:57 99.98% ideath remailer at ideath.goldenbear.com **+*#+*+**** 8:14 99.96% leri remail at leri.edu **+*#+****** 9:34 99.95% kaiwan ghio at kaiwan.com ++--*-+*.-+ 29:35 99.83% soda remailer at csua.berkeley.edu +++..+++++++ 1:29:40 99.89% vox remail at vox.xs4all.nl --- ...--- 11:43:07 99.72% alumni hal at alumni.caltech.edu *+ * **-**** 50:25 99.53% portal hfinney at shell.portal.com *+ #**-**** 56:07 99.31% desert remail at desert.xs4all.nl ..-- 26:50:26 99.03% rebma remailer at rebma.mn.org +--- ----*- 6:41:53 98.76% usura usura at xs4all.nl +* -******* 9:57 96.99% penet anon at anon.penet.fi __++******** 10:53:28 93.49% Suggested path: c2;bsu-cs;wien For more info: http://www.cs.berkeley.edu/~raph/remailer-list.html Options and features cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. oldpgp Remailer does not like messages encoded with MIT PGP 2.6. Other versions of PGP, including 2.3a and 2.6ui, work fine. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. special Accepts only pgp encrypted messages. History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). If you've got a Web page, please feel free to include a link to this page. If you think your Web page is relevant to the subject of remailers, let me know and I'll link it in. Comments and suggestions welcome! Note to remailer operators: this script generates hourly ping messages. If you don't want that, let me know and I will take your mailer off the list, or increase the interval between pings. Raph Levien From huntting at glarp.com Mon Sep 12 07:47:36 1994 From: huntting at glarp.com (Brad Huntting) Date: Mon, 12 Sep 94 07:47:36 PDT Subject: Running PGP on Netcom (and Similar) In-Reply-To: <199409120049.RAA15757@netcom11.netcom.com> Message-ID: <199409121441.IAA11650@misc.glarp.com> > A "Cypherpunk RISK" (apologies to the "RISKS" list) to running PGP on > Netcom, Portal, America Online, etc. systems (and on university, > corporate, etc. systems), is the obtaiing of *all* records, > directories, etc. by court order. > This has happened more than once, and will likely happen more and more > in the future, as law enforcement realizes what a treasure trove this > can be. I am under the impression that many if not all Internet providers which provide interactive logins have been raided durring the past year. The raids I know of were conducted by U S Marshalls acting on behalf of a few large electronics firms (who just happen to all have the same intelectual property atourney). brad From frissell at panix.com Mon Sep 12 08:17:37 1994 From: frissell at panix.com (Duncan Frissell) Date: Mon, 12 Sep 94 08:17:37 PDT Subject: Phil Zimmerman in Atlanta Message-ID: <199409121517.AA13900@panix.com> I am authorized to announce... Phil Zimmerman is in Atlanta for Interop and will be a "commentator" at a separate panel discussion (Tuesday 13 September) on Clipper/DTI sponsored by EPIC. The subject of the panel is "Issues of Trust" -- "Can we trust the government?" All the usual suspects: Clinton Brooks (late of NSA) Jim Bidzos (RSA) John Droge (?) Dorthey Denning (Georgetown) Barbara Simons (ACM) David Sobel (EPIC) From Ron_Bardarson at smtp.esl.com Mon Sep 12 08:25:32 1994 From: Ron_Bardarson at smtp.esl.com (Ron Bardarson) Date: Mon, 12 Sep 94 08:25:32 PDT Subject: Introduction- Telephone Message-ID: Reply to: RE>>Introduction: Telephone traffic analysis >> I stumbled upon this great explanation of telephone traffic analysis and >> thought I'd share it with the list: >It is to evade this sort of traffic analysis that complex routing, batching >and clustering of anon remailer traffic is being evolved. As long as 'someone else' controls the medium thru which the messages pass, traffic analysis will be possible. It may be a large problem, but it will still be doable with sufficient motivation. When you have an untappable wire between the sender and recipient, then traffic analysis is impossible (and crypto unnecessary). In order to get to the remailer chain you mention, I (for instance) can ONLY pass thru a couple a machines, which if properly monitored, reveal the traffic flow despite the remailers. You can still beat traffic analysis (and you still need crypto), but not in this medium. From sandfort at crl.com Mon Sep 12 08:41:00 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 12 Sep 94 08:41:00 PDT Subject: ACAPULCO H.E.A.T. Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, You won't believe what a chatterbox I'm going to be today. This is just the first of several posts I am planning. Of course, the most important must come first. This week's installment of Acapulco H.E.A.T. was the second part of a two-episode show called "Code Name: Stalemate." As you may recall, from last week, the story, set at a chess tournament in Venezuela, involved the attempted assassination of an ex-KGB spy named Andre by H.E.A.T.'s archenemy, Strake. I should mention that Andre was a dead ringer for Barry Goldwater (except with a bad Russian accent.) This week's episode hardly seemed connected to last week's. Strake is still holding Krissie hostage, but he seems more intent now on killing the entire H.E.A.T. The actor who plays Strake, a total megalomanic, completely chews the scenery in the worst case of over-acting I've seen in years. This, of course, leads to gratuitous gun play (God, women with guns make me so hot), a boat chase, an exploding boat and the inevitable climactic fist fight between the Good Guy and the Bad Guy. (The Good guy wins.) During the show we have Strake bugging H.E.A.T. HQ and shutting it down (again). Only this time Ashley breaks the "Kasporov algorithm" and breaks Stake's hold over the H.E.A.T. center AND infiltrates Strake's system. Strake also spoofs a phone call so that H.E.A.T. can't trace it. The Team uses small tracking devices to locate kidnapped members (they are discovered). I got some heat (pun intended) for not mentioning last week's bikini/Fabio ratio. When these episodes were make, Fabio was not part of the Team. They are all re-runs, so I don't know if he was part of the original cast and dropped later, or the other way around. Anyway, no Fabio. None of the principles were in bikinis, except for Krissie in the romantic flashback Marcos had while she was being held hostage by Strake. A number of beach background scenes were used, however, to pump up the bikini quotient. Finally, we did have a curious exchange between Tony and Cat in which he explained Zen. It had something to do with water and ice, but I guess I wasn't spiritual enough to grok it. IMPORTANT ANNOUNCEMENT: My operatives are everywhere. Even as I write, one of them is on the trail of Alison Armitage .GIFs! If he is successful in bagging them, he will reveal his identity and make said .GIFs available to interested Cypherpunks. Stay tuned. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From adam at bwh.harvard.edu Mon Sep 12 08:55:58 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 12 Sep 94 08:55:58 PDT Subject: Running PGP on Netcom (and Similar) In-Reply-To: <199409121057.AA01026@xs1.xs4all.nl> Message-ID: <199409121554.LAA10096@bwh.harvard.edu> Alex de Joode: | Timothy C. May (tcmay at netcom.com) did write: | | : Not that had Mr. De Payne been using PGP on Netcom, with his secret | : key stored there, the cops would have it. (The passphrase maybe not, | : depending on whether he stored _that_ there, too. And whether Netcom | : had logs of keystrokes entered, which strikes me as something they | : would probably have--we really need a "zero knowledge" kind of | : "reach-back" for remotely-run PGP.) | | Would a "challange response" type of verification do the "trick", ie | is it secure enough for passphrase monitering ? If the system is well designed. I sent the following to Phil Z. back in July to address exactly this problem. Hopefully, it will be in pgp3. > > As a user of PGP for a while, there is a feature that I would >like to see added to PGP 3, when that comes out. The enhancement >would allow PGP to be used with an untrusted local CPU/network. (Of course, I should have said 'untrusted network.' If the local CPU really is untrustworthy, you might be running a comprimised version of PGP, etc.) > To do this properly, you would want one shot passphrases, >similar to S/Key. The implementation I see would have PGP hash your >pass phrase some large number of times (say 1000, which takes less >than a second on my 68030 mac) before using it to decrypt your pass >phrase. > > Then, when logged in from a line being sniffed, you would >invoke PGP -1es ..., and when prompted for your pass phrase you would >enter 800/something-ugly-that-md5-makes. PGP would then md5 this 200 >times, and you'd have demonstrated your knowledge of your passphrase >without ever sending it over a line. Clearly, PGP would need to store >the fact that you had used #800, and only accept lower numbers. From perry at imsi.com Mon Sep 12 09:00:46 1994 From: perry at imsi.com (Perry E. Metzger) Date: Mon, 12 Sep 94 09:00:46 PDT Subject: Cryptography Mailing List (was Re: Ecash mailing list? ) In-Reply-To: <199409100147.SAA08070@netcom9.netcom.com> Message-ID: <9409121600.AA00569@snark.imsi.com> Timothy C. May says: > > Is anybody interested in forming a mailing list explicitly for e-cash > > discussion? After looking at the c'punks list for at least a year, > > there seems to be the critical mass of interest to create a medium > > volume mailing list. > > Half a dozen such special sub-list exists on Cypherpunks--bet you > didn't know that, eh? That's because they go unused, for reasons I've > written about before. I'm thinking (again) about setting up a specialized mailing list for discussing cryptography... Perry From eckerg at is.NYU.EDU Mon Sep 12 09:04:32 1994 From: eckerg at is.NYU.EDU (greg ecker) Date: Mon, 12 Sep 94 09:04:32 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) In-Reply-To: <199409091528.KAA28635@zoom.bga.com> Message-ID: this mailing list has swayed far from it's original purpose. "cypherpunks" ? sounds more like daytime t.v. to me. From sandfort at crl.com Mon Sep 12 09:10:15 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 12 Sep 94 09:10:15 PDT Subject: CRYPTO ANARCHY/SOCIAL BODY Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Doug Cutrell offered some well thought out speculations on the social consequences of "crypto anarchy" in an essay he just posted to the list. I would like to respond to a few of his comments. Doug wrote: ... it is imperative that cypherpunks,... consider carefully what social impact these changes may have.... cypherpunks should examine ways to influence the deployment and patterns of use of strong crypto tools in society, and not merely consider the construction of the tools alone.... With all due respect, I think this has already been done by most Cypherpunks. We have looked at societal trends, seen problems, posited strong crypto as the solution to some of those problems and examined the consequences of strong crypto solutions. No one is writing code just to write code. The Cypherpunks list has always been ideologically driven. Though Cypherpunks cover the political spectrum, they have put aside sectarian differences to work towards the narrow ideology of personal privacy. At the same time, we have always thought about crypto "side effects." ... man is a social animal. We are evolved to survive through cooperative interactions with each other.... There are universal properties of interaction which create the social body in these species, and in all human societies throughout history. These properties depend fundamentally on the publicly visible nature of most social interactions.... Well, here I must disagree. While there is no disputing that man is a social animal, I find the last claim untenable. There are numerous historical forms of cooperative interaction that do not depend--"fundamentally" or otherwise--on a "publicly visible" interaction (e.g., postal mediated relationships, private clubs and other private relationships and most aspects of the market). Individual social animals exist in a relationship to the social body deriving from the visibility of their actions to others. This *defines* individuality.... While this is an interesting concept of individuality, it doesn't jive with any definition I've ever heard. If you were the only person on the planet, you would be just as much an "individual" (perhaps MORE so) than you are with 5.5 billion other folks blocking your view of the parade. ... Strong crypto -- the tools of crypto anarchy -- represents a break in these primal functions upon which the social body is based.... it is not only a first for human societies, but a first for all of biological evolution.... nodes -- "individuals" -- may appear and disappear over extremely short time periods, as anonymous identities come and go. All nodes may have any number of unknowable links, or links which are unknowable by arbitrarily large sections of the net. Links may have new properties, such as asymmetry of identity. Individual nodes may "unknowably" represent (equate with) entire collections of other nodes. The point is that the social structure is altered along dimensions that have been constant since the dawn of the evolution of social animals. Here is the crux of the matter. Doug obviously believes that crypto anarchy represents a paradigm shift or quantum leap in human interaction. I don't think so. every one of the "unique" properties Doug claimed existed for crypto anarchy already exists in the non-crypto society. I won't (unless asked) enumerate such analogs, but I will give two "clues" as an exercise for the student: John Paul Jones and Delaware corporations. [1] This picture implies the development of something radically different than what we now think of as a social body. [2] It is far more complex, with new types of basic components and operations. [3] There is no reason to expect it to resemble any society in the history of man, or to bear any resemblance to any social body which has evolved to date... [1] Only if the picture is correct, which has not been shown. [2] Granted, it is more complex, but really "new components" has yet to be demonstrated. [3] I most heartily disagree. Humans are conservative; when they make progress, it usually looks like an extension of what went before. (Ever notice how the first autos looked like buggies? Why do computer graphic interfaces use "desk" and "folder" metaphors?) There is *every* reason to expect crypto anarchy will resemble historical social models. ... For my purposes, desirable changes would include an increased standard of living for all humans, increased communications ... undesirable changes would include ... Crypto anarchy is coming whether we like it or not. With it, your hopes and fears are much more in your hands then they have ever been before. I hope we all use our super powers for good rather than evil. In any event, the cat is out of the bag. ... it seems that a reasonable approach would be to conduct computer simulations of the spontaneous forms of self organization that occur in populations participating under various game-theoretic and economic models, when these populations have access to strong crypto.... In my opinion (offered without a shred of proof), (1) it ain't gonna happen, (2) wouldn't work even if it did happen. In closing, I want to thank Doug for refocusing discussion of social implications in such organized and thoughtful way. I want to reiterate, this is not something that Cypherpunks have not thought about and discussed before. Nevertheless, it is always good to go over old ground if it can be done in a reasoned and comprehensive manner. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Mon Sep 12 09:10:53 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 12 Sep 94 09:10:53 PDT Subject: PRIVACY REGULATIONS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Thanks to Chris Hibbert for the clarification of his (her?) police stop scenario. The first impression would have constituted very bad advice for dealing with your friend, the policeman. In his second message, Chris wrote: ... you do have to give a name (and probably an address) when the police ask. Of course, it might be added that you have to give a *correct* name, address and whatever. In common law countries, such as the US and UK, this requirement might not be as unequivocal as one might think. What name would "John Wayne" (or "Bill Clinton" for that matter) have to give? Neither was born with those names. What if Paul Stubens(?) hadn't volunteered that he was "Pee Wee Herman" when he got busted for lewd conduct? Maybe he'd still be on TV in his Playhouse. ... When they do have probable cause, they can insist that you cooperate or allow a search. And if you don't cooperate, they can arrest you. "Probably cause" is not required for a police officers to make what is called a "field stop." The criterion for a field stop is "reasonable suspicion." During a field stop, an officer can hold on to you only as long as it takes to determine if there is probable cause to believe you have committed a crime (this could include checking to see if you have any wants or warrants). Incidental to the field stop, the officer is allowed to do a gross pat-down search of you and anything you are wearing or carrying. The purpose of this pat-down is solely to determine if you have weapons that would endanger the officer. They can't, for example, look inside an envelope (which might contain drugs), because it could not reasonably be expected to conceal a weapon such as a knife or gun. ... If you assume they always have the right to insist, you will spend more time talking to cops than you have to, and will let them dig deeper than they have a right to. The longer they poke around the better the chances they'll find something you thought of as innocent that they think is suspicious.... Amen, to that. When a cop asks if he can look in the trunk of your car, or take a look around your apartment, you can say "I'd rather not," and ask if you're free to go. **Remember that they have a gun** and the right to use it in some situations. Be polite. They'll let you know if they're insisting on your cooperation. Physical resistance is a very bad idea. But there's no need to let them look if they don't insist, and they are prohibiting from insisting if they don't have a legally justifiable reason. Dittos. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From sandfort at crl.com Mon Sep 12 09:11:42 1994 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 12 Sep 94 09:11:42 PDT Subject: CONTROL FREAKS Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Samuel Kaplin responded to Duncan's assertion that markets have ways of dealing with uncertainty, by writing: The main assumption here is that the populous and the markets realize that they are in a totalitarian state. We in the U.S. are evolving closer and closer to this and most seem not to see it, and if they do, not to care about it. I think this misses Duncan's point. Neither the populace nor the market (the economic interactions of the populace) need to realize they are in a totalitarian state, to take appropriate action. What the market does "know" is how to shift capital from lesser to more remunerative investments. This is a homeostatic flow just like water seeking its own level. The senario that I see, is [1] the borders being closed.... [2] All of the firearms and weapons being removed from private hands.... [3] The U.S. economy being isolated from the rest of the world.... Once your economy is isolated from the rest of the worlds who cares what a dollar is worth.... [1] If they stopped foreign businesspeople and tourists, the economy suffers. Without Mexican "guest workers" the price of agricultural products go through the ceiling. The US can afford to close its boarders. [2] I'm a gun nut; I know gun nuts. If you want to see a civil war, just try to remove the *200 million* guns from private hands. Gun ownership is *growing* not declining. These folks are *serious* about keeping their weapons. Contrary to popular belief, most cops strongly support the rights of civilians to keep and bear arms. Who are you going to get to grab the guns? [3] The US economy is broad, but not that broad. Without world trade (especially for petroleum) we would grind to a halt. In the meantime, the billions of people who depend on food grown in America would not quietly lay down and starve. The government can, of course, call a dollar whatever it wants. The more unrealistic the assessment, however, the faster black markets will bloom in the "alternative economy." S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From hughes at ah.com Mon Sep 12 09:28:16 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 12 Sep 94 09:28:16 PDT Subject: Introduction- Telephone In-Reply-To: Message-ID: <9409121550.AA07793@ah.com> When you have an untappable wire between the sender and recipient, then traffic analysis is impossible (and crypto unnecessary). Yet you can create an untappable wire with cryptography! The device in question is called a link encryptor. Take a stream cipher and run it continuously across the channel in question. Pad the asynchronous traffic when it's not flowing and add some synchronization to both the stream and the data insertion. You can tap the physical line still, but the interceptions reveal zero information (computationally--the stream cipher _is_ keyed, after all). A good project would be virtual link encryptors for the Internet. Eric From hughes at ah.com Mon Sep 12 09:29:11 1994 From: hughes at ah.com (Eric Hughes) Date: Mon, 12 Sep 94 09:29:11 PDT Subject: the usual suspects In-Reply-To: <199409121517.AA13900@panix.com> Message-ID: <9409121551.AA07804@ah.com> John Droge (?) John Droge is the product manager for Mykotronx in charge of Clipper products. Eric From nobody at shell.portal.com Mon Sep 12 09:42:59 1994 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 12 Sep 94 09:42:59 PDT Subject: Cyphernomicon - Critical Acclaim! Message-ID: <199409121642.JAA15317@jobe.shell.portal.com> Critical Acclaim for the Cyphernomicon ! ---------------------------------------- "My dusty old tomes were showing their age, but the Cyphernomicon has given me a new lease on life. It's going to be fun!" - Old Ned "I think he's trying to confuse us. Don't believe a word he says." Fission Chips "Enlightening." - The King in Yellow "I liked the part about trust." - Ronald Reagan "Now I understand why Lucy always yanked the football away from me." Charlie Brown "I fear for T. C. May's soul." - Jerry Falwell "What a stupid jerk I've been!" - Ollie North "It's nothing but words. No swords, horsemen, or foot soldiers. He doesn't scare me!" - Attilla the Hun "Stay tuned for the blueprint of the next century. But first, Page Two ..." - Paul Harvey "This is a terrible document! I detest it ... and I'm printing a copy for all my friends." - Rush Limbaugh "I am recommending that we ban public use of assault keys, and that only appropriate Federal agencies be allowed to use them." - Janet Reno "I resent his appropriation of the term 'BlackNet'!" - Jesse Jackson "It's nothing really. I've communicated with pseudonyms for years." Miss Manners "That's how we _should_ have done our real estate deals!" Hillary Rodham Clinton "Here are the top ten reasons why you should read the Cyphernomicon ..." David Letterman "What a lucrative market Mr. May has shown! Nobody will ever know how much this means to me." - Bill Gates "He made it all perfectly clear, except perhaps the chapter on anonymity and remailers." - Richard Nixon "If I had had this book, they would be naming high schools after me." Richard Nixon "What, me worry?" - Alfred E. Neuman "Pull my thumb ... if you can find it! Heh heh heh." - Beavis & Butthead From jamesd at netcom.com Mon Sep 12 10:26:17 1994 From: jamesd at netcom.com (James A. Donald) Date: Mon, 12 Sep 94 10:26:17 PDT Subject: Crypto Anarchy and the Social Body (Meta Strong Crypto) In-Reply-To: Message-ID: <199409121725.KAA02972@netcom8.netcom.com> Doug Cutrell writes > CRYPTO ANARCHY AND THE SOCIAL BODY (META STRONG CRYPTO) > .... > > THE SOCIAL ORGANISM The social organism does not exist. If it did exist, and was an organism then it would have goals and purposes. If it had goals and purposes, then these goals would probably be best served by prohibiting strong crypto, encouraging children to rat on their parents, teaching a uniform ideology in compulsory public schools, and forcibly dissolving families and other private bonds and relationships. > Strong crypto -- the tools of crypto anarchy -- represents a break in these > primal functions upon which the social body is based. So why does the number one chimp spend a lot of time hanging out in private with the number two chimp? Why do male dolphins go off in groups of two and three and do syncronized swimming games together? The significance of strong crypto is that it allows us to interact privately with the whole world, not that it allows us to interact privately. It allows us to interact privately on a large enough scale to sustain a modern business and a modern economy. We have always been able to interact privately for a subsistence economy, which is why medieval tax rates were so low. (There is considerable disagreement as to what medieval tax rates were, and it is difficult to distinguish between irregular robbery, which was sometimes large, and regular taxes which were alway low, but the large number of peasants required to support one man at arms, indicates a modest tax rate) It is impossible to predict what the outcome of crypto anarchy will be because, as Hayek has pointed out, it is impossible to predict the consequences of freedom. The weakening of central control will probably mean that some aspects of medieval and dark age society will recur, but at a vastly higher standard of living and literacy. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd at netcom.com From tcmay at netcom.com Mon Sep 12 10:40:09 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 12 Sep 94 10:40:09 PDT Subject: CONTROL FREAKS (nee, AIDs testing and privacy) In-Reply-To: Message-ID: <199409121712.KAA20734@netcom16.netcom.com> > > this mailing list has swayed far from it's original purpose. > "cypherpunks" ? sounds more like daytime t.v. to me. > I was busy last week, so did anyone tape Oprah's episode on crypto? Sally Jesse Raphael is doing "The Dining Transexual Cryptographers Problem" and Montel Williams is doing "Men who love women who love PGP." It's so exciting to see crypto enter the mainstream. Me, I can't wait for next month's Barbara Walters interview with Dorothy Denning! --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Mon Sep 12 10:43:21 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 12 Sep 94 10:43:21 PDT Subject: Running PGP on Netcom (and Similar) In-Reply-To: <199409121057.AA01026@xs1.xs4all.nl> Message-ID: <199409121657.JAA18367@netcom16.netcom.com> Alex de Joode writes: ... > : had logs of keystrokes entered, which strikes me as something they > : would probably have--we really need a "zero knowledge" kind of > : "reach-back" for remotely-run PGP.) > > Would a "challange response" type of verification do the "trick", ie > is it secure enough for passphrase monitering ? Well, I iused the "reach-back" term in a vague way, to suggest an avenue...it may not be the correct term. We need a system where a user, Alice, computes *something different every time*...a conventional "challenge-response" is not good enough, as anyone monitoring the line or having access to the logs can then impersonate Alice. Zero knowledge interactive proof systems offer such a thing...in fact, password schemes are one of the applications that have been written about. Maybe in PGP 4.0.... --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From hayden at krypton.mankato.msus.edu Mon Sep 12 11:09:55 1994 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 12 Sep 94 11:09:55 PDT Subject: "Packet Sniffers" Message-ID: I know this is probably the wrong forum, but I also know that the quality of hte people here is ample to get my question answered. I am an undergraduate student at a state university in Minnesota. This summer as part of a long-term independent study I set up a Linux machine on the campus ethernet, get it assigned an IP, and then proceeded to do a practicum on system administration and information management. (This is also the same machine that briefly rand the digested version of the Cypherpunks mailing list). Following some departmental conflicts and (IMHO) illegal sanctions, the machine was shut down for some unspecified "security concerns". Essentially, it turns out, the computer science department didn't was this kind of independent project around. So I trundled across campus to another college, got the proper faculty behind me and submitted for the continuance of the project. After three weeks of jumping through the correct hoops and over the correct hurdles, there appears to be only one "concern" remaining. Some junior computer administrator has raised the concept of "packet sniffers" as being a suitable bar for my project (the machine is a 486/66 Linux machine). Unfortunately, I haven't a clue what exactly a "packet sniffer" is and am really not in a position to answer the arguments in even a semi-informed manner. Thus, I am posting here in the hope that one or more of you can take a moment to give me the lowdown on what these things are. Common sense seems to indicate that it is a piece of software or firmware that will display the contents of any packets that pass through the machine on its way to the correct destination. The specific setup would have the machine on a thinnet link in a lab with about 20 other PCs which are used primarily as word processors and terminals to the campus VAX or UNIX machines. The specific upstream setup is unknown, but I assume there is some kind of a line to a router upstream, eventually winding its way into the real world. It seems to me that a packet sniffer on the lowest link of the network wouldn't be able to look at those packets passing upstream because the router would never pass them down, but I could be just plain wrong and thats why I'm asking for some clarification. Thanks for your help. Sorry if this seems confusing. ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ -=-=-=-=- <=> -=-=-=-=- \/ / Finger for Geek Code Info <=> I do not necessarily speak for the \/ Finger for PGP Public Key <=> City of Mankato or anyone else -=-=-=-=-=-=-=- (GEEK CODE 2.1) GJ/CM d- H-- s-:++>s-:+ g+ p? au+ a- w++ v* C++(++++) UL++++$ P+>++ L++$ 3- E---- N+++ K+++ W M+ V-- -po+(---)>$ Y++ t+ 5+++ j R+++$ G- tv+ b+ D+ B--- e+>++(*) u** h* f r-->+++ !n y++** From tcmay at netcom.com Mon Sep 12 11:16:59 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 12 Sep 94 11:16:59 PDT Subject: How to Handle Corrections/Additions to Cyphernomicon Message-ID: <199409121732.KAA23467@netcom16.netcom.com> Thanks all for the responses to the Cyhernomicon. Some people have begun to send corrections, clarifications, elaborations, etc., and others have asked me what _form_ such points shold be made in, e.g., should they list the "16.3.1" section numbers, etc.? So here are some points: 1. By all means send corrections, etc., as I said in the docs (the Release Note). 2. Include a *fragment of text* you are responding to. This will allow me to grep for the fragment or keyword and thus make the changes. 3. The section numbers ("13.9.1") are *NOT* useful, as they change automatically everytime I rearrange material. (By the way, I only chose to number the stuff out to 3 levels..."MORE" will do it to any number of levels, or mix in bullets, stars, Roman numbers, etc.) 4. If you think some points ought to be publically discussed, use your judgement and, then, go ahead and do so. Obviously I didn't intend the FAQ as a static, undiscussable document. (There are themes in it that don't get enough discussion, and that need discussion.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From jamiel at sybase.com Mon Sep 12 11:17:26 1994 From: jamiel at sybase.com (Jamie Lawrence) Date: Mon, 12 Sep 94 11:17:26 PDT Subject: They Know How Many Letters You Send Message-ID: I stopped to get money at an ATM for my bank (Wells Fargo) this morning, and there were little flyers littering the area informing me that I can now purchase stamps there, just as easily as I can get money. There was no surcharge for the convienience. I instantly saw visions of new junkmail. "Since you are such an active user of the postal service, we'd like to offer you this wonderful automatic stamp licker for only..." And then I thought of that data building up somewhere, in a creaky database somewhere, and heard the dialog "Citizen IYTC804HI3 has purchased 845 stamps to date this year and isn't a registered home business owner. Red Flag." Maybe I'm getting cranky and paranoid in my old age. From adam at bwh.harvard.edu Mon Sep 12 11:47:10 1994 From: adam at bwh.harvard.edu (Adam Shostack) Date: Mon, 12 Sep 94 11:47:10 PDT Subject: "Packet Sniffers" In-Reply-To: Message-ID: <199409121847.OAA17194@arthur.bwh.harvard.edu> The way thinnet ethernet works, all machines on the net will probably see all packets going to/from any of them. If you have root access, you can look at all packets coming across the network. (You can do this with a PC or Mac as well.) The way telnet works has no encryption in it; the password you type gets sent across the network as you type it. This is barely even a secret anymore. Thats the technical side of it. What the junior admin type says is correct. You will be able to snarf the passwords of anyone who logs in over the local thinnet segment. My response to this is, so can anyone with a Mac or PC. There is code out there that will sniff passwords for you. (I've heard its in the public domain on PCs, but do not know.) The question is, what is your institution doing about this threat in general? Do they let people log in over the internet? If so, passwords have been stolen. Do they maintain full physical control of the wires between data centers? Does the institution have a policy for dealing with this? The problem seems to be the lack of a security policy to provide guidance in saying why your machine is different from all these other machines out there. If there is a solid difference, then maybe they should keep you out. But I'd guess that you are quite vulnerable to sniffing. I am no longer handing out copies of sniff.c. Track down the phrack. Some sample log output from esniff.c (part of phrack 45) >-- TCP/IP LOG -- TM: Mon Sep 12 14:41:15 -- > PATH: machine1(1625) => machine2(telnet) > STAT: Mon Sep 12 14:41:29, 39 pkts, 46 bytes [TH_FIN] > DATA: (255)(253)^C(255)(251)^X(255)(250)^X > : SUN-CMD(255)(240)(255)(253)^A(255)(252)^Aadam > : ********(127)^ (My password for local logins replaced with ***) Robert Hayden: | The specific setup would have the machine on a thinnet link in a lab with | about 20 other PCs which are used primarily as word processors and | terminals to the campus VAX or UNIX machines. The specific upstream | setup is unknown, but I assume there is some kind of a line to a router | upstream, eventually winding its way into the real world. | | It seems to me that a packet sniffer on the lowest link of the network | wouldn't be able to look at those packets passing upstream because the | router would never pass them down, but I could be just plain wrong and | thats why I'm asking for some clarification. From tcmay at netcom.com Mon Sep 12 11:48:00 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 12 Sep 94 11:48:00 PDT Subject: "The Book of Encyphered Names" Message-ID: <199409121806.LAA28195@netcom16.netcom.com> Somebody asked me what the name "Cyphernomicon" means, another said it was not at all an obscure reference. And another asked if I was claiming that encyption is in some way "evil." I merely borrowed the name from the original "Cyphernomicon," also called "The Book of Encyphered Names." It came to us early this century via the Black Russian anarchist Peter Krypotkin, who had obtained his copy from Sheik Ibn al-Taz Khallikak, the Pine Barrens Horror. It apparently originated in ancient Sumeria, where the cuneiform writing lent itself to encypherment, and spread from the gates of Ishtar to the back alleys of Damascus. A knock-off of it was done by the Mad Arab Al-hazred, and translated by John Dee (better known for his work with Kool John Dee and the Rappin' Cryps). The Cyphernomicon was apparently the basis for the crypto system used by King Solomon for his "Keys of Solomon" (Solomon-Strasser primality test). The original manuscript is on display in the Crypto Museum in Twenty-Nine Primes, California (a few miles from the NSA SIGINT post at Zzyzx). I got this information from my friend Klaus! von Future Prime. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From tcmay at netcom.com Mon Sep 12 12:28:23 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 12 Sep 94 12:28:23 PDT Subject: Cyphernomicon in compressed forms Message-ID: <199409121927.MAA29104@netcom4.netcom.com> I've put two versions of the FAQ up in compressed forms, labelled "compressed" and "gzipped" (with the .Z and .z suffixes). These can be handled in the normal way, with "uncompress" (at your end) and "gunzip" at your end (I'm not sure the trick of forcing the gunzip at my end will work, with the chmod bits I set...that's a reason I left it in uncompressed form). I'm doing this because someone said their VAX won't take files bigger than 1 MB. This may help, as the compressed files are around 450K each. But please don't ask me for other versions. In particular, I can't help the CompuServe users, etc. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From blancw at microsoft.com Mon Sep 12 13:00:28 1994 From: blancw at microsoft.com (Blanc Weber) Date: Mon, 12 Sep 94 13:00:28 PDT Subject: CONTROL FREAKS Message-ID: <9409122001.AA09412@netmail2.microsoft.com> >From 1) Samuel Kaplin & 2) Sandy Sandfort: The senario that I see, is [1] the borders being closed.... [2] All of the firearms and weapons being removed from private hands.... [3] The U.S. economy being isolated from the rest of the world.... [1] If they stopped foreign businesspeople and tourists, the economy suffers. Without Mexican "guest workers" the price of agricultural products go through the ceiling. The US can[not] afford to close its borders. [2] . . . Gun ownership is *growing* not declining. These folks are *serious* about keeping their weapons. . . . . [3] The US economy is broad, but not that broad. Without world trade (especially for petroleum) we would grind to a halt. . . . ...................................................................... ........... Although I can't see the US arriving at Samuel's scenario completely, neither can I prevent from seeing the threat which does rear its ugly head; the trend is towards the proposal & acceptance of more controls. It may not succeed 100%, but still there is an intervening time to consider during which the "legislators" attempt to accomplish just these things. 1) The suffering of the economy has not stopped the big G in the past from preventing "guest workers" or others from crossing the borders, or at least giving them & their US employers a hard time in the process. 2) Gun ownership may be increasing (among the "inner city youth" mostly, it appears sometimes), but nevertheless there are many other groups building up their campaigns against the possession of certain weapons and against "violence" per se. 3) There are always groups in govmt & private industry who wish for protection against the vicissitudes of world trade problems; if it were not for the efforts of those who constantly oppose them it is conceivable that the US could be closed to most areas of trade (even if only temporarily, until the pain becomes too great). It isn't conceivable that the US would ever become 100% isolated and totalitarian, but it is true that there are many people who would support such measures as would arrive at that stage eventually, if they could have their way. Sandy & others (including myself) may be able to reason that it wouldn't work to do such-and-such, because of the adverse consequences and because it wouldn't make economic sense, but it doesn't follow logically that the members of Congress & their supporters will also reason along the same lines. Unfortunately I am constantly reading in the news that just such restrictive, constraining ideas and interests are being proposed in Congress and applauded by private groups. I think that there may be a big tug-of-war between the growing contrasts in the political/philosophical inclinations of the citizenry of the US. The lines between them are becoming more clearly demarcated (to myself, anyway). (Oh - and of course, there will be a role in there, in between, for crypto, what with all the secret messages they will all want to send to each other.) Blanc From SAMUEL.KAPLIN at warehouse.mn.org Mon Sep 12 13:06:26 1994 From: SAMUEL.KAPLIN at warehouse.mn.org (SAMUEL KAPLIN) Date: Mon, 12 Sep 94 13:06:26 PDT Subject: Running PGP on Netcom Message-ID: <35D68629@warehouse.mn.org> Subject: Re: Running PGP on Netcom (an >> But keeping it on your home machine, the bad guys could break into your >> house, set up a keyboard monitoring program, and get it that way. Or if >> they wanted to, grab you and force you to reveal your key. It's highly doubtful that they could physically get to my computer without my knowledge. I service alarms for a living. I work for the company who monitors my alarm. I am the only person who knows the specs on my alarm. It would be pretty tough to conceal a court order to suspend the monitoring from me. Someone would tip me off. Plus the system will communicate with me via 2 other methods that no one knows about. Pretty doubtful. >> It's not black and white. There are degrees of security. I keep my >> encrypted secret key on dunx1, a UNIX box used by many other people. >> Anyone who has the ability to can either watch my keystrokes, probe throug >> memory to retrieve my key or message, or probably a few other things I >> haven't thought of. The benefit, though, of being able to decode messages >> as soon as I receive them, and being able to send encrypted messages when >> I'm not at home is major. For me at least, it's a fair trade-of I guess it depends on your level of paranoia or guilt. :) If I was just putzing around with the software, then I wouldn't be too concerned. If I was actually doing something illegal or confidential with the software then I would be greatly concerned. But under no circumstances would I consider that arrangement secure. If the cops nail this guy, he has no one to blame but himself. He hanged his own ass. >> There isn't anything I send right now that I would find particularly >> embarassing should it become public knowledge. If I did get into that >> situation, I'd probably create a second key pair for use only at home, and >> keep both in use. Then you have the possibility of people sending you secure messages on a compromised key. (The one on the Unix Box) In most cases, its not the technology that nails you, it's human error. Take for example the recent Tiffany's robbery. The police hadn't a clue who pulled it off. I heard statements of grudging praise from many members of the NYPD police department. It was very close to the perfect robbery. They received a tip from a citizen that someone was selling rings matching the description of the stolen merchandise on the street. They busted this individual and he sang. If they would have left the goods sit for a couple of years, they would have gotten away with it. Human stupidity compromised the whole operation. >> The bad guys will almost always be able to get your key. Even if they hav >> to get you to get it. The goal is to raise the difficulty such that they >> aren't willing to do it. This is probably true, but in most cases they won't have to take it from you. Somehow someone will screw up and hand it to them on a silver platter. Instead of John the Baptist's head, its yours! ;{ --BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.1 mQCNAy5pUekAAAEEAKrDj64Zj9AJU+gC7/Ivdk8b1ef6a1T9K5CGFeu1yFDSXLyD DLIdGunZR/4ilosLMxdlZcNqPwZ3HgxL+Gk3y2SwYfqKpeWExWPgb696lgzf2BRC tED15ZAwi3UDIkcouv2PBiDwPNUUmnLb5diDXdA3qtALb+XzlwpnimeWAf3FAAUT tCFTYW11ZWwgS2FwbGluIDwrMSAoNjEyKSA1MzAtNzMxNj6JAJUCBRAuaVLjQqfV nzRSzxkBAcXuA/47yIN+sltMyIRqCgUZz/gubdI6LUcpFsTcXsFWppROpAWFPJv0 J9z/UoP1kjJ+nrAAizuKuhmC5eg5OOxUE+tUgSPl6hAtu2xJYmKtCbQpxF0sG8ni 4e8I8Zsk5vcopO5Vub96CiVgPjI5vITCb32kcLKI1yyFaztbHdtOasUthg== =M8Dh --END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------------- Fido: Sam Kaplin 1:282/1018 | "...vidi vici veni" - Overheard Compuserve: 75240,131 | outside a Roman brothel. samuel.kaplin at warehouse.mn.org | 75240,131 at compuserve.com | Change is the only constant in the For confidential communications use PGP | Universe..."Four quarters, please." ----------------------------------------------------------------------------- =========================================================================== Processed by WILDUUCP! v1.00 for WILDCAT! =========================================================================== From macorp!moonlight!ken at uu4.psi.com Mon Sep 12 14:46:21 1994 From: macorp!moonlight!ken at uu4.psi.com (Ken Landaiche) Date: Mon, 12 Sep 94 14:46:21 PDT Subject: E.C.T. Message-ID: <9408310233.AA02707@moonlight.noname> First, I like the idea of running important social engineering experiments, like ECT, in cyber-simulations. It gives pretty realistic feedback. But Second, I worry about discovering clever ways to "charge" the play money for general internet services. This will condition people to accept paying in all kinds of novel ways for services that were once freely available. After that, the folks who are trying to figure out how to charge for internet use the way phone companies charge will find little resistance from the net users. Ken From macorp!moonlight!ken at uu4.psi.com Mon Sep 12 15:46:00 1994 From: macorp!moonlight!ken at uu4.psi.com (Ken Landaiche) Date: Mon, 12 Sep 94 15:46:00 PDT Subject: reputation credit 1-3 Message-ID: <9408310328.AA02830@moonlight.noname> In my varied experience with performance appraisals, I have found that one person's "respect 50%" is another person's "respect 90%". Collecting reputation endorsements from many people would have to include this wide margin of error. In practice, when the reputation system reached critical mass, it would develop a norm for how much to trust the average respect number. In fact, the stabilization of this reputation norm is one criterion for reaching the critical mass. Ken From schirado at lab.cc.wmich.edu Mon Sep 12 16:44:11 1994 From: schirado at lab.cc.wmich.edu (No Taxes through No Government) Date: Mon, 12 Sep 94 16:44:11 PDT Subject: PRIVACY REGULATIONS Message-ID: <199409122343.TAA17729@grog.lab.cc.wmich.edu> Yes, physical resistance to authority is, more often than not, a bad idea, and hopefully most of us know why (even if you're right and even if you're being attacked, they're not above planting a gun/drugs/other thing on you to justify beating/killing you). But the Supreme Court has said, most emphatically, that there is no "requirement to identify oneself", regardless of whether an officer has probable cause to stop and question the individual. Brown v. Texas, 443 US 47 (1979). I'd repost the relevant excerpts from this great case again if I hadn't already posted it so many times to so many different fora. Suffice it to say, regardless of whatever else may be at issue, the "ruling establishment" (i.e., the highest legal authority in the country) has stated that there is no requirement to identify oneself. Just had to get that off my chest. We now return you to our regularly scheduled stuff. From pcw at access.digex.net Mon Sep 12 17:06:12 1994 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 12 Sep 94 17:06:12 PDT Subject: "The Book of Encyphered Names" Message-ID: <199409130004.AA22368@access3.digex.net> >Somebody asked me what the name "Cyphernomicon" means, another said it >was not at all an obscure reference. And another asked if I was >claiming that encyption is in some way "evil." > >I merely borrowed the name from the original "Cyphernomicon," also >called "The Book of Encyphered Names." It came to us early this >century via the Black Russian anarchist Peter Krypotkin, who had >obtained his copy from Sheik Ibn al-Taz Khallikak, the Pine Barrens >Horror. This book can't exist because Arthur Clarke proved that the world would end when all "Nine Billion Names of God" were listed. Of course, he didn't deal with the technical point of what would happen if they were encrypted. If the nine billion names were merely a list of all possible combinations of a certain length of a certain alphabet, then the encrypted list should be equal to the regular list if the encryption carries the set in an arc that is one-to-one and onto itself. I.e. automorphic. But I seem to remember that the monks in the list had certain rules about the combinations of their letter. That would make it still a very interesting question of what would happen if the 9 billion names came out encrypted. If no one knew the key, then the world is still safe. But what if one guy knows the key? What if that guy is a mute? What if he's merely an obstreperous hermit? What if he sets out to decrypt the list for his own personal communion with G*d? (Is my email listing the common "G*d" bringing us one step closer to glory or one step closer to destruction?) What if he has access to the neat Cray/SRC machine about which I carried on so intently? So many questions! (?) From tcmay at netcom.com Mon Sep 12 19:22:01 1994 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 12 Sep 94 19:22:01 PDT Subject: Distribution of FAQ to CompuServe, American Online, etc. Message-ID: <199409130205.TAA20370@netcom16.netcom.com> I've had two messages this afternoon asking if people could/should post the Cyhernomicon on AOL and CompuServe. I replied in a negative way to each request, but maybe I need to explain further. My "Crypto Anarchist Manifesto" has been spread to many boards. Which is good, I guess. What's not good in this electronic age is dealing with the dozen or so messages I get in most weeks asking questions, challenging the assumptions, requestiing explanations of terms like "MIPS" and "ISDN," etc. ("Like, dewd, anarchy is like cool..heh heh heh" or "I'm writing a paper for my Poli Sci class and I have some questions...") I just don't have the time to do this kind of "outreach." Some of them I tell about the Cypherpunks list--some of you may've joined via this sort of thing--but others I just thank, telling them I can't engage in a letter-writing process with them. Back to CompuServe and AOL. The FAQ I wrote has a lot of Cypherpunks-centric material in it, and is not intended as an "outreach" document (as, say, some short libertarian books by Hazlitt and Karl Hess were intended to be). I don't even plan to announce it on Usenet, so announcing it on CompuServe, AOL, etc., seems like a bad idea. On the other hand, putting it on these services and then announcing it only to Cypherpunks is OK...just another distribution channel. But don't advertise it to non-Cypherpunks, for these reasons. I just can't handle the questions that would arise. I hope you all can understand this. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From schneier at chinet.chinet.com Mon Sep 12 21:18:26 1994 From: schneier at chinet.chinet.com (Bruce Schneier) Date: Mon, 12 Sep 94 21:18:26 PDT Subject: RC4 Message-ID: I've been out of e-mail range for a while, so some of sci.crypt has fallen off the back end of my host. And I don't read the full Cypherpunks feed. So some of these may be dumb questions, but they're mine and I would like them answered. Does anyone know if this is really RC4? Has anyone compiled it to see if it will run? Has anyone tried to use it to decrypt messages encrypted with some commercial RC4 program? I see that it has been posted anonymously. Was it posted to Cypherpunks only, or did it also get on sci.crypt? If not, did someone from Cypherpunks, anonymously or not, crosspost it to sci.crypt? Has there been any reaction from anybody? RSADS? NSA? NIST? I just sent a copy of Bidzos asking for comment. This seems to be a REALLY GOOD THING, but I would like some verification that it is not a hoax. Inquiring minds want to know. Bruce From cjl at welchlink.welch.jhu.edu Mon Sep 12 21:21:21 1994 From: cjl at welchlink.welch.jhu.edu (cjl) Date: Mon, 12 Sep 94 21:21:21 PDT Subject: CEB September 11, 1994 issue 2 In-Reply-To: <9409120434.AA27988@toad.com> Message-ID: On Sun, 11 Sep 1994, Gary Jeffers wrote: > > CYPHER-REBELS ELECTRONIC BOOK (CEB) SEPTEMBER 11, 1994 > ISSUE 2 > Publisher Gary Lee Jeffers > ccgary at mizzou1.missouri.edu > > > > CCCCCCCCCC YYYY YYYY PPPPPP HH HH EEEEEEE RRRRRRRRR > CCCCCCCCCC YY YY PP PP HH HH EEEEEEE RRRRRRRRR > CCC YY YY PP PP HH HH EE RR RR > CCC YY YY PPPPPP HHHHHHHH EE RR RR > CCC YYY PP HHHHHHHH EEEEEEE RR RR > CCC YYY PP HH HH EEEEEEE RRRRRRRR > CCC YYY PP HH HH EE RRRRRRR > CCC YYY PP HH HH EE RRRRRR > CCCCCCCCCC YYY PP HH HH EE RR RR > CCCCCCCCCCC YYY PP HH HH EEEEEEE RR RR > PP HH HH EEEEEEE RR RR > RRRRRRRRRRR RR RR > RRRRRRRRRRRRRR EEEEEEEEE > RRRRRRRRRRR EEEEEEEEEEE BBBBBBBB EEEEEEEEEE SSSSSSS > RRRRRRRR EEEEEEEEE BBBBBBBBBBB EE EEEEEEE SSSSSSSSS > RR RRRR EEEEEEEEEE BBBBBBBBBB EEEEEEE SSSSSSSSS > RRR RRRR EEEEEEEE BBBBBBBB EEEEEEE SSSSSSSS > RRR RRRRR EEEEEE BBBBBB EEEEEEEE SSSSSSSSS > RRRRRRRRRRRRRR EEEEEEE BBB EEEEEEEEEEE SSSSSSSSSS > RRRRRRRRRRRRRR EEEEEEEEEE BB EEEEEEEEEEE SSSSSSS > RRRRRRR RRRR EEEEEEEEEE BBB EEEEEEEEEEEEEE SSSSSSSSSSSSS > RRR RRRRR EEEEEEEEEEEE BBBBB EEEEEEEEEEEEEEE SSSSSSSSSSSS > RRRRR RR EEEEEEEE BBBBBBB EEEEEEEEE SSSSSSSSSS > RR RRRRR EEEEEE BBBBBBBBB EEEEEEE SSSSSSSSSS > RR RRRRR EEEEEE BBBBBBBBB EEEEEEE SSSSSSSSSS > RRR RRRRRR EEEEEEEEEEE BBBBBBBB EEEEEEEEEEEE SSSSSSSSSSS > RRRR RRRRRRR EEEEEEEEEEEEE BBBBBBB EEEEEEEEEEEEE SSSSSSSSSSSS > CYPHER REBES ???? I have heard of Coptic Christians but Cryptic Jews is a new one on me. Maybe this has something to do with the "Keys of Solomon" that tcmay aka Klaus was talking about. :-) C. J. Leonard ( / "DNA is groovy" \ / - Watson & Crick / \ <-- major groove ( \ Finger for public key \ ) Strong-arm for secret key / <-- minor groove Thumb-screws for pass-phrase / ) From mpj at csn.org Mon Sep 12 21:37:58 1994 From: mpj at csn.org (Michael Johnson) Date: Mon, 12 Sep 94 21:37:58 PDT Subject: Boulder, Colorado RMIUG Crypto-Fest 9/13 6:30pm Message-ID: -----BEGIN PGP SIGNED MESSAGE----- What: Rocky Mountain Internet User's Group (RMIUG) Crypto-Fest When: Tuesday 13 September 1994 7:00pm-9:00pm, cookies at 6:30pm Where: NCAR (West end of Table Mesa Drive), Boulder, COLORADO Who: Philip Dubois (Philip Zimmermann's lawyer and a very nice guy) and Mike Johnson (alledged crypto expert, designer of the Diamond Encryption Algorithm, PGP beta tester, and PGP user). Sorry, Philip Zimmermann had a change of plans and will be at a conference in Atlanta. The show must go on! RMIUG "Crypto-Fest" A users approach to encryption with PGP (Pretty Good Privacy): I. A Very Short History of Cryptography A. Single Key Systems B. Two Key Systems (Public Key Cryptography) C. Hash Functions (MD4, MD4, SHA) D. What can be done with encryption? II. Current crypto applications III. PGP Building Blocks A. Public Key Algorithm (RSA) B. Hash function (MD5) C. Symmetric Key Algorithm (IDEA) D. Compression engine (Info-ZIP) E. ASCII armor engine F. Key database G. File formats IV. What can PGP do? What are its advantages? A. Privacy B. Authentication with nonrepudiation C. Compression (ZIP) D. ASCII armor C. Distributed Key Management (the Web of Trust) D. Inter-platform compatibility E. Wide availability F. Source code available (except for Viacrypt Digi-Sig) G. Ease of use (best around, but could be better) V. Who uses PGP? What do they use it for? VI. How do you use PGP? Read the fine manual. 2 books coming. A. Getting PGP B. Installing PGP C. Generate your key D. Distribute your public key E. Add keys from your correspondents E. Signing messages F. Encrypting messages (public key method) G. Conventional encryption pgp -c VII. History/development of PGP & Legal Issues A. Why did Philip Zimmermann write pgp? B. Legal Issues C. Version History VIII. What's happening now? A. Legal Actions & Status B. Political Action C. Future Development Plans There will be opportunities to ask questions of the two panelists during and after the presentation. ___________________________________________________________ | | |\ /| | | Michael Paul Johnson Colorado Catacombs BBS 303-772-1062 | | \/ |o| | PO Box 1151, Longmont CO 80502-1151 USA Jesus is alive! | | | | / _ | mpj at csn.org aka mpj at netcom.com m.p.johnson at ieee.org | | |||/ /_\ | ftp://ftp.csn.net/mpj/README.MPJ CIS: 71331,2332 | | |||\ ( | ftp://ftp.netcom.com/pub/mpj/README.MPJ -. --- ----- ....| | ||| \ \_/ | PGPprint=F2 5E A1 C1 A6 CF EF 71 12 1F 91 92 6A ED AE A9 | |___________________________________________________________| -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAgUBLnUoSPX0zg8FAL9FAQE6nAQAmWpomcfCcWslktsuRYPNotY8kJFOwiuL BUrh5L/UbCnM8L9Gh36CF2PGjrwuxDLhlySc70yhAGpBuMijWryTk0mPcJVKDoDm 6Z9v+L0Xs4Ql2kTshYpiJg5DlUd7CKsuREN0r07xJUMybudUXM8NLUG9YGvDz4CX tIGH4nlDAS4= =Qedh -----END PGP SIGNATURE----- From greg at ideath.goldenbear.com Mon Sep 12 21:45:55 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 12 Sep 94 21:45:55 PDT Subject: Distribution of FAQ to CompuServe, American Online, etc. In-Reply-To: <199409130205.TAA20370@netcom16.netcom.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > But don't advertise it to non-Cypherpunks, for these reasons. > I just can't handle the questions that would arise. > I hope you all can understand this. Hmm .. sounds like a good opportunity to spawn off a pseudonym. The Cyphernomicon can stand on its own two feet with respect to being useful - it's nice to know that Tim May wrote it, but it'd be interesting if some nobody did, also. Perhaps the next edition *should* be (apparently) published by some unknown nobody .. Klaus! von Future Prime, or some other fictional character who doesn't get (or need to reply to) E-mail. Important corrections or other comments can get sent to the list for general digestion and discussion. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLnUs2H3YhjZY3fMNAQHaUwP+Kse2MPMfSiPuf/qzR0sE1UeWsIyuO6Cs EAcr/DVTXptmrypGhbvcpHrIrDWb9/uIHI5bmWLRBL8zk/IUZHoTk27+yXDd4DEG dB7PL3QZoj4U16b3V2qYwKojv5Mm+MuKuJUb2trXCN07j/EkZzE1A52dPQPSLn09 1XDN6PgvCqs= =0Flc -----END PGP SIGNATURE----- From hfinney at shell.portal.com Mon Sep 12 23:05:45 1994 From: hfinney at shell.portal.com (Hal) Date: Mon, 12 Sep 94 23:05:45 PDT Subject: RC4 In-Reply-To: Message-ID: <199409130605.XAA24133@jobe.shell.portal.com> schneier at chinet.chinet.com (Bruce Schneier) writes: >Does anyone know if this is really RC4? Has anyone compiled it to see >if it will run? Has anyone tried to use it to decrypt messages encrypted >with some commercial RC4 program? I thought this posting was very interesting. RC4, as I understand it, is a secret-key algorithm from RSADSI which has been kept secret. I have no information about RC4 so I can't judge whether this is really it. A couple of comments, though. First, there was one obvious typo: xorIndex = state[x] + (state[y]) % 256; should clearly be xorIndex = (state[x] + state[y]) % 256; The second thing I notice is, this is a surprisingly simple algorithm. I say "surprising" for a couple of reasons. First, it seems like this algorithm would not have been difficult to deduce from disassembled object code. Of course, maybe that is where it came from. But it has been around for a number of years without this being published before. Also, this algorithm is not too different from some "naive" algorithms that get posted on sci.crypt from time to time. It basically makes a random (key-based) permutation of 0..255, then indexes into that table a couple of times, adds the results, and uses that as the final index, xor'ing the result with the plaintext. It gets complicated by a simple swap of the two index values, and the choice of the initial indexes is a matter of stepping; one steps by one and the other steps by the table value of the first index. Despite the simplicity, there are no obvious (to me) attacks. The one thing that I notice is that with known plaintext you can recover the table lookup values which are being xor'd. If you can find two identical xor values which are pretty close together, chances are the underlying final index (the sum of the two lookup values) is the same. But since it is a sum there are still a wide range of possible values which made up the sum. It's just really hard to pin things down. Without the swap you could probably do it with enough text, but that swap is constantly stirring the table at a low level, so by the time you had enough data to try to get a handle on the table structure, the table has changed. It's pretty clever. This raises the question about why it is secret. It is (hopefully!) not because the algorithm is weak when exposed. Presumably it is a matter of trade secrecy. Now that the algorithm is exposed (assuming this is the real thing) then this is an apparently unpatented secret-key cypher. Would it be possible for them to have a "backup" patent application that they could push through now? I recall some claims of a similar strategy with respect to Clipper. >I see that it has been posted anonymously. Was it posted to Cypherpunks >only, or did it also get on sci.crypt? If not, did someone from >Cypherpunks, anonymously or not, crosspost it to sci.crypt? I haven't seen it anywhere but here. We could probably get a lot more informed comment on sci.crypt. Maybe it will show up there eventually. >This seems to be a REALLY GOOD THING, but I would like some verification >that it is not a hoax. Yes, it will be interesting to see what comes of it. Hal Finney From ob at id.dtu.dk Tue Sep 13 00:14:24 1994 From: ob at id.dtu.dk (Oluf Bagger) Date: Tue, 13 Sep 94 00:14:24 PDT Subject: "Packet Sniffers" Message-ID: <199409130807.JAA04919@chip2.id.dtu.dk> You should tell the staff at your campuss that a Linux box is no greater threat than any of those PC's used for word processing. A packet sniffer can hide itself as a resident program on a doze box and collect data into a data file. Such a program can be installed by any user on the doze box or even spread as a virus. On a Linux box only root programs have access to the ethernet driver. Any packet sniffer programs can therefore only be installed by root. On a Linux box you only allow access to known users and you have log files stating when users have logged in and out. If the machine have been abused in some way you can trace the problem using the log files. Best Regards, Oluf -------------------------------------------------------------------- Oluf Bagger, Eurochip DTU. tlf: +45 4593 3332 lok. 5722 fax: +45 4593 0216 From schneier at chinet.chinet.com Tue Sep 13 00:21:24 1994 From: schneier at chinet.chinet.com (Bruce Schneier) Date: Tue, 13 Sep 94 00:21:24 PDT Subject: RC4 Message-ID: It occurs to me that if the code has not been posted to sci.crypt, then some cypherpunks reader outside the US/Canada should do so. Bruce From ianf at wiley.sydney.sgi.com Tue Sep 13 00:34:21 1994 From: ianf at wiley.sydney.sgi.com (Ian Farquhar) Date: Tue, 13 Sep 94 00:34:21 PDT Subject: RC4 In-Reply-To: Message-ID: <9409131731.ZM4418@wiley.sydney.sgi.com> On Sep 13, 2:00am, Bruce Schneier wrote: > It occurs to me that if the code has not been posted to sci.crypt, then > some cypherpunks reader outside the US/Canada should do so. As long as they never have any intention of visiting the USA... :) Ian. From HALVORK at sofus.hiof.no Tue Sep 13 00:35:54 1994 From: HALVORK at sofus.hiof.no (HALVORK at sofus.hiof.no) Date: Tue, 13 Sep 94 00:35:54 PDT Subject: RC4 Message-ID: <5C425D27B7@sofus.hiof.no> >It occurs to me that if the code has not been posted to sci.crypt, then >some cypherpunks reader outside the US/Canada should do so. > >Bruce Ops... I never saw this original posting. Could somebody please re-post it? Please include RC4 in the Subject. - Halvor Kise jr. (from Norway ( From ianf at wiley.sydney.sgi.com Tue Sep 13 01:17:21 1994 From: ianf at wiley.sydney.sgi.com (Ian Farquhar) Date: Tue, 13 Sep 94 01:17:21 PDT Subject: "Packet Sniffers" In-Reply-To: <199409121847.OAA17194@arthur.bwh.harvard.edu> Message-ID: <9409131812.ZM11343@wiley.sydney.sgi.com> On Sep 12, 2:47pm, Adam Shostack wrote: > The way thinnet ethernet works, all machines on the net will > probably see all packets going to/from any of them. All machine on the same PHYSICAL network will. If the university is worried about password sniffing, they should put the machine on a bridged ethernet segment. If they're really concerned, give them their own subnet and apply an appropriate routing policy. This is not difficult. > The way telnet works has no > encryption in it; the password you type gets sent across the network > as you type it. This is barely even a secret anymore. It never was a secret. Ian. From trollins at tis.telos.com Tue Sep 13 05:57:56 1994 From: trollins at tis.telos.com (Tom Rollins) Date: Tue, 13 Sep 94 05:57:56 PDT Subject: RC4 Source Code Message-ID: <199409131253.IAA10859@tis.telos.com> Hello, Strange, I didn't see the RC4 code at my site. Would someone that saved it please E-mail me a copy. Thanks, Tom Rollins From snyderra at dunx1.ocs.drexel.edu Tue Sep 13 06:18:33 1994 From: snyderra at dunx1.ocs.drexel.edu (Bob Snyder) Date: Tue, 13 Sep 94 06:18:33 PDT Subject: PGP on Multiuser machines Message-ID: At 4:25 PM 9/12/94, SAMUEL KAPLIN wrote: >It's highly doubtful that they could physically get to my computer without >my knowledge. I service alarms for a living. I work for the company who >monitors my alarm. I am the only person who knows the specs on my alarm. It >would be pretty tough to conceal a court order to suspend the monitoring >from me. Someone would tip me off. Plus the system will communicate with >me via 2 other methods that no one knows about. Pretty doubtful. But they *could*. It would involve a lot of work, but theoretically, they could, right? That still puts it in the catagory of "trade off." Besides, I suspect your situation isn't a common one. ;-) >I guess it depends on your level of paranoia or guilt. :) If I was just >putzing around with the software, then I wouldn't be too concerned. If I >was actually doing something illegal or confidential with the software >then I would be greatly concerned. But under no circumstances would I >consider that arrangement secure. If the cops nail this guy, he has no one >to blame but himself. He hanged his own ass. I don't consider myself "putzing" around with the software. Besides the fact that the more encrypted messages are out there, the less "suspicious" one becomes, I send things like credit card numbers and the like via email. Nothing that would embarass me, but not something I like to have floating around. >Then you have the possibility of people sending you secure messages on a >compromised key. (The one on the Unix Box) In most cases, its not the >technology that nails you, it's human error. Take for example the recent Good point. Although I would hope that if I were doing something nefarious, I would have smarter partners than that. :-) Bob -- Bob Snyder N2KGO MIME, PGP, RIPEM mail accepted snyderra at post.drexel.edu PGP & RIPEM keys on key servers When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. From schneier at chinet.chinet.com Tue Sep 13 07:15:56 1994 From: schneier at chinet.chinet.com (Bruce Schneier) Date: Tue, 13 Sep 94 07:15:56 PDT Subject: RC4 In-Reply-To: <5C425D27B7@sofus.hiof.no> Message-ID: > > > >It occurs to me that if the code has not been posted to sci.crypt, then > >some cypherpunks reader outside the US/Canada should do so. > > > >Bruce > > Ops... > I never saw this original posting. Could somebody please re-post it? > Please include RC4 in the Subject. > > - Halvor Kise jr. > (from Norway ( > Ah. So the odd subject line resulted in many people not seeing. I don't know if any US residents would be willing to repost. I'm not. Bruce From Derek_L_Davis at ccm.ch.intel.com Tue Sep 13 07:21:21 1994 From: Derek_L_Davis at ccm.ch.intel.com (Derek L Davis) Date: Tue, 13 Sep 94 07:21:21 PDT Subject: RC4 Message-ID: <940913072102_1@ccm.hf.intel.com> Text item: Text_1 I didn't see the RC4 post either (subject didn't catch my eye) and now its gone. Anyone care to repost?? From rparratt at london.micrognosis.com Tue Sep 13 07:32:07 1994 From: rparratt at london.micrognosis.com (Richard Parratt) Date: Tue, 13 Sep 94 07:32:07 PDT Subject: PGP2.6.1 Message-ID: <9409131431.AA15354@pero> ----- Begin Included Message ----- From sommerfeld at orchard.medford.ma.us Tue Sep 13 08:13:32 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Tue, 13 Sep 94 08:13:32 PDT Subject: alleged-RC4 In-Reply-To: <199409130605.XAA24133@jobe.shell.portal.com> Message-ID: <199409131449.KAA00544@orchard.medford.ma.us> Since I haven't seen a statement by anyone who I would believe that this is, in fact, RC4, I'm calling it "Alleged-RC4".. Actually, all the %256 operations in the code are superfluous on 8-bit-byte platforms since the indices are declared as `unsigned char'. There are two interesting features in this alleged-RC4 which clearly put it above the typical xor-based homebrew cypher.. 1) the "pad" is maintained as a permutation of 0..255, so the output should always have a close-to-uniform distribution of output values. 2) the operations which stir the "pad" all have two counters: one (x) which increments by 1 each time, and one (t) which moves in a way dependant on the "pad" values. The x counter guarantees that all bytes in the pad get shuffled with roughly equal frequency, so you're less likely to get stuck in a shorter-length cycle. The y counter moves in a "chaotic" data-dependant way, and each slot in the pad affects its stepping in turn. Probably the only potential weakness I can see is that the `x' and `y' counters are always initialized to zero when starting off; this means that an attacker can almost always know the `x' value used to encrypt each byte of cyphertext they find. I can't see any way to exploit this, though. It would seem that you could (slightly) strengthen the cipher by starting with x=state[0] and y=state[1], then cranking the key generation loop for two more iterations.. The fact that the NSA allows export of this cipher (albeit with keys limited to 40 bits) is interesting.. unlike DES, the alleged-RC4's key setup does not appear to be particularly parallelizeable. A fully-pipelined alleged-RC4 key breaker would require 256 stages of key setup followed by n stages of "encryption" (with ~2k bits of state per stage). This is significantly more complex than the 16-stage pipeline with ~128 bits of state per stage in the pipelined DES-breaker. - Bill From doug at OpenMind.com Tue Sep 13 08:40:13 1994 From: doug at OpenMind.com (Doug Cutrell) Date: Tue, 13 Sep 94 08:40:13 PDT Subject: RC4 Message-ID: >Ah. So the odd subject line resulted in many people not seeing. I don't >know if any US residents would be willing to repost. I'm not. > >Bruce Would you be willing to post simply the subject line and the date of the posting? Many of us may be able to find the post with that information. Doug From sommerfeld at orchard.medford.ma.us Tue Sep 13 08:42:14 1994 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Tue, 13 Sep 94 08:42:14 PDT Subject: Alleged RC4 source code (message header only) Message-ID: <199409131532.LAA00655@orchard.medford.ma.us> In case any of you had filtered this one out based purely on sender and subject, I've enclosed the *headers* of the message and its first paragraph. The message also contained two source files, "rc4.h" and "rc4.c", implementing a stream cypher which is based on incremental shuffling of a permutation of the numbers 0..255, and seems to be fairly well-suited for efficient implementation in software. For obvious reasons, I'm not including the source files here. ------ Date: Fri, 9 Sep 1994 22:11:49 -0500 Message-Id: <199409100311.WAA12423 at jpunix.com> To: cypherpunks at toad.com From: nobody at jpunix.com Subject: Thank you Bob Anderson Remailed-By: remailer at jpunix.com Complaints-To: postmaster at jpunix.com Sender: owner-cypherpunks at toad.com Precedence: bulk SUBJECT: RC4 Source Code I've tested this. It is compatible with the RC4 object module that comes in the various RSA toolkits. ------ From perry at imsi.com Tue Sep 13 08:55:14 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 13 Sep 94 08:55:14 PDT Subject: RC4 In-Reply-To: Message-ID: <9409131554.AA01795@snark.imsi.com> Doug Cutrell says: > >Ah. So the odd subject line resulted in many people not seeing. I don't > >know if any US residents would be willing to repost. I'm not. > > Would you be willing to post simply the subject line and the date of the > posting? Many of us may be able to find the post with that information. Here are the important headers: Date: Fri, 9 Sep 1994 22:11:49 -0500 Message-Id: <199409100311.WAA12423 at jpunix.com> To: cypherpunks at toad.com From: nobody at jpunix.com Subject: Thank you Bob Anderson From Derek_L_Davis at ccm.ch.intel.com Tue Sep 13 09:31:35 1994 From: Derek_L_Davis at ccm.ch.intel.com (Davis, Derek L) Date: Tue, 13 Sep 94 09:31:35 PDT Subject: RC4 Message-ID: <9408137794.AA779473631@fmsmt13.intel.com> The RC4 post was subjected: "Thanks to Bill ..." (I think) My copy is gone, but someone must still have it. Please repost at least to cypherpunks. Thanks. The following mail header is for administrative use and may be ignored unless there are problems. ***IF THERE ARE PROBLEMS SAVE THESE HEADERS***. Precedence: bulk Sender: owner-cypherpunks at toad.com Cc: cypherpunks at toad.com Subject: Re: RC4 From: doug at OpenMind.com (Doug Cutrell) To: schneier at chinet.chinet.com (Bruce Schneier) Date: Tue, 13 Sep 1994 08:35:40 -0700 Content-Type: text/plain; charset="us-ascii" Mime-Version: 1.0 Message-Id: X-Sender: doug at bluesky.openmind.com Received: from [198.211.130.8] by BlueSky.OpenMind.com (Mercury 1.12); Tue, 13 Sep 94 8:32:16 -700 Received: from MAILQ by OPENMIND (Mercury 1.12); Tue, 13 Sep 94 8:32:22 -700 Received: from OPENMIND/MAILQ by BlueSky.OpenMind.com (Mercury 1.12); Tue, 13 Sep 94 8:32:47 -700 Received: from BlueSky.OpenMind.Com by beeblebrox.tbyte.com (NX5.67d/NX3.0M) id AA10087; Tue, 13 Sep 94 08:32:47 -0700 Received: from beeblebrox.tbyte.com by toad.com id AA27882; Tue, 13 Sep 94 08:40 Received: by toad.com id AA27888; Tue, 13 Sep 94 08:40:13 PDT Received: from toad.com by relay2.UU.NET with SMTP id QQxhet29743; Tue, 13 Sep 1994 11:45:12 -0400 Received: from relay2.UU.NET by hermes.intel.com (5.65/10.0i); Tue, 13 Sep 94 08 Received: from hermes.intel.com by ormail.intel.com with smtp (Smail3.1.28.1 #12) id m0qka63-000MNxa; Tue, 13 Sep 94 08:48 PDT Received: from ormail.intel.com by relay.jf.intel.com with smtp (Smail3.1.28.1 #2) id m0qka64-000twca; Tue, 13 Sep 94 08:48 PDT From rah at shipwright.com Tue Sep 13 10:22:22 1994 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 13 Sep 94 10:22:22 PDT Subject: e$: WSJ, CyberCash, and the Falling Barometer Message-ID: <199409131718.NAA27622@zork.tiac.net> On the front page of today's (9/13/94) Wall Street Journal Marketing section (Page B-1, lower right hand column) is an article about internet commerce. It talks about a group of companies who formed a consortium called CyberCash. The companies and players include the guy who started Interop, and RSA. They are claiming the ability to do credit cards and bank drafts and they say they are in negotiations with Chaum about licencing digital cash. Anonymity was specifically mentioned as a distinguishing marketable feature of digital cash. They still don't get it, but they will soon enough, I suppose. BTW, there was a veiled reference to Bibliobytes(?). At least the WSJ got their story straighter than the Times did. Like I said before, Secure Mosaic meant that "Wallets" and "Cash Registers" for digital cash were imminent. They're not imminent anymore, they're here, and they were just announced at Interop this week. I should have realized something was up, the barometer was falling at a pretty good clip. It started when I was chatting offline with someone from buyinfo and they said that they were under non-disclosure about something very big, but that I would know about it when Interop opened. Then, last Tuesday, I got an interesting cold call from a stringer for a largeish venture capital outfit in Menlo Park. He was doing due dillegence and wanted to ask me some questions about Internet Commerce, and in particular, about digital cash. I told him what I knew, and referred him to some of the senior members of these lists for much better information. I bent his ear a bit about off-line cash underwriting, and I hope it's healing now. I also sent him all of the traffic I had archived since I subscribed to cypherpunks having to do with the internet and the economics thereof. He had the buyinfo and imp-interest archives already. He seemed to think a "schmooze" conference on e$, including invitations to all the usual crypto suspects, plus people in financial operations, regulatory, political, and the institutional investor community might be a good idea. When I came back from a hike(!) in the White Mountains this weekend, I found at long last a reply to my query to DigiCash, Inc. for information. I answered the beta test questionnaire they sent me and sent it back. The barometric pressure was going down very fast all last week, and I didn't even realize it until this morning. My wife got a membership at the Harvard club. A couple of months ago we decided it was time for me to exercise (I push 350), so I work out in the morning there and walk back to the office in my house here in Roslindale (about 7 miles) about 3 or 4 times a week. (ever see the senior senator from Massachusetts' bare butt? You will... at the Harvard Club) This morning, when I looked at the Journal in the locker room, I let out a whoop. (not from seeing Teddy. From seeing the WSJ e$ article.) I was born in El Paso. I whoop a lot. Everyone in the locker room looked at me like I was from Yale, or something. Jeez. I hope we don't get blackballed. A very happy Tuesday to you all, Bob Hettinga Oh. If anyone's crazy enough to want to work on the technology part (development and integration and eventual operations) for very small startup offline digital cash underwriter, let me know. I've already started talking to a finance guy and a (very) part-time treasury management person. It also looks like the legal stuff has been figured out, or CyberCash wouldn't have done a triple-gainer into the pool like that. Any job offer would be contingent upon funding, of course. ;-). ----------------- Robert Hettinga (rah at shipwright.com) "There is no difference between someone Shipwright Development Corporation who eats too little and sees Heaven and 44 Farquhar Street someone who drinks too much and sees Boston, MA 02331 USA snakes." -- Bertrand Russell (617) 323-7923 From LAURENN%smtpgate at earth.wri.org Tue Sep 13 10:40:58 1994 From: LAURENN%smtpgate at earth.wri.org (LAURENN%smtpgate at earth.wri.org) Date: Tue, 13 Sep 94 10:40:58 PDT Subject: Int'l Workshop on Electronic Commerce Message-ID: <9409131338.aa13745@earth.wri.org> With all the discussion relating to financial transactions on this list, I thought I'd forward the following call for papers that appeared in INFOSYS this weekend. -- LaurenN at wri.org * CALENDAR OF UPCOMING EVENTS * *The INFOSYS Calendar of Upcoming Events is updated * *fortnightly and can be obtained in the following ways: * * * *--E-mail: send the following one-line message to * * listserv at american.edu: get infosys calendar * *--FTP: anonymous FTP to ftp.american.edu; file is \infosys\ * * infosys.calendar * *--Gopher: gopher to auvm.american.edu; choose INFOSYS * *--WWW: http://gopher://auvm.american.edu/INFOSYS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ** 0298* * * * * * * * * * * * * * * * * * * * * * * * * * * * ** CALL FOR PAPERS - International Workshop on Electronic Commerce Richard Holowczak, Rutgers Univ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ACM International Workshop on Electronic Commerce In conjunction with The Third International Conference on Information and Knowledge Management (CIKM'94) December 2, 1994 National Institute of Standards and Technology (NIST) Gaithersburg, Maryland OBJECTIVE The workshop will provide an international forum to discuss evolving research issues and applications in the area of Electronic Commerce. Invited speakers from industry, universities and government will present their experiences and vision for the future. The Workshop will begin with a kick-off dinner on Thursday, December 1 evening and a full program on Friday, December 2. The final version of the papers will be included in an edited book that will be published by Springer Verlag as part of its Lecture Notes Series on Computer Science. INFORMATION TO AUTHORS Authors interested in participating in the workshop are invited to submit 2-3 page abstract by October 10 to: Prof. Nabil R. Adam Rutgers University 180 University Avenue Newark, NJ 07102 Fax: (201) 648-1459 E-mail: ecomm at adam.rutgers.edu Notification of acceptance will be sent by October 25. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ABOUT INFOSYS INFOSYS is an electronic newsletter for faculty, students, and practitioners in the field of Information Systems. INFOSYS publishes news items, requests for assistance, announcements of professional meetings and conferences, position notices, a calendar of upcoming events, comments on recent publications, abstracts of papers that authors are willing to share, and other items of interest to the Information Systems community. INFOSYS is published biweekly, more frequently if volume requires it. INFOSYS operates as an electronic mailing list on listserv software at American University in Washington, DC. The editor is Dennis W. Viehland . To subscribe to INFOSYS send the following one-line electronic mail message to listserv at american.edu (Internet) or listserv at auvm (Bitnet): subscribe infosys yourfirstname yourlastname (e.g., subscribe infosys John Smith). You will receive a welcome letter that will tell you more about INFOSYS and listserv. Guidelines for submitting articles to INFOSYS are published in the Welcome message each new subscriber receives (or e-mail "GET infosys welcome" to listserv at american.edu). Send articles to infosys at american.edu or d.viehland at massey.ac.nz. * * * * * * * * * * * * * * * * * * * * * * * * ------------------------------ End of NEWSLTR Digest - 12 Sep 1994 to 13 Sep 1994 - Special issue ****************************************************************** From perry at imsi.com Tue Sep 13 11:02:27 1994 From: perry at imsi.com (Perry E. Metzger) Date: Tue, 13 Sep 94 11:02:27 PDT Subject: cybercash Message-ID: <9409131802.AA13185@webster.imsi.com> Well, this looks interesting, especially given Steve Crocker's involvement being listed in the article... $whois cybercash.com Trusted Information Systems, Inc. (CYBERCASH-DOM) 3060 Washington Road Glenwood, MD 21738 Domain Name: CYBERCASH.COM Administrative Contact, Technical Contact, Zone Contact: Crocker, Stephen D. (SDC4) crocker at TIS.COM (301) 854-6889 Record last updated on 30-Aug-94. Domain servers in listed order: NS.TIS.COM 192.94.214.100 NS.LA.TIS.COM 198.147.66.1 The InterNIC Registration Services Host contains ONLY Internet Information (Networks, ASN's, Domains, and POC's). From hfinney at shell.portal.com Tue Sep 13 11:07:04 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 13 Sep 94 11:07:04 PDT Subject: alleged-RC4 Message-ID: <199409131806.LAA05147@jobe.shell.portal.com> Bill Sommerfeld writes: >Actually, all the %256 operations in the code are superfluous on >8-bit-byte platforms since the indices are declared as `unsigned >char'. Ah, good point. So my "typo" doesn't really matter (although I think it is a typo.) >Probably the only potential weakness I can see is that the `x' and `y' >counters are always initialized to zero when starting off; this means >that an attacker can almost always know the `x' value used to encrypt >each byte of cyphertext they find. I can't see any way to exploit >this, though. It would seem that you could (slightly) strengthen the >cipher by starting with x=state[0] and y=state[1], then cranking the >key generation loop for two more iterations.. A related point is how the key-dependent state-table permutation is set up. The algorithm is, in pseudo-code, for i from 0 to 255 swap state[i] and state[j] where j is incremented by state[i] plus the next key byte, mod 256. Notice the similarity to the naive random-permutation generator: for i from 0 to 255 j = random (256) swap state[i] and state[j] where random (n) returns a random number less than n. This naive algorithm is not quite right, as it generates 256 to the 256th power equally likely arrangements, when there are actually only 256! arrangements and 256! doesn't even divide 256^256 evenly. The similarity I see is that j is chosen in the prepare_key as a slightly complicated function of the key byte and the current state, and we can view this as a key-dependent substitute for random (256). So it would appear that the prepare_key algorithm, even with a fully random key, may produce a bias in the permutation table. A correct algorithm for a random permutation is: for i from 0 to 255 j = random (i+1) swap state[i] and state[j] Here we choose the random number from among the ones we have already done. This algorithm can be easily proven correct. Perhaps it would be better if the prepare_key algorithm did a similar thing, choosing the entry with which to swap modulo the current "i" value plus one rather than mod 256. One implication of the existing implementation is that there may be a simple relation between at least state[0] and the first character of the key. Initially state[0] will be swapped with the value in the table at the position of the first byte of the key. Since the table is initialized to 0..255, this means that state[0] will hold the value of the first key byte after that swap. Now, it is probable that state[0] will be chosen "randomly" to be swapped with a later entry in the table. But as we discussed here a few days ago, there is about a 1/e chance (about 37%) that it will not be swapped after its first guaranteed swap. This means that 37% of the time that this algorithm is used, state[0] holds the first key byte at startup. OTOH if the modification I suggested above were made, no such conclusion could be drawn and I don't see anything simple you could say about the likely permutation after prepare_key is complete. Now, having said this, I don't see any way to exploit this knowledge to attack the cypher. The "lookup, sum, and lookup" structure of the cypher has too many degrees of freedom to allow this information about state[0] to expose a hint of what the key might be, as far as I can see. But it is an interesting aspect of the key setup, nevertheless. Hal From 0045642 at CCMAIL.EMIS.HAC.COM Tue Sep 13 12:21:31 1994 From: 0045642 at CCMAIL.EMIS.HAC.COM (John L Tocher) Date: Tue, 13 Sep 94 12:21:31 PDT Subject: Key Signing Party? Message-ID: Anybody interested in having a key signing party in the Los Angeles area? John Tocher Tocher at Igate1.HAC.com From rishab at dxm.ernet.in Tue Sep 13 12:29:56 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 13 Sep 94 12:29:56 PDT Subject: Crackdown in Queensland, Australia? Message-ID: When I saw the Sunday Mail post here on Queensland's prpposed crackdown on cyberspace (for _child pornography_ if you please! I hereby decree that a concerted effort must be made by all to increase the pedophile population of the Net from 97% to 100% - universal coverage. All new subscribers must provide oridinal photographs as evidence of their tendencies before being given a connection), I thought I'd ask Ian Peter himself. Ian Peter, who is quoted in the article and whom I met in February, replied: > Re the Qld stuff - there really are no firm details yet, its proposed > legislation and may well change before becoming law - and the journos > concerned are going on rumnours because no copies of the legislation are > available yet. > > So it's wait and see! > > [... Ian Peter] ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Tue Sep 13 12:31:50 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 13 Sep 94 12:31:50 PDT Subject: Mailing list for cryptography Message-ID: "Perry E. Metzger" : > I'm thinking (again) about setting up a specialized mailing list for > discussing cryptography... While I agree with Perry's implication that the CP list does tend to go off track rather often, it _was_ set up specifically to bring together the social and technical aspects of cryptography, and does generate useful discussion on occasion ;-] If you want to discuss only cryptography, there's always sci.crypt... ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From rishab at dxm.ernet.in Tue Sep 13 12:32:16 1994 From: rishab at dxm.ernet.in (rishab at dxm.ernet.in) Date: Tue, 13 Sep 94 12:32:16 PDT Subject: Social body and crypto Message-ID: I enjoyed Doug's clear statement on the implications of crypto anarchy on society. It should be compulsory reading for all newbies so that they don't get worried next time Larry Detweiler comes bouncing in raving about EVIL LIES MURDER and pseudospoofing. I'd like to point out, however, that crypto anarchy poses no threat whatsoever to personal or corporate relationships based on physical or other concrete identity (truenames). It just makes these relationships _voluntary_ - no one's _forcing_ you to be anonymous. ----------------------------------------------------------------------------- Rishab Aiyer Ghosh "Clean the air! clean the sky! wash the wind! rishab at dxm.ernet.in take stone from stone and wash them..." Voice/Fax/Data +91 11 6853410 Voicemail +91 11 3760335 H 34C Saket, New Delhi 110017, INDIA From jazz at hal.com Tue Sep 13 12:39:06 1994 From: jazz at hal.com (Jason Zions) Date: Tue, 13 Sep 94 12:39:06 PDT Subject: Distribution of FAQ to CompuServe, American Online, etc. Message-ID: <9409131939.AA26407@jazz.hal.com> I considered suggesting that I strip Tim's email address out of the text; then I realized there are probably dozens of copies of it scattered through the document. Even if the Cyphermonicon were written by Sy Ferpunq and not by Tim, there are enough email addresses in the body of the document that this wouldn't save him from email. Completely sanitizing the document with respect to contact info (i.e. using names/nyms only and no addresses) would be something of a project. And it still wouldn't help. The only counterpoint I could make is that CompuServe users are unlikely to join cpunks (too much mail == too much money) and the service is illequipped to help a member find an internet mail address for a person given just a real name. Sanitization might be enough in that environment. Jason From tcmay at netcom.com Tue Sep 13 12:50:48 1994 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 13 Sep 94 12:50:48 PDT Subject: Mailing list for cryptography In-Reply-To: Message-ID: <199409131948.MAA26992@netcom4.netcom.com> Rishab Aiyer Ghosh writes: > "Perry E. Metzger" : > > I'm thinking (again) about setting up a specialized mailing list for > > discussing cryptography... > > While I agree with Perry's implication that the CP list does tend to go off > track rather often, it _was_ set up specifically to bring together the > social and technical aspects of cryptography, and does generate useful > discussion on occasion ;-] > > If you want to discuss only cryptography, there's always sci.crypt... > Not to mention "sci.crypt.research," a moderated group which was just approved and should appear soon. I wish Perry well, but I personally think there are already too many newsgroups, mailing lists, and Web pages out there. I'd rather see people reading the crypto literature ("Paper rulz!") than getting on so many mailing lists and other forums. I know of at least several crypto groups (not counting PGP per se), several PGP groups, several "security" groups, and half a dozen mailing lists on "digital money" in one form or another (IMP-Interest, EDI, NetCommerce (or somesuch), LibTech, AltInst, etc.). Personally, though I'm biased, I think Cyhperpunks has show itself to have the staying power and overall size and depth of knowledge that most of these other groups have lacked. Surprisingly, there is no Usenet group devoted to digital money, no "alt.e$" or "alt.netcash." A better idea might be "sci.econ.????," where the "????" is something appropriate. (I say "sci." because sci.econ and sci.econ.research already exist, not because I believe economics is a science.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway." From merriman at metronet.com Tue Sep 13 13:19:44 1994 From: merriman at metronet.com (David K. Merriman) Date: Tue, 13 Sep 94 13:19:44 PDT Subject: Mailing list for cryptography Message-ID: <199409132017.AA02968@metronet.com> >"Perry E. Metzger" : >> I'm thinking (again) about setting up a specialized mailing list for >> discussing cryptography... > >While I agree with Perry's implication that the CP list does tend to go off >track rather often, it _was_ set up specifically to bring together the >social and technical aspects of cryptography, and does generate useful >discussion on occasion ;-] > >If you want to discuss only cryptography, there's always sci.crypt... > Snicker, snicker. What planet are *you* living on? :-) The only reason it's sci._crypt_ is because that's what 90% of the flame-fests get started on. I'd guesstimate that only 1 posting in 100 is actually about crypto, or some directly crypto-related matter. The rest of it is S*****light vs. The World name-calling and character assassinations. Dave Merriman - - - - - - - - - - - - - - - - - - - - - - - - - - Finger merriman at metronet.com for PGP/RIPEM public keys and fingerprints. Unencrypted Email may be ignored without notice to sender. PGP preferred. Remember: It is not enough to _obey_ Big Brother; you must also learn to *love* Big Brother. From nobody at vox.xs4all.nl Tue Sep 13 13:37:09 1994 From: nobody at vox.xs4all.nl (An0nYm0Us UsEr) Date: Tue, 13 Sep 94 13:37:09 PDT Subject: RC4 ? Message-ID: <199409132036.AA24724@xs1.xs4all.nl> SUBJECT: RC4 Source Code I've tested this. It is compatible with the RC4 object module that comes in the various RSA toolkits. /* rc4.h */ typedef struct rc4_key { unsigned char state[256]; unsigned char x; unsigned char y; } rc4_key; void prepare_key(unsigned char *key_data_ptr,int key_data_len, rc4_key *key); void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key); /*rc4.c */ #include "rc4.h" static void swap_byte(unsigned char *a, unsigned char *b); void prepare_key(unsigned char *key_data_ptr, int key_data_len, rc4_key *key) { unsigned char swapByte; unsigned char index1; unsigned char index2; unsigned char* state; short counter; state = &key->state[0]; for(counter = 0; counter < 256; counter++) state[counter] = counter; key->x = 0; key->y = 0; index1 = 0; index2 = 0; for(counter = 0; counter < 256; counter++) { index2 = (key_data_ptr[index1] + state[counter] + index2) % 256; swap_byte(&state[counter], &state[index2]); index1 = (index1 + 1) % key_data_len; } } void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key) { unsigned char x; unsigned char y; unsigned char* state; unsigned char xorIndex; short counter; x = key->x; y = key->y; state = &key->state[0]; for(counter = 0; counter < buffer_len; counter ++) { x = (x + 1) % 256; y = (state[x] + y) % 256; swap_byte(&state[x], &state[y]); xorIndex = state[x] + (state[y]) % 256; buffer_ptr[counter] ^= state[xorIndex]; } key->x = x; key->y = y; } static void swap_byte(unsigned char *a, unsigned char *b) { unsigned char swapByte; swapByte = *a; *a = *b; *b = swapByte; } From rarachel at prism.poly.edu Tue Sep 13 13:38:18 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 13 Sep 94 13:38:18 PDT Subject: Finger me for MEDUSA Message-ID: <9409132025.AA18580@prism.poly.edu> Sorry I took so long. It's hard having much time left over after getting a job as a novell network administrator (though it's lots of fun.) Anyway, for anyone who is interested in Medusa, I hope you can use finger. If you can't, we'll arange something else... Anyhow, just pipe the output of finger to uudecode in the background and that should do the trick... ie: finger rarachel at photon.poly.edu | uudecode And hope it works. This should generate a file called medusa1b.zip which is a beta version complete with sources. Sometime in the future, I will ftp this program to the usual sites... But first I need some free time. :-) From cactus at bb.com Tue Sep 13 13:56:43 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 13 Sep 94 13:56:43 PDT Subject: e$: WSJ, CyberCash, and the Falling Barometer In-Reply-To: <199409131718.NAA27622@zork.tiac.net> Message-ID: <3553tb$15q@bb.com> In article <199409131718.NAA27622 at zork.tiac.net>, Robert Hettinga wrote: >BTW, there was a veiled reference to Bibliobytes(?). At least the WSJ got >their story straighter than the Times did. Excellent. Anybody have the text? It's a bit late in the day to find a copy (though I am working on it: I'm not trying to get others to do my legwork, I'm just following all the paths available to me). -- L. Todd Masco | "Hide, witch, hide! The good folk come to burn thee, their cactus at bb.com | keen enjoyment hid behind a gothic mask of duty." -JS/BATE From rarachel at prism.poly.edu Tue Sep 13 14:02:26 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 13 Sep 94 14:02:26 PDT Subject: Distribution of FAQ to CompuServe, American Online, etc. In-Reply-To: Message-ID: <9409132047.AA19013@prism.poly.edu> > > But don't advertise it to non-Cypherpunks, for these reasons. > > > I just can't handle the questions that would arise. > > > I hope you all can understand this. > > Hmm .. sounds like a good opportunity to spawn off a pseudonym. > The Cyphernomicon can stand on its own two feet with respect to > being useful - it's nice to know that Tim May wrote it, but it'd > be interesting if some nobody did, also. Perhaps the next edition > *should* be (apparently) published by some unknown nobody .. > Klaus! von Future Prime, or some other fictional character who > doesn't get (or need to reply to) E-mail. Important corrections or > other comments can get sent to the list for general digestion and > discussion. How about The Mad Cryptographer Abdul RSAed :-) [As opposed to the Mad Arab Abdul Alzhared] From cactus at bb.com Tue Sep 13 14:02:31 1994 From: cactus at bb.com (L. Todd Masco) Date: Tue, 13 Sep 94 14:02:31 PDT Subject: NNTP access to cypherpunks Message-ID: <355473$18p@bb.com> I've been meaning to let folks know about this for a while, but was lame... If anbody wants to read/post Cypherpunks via NNTP, I've set our NNTP server to export "hks.lists.cypherpunks" (as well as the last year of the homebrew digest in "hks.lists.homebrew") to world. To access it, just point your NNTPSERVER (or whatever) to "bb.com" (that'll change in the medium future to "nntp.bb.com", but not yet). It slow, over a 14.4 SLIP link (for now: 56Kbps in a week), but it's manageable. If anybody wants a real feed of it (or any of the security lists), let me know. -- L. Todd Masco | "Hide, witch, hide! The good folk come to burn thee, their cactus at bb.com | keen enjoyment hid behind a gothic mask of duty." -JS/BATE From seeyou at nsc.ernet.in Tue Sep 13 16:49:53 1994 From: seeyou at nsc.ernet.in (Calicut University) Date: Tue, 13 Sep 94 16:49:53 PDT Subject: No Subject Message-ID: <9409131802.AA11052@nsc> Dear Sir, I am working as research scholar at Nuclear Science Centre, New Delhi. I kindly request you to include my name in your mailing list. My e-mail address is seeyou at nsc.ernet.in Thanking you in anticipation. yours sincerely, Vinod Kumar A M Nuclear Science Centre P B No. 10502 New Delhi-110 067. From jrochkin at cs.oberlin.edu Tue Sep 13 16:58:38 1994 From: jrochkin at cs.oberlin.edu (Jonathan Rochkind) Date: Tue, 13 Sep 94 16:58:38 PDT Subject: PRIVACY REGULATIONS Message-ID: <199409132358.TAA15296@cs.oberlin.edu> There is no requirement to identity yourself, but the police will regularly lock you up in jail until you do identify yourself. They can't _force_ you to identify youself, and you can't go to trial for not doing so (partially because they dont' know who you are, but even if they later find out for other means), but nevertheless police departments everywhere will lock you up until you provide ID if you are stopped for a traffic violation. There is a guy around here-abouts who will routinely gets stopped for speeding and refuses to show ID out of principal. They put him in jail. He's tried to sue them, and lost. If it made it all the way to the supreme court, I'm not sure what they would decide. But the point remains, in real life, they put you in jail. Just be aware of it. From vznuri at netcom.com Tue Sep 13 17:15:59 1994 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Tue, 13 Sep 94 17:15:59 PDT Subject: prototype reputation system READY Message-ID: <199409132322.QAA15325@netcom16.netcom.com> I have a prototype reputation system ready for testing. I think many cypherpunks who have debated this topic will be very interested to see the model. It comes very close to ideas knocked around here recently and in the distant past. I'm looking for some volunteers who can help me debug it to the point of being a reliable "production" version. This will involve nothing more than subscribing to a mailing list and testing some of the commands (whichever you wish to experiment with). The entire system is email- and server- based. Email me for more information. I intend that the software, after refined to a degree of stability, will be released in the public domain. I think that reputation or "ratings" systems will ultimately be very important elements of future cyberspatial infrastructure (in some ways even more so than the current Usenet structure), and I hope that there are some hardy pioneers here would would like to contribute to "civilizing cyberspace". Thanks in advance-- Vladimir Z Nuri vznuri at netcom.com ``Imagination is more important than knowledge.'' (Einstein) From thad at pdi.com Tue Sep 13 17:21:22 1994 From: thad at pdi.com (Thaddeus Beier) Date: Tue, 13 Sep 94 17:21:22 PDT Subject: Crypto tie-in to crash at White House Message-ID: <9409140016.AA03500@fulcrum.pdi.com> The Treasury department official in charge of enforcement, Ron Noble, said, in regard to security for the White House "Just as if you had a security measure or alarm system in your house, you wouldn't give me the code for it, I'm not going to give you at this point any specific answers..." Hmm. thad Thad Beier Pacific Data Images 408)745-6755 thad at pdi.com From greg at ideath.goldenbear.com Tue Sep 13 17:50:35 1994 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 13 Sep 94 17:50:35 PDT Subject: PRIVACY REGULATIONS In-Reply-To: <199409132358.TAA15296@cs.oberlin.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > There is no requirement to identity yourself, but the police will regularly > lock you up in jail until you do identify yourself. They can't _force_ > you to identify youself, and you can't go to trial for not doing so > (partially because they dont' know who you are, but even if they later > find out for other means), but nevertheless police departments everywhere > will lock you up until you provide ID if you are stopped for a traffic > violation. > There is a guy around here-abouts who will routinely gets stopped for > speeding and refuses to show ID out of principal. They put him in jail. > He's tried to sue them, and lost. This seems to conflate three separate issues: 1) being required to identify yourself (e.g., give a name and/or address and/or date-of-birth) 2) being required to "prove" your identity by producing some sort of credential 3) being required to have a valid drivers' license in your possession while driving Hopefully, we will be able to use cryptographic techniques to prevent (3) from being permanently associated with (1) and (2). I'm inclined to eliminate pre-testing and certification for drivers - cops who suspect that a certain person shouldn't be driving could administer some sort of (probably "VR" [ack, buzzwords!]) "road test" on the spot - people who pass are OK, and people who fail - because they're too young, too old, too drunk, too stupid, or too sleepy get punished for driving while incompetent. -----BEGIN PGP SIGNATURE----- Version: 2.5 iQCVAgUBLnZHCH3YhjZY3fMNAQGuwAP9HfTmL8NuheDpBojYvzDWAoJze9LnucCd k3hQnks5cXkrbYVIHsnW05VAzsEGlS6rAHo3CBoAh1lvPF49D+CZvttBKhWW9UTQ ibkLkoFEgdenSUENOuaF8CKF/Jy6zTROsqVAd1w0HaSLSq+I/RURZWny9Qh91hcg rWUbJOv//Xk= =2VHZ -----END PGP SIGNATURE----- From Ron_Bardarson at smtp.esl.com Tue Sep 13 17:53:12 1994 From: Ron_Bardarson at smtp.esl.com (Ron Bardarson) Date: Tue, 13 Sep 94 17:53:12 PDT Subject: PRIVACY REGULATIONS Message-ID: Reply to: RE>>PRIVACY REGULATIONS Can't you free yourself from jail with a writ of habeas corpus ad subjiciendum from John Doe? -------------------------------------- Date: 9/13/94 5:23 PM To: Ron Bardarson From: Jonathan Rochkind There is no requirement to identity yourself, but the police will regularly lock you up in jail until you do identify yourself. They can't _force_ you to identify youself, and you can't go to trial for not doing so (partially because they dont' know who you are, but even if they later find out for other means), but nevertheless police departments everywhere will lock you up until you provide ID if you are stopped for a traffic violation. There is a guy around here-abouts who will routinely gets stopped for speeding and refuses to show ID out of principal. They put him in jail. He's tried to sue them, and lost. If it made it all the way to the supreme court, I'm not sure what they would decide. But the point remains, in real life, they put you in jail. Just be aware of it. ------------------ RFC822 Header Follows ------------------ Received: by smtp.esl.com with SMTP;13 Sep 1994 17:21:06 -0700 Received: from relay2.UU.NET by gatekeeper.esl.com (4.1/SMI-4.1) id AA13040; Tue, 13 Sep 94 17:14:35 PDT Received: from toad.com by relay2.UU.NET with SMTP id QQxhga25260; Tue, 13 Sep 1994 20:04:37 -0400 Received: by toad.com id AA21892; Tue, 13 Sep 94 16:58:38 PDT Received: from cs.oberlin.edu (occs.cs.oberlin.edu) by toad.com id AA21882; Tue, 13 Sep 94 16:58:31 PDT Received: from localhost (jrochkin at localhost) by cs.oberlin.edu (8.6.4/8.6.4) id TAA15296; Tue, 13 Sep 1994 19:58:24 -0400 Date: Tue, 13 Sep 1994 19:58:24 -0400 From: Jonathan Rochkind Message-Id: <199409132358.TAA15296 at cs.oberlin.edu> To: schirado at lab.cc.wmich.edu Subject: Re: PRIVACY REGULATIONS Cc: cypherpunks at toad.com Sender: owner-cypherpunks at toad.com Precedence: bulk From samman at CS.YALE.EDU Tue Sep 13 18:12:11 1994 From: samman at CS.YALE.EDU (Subversive Citizen Unit) Date: Tue, 13 Sep 94 18:12:11 PDT Subject: Crypto tie-in to crash at White House In-Reply-To: <9409140016.AA03500@fulcrum.pdi.com> Message-ID: On Tue, 13 Sep 1994, Thaddeus Beier wrote: > > The Treasury department official in charge of enforcement, Ron Noble, > said, in regard to security for the White House > "Just as if you had a security measure or alarm system in your house, > you wouldn't give me the code for it, I'm not going to give you at > this point any specific answers..." Funny. As i read this, I was reminded pretty much of the whole Clipper crap and wanted to respond with, "I wouldn't give it to you, but you'd just take it from me if I wanted an alarm" Ben. From ekr at eit.COM Tue Sep 13 18:38:18 1994 From: ekr at eit.COM (Eric Rescorla) Date: Tue, 13 Sep 94 18:38:18 PDT Subject: RC4 compatibility testing Message-ID: <9409140137.AA17743@eitech.eit.com> One data point: I can't say anything about the internals of RC4 versus the algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4', since I don't know anything about RC4's internals. However, I do have a (legitimately acquired) copy of BSAFE2 and so I'm able to compare the output of this algorithm to the output of genuine RC4 as found in BSAFE. I chose a set of test vectors and ran them through both algorithms. The algorithms appear to give identical results, at least with these key/plaintext pairs. I note that this is the algorithm _without_ Hal Finney's proposed modification (see <199409130605.XAA24133 at jobe.shell.portal.com>). The vectors I used (together with the ciphertext they produce) follow at the end of this message. -Ekr Disclaimer: This posting does not reflect the opinions of EIT. --------------------results follow-------------- Test vector 0 Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 Test vector 1 Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 Test vector 2 Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a Test vector 3 Key: 0xef 0x01 0x23 0x45 Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 Test vector 4 Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f 0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca 0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d 0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a 0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa 0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd 0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a 0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e 0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef 0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b 0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b 0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d 0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c 0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd 0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f 0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 0xc0 From claborne at microcosm.sandiegoca.NCR.COM Tue Sep 13 19:26:37 1994 From: claborne at microcosm.sandiegoca.NCR.COM (Claborne, Chris) Date: Tue, 13 Sep 94 19:26:37 PDT Subject: Key Signing Party? Message-ID: <2E763306@microcosm.SanDiegoCA.NCR.COM> -----BEGIN PGP SIGNED MESSAGE----- > From: John L Tocher <0045642 at ccmail.emis.hac.com> > Subject: Key Signing Party? > ---------------------------------------------------------------------- - -------- >Anybody interested in having a key signing party in the Los Angeles > area? > I might be up for it but... I would like to do the same in San Diego and then have a representative of the LA group meet the San Diego group representatives to sign some keys. It would be kind of nice to have a group of trusted cypherpunk members from each city to act as kind of the "CA" allowing you to eventually have some trusted keys from MIT and others that distribute software. I guess it would be a semi formal way to build a trusted hierarchy across the country. Next step would to have cypherpunk-sponsord pub-key-servers to hold these keys. I don't want it to sound too "clubish". I've just never personally met any of the cypherpunks and therefore have very few trusted keys since I can't trust any of the sigs.. Ya gotta start somewhere. I would be interested in seeing one in San Diego to key sign and discuss things like this, GAK, and others. What do you think? - -------------- P.S. Will be out on "special mission" from 1/16 until 10/10. When I return I would like to help make this happen. If you are interested and could attend in SD, send me e-mail and I will start creating a list. Make the SUBJECT= "SD CYPHERPUNKS". 2 - -- C -- ... __o .. -\<, chris.claborne at sandiegoca.ncr.com ...(*)/(*). CI$: 76340.2422 PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA Avail on Pub Key server. -----BEGIN PGP SIGNATURE----- Version: 2.7 iQCVAwUBLnYxzlzvpSsKhLftAQFisgQA0gpYxOTYuemP9qjVeWwQFQQog1f88cOZ o1U2SIPHgiRSXNl+eFhIXr/tZzt7tZRN40UuaMcJ5ZCROCi3FMqW6e8RyqzQVAYp TxLrwCj6Y1+Do3TMWYsUSLNI2j1uXJIUX0HItPvKHgo5/X9tJTNmK6M6mbTzcdX9 hDQ9+3ISooA= =fCeq -----END PGP SIGNATURE----- From rarachel at prism.poly.edu Tue Sep 13 19:38:20 1994 From: rarachel at prism.poly.edu (Arsen Ray Arachelian) Date: Tue, 13 Sep 94 19:38:20 PDT Subject: Medusa on ftp.wimsey.bc.ca Message-ID: <9409140225.AA22198@prism.poly.edu> Hey guys, I just sent medusa to ftp.wimsey.bc.ca, so you don't have to finger me if you can't or don't feel up to it. Right now it's in the uploads directory, but it will probably move later... Now for the software authors in all of us, a good question: WHAT ARE THE BEST FTP SITES TO SEND CRYPTO SOFTWARE TO? Is Soda being managed again for instance? From loofbour at cis.ohio-state.edu Tue Sep 13 20:05:32 1994 From: loofbour at cis.ohio-state.edu (Nathan Loofbourrow) Date: Tue, 13 Sep 94 20:05:32 PDT Subject: RC4 compatibility testing In-Reply-To: <9409140137.AA17743@eitech.eit.com> Message-ID: <199409140305.XAA20174@boa.cis.ohio-state.edu> Eric Rescorla writes: > I note that this is the algorithm _without_ Hal Finney's > proposed modification > > (see <199409130605.XAA24133 at jobe.shell.portal.com>). Hal Finney's patch makes syntactic sense, but won't affect the results of the algorithm. Therefore, Eric's test suite holds for both versions. nathan From hfinney at shell.portal.com Tue Sep 13 21:02:52 1994 From: hfinney at shell.portal.com (Hal) Date: Tue, 13 Sep 94 21:02:52 PDT Subject: alleged-RC4 In-Reply-To: <199409131449.KAA00544@orchard.medford.ma.us> Message-ID: <199409140402.VAA26572@jobe.shell.portal.com> Another thing that is pretty obvious is that this kind of cypher is not suitable for certain applications. For example, if you wanted to encrypt individually a lot of different files on your disk, all using the same key, this kind of stream cypher would be totally unsuitable. Any success in guessing the plaintext which corresponds to a given cyphertext reveals the XOR stream that the key generates, and that is the same stream that would be XOR'd to encrypt any other file with the same key. Doing this would be similar to re-using a "one time" pad for many encryptions. This kind of cypher is more appropriate for a communications channel where the key is never re-used, and the two sides can keep persistent and synchronized state. Hal From jdwilson at gold.chem.hawaii.edu Tue Sep 13 22:23:23 1994 From: jdwilson at gold.chem.hawaii.edu (NetSurfer) Date: Tue, 13 Sep 94 22:23:23 PDT Subject: Stallings Talk (fwd) Message-ID: I checked my mail and did not find any posts of this article - apologies if I missed it. ---------- Forwarded message ---------- Date: Tue, 13 Sep 1994 20:25:08 GMT From: Quantum Books To: Multiple recipients of list TCP-IP Subject: Stallings Talk Quantum Books will host a luncheon talk on PGP by internationally acclaimed author Bill Stallings at 12:30 p.m. Thursday, September 22. The talk PGP: A Peek Under the Hood will last approximately 30 minutes and provide an overview on the internals of PGP, the e-mail privacy and digital signature application for the masses. Bill Stallings, author of the recently published Network and Internetwork Security and of a forthcoming guide on PGP will also be available to sign copies of his book. The talk is free and a light lunch will be provided. Seating is limited so a reservation is required. RSVP quantum at shore.net -- Quantum Books | A Technical and Professional Bookstore ----------------------------+------------------------------------------ Cambridge: 617-494-5042 | E-Mail: quanbook at world.std.com Philadelphia: 215-222-0611 | Mailing List: quanlist at world.std.co